passwordless-lib
diff --git a/‎Src/Fido2/Fido2.csproj
Lines changed: 1 addition & 1 deletion b/‎Src/Fido2/Fido2.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs
Lines changed: 10 additions & 8 deletions b/‎Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs
Lines changed: 10 additions & 8 deletions
diff --git a/‎Test/Attestation/AndroidKey.cs
Lines changed: 47 additions & 47 deletions b/‎Test/Attestation/AndroidKey.cs
Lines changed: 47 additions & 47 deletions
diff --git a/‎Test/Attestation/AndroidSafetyNet.cs
Lines changed: 110 additions & 92 deletions b/‎Test/Attestation/AndroidSafetyNet.cs
Lines changed: 110 additions & 92 deletions
diff --git a/‎Test/Attestation/Apple.cs
Lines changed: 12 additions & 12 deletions b/‎Test/Attestation/Apple.cs
Lines changed: 12 additions & 12 deletions
diff --git a/‎Test/Attestation/FidoU2f.cs
Lines changed: 35 additions & 35 deletions b/‎Test/Attestation/FidoU2f.cs
Lines changed: 35 additions & 35 deletions
diff --git a/‎Test/Attestation/None.cs
Lines changed: 1 addition & 1 deletion b/‎Test/Attestation/None.cs
Lines changed: 1 addition & 1 deletion
@@ -22,7 +22,7 @@
     <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
     <PackageReference Include="NSec.Cryptography" Version="22.4.0" />
     <PackageReference Include="System.Formats.Cbor" Version="6.0.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.2" />
   </ItemGroup>
 
   <ItemGroup>
 
@@ -163,8 +163,8 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r
         if (blobCerts.Length > 1)
         {
             certChain.ChainPolicy.ExtraStore.AddRange(blobCerts.Skip(1).ToArray());
-        }
-
+        }
+
         var certChainIsValid = certChain.Build(blobCerts[0]);
         // if the root is trusted in the context we are running in, valid should be true here
         if (!certChainIsValid)
@@ -180,22 +180,24 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r
                 }
             }
 
+            #pragma warning disable format
             // otherwise we have to manually validate that the root in the chain we are testing is the root we downloaded
-            if (rootCert.Thumbprint == certChain.ChainElements[^1].Certificate.Thumbprint &&
-                // and that the number of elements in the chain accounts for what was in x5c plus the root we added
-                certChain.ChainElements.Count == (x5cRawKeys.Length + 1) &&
-                // and that the root cert has exactly one status with the value of UntrustedRoot
+            if (rootCert.Thumbprint == certChain.ChainElements[^1].Certificate.Thumbprint &&
+                // and that the number of elements in the chain accounts for what was in x5c plus the root we added
+                certChain.ChainElements.Count == (x5cRawKeys.Length + 1) &&
+                // and that the root cert has exactly one status with the value of UntrustedRoot
                 certChain.ChainElements[^1].ChainElementStatus is [{ Status: X509ChainStatusFlags.UntrustedRoot }])
             {
                 // if we are good so far, that is a good sign
                 certChainIsValid = true;
-                for (var i = 0; i < certChain.ChainElements.Count - 1; i++)
+                for (int i = 0; i < certChain.ChainElements.Count - 1; i++)
                 {
                     // check each non-root cert to verify zero status listed against it, otherwise, invalidate chain
-                    if (0 != certChain.ChainElements[i].ChainElementStatus.Length)
+                    if (certChain.ChainElements[i].ChainElementStatus.Length != 0)
                         certChainIsValid = false;
                 }
             }
+            #pragma warning restore format
         }
 
         if (!certChainIsValid)
 
@@ -80,7 +80,7 @@ public async Task TestAppleMissingX5c()
     {
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", CborNull.Instance);
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
         Assert.Equal(Fido2ErrorMessages.MalformedX5c_AppleAttestation, ex.Message);
     }
 
@@ -89,7 +89,7 @@ public async Task TestAppleX5cNotArray()
     {
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", new CborTextString("boomerang"));
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal(Fido2ErrorMessages.MalformedX5c_AppleAttestation, ex.Message);
@@ -101,7 +101,7 @@ public async Task TestAppleX5cCountNotOne()
         var emptyX5c = new CborArray { new byte[0], new byte[0] };
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", emptyX5c);
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal(Fido2ErrorMessages.MalformedX5c_AppleAttestation, ex.Message);
@@ -112,7 +112,7 @@ public async Task TestAppleX5cValueNotByteString()
     {
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", new CborTextString("x"));
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal(Fido2ErrorMessages.MalformedX5c_AppleAttestation, ex.Message);
@@ -123,14 +123,14 @@ public async Task TestAppleX5cValueZeroLengthByteString()
     {
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", new CborArray { new byte[0] });
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal(Fido2ErrorMessages.MalformedX5c_AppleAttestation, ex.Message);
     }
 
