Add CancellationToken to Task methods (#278)

* Add CancellationToken to Task methods

* Drop (some) trailing spaces

* Add =default to all cancellationToken in public methods

* Re-add requestTokenBindingId = null

Author: trejjam

.editorconfig

@@ -60,7 +60,7 @@ dotnet_style_explicit_tuple_names = true:suggestion
 [*.cs]
 # Prefer "var" when the type is apparent on the right side of the assignment; otherwise, avoid it.
 csharp_style_var_when_type_is_apparent = true:suggestion
-csharp_style_var_elsewhere = false:suggestion
+csharp_style_var_elsewhere = true:suggestion
 
 # Prefer method-like constructs to have a block body
 csharp_style_expression_bodied_methods = false:none
@@ -162,4 +162,9 @@ dotnet_naming_style.begins_with_underscore.capitalization = camel_case
 dotnet_naming_style.ends_with_async.required_prefix = 
 dotnet_naming_style.ends_with_async.required_suffix = Async
 dotnet_naming_style.ends_with_async.word_separator = 
-dotnet_naming_style.ends_with_async.capitalization = pascal_case
+dotnet_naming_style.ends_with_async.capitalization = pascal_case
+
+# Code analysis
+
+dotnet_diagnostic.CA2016.severity = error
+dotnet_diagnostic.CS1591.severity = silent

Demo/Controller.cs

@@ -2,15 +2,16 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
-using System.Threading.Tasks;
+using System.Threading;
+using System.Threading.Tasks;
 using Fido2NetLib;
 using Fido2NetLib.Development;
-using Fido2NetLib.Objects;
+using Fido2NetLib.Objects;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-
+
 using static Fido2NetLib.Fido2;
-
+
 namespace Fido2Demo
 {
     [Route("api/[controller]")]
@@ -22,7 +23,7 @@ public class MyController : Controller
 
         public MyController(IFido2 fido2)
         {
-            _fido2 = fido2;
+            _fido2 = fido2;
         }
 
         private string FormatException(Exception e)
@@ -32,11 +33,11 @@ private string FormatException(Exception e)
 
         [HttpPost]
         [Route("/makeCredentialOptions")]
-        public JsonResult MakeCredentialOptions([FromForm] string username,
-                                                [FromForm] string displayName,
-                                                [FromForm] string attType,
-                                                [FromForm] string authType,
-                                                [FromForm] bool requireResidentKey,
+        public JsonResult MakeCredentialOptions([FromForm] string username,
+                                                [FromForm] string displayName,
+                                                [FromForm] string attType,
+                                                [FromForm] string authType,
+                                                [FromForm] bool requireResidentKey,
                                                 [FromForm] string userVerification)
         {
             try
@@ -90,7 +91,7 @@ public JsonResult MakeCredentialOptions([FromForm] string username,
 
         [HttpPost]
         [Route("/makeCredential")]
-        public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
+        public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse, CancellationToken cancellationToken)
         {
             try
             {
@@ -99,17 +100,17 @@ public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestation
                 var options = CredentialCreateOptions.FromJson(jsonOptions);
 
                 // 2. Create callback so that lib can verify credential id is unique to this user
-                IsCredentialIdUniqueToUserAsyncDelegate callback = async (IsCredentialIdUniqueToUserParams args) =>
+                IsCredentialIdUniqueToUserAsyncDelegate callback = static async (args, cancellationToken) =>
                 {
-                    var users = await DemoStorage.GetUsersByCredentialIdAsync(args.CredentialId);
+                    var users = await DemoStorage.GetUsersByCredentialIdAsync(args.CredentialId, cancellationToken);
                     if (users.Count > 0)
                         return false;
 
                     return true;
                 };
 
                 // 2. Verify and make the credentials
-                var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback);
+                var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback, cancellationToken: cancellationToken);
 
                 // 3. Store the credentials in db
                 DemoStorage.AddCredentialToUser(options.User, new StoredCredential
@@ -177,7 +178,7 @@ public ActionResult AssertionOptionsPost([FromForm] string username, [FromForm]
 
