Improve Code Quality 5 (#259)

* [Tests] Minor formats

* Eliminate unnecessary X509Certificate2 allocations

* Move properties below constructor

* Presize CborArray when size is known

* Format CredentialPublicKey

* Use init properties in AuthenticatorAssertionResponse

* Format AttestationFormat

* Use DateTimeOffset.UnixEpoch and differentiate between missing and invalid timestampMs

* Remove unused using statement

* Remove leftover test logic

Author: iamcarbon

Src/Fido2/AttestationFormat/AndroidKey.cs

@@ -151,25 +151,37 @@ public override (AttestationType, X509Certificate2[]) Verify()
 
             // 2. Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash 
             // using the attestation public key in attestnCert with the algorithm specified in alg
-            if (!(X5c is CborArray { Length: > 0 } x5cArray && x5cArray[0] is CborByteString { Length: > 0 }))
+            if (!(X5c is CborArray { Length: > 0 } x5cArray))
                 throw new Fido2VerificationException("Malformed x5c in android-key attestation");
 
+            if (!(Alg is CborInteger))
+                throw new Fido2VerificationException("Invalid android key attestation algorithm");
 
-            X509Certificate2 androidKeyCert;
-            ECDsa androidKeyPubKey;
-            try
-            {
-                androidKeyCert = new X509Certificate2((byte[])x5cArray[0]);
-                androidKeyPubKey = androidKeyCert.GetECDsaPublicKey()!; // attestation public key
-            }
-            catch (Exception ex)
+            var alg = (COSE.Algorithm)(int)Alg;
+            var trustPath = new X509Certificate2[x5cArray.Length];
+
+            for (int i = 0; i < x5cArray.Length; i++)
             {
-                throw new Fido2VerificationException("Failed to extract public key from android key: " + ex.Message, ex);
+                if (x5cArray[i] is CborByteString { Length: > 0 } x5cObject)
+                {
+                    try
+                    {
+                        trustPath[i] = new X509Certificate2(x5cObject.Value);
+                    }
+                    catch (Exception ex) when (i is 0)
+                    {
+                        throw new Fido2VerificationException("Failed to extract public key from android key: " + ex.Message, ex);
+                    }
+                }
+                else
+                {
+                    throw new Fido2VerificationException("Malformed x5c in android-key attestation");
+                }
             }
 
-            if (!(Alg is CborInteger))
-                throw new Fido2VerificationException("Invalid android key attestation algorithm");
-
+            X509Certificate2 androidKeyCert = trustPath[0];
+            ECDsa androidKeyPubKey = androidKeyCert.GetECDsaPublicKey()!; // attestation public key
+          
             byte[] ecsig;
             try
             {
@@ -180,7 +192,7 @@ public override (AttestationType, X509Certificate2[]) Verify()
                 throw new Fido2VerificationException("Failed to decode android key attestation signature from ASN.1 encoded form", ex);
             }
 
-            if (!androidKeyPubKey.VerifyData(Data, ecsig, CryptoUtils.HashAlgFromCOSEAlg((COSE.Algorithm)(int)Alg)))
+            if (!androidKeyPubKey.VerifyData(Data, ecsig, CryptoUtils.HashAlgFromCOSEAlg(alg)))
                 throw new Fido2VerificationException("Invalid android key attestation signature");
 
             // 3. Verify that the public key in the first certificate in x5c matches the credentialPublicKey in the attestedCredentialData in authenticatorData.
@@ -217,10 +229,6 @@ public override (AttestationType, X509Certificate2[]) Verify()
             if (!IsPurposeSign(attExtBytes))
                 throw new Fido2VerificationException("Found purpose field not set to KM_PURPOSE_SIGN in android key attestation certificate extension");
 
-            var trustPath = x5cArray.Values
-                .Select(x => new X509Certificate2((byte[])x))
-                .ToArray();
-
             return (AttestationType.Basic, trustPath);
         }
     }

Src/Fido2/AttestationFormat/AndroidSafetyNet.cs

@@ -42,12 +42,12 @@ public override (AttestationType, X509Certificate2[]) Verify()
             }
 
             // 2. Verify that response is a valid SafetyNet response of version ver
-            var ver = (string)attStmt["ver"];
+            var ver = (string)attStmt["ver"]!;
 
             if (!(attStmt["response"] is CborByteString { Length: > 0}))
                 throw new Fido2VerificationException("Invalid response in SafetyNet data");
 