     [Fact]
-    public void TestAppleCertMissingExtension()
+    public async Task TestAppleCertMissingExtension()
     {
         var invalidX5cStrings = validX5cStrings;
         var invalidCert = Convert.FromBase64String(invalidX5cStrings[0]);
@@ -147,8 +147,8 @@ public void TestAppleCertMissingExtension()
         };
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", x5c);
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Extension with OID 1.2.840.113635.100.8.2 not found on Apple attestation credCert", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Extension with OID 1.2.840.113635.100.8.2 not found on Apple attestation credCert", ex.Message);
     }
 
     [Fact]
@@ -169,14 +169,14 @@ public async Task TestAppleCertCorruptExtension()
         };
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", x5c);
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal("Apple attestation extension has invalid data", ex.Message);
     }
 
     [Fact]
-    public void TestAppleInvalidNonce()
+    public async Task TestAppleInvalidNonce()
     {
         var trustPath = validX5cStrings
             .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
@@ -188,8 +188,8 @@ public void TestAppleInvalidNonce()
         };
         var attStmt = (CborMap)_attestationObject["attStmt"];
         attStmt.Set("x5c", x5c);
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Mismatch between nonce and credCert attestation extension in Apple attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Mismatch between nonce and credCert attestation extension in Apple attestation", ex.Message);
     }
 
     [Fact]
 
@@ -53,7 +53,7 @@ public FidoU2f()
     }
 
     [Fact]
-    public async void TestU2f()
+    public async Task TestU2f()
     {
         var res = await MakeAttestationResponseAsync();
         Assert.Equal(string.Empty, res.ErrorMessage);
@@ -74,54 +74,54 @@ public async void TestU2f()
     public async Task TestU2fWithAaguid()
     {
         _aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal("Aaguid was not empty parsing fido-u2f attestation statement", ex.Message);
     }
 
     [Fact]
-    public void TestU2fMissingX5c()
+    public async Task TestU2fMissingX5c()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("x5c", CborNull.Instance);
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);
     }
 
     [Fact]
-    public void TestU2fX5cNotArray()
+    public async Task TestU2fX5cNotArray()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborTextString("boomerang"));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);
     }
 
     [Fact]
-    public void TestU2fX5cCountNotOne()
+    public async Task TestU2fX5cCountNotOne()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborArray { new byte[0], new byte[0] });
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);
     }
 
     [Fact]
-    public void TestU2fX5cValueNotByteString()
+    public async Task TestU2fX5cValueNotByteString()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborTextString("x"));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);
     }
 
     [Fact]
-    public void TestU2fX5cValueZeroLengthByteString()
+    public async Task TestU2fX5cValueZeroLengthByteString()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborArray { new byte[0] });
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);
     }
 
     [Fact]
-    public void TestU2fAttCertNotP256()
+    public async Task TestU2fAttCertNotP256()
     {
         using (var ecdsaAtt = ECDsa.Create(ECCurve.NamedCurves.nistP384))
         {
@@ -135,46 +135,46 @@ public void TestU2fAttCertNotP256()
             attnStmt.Set("x5c", new CborArray { attestnCert.RawData });
         }
 
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve", ex.Message);
     }
 
     [Fact]
-    public void TestU2fSigNull()
+    public async Task TestU2fSigNull()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("sig", CborNull.Instance);
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);
     }
     [Fact]
-    public void TestU2fSigNotByteString()
+    public async Task TestU2fSigNotByteString()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("sig", new CborTextString("walrus"));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);
     }
     [Fact]
-    public void TestU2fSigByteStringZeroLen()
+    public async Task TestU2fSigByteStringZeroLen()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("sig", new CborByteString(new byte[0]));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);
     }
     [Fact]
-    public void TestU2fSigNotASN1()
+    public async Task TestU2fSigNotASN1()
     {
         ((CborMap)_attestationObject["attStmt"]).Set("sig", new CborByteString(new byte[] { 0xf1, 0xd0 }));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex.Message);
     }
     [Fact]
-    public void TestU2fBadSig()
+    public async Task TestU2fBadSig()
     {
         var attnStmt = (CborMap)_attestationObject["attStmt"];
         var sig = (byte[])attnStmt["sig"];
         sig[^1] ^= 0xff;
         attnStmt.Set("sig", new CborByteString(sig));
-        var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
-        Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
+        Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);
     }
 }
@@ -51,7 +51,7 @@ public async Task TestNoneWithAttStmt()
         _attestationObject.Add("attStmt", new CborMap { { "foo", "bar" } });
         _credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(Fido2Tests._validCOSEParameters[0]);
 