         [HttpPost]
         [Route("/makeAssertion")]
-        public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse)
+        public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse, CancellationToken cancellationToken)
         {
             try
             {
@@ -192,14 +193,14 @@ public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRaw
                 var storedCounter = creds.SignatureCounter;
 
                 // 4. Create callback to check if userhandle owns the credentialId
-                IsUserHandleOwnerOfCredentialIdAsync callback = async (args) =>
+                IsUserHandleOwnerOfCredentialIdAsync callback = static async (args, cancellationToken) =>
                 {
-                    var storedCreds = await DemoStorage.GetCredentialsByUserHandleAsync(args.UserHandle);
+                    var storedCreds = await DemoStorage.GetCredentialsByUserHandleAsync(args.UserHandle, cancellationToken);
                     return storedCreds.Exists(c => c.Descriptor.Id.SequenceEqual(args.CredentialId));
                 };
 
                 // 5. Make the assertion
-                var res = await _fido2.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback);
+                var res = await _fido2.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback, cancellationToken: cancellationToken);
 
                 // 6. Store the updated counter
                 DemoStorage.UpdateCounter(res.CredentialId, res.Counter);

Demo/TestController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
 using Fido2NetLib;
 using Fido2NetLib.Development;
@@ -80,22 +81,22 @@ public JsonResult MakeCredentialOptionsTest([FromBody] TEST_MakeCredentialParams
 
         [HttpPost]
         [Route("/attestation/result")]
-        public async Task<JsonResult> MakeCredentialResultTest([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
+        public async Task<JsonResult> MakeCredentialResultTest([FromBody] AuthenticatorAttestationRawResponse attestationResponse, CancellationToken cancellationToken)
         {
 
             // 1. get the options we sent the client
             var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
             var options = CredentialCreateOptions.FromJson(jsonOptions);
 
             // 2. Create callback so that lib can verify credential id is unique to this user
-            IsCredentialIdUniqueToUserAsyncDelegate callback = async (IsCredentialIdUniqueToUserParams args) =>
+            IsCredentialIdUniqueToUserAsyncDelegate callback = static async (args, cancellationToken) =>
             {
-                var users = await DemoStorage.GetUsersByCredentialIdAsync(args.CredentialId);
+                var users = await DemoStorage.GetUsersByCredentialIdAsync(args.CredentialId, cancellationToken);
                 return users.Count <= 0;
             };
 
             // 2. Verify and make the credentials
-            var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback);
+            var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback, cancellationToken: cancellationToken);
 
             // 3. Store the credentials in db
             DemoStorage.AddCredentialToUser(options.User, new StoredCredential
@@ -151,7 +152,7 @@ public IActionResult AssertionOptionsTest([FromBody] TEST_AssertionClientParams
 
         [HttpPost]
         [Route("/assertion/result")]
-        public async Task<JsonResult> MakeAssertionTest([FromBody] AuthenticatorAssertionRawResponse clientResponse)
+        public async Task<JsonResult> MakeAssertionTest([FromBody] AuthenticatorAssertionRawResponse clientResponse, CancellationToken cancellationToken)
         {
             // 1. Get the assertion options we sent the client
             var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
@@ -164,14 +165,14 @@ public async Task<JsonResult> MakeAssertionTest([FromBody] AuthenticatorAssertio
             var storedCounter = creds.SignatureCounter;
 
             // 4. Create callback to check if userhandle owns the credentialId
-            IsUserHandleOwnerOfCredentialIdAsync callback = async (args) =>
+            IsUserHandleOwnerOfCredentialIdAsync callback = static async (args, cancellationToken) =>
             {
-                var storedCreds = await DemoStorage.GetCredentialsByUserHandleAsync(args.UserHandle);
+                var storedCreds = await DemoStorage.GetCredentialsByUserHandleAsync(args.UserHandle, cancellationToken);
                 return storedCreds.Exists(c => c.Descriptor.Id.SequenceEqual(args.CredentialId));
             };
 
             // 5. Make the assertion
-            var res = await _fido2.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback);
+            var res = await _fido2.MakeAssertionAsync(clientResponse, options, creds.PublicKey, storedCounter, callback, cancellationToken: cancellationToken);
 
