Merge branch 'bio-tests'

Author: emlun

NEWS

@@ -1,3 +1,10 @@
+== Version 1.10.0 ==
+
+webauthn-server-attestatiton:
+
+* Added attestation metadata for YubiKey Bio.
+
+
 == Version 1.9.1 ==
 
 * Added missing `<dependencyManagement>` declaration to

webauthn-server-attestation/src/main/resources/metadata.json

@@ -1,6 +1,6 @@
 {
   "identifier": "2fb54029-7613-4f1d-94f1-fb876c14a6fe",
-  "version": 15,
+  "version": 16,
   "vendorInfo": {
     "url": "https://yubico.com",
     "imageUrl": "https://developers.yubico.com/U2F/Images/yubico.png",
@@ -302,6 +302,24 @@
           }
         }
       ]
+    },
+
+    {
+      "deviceId": "1.3.6.1.4.1.41482.1.9",
+      "displayName": "YubiKey Bio",
+      "transports": 4,
+      "selectors": [
+        {
+          "type": "x509Extension",
+          "parameters": {
+            "key": "1.3.6.1.4.1.45724.1.1.4",
+            "value": {
+              "type": "hex",
+              "value": "d8522d9f575b486688a9ba99fa02f35b"
+            }
+          }
+        }
+      ]
     }
   ]
 }

webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/DeviceIdentificationSpec.scala

@@ -169,6 +169,14 @@ class DeviceIdentificationSpec extends FunSpec with Matchers {
           Set(USB, LIGHTNING),
         )
       }
+
+      it("a YubiKey Bio.") {
+        check(
+          "YubiKey Bio",
+          RealExamples.YubikeyBio_5_5_4,
+          Set(USB),
+        )
+      }
     }
 
     describe("fails to identify") {
@@ -293,6 +301,14 @@ class DeviceIdentificationSpec extends FunSpec with Matchers {
           Set(USB, LIGHTNING),
         )
       }
+
+      it("a YubiKey Bio.") {
+        check(
+          "YubiKey Bio",
+          RealExamples.YubikeyBio_5_5_4,
+          Set(USB),
+        )
+      }
     }
   }
 

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyCeremoniesSpec.scala

@@ -24,9 +24,7 @@
 
 package com.yubico.webauthn
 
-import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions
 import com.yubico.webauthn.data.PublicKeyCredentialDescriptor
-import com.yubico.webauthn.data.PublicKeyCredentialParameters
 import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions
 import com.yubico.webauthn.test.Helpers
 import com.yubico.webauthn.test.RealExamples
@@ -53,81 +51,83 @@ class RelyingPartyCeremoniesSpec
       .credentialRepository(credentialRepo)
       .build()
 
-  testWithEachProvider { it =>
-    describe("The default RelyingParty settings") {
+  private def createCheck(
+      modRp: RelyingParty => RelyingParty = identity
+  )(testData: RealExamples.Example): Unit = {
+    val registrationRp =
+      modRp(newRp(testData, Helpers.CredentialRepository.empty))
 