-            var response = (byte[])attStmt["response"];
+            var response = (byte[])attStmt["response"]!;
             var responseJWT = Encoding.UTF8.GetString(response);
 
             if (string.IsNullOrWhiteSpace(responseJWT))
@@ -71,12 +71,11 @@ public override (AttestationType, X509Certificate2[]) Verify()
                 throw new Fido2VerificationException("No keys were present in the TOC header in SafetyNet response JWT");
 
             var certs = new X509Certificate2[x5cStrings.Length];
-            var keys = new List<SecurityKey>();
+            var keys = new List<SecurityKey>(certs.Length);
 
             for (int i = 0; i < certs.Length; i++)
             {
-                var certString = x5cStrings[i];
-                var cert = GetX509Certificate(certString);
+                var cert = GetX509Certificate(x5cStrings[i]);
                 certs[i] = cert;
 
                 if (cert.GetECDsaPublicKey() is ECDsa ecdsaPublicKey)
@@ -109,9 +108,9 @@ public override (AttestationType, X509Certificate2[]) Verify()
                 throw new Fido2VerificationException("SafetyNet response security token validation failed", ex);
             }
 
-            var nonce = "";
+            string? nonce = null;
             bool? ctsProfileMatch = null;
-            var timestampMs = DateTimeHelper.UnixEpoch;
+            DateTimeOffset? timestamp = null;
 
             var jwtToken = (JwtSecurityToken)validatedToken;
 
@@ -127,19 +126,24 @@ public override (AttestationType, X509Certificate2[]) Verify()
                 }
                 if (claim is { Type: "timestampMs", ValueType: "http://www.w3.org/2001/XMLSchema#integer64" })
                 {
-                    timestampMs = DateTimeHelper.UnixEpoch.AddMilliseconds(double.Parse(claim.Value));
+                    timestamp = DateTimeOffset.UnixEpoch.AddMilliseconds(double.Parse(claim.Value));
                 }
             }
 
-            var notAfter = DateTime.UtcNow.AddMilliseconds(_driftTolerance);
-            var notBefore = DateTime.UtcNow.AddMinutes(-1).AddMilliseconds(-(_driftTolerance));
-            if ((notAfter < timestampMs) || ((notBefore) > timestampMs))
+            if (!timestamp.HasValue)
             {
-                throw new Fido2VerificationException($"SafetyNet timestampMs must be present and between one minute ago and now, got: {timestampMs}");
+                throw new Fido2VerificationException($"SafetyNet timestampMs not found SafetyNet attestation");
+            }
+
+            var notAfter = DateTimeOffset.UtcNow.AddMilliseconds(_driftTolerance);
+            var notBefore = DateTimeOffset.UtcNow.AddMinutes(-1).AddMilliseconds(-(_driftTolerance));
+            if ((notAfter < timestamp) || ((notBefore) > timestamp.Value))
+            {
+                throw new Fido2VerificationException($"SafetyNet timestampMs must be between one minute ago and now, got: {timestamp:o}");
             }
 
             // 3. Verify that the nonce in the response is identical to the SHA-256 hash of the concatenation of authenticatorData and clientDataHash
-            if (nonce is "")
+            if (string.IsNullOrEmpty(nonce))
                 throw new Fido2VerificationException("Nonce value not found in SafetyNet attestation");
 
             byte[] nonceHash;

Src/Fido2/AttestationFormat/Apple.cs

@@ -50,9 +50,12 @@ public override (AttestationType, X509Certificate2[]) Verify()
             // 2. Verify x5c is a valid certificate chain starting from the credCert to the Apple WebAuthn root certificate.
             // This happens in AuthenticatorAttestationResponse.VerifyAsync using metadata from MDS3
 
-            var trustPath = x5cArray.Values
-                .Select(x => new X509Certificate2((byte[])x))
-                .ToArray();
+            var trustPath = new X509Certificate2[x5cArray.Length];
+
+            for (int i = 0; i < trustPath.Length; i++)
+            {
+                trustPath[i] = new X509Certificate2((byte[])x5cArray[i]);
+            }
 
             // credCert is the first certificate in the trust path
             var credCert = trustPath[0];
@@ -72,7 +75,7 @@ public override (AttestationType, X509Certificate2[]) Verify()
 