-        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());
+        var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);
 
         Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);
         Assert.Equal("Attestation format none should have no attestation statement", ex.Message);
Original file line number	Diff line number	Diff line change
`@@ -163,8 +163,8 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r`
`163`	`163`	`if (blobCerts.Length > 1)`
`164`	`164`	`{`
`165`	`165`	`certChain.ChainPolicy.ExtraStore.AddRange(blobCerts.Skip(1).ToArray());`
`166`		`- }`
`167`		`-`
	`166`	`+ }`
	`167`	`+`
`168`	`168`	`var certChainIsValid = certChain.Build(blobCerts[0]);`
`169`	`169`	`// if the root is trusted in the context we are running in, valid should be true here`
`170`	`170`	`if (!certChainIsValid)`
`@@ -180,22 +180,24 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r`
`180`	`180`	`}`
`181`	`181`	`}`
`182`	`182`
	`183`	`+ #pragma warning disable format`
`183`	`184`	`// otherwise we have to manually validate that the root in the chain we are testing is the root we downloaded`
`184`		`- if (rootCert.Thumbprint == certChain.ChainElements[^1].Certificate.Thumbprint &&`
`185`		`- // and that the number of elements in the chain accounts for what was in x5c plus the root we added`
`186`		`- certChain.ChainElements.Count == (x5cRawKeys.Length + 1) &&`
`187`		`- // and that the root cert has exactly one status with the value of UntrustedRoot`
	`185`	`+ if (rootCert.Thumbprint == certChain.ChainElements[^1].Certificate.Thumbprint &&`
	`186`	`+ // and that the number of elements in the chain accounts for what was in x5c plus the root we added`
	`187`	`+ certChain.ChainElements.Count == (x5cRawKeys.Length + 1) &&`
	`188`	`+ // and that the root cert has exactly one status with the value of UntrustedRoot`
`188`	`189`	`certChain.ChainElements[^1].ChainElementStatus is [{ Status: X509ChainStatusFlags.UntrustedRoot }])`
`189`	`190`	`{`
`190`	`191`	`// if we are good so far, that is a good sign`
`191`	`192`	`certChainIsValid = true;`
`192`		`- for (var i = 0; i < certChain.ChainElements.Count - 1; i++)`
	`193`	`+ for (int i = 0; i < certChain.ChainElements.Count - 1; i++)`
`193`	`194`	`{`
`194`	`195`	`// check each non-root cert to verify zero status listed against it, otherwise, invalidate chain`
`195`		`- if (0 != certChain.ChainElements[i].ChainElementStatus.Length)`
	`196`	`+ if (certChain.ChainElements[i].ChainElementStatus.Length != 0)`
`196`	`197`	`certChainIsValid = false;`
`197`	`198`	`}`
`198`	`199`	`}`
	`200`	`+ #pragma warning restore format`
`199`	`201`	`}`
`200`	`202`
`201`	`203`	`if (!certChainIsValid)`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ public FidoU2f()`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`[Fact]`
`56`		`- public async void TestU2f()`
	`56`	`+ public async Task TestU2f()`
`57`	`57`	`{`
`58`	`58`	`var res = await MakeAttestationResponseAsync();`
`59`	`59`	`Assert.Equal(string.Empty, res.ErrorMessage);`
`@@ -74,54 +74,54 @@ public async void TestU2f()`
`74`	`74`	`public async Task TestU2fWithAaguid()`
`75`	`75`	`{`
`76`	`76`	`_aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");`
`77`		`- var ex = await Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
	`77`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
`78`	`78`
`79`	`79`	`Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code);`
`80`	`80`	`Assert.Equal("Aaguid was not empty parsing fido-u2f attestation statement", ex.Message);`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`[Fact]`
`84`		`- public void TestU2fMissingX5c()`
	`84`	`+ public async Task TestU2fMissingX5c()`
`85`	`85`	`{`
`86`	`86`	`((CborMap)_attestationObject["attStmt"]).Set("x5c", CborNull.Instance);`
`87`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`88`		`- Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);`
	`87`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`88`	`+ Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`[Fact]`
`92`		`- public void TestU2fX5cNotArray()`
	`92`	`+ public async Task TestU2fX5cNotArray()`
`93`	`93`	`{`
`94`	`94`	`((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborTextString("boomerang"));`
`95`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`96`		`- Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);`
	`95`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`96`	`+ Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`[Fact]`
`100`		`- public void TestU2fX5cCountNotOne()`
	`100`	`+ public async Task TestU2fX5cCountNotOne()`
`101`	`101`	`{`
`102`	`102`	`((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborArray { new byte[0], new byte[0] });`