-      describe("can register and then authenticate") {
-        def check(testData: RealExamples.Example): Unit = {
-          val registrationRp =
-            newRp(testData, Helpers.CredentialRepository.empty)
-
-          val registrationResult = registrationRp.finishRegistration(
-            FinishRegistrationOptions
-              .builder()
-              .request(
-                PublicKeyCredentialCreationOptions
-                  .builder()
-                  .rp(testData.rp)
-                  .user(testData.user)
-                  .challenge(testData.attestation.challenge)
-                  .pubKeyCredParams(
-                    List(PublicKeyCredentialParameters.ES256).asJava
-                  )
-                  .build()
-              )
-              .response(testData.attestation.credential)
-              .build()
-          );
-
-          registrationResult.getKeyId.getId should equal(
-            testData.attestation.credential.getId
-          )
-          registrationResult.isAttestationTrusted should be(false)
-          registrationResult.getAttestationMetadata.isPresent should be(false)
-
-          val assertionRp = newRp(
-            testData,
-            Helpers.CredentialRepository.withUser(
-              testData.user,
-              Helpers.toRegisteredCredential(testData.user, registrationResult),
-            ),
-          )
-
-          val assertionResult = assertionRp.finishAssertion(
-            FinishAssertionOptions
-              .builder()
-              .request(
-                AssertionRequest
-                  .builder()
-                  .publicKeyCredentialRequestOptions(
-                    PublicKeyCredentialRequestOptions
+    val registrationRequest = registrationRp
+      .startRegistration(
+        StartRegistrationOptions.builder().user(testData.user).build()
+      )
+      .toBuilder
+      .challenge(testData.attestation.challenge)
+      .build()
+    val registrationResult = registrationRp.finishRegistration(
+      FinishRegistrationOptions
+        .builder()
+        .request(registrationRequest)
+        .response(testData.attestation.credential)
+        .build()
+    );
+
+    registrationResult.getKeyId.getId should equal(
+      testData.attestation.credential.getId
+    )
+    registrationResult.isAttestationTrusted should be(false)
+    registrationResult.getAttestationMetadata.isPresent should be(false)
+
+    val assertionRp = newRp(
+      testData,
+      Helpers.CredentialRepository.withUser(
+        testData.user,
+        Helpers.toRegisteredCredential(testData.user, registrationResult),
+      ),
+    ).toBuilder
+      .allowUnrequestedExtensions(true)
+      .build()
+
+    val assertionResult = assertionRp.finishAssertion(
+      FinishAssertionOptions
+        .builder()
+        .request(
+          AssertionRequest
+            .builder()
+            .publicKeyCredentialRequestOptions(
+              PublicKeyCredentialRequestOptions
+                .builder()
+                .challenge(testData.assertion.challenge)
+                .allowCredentials(
+                  List(
+                    PublicKeyCredentialDescriptor
                       .builder()
-                      .challenge(testData.assertion.challenge)
-                      .allowCredentials(
-                        List(
-                          PublicKeyCredentialDescriptor
-                            .builder()
-                            .id(testData.assertion.id)
-                            .build()
-                        ).asJava
-                      )
+                      .id(testData.assertion.id)
                       .build()
-                  )
-                  .username(testData.user.getName)
-                  .build()
-              )
-              .response(testData.assertion.credential)
-              .build()
-          )
-
-          assertionResult.isSuccess should be(true)
-          assertionResult.getCredentialId should equal(testData.assertion.id)
-          assertionResult.getUserHandle should equal(testData.user.getId)
-          assertionResult.getUsername should equal(testData.user.getName)
-          assertionResult.getSignatureCount should be >= testData.attestation.authenticatorData.getSignatureCounter
-          assertionResult.isSignatureCounterValid should be(true)
-        }
+                  ).asJava
+                )
+                .build()
+            )
+            .username(testData.user.getName)
+            .build()
+        )
+        .response(testData.assertion.credential)
+        .build()
+    )
+
+    assertionResult.isSuccess should be(true)
+    assertionResult.getCredentialId should equal(testData.assertion.id)
+    assertionResult.getUserHandle should equal(testData.user.getId)
+    assertionResult.getUsername should equal(testData.user.getName)
+    assertionResult.getSignatureCount should be >= testData.attestation.authenticatorData.getSignatureCounter
+    assertionResult.isSignatureCounterValid should be(true)
+  }
 
