Cleanups

Author: MackinnonBuck

src/Identity/Extensions.Core/src/AuthenticatorSelectionCriteria.cs renamed to src/Identity/Core/src/AuthenticatorSelectionCriteria.cs

@@ -1,8 +1,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System;
-
 namespace Microsoft.AspNetCore.Identity;
 
 /// <summary>

src/Identity/Core/src/IdentityJsonSerializerContext.cs

@@ -11,5 +11,8 @@ namespace Microsoft.AspNetCore.Identity;
 [JsonSerializable(typeof(PublicKeyCredentialRequestOptions))]
 [JsonSerializable(typeof(PublicKeyCredential<AuthenticatorAssertionResponse>))]
 [JsonSerializable(typeof(PublicKeyCredential<AuthenticatorAttestationResponse>))]
-[JsonSourceGenerationOptions(JsonSerializerDefaults.Web, DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull)]
+[JsonSourceGenerationOptions(
+    JsonSerializerDefaults.Web,
+    DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
+    RespectNullableAnnotations = true)]
 internal partial class IdentityJsonSerializerContext : JsonSerializerContext;

src/Identity/Core/src/PasskeyExceptionExtensions.cs

@@ -1,7 +1,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System.Formats.Cbor;
 using System.Text.Json;
 
 namespace Microsoft.AspNetCore.Identity;
@@ -14,7 +13,7 @@ public static PasskeyException InvalidCredentialType(string expectedType, string
             => new($"Expected credential type '{expectedType}', got '{actualType}'.");
 
         public static PasskeyException InvalidClientDataType(string expectedType, string actualType)
-            => new($"Expected the 'type' field of client data to be '{expectedType}', but it was actually '{actualType}'.");
+            => new($"Expected the client data JSON 'type' field to be '{expectedType}', got '{actualType}'.");
 
         public static PasskeyException InvalidChallenge()
             => new("The authenticator response challenge does not match original challenge.");
@@ -91,7 +90,7 @@ public static PasskeyException SignCountLessThanStoredSignCount()
         public static PasskeyException InvalidAttestationObject(Exception ex)
             => new($"An exception occurred while parsing the attestation object: {ex.Message}", ex);
 
-        public static PasskeyException InvalidAttestationObjectFormat(CborContentException ex)
+        public static PasskeyException InvalidAttestationObjectFormat(Exception ex)
             => new("The attestation object had an invalid format.", ex);
 
         public static PasskeyException MissingAttestationStatementFormat()
@@ -104,13 +103,13 @@ public static PasskeyException MissingAuthenticatorData()
             => new("The attestation object did not include authenticator data.");
 
         public static PasskeyException InvalidAuthenticatorDataLength(int length)
-            => new($"The authenticator data had an invalid length of {length} bytes.");
+            => new($"The authenticator data had an invalid byte count of {length}.");
 
         public static PasskeyException InvalidAuthenticatorDataFormat(Exception? ex = null)
             => new($"The authenticator data had an invalid format.", ex);
 
         public static PasskeyException InvalidAttestedCredentialDataLength(int length)
-            => new($"The attested credential data had an invalid length of {length} bytes.");
+            => new($"The attested credential data had an invalid byte count of {length}.");
 
         public static PasskeyException InvalidAttestedCredentialDataFormat(Exception? ex = null)
             => new($"The attested credential data had an invalid format.", ex);

src/Identity/Core/src/Passkeys/AttestationObject.cs

@@ -51,6 +51,10 @@ public static AttestationObject Parse(ReadOnlyMemory<byte> data)
         {
             throw PasskeyException.InvalidAttestationObjectFormat(ex);
         }
+        catch (InvalidOperationException ex)
+        {
+            throw PasskeyException.InvalidAttestationObjectFormat(ex);
+        }
         catch (Exception ex)
         {
             throw PasskeyException.InvalidAttestationObject(ex);

src/Identity/Core/src/Passkeys/CredentialPublicKey.cs

@@ -69,7 +69,7 @@ public bool Verify(ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature)
         return _type switch
         {
             COSEKeyType.EC2 => _ecdsa!.VerifyData(data, signature, HashAlgFromCOSEAlg(_alg), DSASignatureFormat.Rfc3279DerSequence),
-            COSEKeyType.RSA => _rsa!.VerifyData(data, signature, HashAlgFromCOSEAlg(_alg), Padding),
+            COSEKeyType.RSA => _rsa!.VerifyData(data, signature, HashAlgFromCOSEAlg(_alg), GetRSASignaturePadding()),
             _ => throw new InvalidOperationException($"Missing or unknown kty {_type}"),
         };
     }
@@ -159,31 +159,29 @@ static bool IsValidKtyCrvCombination(COSEKeyType kty, COSEEllipticCurve crv)
         }
     }
 