`103`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`104`		`- Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);`
	`103`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`104`	`+ Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`[Fact]`
`108`		`- public void TestU2fX5cValueNotByteString()`
	`108`	`+ public async Task TestU2fX5cValueNotByteString()`
`109`	`109`	`{`
`110`	`110`	`((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborTextString("x"));`
`111`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`112`		`- Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);`
	`111`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`112`	`+ Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`[Fact]`
`116`		`- public void TestU2fX5cValueZeroLengthByteString()`
	`116`	`+ public async Task TestU2fX5cValueZeroLengthByteString()`
`117`	`117`	`{`
`118`	`118`	`((CborMap)_attestationObject["attStmt"]).Set("x5c", new CborArray { new byte[0] });`
`119`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`120`		`- Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Result.Message);`
	`119`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`120`	`+ Assert.Equal("Malformed x5c in fido-u2f attestation", ex.Message);`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`[Fact]`
`124`		`- public void TestU2fAttCertNotP256()`
	`124`	`+ public async Task TestU2fAttCertNotP256()`
`125`	`125`	`{`
`126`	`126`	`using (var ecdsaAtt = ECDsa.Create(ECCurve.NamedCurves.nistP384))`
`127`	`127`	`{`
`@@ -135,46 +135,46 @@ public void TestU2fAttCertNotP256()`
`135`	`135`	`attnStmt.Set("x5c", new CborArray { attestnCert.RawData });`
`136`	`136`	`}`
`137`	`137`
`138`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`139`		`- Assert.Equal("Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve", ex.Result.Message);`
	`138`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`139`	`+ Assert.Equal("Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve", ex.Message);`
`140`	`140`	`}`
`141`	`141`
`142`	`142`	`[Fact]`
`143`		`- public void TestU2fSigNull()`
	`143`	`+ public async Task TestU2fSigNull()`
`144`	`144`	`{`
`145`	`145`	`((CborMap)_attestationObject["attStmt"]).Set("sig", CborNull.Instance);`
`146`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`147`		`- Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);`
	`146`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`147`	`+ Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);`
`148`	`148`	`}`
`149`	`149`	`[Fact]`
`150`		`- public void TestU2fSigNotByteString()`
	`150`	`+ public async Task TestU2fSigNotByteString()`
`151`	`151`	`{`
`152`	`152`	`((CborMap)_attestationObject["attStmt"]).Set("sig", new CborTextString("walrus"));`
`153`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`154`		`- Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);`
	`153`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`154`	`+ Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);`
`155`	`155`	`}`
`156`	`156`	`[Fact]`
`157`		`- public void TestU2fSigByteStringZeroLen()`
	`157`	`+ public async Task TestU2fSigByteStringZeroLen()`
`158`	`158`	`{`
`159`	`159`	`((CborMap)_attestationObject["attStmt"]).Set("sig", new CborByteString(new byte[0]));`
`160`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`161`		`- Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);`
	`160`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`161`	`+ Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);`
`162`	`162`	`}`
`163`	`163`	`[Fact]`
`164`		`- public void TestU2fSigNotASN1()`
	`164`	`+ public async Task TestU2fSigNotASN1()`
`165`	`165`	`{`
`166`	`166`	`((CborMap)_attestationObject["attStmt"]).Set("sig", new CborByteString(new byte[] { 0xf1, 0xd0 }));`
`167`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`168`		`- Assert.Equal("Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex.Result.Message);`
	`167`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`168`	`+ Assert.Equal("Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex.Message);`
`169`	`169`	`}`
`170`	`170`	`[Fact]`
`171`		`- public void TestU2fBadSig()`
	`171`	`+ public async Task TestU2fBadSig()`
`172`	`172`	`{`
`173`	`173`	`var attnStmt = (CborMap)_attestationObject["attStmt"];`
`174`	`174`	`var sig = (byte[])attnStmt["sig"];`
`175`	`175`	`sig[^1] ^= 0xff;`
`176`	`176`	`attnStmt.Set("sig", new CborByteString(sig));`
`177`		`- var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponseAsync());`
`178`		`- Assert.Equal("Invalid fido-u2f attestation signature", ex.Result.Message);`
	`177`	`+ var ex = await Assert.ThrowsAsync<Fido2VerificationException>(MakeAttestationResponseAsync);`
	`178`	`+ Assert.Equal("Invalid fido-u2f attestation signature", ex.Message);`
`179`	`179`	`}`
`180`	`180`	`}`