+  testWithEachProvider { it =>
+    describe("The default RelyingParty settings") {
+      val check = createCheck()(_)
+
+      describe("can register and then authenticate") {
         it("a YubiKey NEO.") {
           check(RealExamples.YubiKeyNeo)
         }
@@ -161,6 +161,37 @@ class RelyingPartyCeremoniesSpec
         it("a Security Key NFC by Yubico.") {
           check(RealExamples.SecurityKeyNfc)
         }
+
+        ignore("a YubiKey 5 NFC FIPS.") { // TODO Un-ignore when allowUnrequestedExtensions default changes to true
+          check(RealExamples.YubikeyFips5Nfc)
+        }
+
+        it("a YubiKey 5Ci FIPS.") {
+          check(RealExamples.Yubikey5ciFips)
+        }
+        it("a YubiKey Bio.") {
+          check(RealExamples.YubikeyBio_5_5_4)
+        }
+
+        it("an Apple iOS device.") {
+          check(RealExamples.AppleAttestationIos)
+        }
+        it("an Apple MacOS device.") {
+          check(RealExamples.AppleAttestationMacos)
+        }
+      }
+    }
+
+    describe("The default RelyingParty settings, but with allowUnrequestedExtensions(true)") {
+
+      describe("can register and then authenticate") {
+        val check = createCheck(rp =>
+          rp.toBuilder.allowUnrequestedExtensions(true).build()
+        )(_)
+
+        it("a YubiKey 5 NFC FIPS.") { // TODO Delete when allowUnrequestedExtensions default changes to true
+          check(RealExamples.YubikeyFips5Nfc)
+        }
       }
     }
   }