             // 6. Verify credential public key matches the Subject Public Key of credCert.
             // First, obtain COSE algorithm being used from credential public key
-            var coseAlg = (int)CredentialPublicKey[COSE.KeyCommonParameter.Alg];
+            var coseAlg = (COSE.Algorithm)(int)CredentialPublicKey[COSE.KeyCommonParameter.Alg];
 
             // Next, build temporary CredentialPublicKey for comparison from credCert and COSE algorithm
             var cpk = new CredentialPublicKey(credCert, coseAlg);

Src/Fido2/AttestationFormat/AttestationFormat.cs

@@ -26,7 +26,7 @@ internal static byte[] AaguidFromAttnCertExts(X509ExtensionCollection exts)
         {
             byte[] aaguid = null;
             var ext = exts.Cast<X509Extension>().FirstOrDefault(e => e.Oid.Value is "1.3.6.1.4.1.45724.1.1.4"); // id-fido-gen-ce-aaguid
-            if (null != ext)
+            if (ext != null)
             {
                 var decodedAaguid = Asn1Element.Decode(ext.RawData);
                 decodedAaguid.CheckTag(Asn1Tag.PrimitiveOctetString);
@@ -39,6 +39,7 @@ internal static byte[] AaguidFromAttnCertExts(X509ExtensionCollection exts)
 
             return aaguid;
         }
+
         internal static bool IsAttnCertCACert(X509ExtensionCollection exts)
         {
             var ext = exts.Cast<X509Extension>().FirstOrDefault(e => e.Oid.Value is "2.5.29.19");
@@ -49,6 +50,7 @@ internal static bool IsAttnCertCACert(X509ExtensionCollection exts)
 
             return true;
         }
+
         internal static byte U2FTransportsFromAttnCert(X509ExtensionCollection exts)
         {
             var u2ftransports = new byte();
@@ -73,6 +75,7 @@ internal static byte U2FTransportsFromAttnCert(X509ExtensionCollection exts)
 
             return u2ftransports;
         }
+
         public virtual (AttestationType, X509Certificate2[]) Verify(CborMap attStmt, byte[] authenticatorData, byte[] clientDataHash)
         {
             this.attStmt = attStmt;

Src/Fido2/AttestationFormat/FidoU2f.cs

@@ -1,5 +1,4 @@
 using System;
-using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
@@ -90,9 +89,8 @@ public override (AttestationType, X509Certificate2[]) Verify()
                 throw new Fido2VerificationException("Invalid fido-u2f attestation signature");
 
             // 7. Optionally, inspect x5c and consult externally provided knowledge to determine whether attStmt conveys a Basic or AttCA attestation
-            var trustPath = ((CborArray)X5c).Values
-                .Select(x => new X509Certificate2((byte[])x))
-                .ToArray();
+
+            var trustPath = new X509Certificate2[1] { attCert };
 
             return (AttestationType.AttCa, trustPath);
         }

Src/Fido2/AttestationFormat/Packed.cs

@@ -9,14 +9,16 @@ namespace Fido2NetLib
 {
     internal class Packed : AttestationVerifier
     {
+        private static readonly string[] s_newLine = new string[] { Environment.NewLine };
+
         public static bool IsValidPackedAttnCertSubject(string attnCertSubj)
         {
             // parse the DN string using standard rules
             var dictSubjectObj = new X500DistinguishedName(attnCertSubj);
 
             // form the string for splitting using new lines to avoid issues with commas
             var dictSubjectString = dictSubjectObj.Decode(X500DistinguishedNameFlags.UseNewLines); 
-            var dictSubject = dictSubjectString.Split(new string[] { Environment.NewLine }, StringSplitOptions.None)
+            var dictSubject = dictSubjectString.Split(s_newLine, StringSplitOptions.None)
                                           .Select(part => part.Split('='))
                                           .ToDictionary(split => split[0], split => split[1]);
 
@@ -37,35 +39,44 @@ public override (AttestationType, X509Certificate2[]?) Verify()
             if (!(Sig is CborByteString { Length: > 0 }))
                 throw new Fido2VerificationException("Invalid packed attestation signature");
 
-            if (Alg is null || Alg is not CborInteger)
+            if (!(Alg is CborInteger))
                 throw new Fido2VerificationException("Invalid packed attestation algorithm");
 