-    internal RSASignaturePadding Padding
+    private RSASignaturePadding GetRSASignaturePadding()
     {
-        get
+        if (_type != COSEKeyType.RSA)
         {
-            if (_type != COSEKeyType.RSA)
-            {
-                throw new InvalidOperationException($"Must be a RSA key. Was {_type}");
-            }
-
-            switch (_alg) // https://www.iana.org/assignments/cose/cose.xhtml#algorithms
-            {
-                case COSEAlgorithmIdentifier.PS256:
-                case COSEAlgorithmIdentifier.PS384:
-                case COSEAlgorithmIdentifier.PS512:
-                    return RSASignaturePadding.Pss;
-
-                case COSEAlgorithmIdentifier.RS1:
-                case COSEAlgorithmIdentifier.RS256:
-                case COSEAlgorithmIdentifier.RS384:
-                case COSEAlgorithmIdentifier.RS512:
-                    return RSASignaturePadding.Pkcs1;
-                default:
-                    throw new InvalidOperationException($"Missing or unknown alg {_alg}");
-            }
+            throw new InvalidOperationException($"Cannot get RSA signature padding for key type {_type}.");
         }
+
+        // https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+        return _alg switch
+        {
+            COSEAlgorithmIdentifier.PS256 or
+            COSEAlgorithmIdentifier.PS384 or
+            COSEAlgorithmIdentifier.PS512
+            => RSASignaturePadding.Pss,
+
+            COSEAlgorithmIdentifier.RS1 or
+            COSEAlgorithmIdentifier.RS256 or
+            COSEAlgorithmIdentifier.RS384 or
+            COSEAlgorithmIdentifier.RS512
+            => RSASignaturePadding.Pkcs1,
+
+            _ => throw new InvalidOperationException($"Missing or unknown alg {_alg}"),
+        };
     }
 
     private static HashAlgorithmName HashAlgFromCOSEAlg(COSEAlgorithmIdentifier alg)

src/Identity/Core/src/Passkeys/PublicKeyCredential.cs

@@ -12,7 +12,7 @@ namespace Microsoft.AspNetCore.Identity;
 /// See <see href="https://www.w3.org/TR/webauthn-3/#typedefdef-publickeycredentialjson" />
 /// </remarks>
 internal sealed class PublicKeyCredential<TResponse>
-    where TResponse : AuthenticatorResponse
+    where TResponse : notnull, AuthenticatorResponse
 {
     /// <summary>
     /// Gets or sets the credential ID.

src/Identity/Core/src/PublicAPI.Unshipped.txt

@@ -1,4 +1,13 @@
 #nullable enable
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorAttachment.get -> string?
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorAttachment.set -> void
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteria() -> void
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.RequireResidentKey.get -> bool
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.ResidentKey.get -> string?
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.ResidentKey.set -> void
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.UserVerification.get -> string!
+Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.UserVerification.set -> void
 Microsoft.AspNetCore.Identity.DefaultPasskeyHandler<TUser>
 Microsoft.AspNetCore.Identity.DefaultPasskeyHandler<TUser>.DefaultPasskeyHandler(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Identity.IdentityOptions!>! options) -> void
 Microsoft.AspNetCore.Identity.DefaultPasskeyHandler<TUser>.PerformAssertionAsync(Microsoft.AspNetCore.Identity.PasskeyAssertionContext<TUser!>! context) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.PasskeyAssertionResult<TUser!>!>!

src/Identity/Core/src/SignInManager.cs

@@ -585,7 +585,7 @@ public virtual async Task<PasskeyCreationOptions> ConfigurePasskeyCreationOption
 
         var props = new AuthenticationProperties();
         props.Items[PasskeyCreationOptionsKey] = options.AsJson();
-        var claimsIdentity = new ClaimsIdentity(new ClaimsIdentity(IdentityConstants.TwoFactorUserIdScheme));
+        var claimsIdentity = new ClaimsIdentity(IdentityConstants.TwoFactorUserIdScheme);
         claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, options.UserEntity.Id));
         claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, options.UserEntity.Name));
         claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, options.UserEntity.DisplayName));
@@ -679,7 +679,7 @@ public virtual async Task<PasskeyRequestOptions> ConfigurePasskeyRequestOptionsA
 
         var props = new AuthenticationProperties();
         props.Items[PasskeyRequestOptionsKey] = options.AsJson();
-        var claimsIdentity = new ClaimsIdentity(new ClaimsIdentity(IdentityConstants.TwoFactorUserIdScheme));
+        var claimsIdentity = new ClaimsIdentity(IdentityConstants.TwoFactorUserIdScheme);
 
         if (options.UserId is { } userId)
         {

src/Identity/Extensions.Core/src/PublicAPI.Unshipped.txt

@@ -1,14 +1,5 @@
 #nullable enable
 *REMOVED*Microsoft.AspNetCore.Identity.UserLoginInfo.UserLoginInfo(string! loginProvider, string! providerKey, string? displayName) -> void
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorAttachment.get -> string?
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorAttachment.set -> void
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteria() -> void
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.RequireResidentKey.get -> bool
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.ResidentKey.get -> string?
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.ResidentKey.set -> void
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.UserVerification.get -> string!
-Microsoft.AspNetCore.Identity.AuthenticatorSelectionCriteria.UserVerification.set -> void
 Microsoft.AspNetCore.Identity.IdentityOptions.Passkey.get -> Microsoft.AspNetCore.Identity.PasskeyOptions!
 Microsoft.AspNetCore.Identity.IdentityOptions.Passkey.set -> void
 Microsoft.AspNetCore.Identity.IUserPasskeyStore<TUser>