webauthn-server-core/src/test/scala/com/yubico/webauthn/test/RealExamples.scala

@@ -31,6 +31,9 @@ sealed trait HasClientData {
 
 object RealExamples {
 
+  private def base64ToString(b64: String): String =
+    new String(ByteArray.fromBase64(b64).getBytes, StandardCharsets.UTF_8)
+
   case class AttestationExample(
       clientData: String,
       attestationObjectBytes: ByteArray,
@@ -391,26 +394,13 @@ object RealExamples {
       )
       .build(),
     AttestationExample(
-      new String(
-        ByteArray
-          .fromBase64(
-            "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUUs2c25Jak40MGNNZG9oNlUtR3NEZnlFYzlQY3pKdEgtSTczM3daSDRIZyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="
-          )
-          .getBytes,
-        StandardCharsets.UTF_8,
-      ),
+      base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUUs2c25Jak40MGNNZG9oNlUtR3NEZnlFYzlQY3pKdEgtSTczM3daSDRIZyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="),
       ByteArray.fromBase64("o2NmbXRlYXBwbGVnYXR0U3RtdKFjeDVjglkCRjCCAkIwggHJoAMCAQICBgF4xhYQszAKBggqhkjOPQQDAjBIMRwwGgYDVQQDDBNBcHBsZSBXZWJBdXRobiBDQSAxMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIxMDQxMTEyMzcxOFoXDTIxMDQxNDEyMzcxOFowgZExSTBHBgNVBAMMQDMxYzRlOTM2YzgwZjY1Y2VjNzcxZWZkOGNhNWMxNDdlZTgxZjY4ZjVhODE5YTUzNDFiMDU5NmJkYmU4YWI0OTExGjAYBgNVBAsMEUFBQSBDZXJ0aWZpY2F0aW9uMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYc87v7q19IYjqS3vizLAet/NcW0NVpYRvzvZFfCT00nBR0rzITI4iuuBupVtSRFhZfHa3GhYUu/w3Mo2h3s/+qNVMFMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBPAwMwYJKoZIhvdjZAgCBCYwJKEiBCC+B6u5EUpszNBikhFRpOuBolX7jPReSqGkIvBr0orEZDAKBggqhkjOPQQDAgNnADBkAjAZpK9Vw3hR3uCca+kUAorfR4Sj/HkCcmydzm/KuewaYC5lmIwRTw9SKEVmAAITRlUCMEC9P/ksVc5DUHtKt+rQ9mXHeobdGymHSM7xZtYMNOfze8hPo5HLnwtWCB5qF8MQRVkCODCCAjQwggG6oAMCAQICEFYlU5XHp/tA6+Io2CYIU7YwCgYIKoZIzj0EAwMwSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMDAzMTgxODM4MDFaFw0zMDAzMTMwMDAwMDBaMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASDLocvJhSRgQIlufX81rtjeLX1Xz/LBFvHNZk0df1UkETfm/4ZIRdlxpod2gULONRQg0AaQ0+yTREtVsPhz7/LmJH+wGlggb75bLx3yI3dr0alruHdUVta+quTvpwLJpGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUJtdk2cV4wlpn0afeaxLQG2PxxtcwHQYDVR0OBBYEFOuugsT/oaxbUdTPJGEFAL5jvXeIMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjEA3YsaNIGl+tnbtOdle4QeFEwnt1uHakGGwrFHV1Azcifv5VRFfvZIlQxjLlxIPnDBAjAsimBE3CAfz+Wbw00pMMFIeFHZYO1qdfHrSsq+OM0luJfQyAW+8Mf3iwelccboDgdoYXV0aERhdGFYmMRs74KtG1Rkd1kdAIsIdZ7D5tLstPOUdL/qaWmSXQO3RQAAAAAAAAAAAAAAAAAAAAAAAAAAABRK0rg7vzmd/BAatDNkXX6aBhPZSaUBAgMmIAEhWCBhzzu/urX0hiOpLe+LMsB6381xbQ1WlhG/O9kV8JPTSSJYIMFHSvMhMjiK64G6lW1JEWFl8drcaFhS7/DcyjaHez/6"),
     ),
     AssertionExample(
       id = ByteArray.fromBase64Url("StK4O785nfwQGrQzZF1-mgYT2Uk"),
-      clientData = new String(
-        ByteArray
-          .fromBase64(
-            "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoid2V5TG9keXVzUl96SWtPWUg3bTVUYjBreGViQnEtV2QzYVJreUhMeHl0SSIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="
-          )
-          .getBytes,
-        StandardCharsets.UTF_8,
-      ),
+      clientData =
+        base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoid2V5TG9keXVzUl96SWtPWUg3bTVUYjBreGViQnEtV2QzYVJreUhMeHl0SSIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="),
       authDataBytes = ByteArray.fromBase64(
         "xGzvgq0bVGR3WR0Aiwh1nsPm0uy085R0v+ppaZJdA7cFAAAAAA=="
       ),
@@ -432,26 +422,13 @@ object RealExamples {
       .id(ByteArray.fromBase64("+8eKyPo9MGrhWx8Y7ZeoczjaS5mbRr2kqF7/zllIgZ8="))
       .build(),
     AttestationExample(
