Expose attestation certificates in attestation response. (#302)

* Expose attestation certificates in attestation response.

Fixes #299

* Add nullability annotations as per review comments.

Author: boomer41

Src/Fido2.Models/Objects/AttestationVerificationSuccess.cs

@@ -1,4 +1,5 @@
-using System.Text.Json.Serialization;
+using System.Security.Cryptography.X509Certificates;
+using System.Text.Json.Serialization;
 
 namespace Fido2NetLib.Objects
 {
@@ -13,5 +14,9 @@ public class AttestationVerificationSuccess : AssertionVerificationResult
         public Fido2User User { get; set; }
         public string CredType { get; set; }
         public System.Guid Aaguid { get; set; }
+#nullable enable
+        public X509Certificate2? AttestationCertificate { get; set; }
+#nullable disable
+        public X509Certificate2[] AttestationCertificateChain { get; set; }
     }
 }

Src/Fido2/AuthenticatorAttestationResponse.cs

@@ -241,6 +241,8 @@ static bool ContainsAttestationType(MetadataBLOBPayloadEntry entry, MetadataAtte
                 Counter = authData.SignCount,
                 CredType = AttestationObject.Fmt,
                 Aaguid = authData.AttestedCredentialData.AaGuid,
+                AttestationCertificate = trustPath?.FirstOrDefault(),
+                AttestationCertificateChain = trustPath ?? Array.Empty<X509Certificate2>(),
             };
 
             return result;