             // 6. Store the updated counter
             DemoStorage.UpdateCounter(res.CredentialId, res.Counter);

Src/Fido2.AspNet/DistributedCacheMetadataService.cs

@@ -3,6 +3,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
+using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Logging;
@@ -36,7 +37,7 @@ public DistributedCacheMetadataService(
 
         public virtual bool ConformanceTesting()
         {
-            return _repositories.First().GetType() == typeof(ConformanceMetadataRepository);
+            return _repositories.First() is ConformanceMetadataRepository;
         }
 
         public virtual MetadataBLOBPayloadEntry GetEntry(Guid aaguid)
@@ -147,11 +148,11 @@ protected virtual async Task LoadTocEntryStatement(
             return null;
         }
 
-        protected virtual async Task InitializeRepositoryAsync(IMetadataRepository repository)
+        protected virtual async Task InitializeRepositoryAsync(IMetadataRepository repository, CancellationToken cancellationToken)
         {
             var blobCacheKey = GetTocCacheKey(repository);
 
-            var cachedToc = await _cache.GetStringAsync(blobCacheKey);
+            var cachedToc = await _cache.GetStringAsync(blobCacheKey, cancellationToken);
 
             MetadataBLOBPayload blob;
 
@@ -168,7 +169,7 @@ protected virtual async Task InitializeRepositoryAsync(IMetadataRepository repos
 
                 try
                 {
-                    blob = await repository.GetBLOBAsync();
+                    blob = await repository.GetBLOBAsync(cancellationToken);
                 }
                 catch (Exception ex)
                 {
@@ -188,7 +189,8 @@ await _cache.SetStringAsync(
                         new DistributedCacheEntryOptions()
                         {
                             AbsoluteExpiration = cacheUntil
-                        });
+                        },
+                        cancellationToken);
                 }
             }
 
@@ -208,13 +210,13 @@ await _cache.SetStringAsync(
             }
         }
 
-        public virtual async Task InitializeAsync()
+        public virtual async Task InitializeAsync(CancellationToken cancellationToken = default)
         {
             foreach (var repository in _repositories)
             {
                 try
                 {
-                    await InitializeRepositoryAsync(repository);
+                    await InitializeRepositoryAsync(repository, cancellationToken);
                 }
                 catch (Exception ex)
                 {

Src/Fido2.AspNet/NullMetadataService.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Threading;
 using System.Threading.Tasks;
 
 namespace Fido2NetLib
@@ -15,7 +16,7 @@ MetadataBLOBPayloadEntry IMetadataService.GetEntry(Guid aaguid)
             return null;
         }
 
-        Task IMetadataService.InitializeAsync()
+        Task IMetadataService.InitializeAsync(CancellationToken cancellationToken)
         {
             return Task.CompletedTask;
         }

Src/Fido2/AttestationFormat/Tpm.cs

@@ -117,15 +117,15 @@ public override (AttestationType, X509Certificate2[]) Verify()
             var alg = (COSE.Algorithm)(int)Alg;
 
             ReadOnlySpan<byte> dataHash = CryptoUtils.HashData(CryptoUtils.HashAlgFromCOSEAlg(alg), Data);
-            
+
             if (!dataHash.SequenceEqual(certInfo.ExtraData))
                 throw new Fido2VerificationException("Hash value mismatch extraData and attToBeSigned");
-            
+
             // 4d. Verify that attested contains a TPMS_CERTIFY_INFO structure, whose name field contains a valid Name for pubArea, as computed using the algorithm in the nameAlg field of pubArea 
             ReadOnlySpan<byte> pubAreaRawHash = CryptoUtils.HashData(CryptoUtils.HashAlgFromCOSEAlg((COSE.Algorithm)certInfo.Alg), pubArea.Raw);
-           
+
             if (!pubAreaRawHash.SequenceEqual(certInfo.AttestedName))
-                throw new Fido2VerificationException("Hash value mismatch attested and pubArea");            
+                throw new Fido2VerificationException("Hash value mismatch attested and pubArea");
 
             // 4e. Note that the remaining fields in the "Standard Attestation Structure" [TPMv2-Part1] section 31.2, i.e., qualifiedSigner, clockInfo and firmwareVersion are ignored. These fields MAY be used as an input to risk engines.
 