-      new String(
-        ByteArray
-          .fromBase64(
-            "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicWszNE1GRVA4dWxXaHVpOEpncmt0ZVE5RXhIV2NKYndJcjNDUm1lVGtqZyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="
-          )
-          .getBytes,
-        StandardCharsets.UTF_8,
-      ),
+      base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicWszNE1GRVA4dWxXaHVpOEpncmt0ZVE5RXhIV2NKYndJcjNDUm1lVGtqZyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="),
       ByteArray.fromBase64("o2NmbXRlYXBwbGVnYXR0U3RtdKFjeDVjglkCRjCCAkIwggHJoAMCAQICBgF4xjGSqDAKBggqhkjOPQQDAjBIMRwwGgYDVQQDDBNBcHBsZSBXZWJBdXRobiBDQSAxMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIxMDQxMTEzMDcyMFoXDTIxMDQxNDEzMDcyMFowgZExSTBHBgNVBAMMQDYxYmQ5NzY4M2JlMTk0NTVjOGJjOWVhNDZhMjY4NzU0MzVjMmIwNmVlMTI4YzY4ZDFiMGE4NDczODkwNTgzMjYxGjAYBgNVBAsMEUFBQSBDZXJ0aWZpY2F0aW9uMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrvYDb+UbAjcbbommtRqw+2Lm1fvHG6ll1dOgeEM25H8ThQ0yj4R3hVbc/ean1I5eqc/RXDFm/jJI/Lmp1uEFqNVMFMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBPAwMwYJKoZIhvdjZAgCBCYwJKEiBCAQ6ifyo7KWlR86ueS0JMAuIi66gYkJsX+VxAcvbtEEcTAKBggqhkjOPQQDAgNnADBkAjAIu8Vx1tdGHSarO63RF7QaUo3/Iuk1CXA2Z0YIbDG4mLS15JQ/AUwctOpePcZoDngCMFMfnXi6jlhNBmppj5/8VQz2Kbz5eNxg+dqALz59ctCqXkdCVLMhUOpHWgMhhOadj1kCODCCAjQwggG6oAMCAQICEFYlU5XHp/tA6+Io2CYIU7YwCgYIKoZIzj0EAwMwSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMDAzMTgxODM4MDFaFw0zMDAzMTMwMDAwMDBaMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASDLocvJhSRgQIlufX81rtjeLX1Xz/LBFvHNZk0df1UkETfm/4ZIRdlxpod2gULONRQg0AaQ0+yTREtVsPhz7/LmJH+wGlggb75bLx3yI3dr0alruHdUVta+quTvpwLJpGjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUJtdk2cV4wlpn0afeaxLQG2PxxtcwHQYDVR0OBBYEFOuugsT/oaxbUdTPJGEFAL5jvXeIMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjEA3YsaNIGl+tnbtOdle4QeFEwnt1uHakGGwrFHV1Azcifv5VRFfvZIlQxjLlxIPnDBAjAsimBE3CAfz+Wbw00pMMFIeFHZYO1qdfHrSsq+OM0luJfQyAW+8Mf3iwelccboDgdoYXV0aERhdGFYmMRs74KtG1Rkd1kdAIsIdZ7D5tLstPOUdL/qaWmSXQO3RQAAAAAAAAAAAAAAAAAAAAAAAAAAABRhYCgh40b6Uj1WdjckwPAdCwd4fKUBAgMmIAEhWCB2u9gNv5RsCNxtuiaa1GrD7YubV+8cbqWXV06B4QzbkSJYIPxOFDTKPhHeFVtz95qfUjl6pz9FcMWb+Mkj8uanW4QW"),
     ),
     AssertionExample(
       id = ByteArray.fromBase64Url("YWAoIeNG-lI9VnY3JMDwHQsHeHw"),
-      clientData = new String(
-        ByteArray
-          .fromBase64(
-            "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiVVdobmx5VTdlVzZBTEw1M1VPcENnU1N3ckEzNm92R3VpQUV6ZE91OFdTYyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="
-          )
-          .getBytes,
-        StandardCharsets.UTF_8,
-      ),
+      clientData =
+        base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiVVdobmx5VTdlVzZBTEw1M1VPcENnU1N3ckEzNm92R3VpQUV6ZE91OFdTYyIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIn0="),
       authDataBytes = ByteArray.fromBase64(
         "xGzvgq0bVGR3WR0Aiwh1nsPm0uy085R0v+ppaZJdA7cFAAAAAA=="
       ),
@@ -500,7 +477,7 @@ object RealExamples {
     AssertionExample(
       id =
         ByteArray.fromBase64Url("qeNy9WGd6KRAq4aXf_xCgOrgjJoRH7Ve8KC7UJ3cpjDaFrv5egr5kJ7mBlrGiHlZ0OkD_Xtsd-lQTu_Ymr1crg"),
-      clientData = """{"type":"webauthn.get","challenge":"gJQG3mUBQv5rR7mwUuHbxQ","origin":"https://demo.yubico.com","crossOrigin":false"}""",
+      clientData = """{"type":"webauthn.get","challenge":"gJQG3mUBQv5rR7mwUuHbxQ","origin":"https://demo.yubico.com","crossOrigin":false}""",
       authDataBytes = ByteArray.fromBase64(
         "xGzvgq0bVGR3WR0Aiwh1nsPm0uy085R0v+ppaZJdA7cBAAAABQ=="
       ),
@@ -509,4 +486,33 @@ object RealExamples {
     ),
   )
 