+            var alg = (COSE.Algorithm)(int)Alg;
+
             // 2. If x5c is present, this indicates that the attestation type is not ECDAA
             if (X5c != null)
             {
                 if (!(X5c is CborArray { Length: > 0 } x5cArray) || EcdaaKeyId != null)
                     throw new Fido2VerificationException("Malformed x5c array in packed attestation statement");
 
-                var enumerator = x5cArray.Values.GetEnumerator();
-                while (enumerator.MoveNext())
+                var trustPath = new X509Certificate2[x5cArray.Length];
+
+                for (int i = 0; i < trustPath.Length; i++)
                 {
-                    if (!(enumerator.Current is CborByteString {  Length: > 0 }))
+                    if (X5c[i] is CborByteString { Length: > 0 } x5cObject)
+                    {
+                        var x5cCert = new X509Certificate2(x5cObject.Value);
+
+                        // X509Certificate2.NotBefore/.NotAfter return LOCAL DateTimes, so
+                        // it's correct to compare using DateTime.Now.
+                        if (DateTime.Now < x5cCert.NotBefore || DateTime.Now > x5cCert.NotAfter)
+                            throw new Fido2VerificationException("Packed signing certificate expired or not yet valid");
+
+                        trustPath[i] = x5cCert;
+                    }
+                    else
+                    {
                         throw new Fido2VerificationException("Malformed x5c cert found in packed attestation statement");
-
-                    var x5ccert = new X509Certificate2((byte[])enumerator.Current);
-
-                    // X509Certificate2.NotBefore/.NotAfter return LOCAL DateTimes, so
-                    // it's correct to compare using DateTime.Now.
-                    if (DateTime.Now < x5ccert.NotBefore || DateTime.Now > x5ccert.NotAfter)
-                        throw new Fido2VerificationException("Packed signing certificate expired or not yet valid");
+                    }                   
                 }
 
                 // The attestation certificate attestnCert MUST be the first element in the array.
-                var attestnCert = new X509Certificate2((byte[])x5cArray[0]);
+                X509Certificate2 attestnCert = trustPath[0];
 
                 // 2a. Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash 
                 // using the attestation public key in attestnCert with the algorithm specified in alg
-                var cpk = new CredentialPublicKey(attestnCert, (int)Alg);
+                var cpk = new CredentialPublicKey(attestnCert, alg);
 
                 if (!cpk.Verify(Data, (byte[])Sig))
                     throw new Fido2VerificationException("Invalid full packed signature");
@@ -92,18 +103,15 @@ public override (AttestationType, X509Certificate2[]?) Verify()
                 // 2c. If attestnCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) verify that the value of this extension matches the aaguid in authenticatorData
                 if (aaguid != null)
                 {
-                    if (0 != AttestedCredentialData.FromBigEndian(aaguid).CompareTo(AuthData.AttestedCredentialData.AaGuid))
+                    if (AttestedCredentialData.FromBigEndian(aaguid).CompareTo(AuthData.AttestedCredentialData.AaGuid) != 0)
                         throw new Fido2VerificationException("aaguid present in packed attestation cert exts but does not match aaguid from authData");
                 }
 
                 // id-fido-u2f-ce-transports 
                 byte u2ftransports = U2FTransportsFromAttnCert(attestnCert.Extensions);
 
                 // 2d. Optionally, inspect x5c and consult externally provided knowledge to determine whether attStmt conveys a Basic or AttCA attestation
-                var trustPath = x5cArray.Values
-                    .Select(x => new X509Certificate2((byte[])x))
-                    .ToArray();
-
+                
                 return (AttestationType.AttCa, trustPath);
             }
 
@@ -124,7 +132,7 @@ public override (AttestationType, X509Certificate2[]?) Verify()
             else
             {
                 // 4a. Validate that alg matches the algorithm of the credentialPublicKey in authenticatorData
-                if (!AuthData.AttestedCredentialData.CredentialPublicKey.IsSameAlg((COSE.Algorithm)(int)Alg))
+                if (!AuthData.AttestedCredentialData.CredentialPublicKey.IsSameAlg(alg))
                     throw new Fido2VerificationException("Algorithm mismatch between credential public key and authenticator data in self attestation statement");
 
                 // 4b. Verify that sig is a valid signature over the concatenation of authenticatorData and