+  val YubikeyBio_5_5_4 = Example(
+    RelyingPartyIdentity
+      .builder()
+      .id("demo.yubico.com")
+      .name("YubicoDemo")
+      .build(),
+    UserIdentity
+      .builder()
+      .name("Yubico demo user")
+      .displayName("Yubico demo user")
+      .id(ByteArray.fromBase64("n5iF3+LH/w9yfgIgEWdFL99YAD8PMpG41PEPzzV1RSc="))
+      .build(),
+    AttestationExample(
+      base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnJIQmg3Q01yZElYTE0zMFBkOFZ1Ulg3TV9xVXl5VEpCWDRUN2xONUVRRSIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ=="),
+      ByteArray.fromBase64("o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgGSqwfT67zXQVsgBU/TvN1MGbZkR5KEyzzMMbS9cJQJsCIDZJ90wxLjNnpzNZ+Ns64cmgwixb0CJcXdfVM35EBgm0Y3g1Y4FZAt0wggLZMIIBwaADAgECAgkAtcaOPpfL6PYwDQYJKoZIhvcNAQELBQAwLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMG8xCzAJBgNVBAYTAlNFMRIwEAYDVQQKDAlZdWJpY28gQUIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDEwNDk1NDQzNzMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQXmY7aJqXBb5wsBbCAeJFdFa3Fzz8VU1qdJxUCgPf2MNcoMnikaKg0yp/bakKjCNIqmsb75RhUzS5UQHwVOAe0o4GBMH8wEwYKKwYBBAGCxAoNAQQFBAMFBQQwIgYJKwYBBAGCxAoCBBUxLjMuNi4xLjQuMS40MTQ4Mi4xLjkwEwYLKwYBBAGC5RwCAQEEBAMCBSAwIQYLKwYBBAGC5RwBAQQEEgQQ2FItn1dbSGaIqbqZ+gLzWzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB9yNliBCNlTGBrhYTTqHJm73KjMszL24buZcvifix+GRYk7D8I0/BQ20mQ/CITqqGTr5cvxjIKVw/2ed+326hITlhaWiwwEnwuI5afqwd72ObWczklHNvoV+uWtM9YVfk9H7VZqtQTMb3m8O+UWmkCGxLdqTprgTUSF/Tmk6KPyF1S6es6RJvk9vxyJ0T/EFkr9yAPlDzqtc9hEAUEPP5xpzEWRYon6T12AUW6wQwlkiA8q4gFIQfTGks1JX6ob/1nTvigO3EYB4wP3EIAJ+0HkpprKKDl4mRv/7b/BPuANq4jMr/9YkYs8XrmuUHdF0PwRzYPN4KtovuG0YdFA0ObaGF1dGhEYXRhWMTEbO+CrRtUZHdZHQCLCHWew+bS7LTzlHS/6mlpkl0Dt0UAAAAB2FItn1dbSGaIqbqZ+gLzWwBAvPVBBCgvthNO8DNbim45zueAndDzuMAQDBXL/bVsH9uXfKkrza7ya2DM/xka1hYW+K2d97qNRJmoAeetc5haaKUBAgMmIAEhWCDqr+a3QuoQk4VqspgOfHlkS2Rk+NpsHL5Rs4rbxE2DQiJYICjaw5BRuZKz5CPZRjiDJFOq51wbOrUggICGmC88+ZXq"),
+    ),
+    AssertionExample(
+      id =
+        ByteArray.fromBase64Url("vPVBBCgvthNO8DNbim45zueAndDzuMAQDBXL_bVsH9uXfKkrza7ya2DM_xka1hYW-K2d97qNRJmoAeetc5haaA"),
+      clientData =
+        base64ToString("eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiOVVHcG1JOXdkM004dF9yUGFZMVRyWXd1LVVranRUdHV1N2RGcHlyNGtDOCIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ=="),
+      authDataBytes = ByteArray.fromBase64(
+        "xGzvgq0bVGR3WR0Aiwh1nsPm0uy085R0v+ppaZJdA7cFAAAABA=="
+      ),
+      sig =
+        ByteArray.fromBase64("MEUCIGM9xK+AHlLTv3mJLagZuNlLijI86T2SzkyAy3NidembAiEA6Y3I5GPYnRoHKil4R8yCSHUFZdgc59GO1KfsoHYhA3o="),
+    ),
+  )
+
 }