Src/Fido2/AuthenticatorAssertionResponse.cs

@@ -1,14 +1,14 @@
 using System;
 using System.Collections.Generic;
-
-#nullable disable
-
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
 using Fido2NetLib.Objects;
 
+#nullable disable
+
 namespace Fido2NetLib
 {
     /// <summary>
@@ -53,13 +53,15 @@ public static AuthenticatorAssertionResponse Parse(AuthenticatorAssertionRawResp
         /// <param name="storedSignatureCounter">The stored counter value for this CredentialId</param>
         /// <param name="isUserHandleOwnerOfCredId">A function that returns <see langword="true"/> if user handle is owned by the credential ID</param>
         /// <param name="requestTokenBindingId"></param>
+        /// <param name="cancellationToken"></param>
         public async Task<AssertionVerificationResult> VerifyAsync(
             AssertionOptions options,
             HashSet<string> fullyQualifiedExpectedOrigins,
             byte[] storedPublicKey,
             uint storedSignatureCounter,
             IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredId,
-            byte[] requestTokenBindingId)
+            byte[] requestTokenBindingId,
+            CancellationToken cancellationToken = default)
         {
             BaseVerify(fullyQualifiedExpectedOrigins, options.Challenge, requestTokenBindingId);
 
@@ -86,7 +88,7 @@ public async Task<AssertionVerificationResult> VerifyAsync(
                 if (UserHandle.Length is 0)
                     throw new Fido2VerificationException("Userhandle was empty DOMString. It should either be null or have a value.");
 
-                if (false == await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle)))
+                if (false == await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken))
                 {
                     throw new Fido2VerificationException("User is not owner of the public key identitief by the credential id");
                 }

Src/Fido2/AuthenticatorAttestationResponse.cs

@@ -5,6 +5,7 @@
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
 
 using Fido2NetLib.Cbor;
@@ -70,7 +71,13 @@ public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRaw
             return response;
         }
 
-        public async Task<AttestationVerificationSuccess> VerifyAsync(CredentialCreateOptions originalOptions, Fido2Configuration config, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, IMetadataService metadataService, byte[] requestTokenBindingId)
+        public async Task<AttestationVerificationSuccess> VerifyAsync(
+            CredentialCreateOptions originalOptions,
+            Fido2Configuration config,
+            IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
+            IMetadataService metadataService,
+            byte[] requestTokenBindingId,
+            CancellationToken cancellationToken = default)
         {
             // https://www.w3.org/TR/webauthn/#registering-a-new-credential
             // 1. Let JSONtext be the result of running UTF-8 decode on the value of response.clientDataJSON.
@@ -216,7 +223,7 @@ static bool ContainsAttestationType(MetadataBLOBPayloadEntry entry, MetadataAtte
 
             // 17. Check that the credentialId is not yet registered to any other user. 
             // If registration is requested for a credential that is already registered to a different user, the Relying Party SHOULD fail this registration ceremony, or it MAY decide to accept the registration, e.g. while deleting the older registration
-            if (false == await isCredentialIdUniqueToUser(new IsCredentialIdUniqueToUserParams(authData.AttestedCredentialData.CredentialID, originalOptions.User)))
+            if (false == await isCredentialIdUniqueToUser(new IsCredentialIdUniqueToUserParams(authData.AttestedCredentialData.CredentialID, originalOptions.User), cancellationToken))
             {
                 throw new Fido2VerificationException("CredentialId is not unique to this user");
             }

Src/Fido2/DevelopmentInMemoryStore.cs

@@ -2,6 +2,7 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading;
 using System.Threading.Tasks;
 using Fido2NetLib.Objects;
 
@@ -33,7 +34,7 @@ public List<StoredCredential> GetCredentialsByUser(Fido2User user)
             return _storedCredentials.FirstOrDefault(c => c.Descriptor.Id.AsSpan().SequenceEqual(id));
         }
 
-        public Task<List<StoredCredential>> GetCredentialsByUserHandleAsync(byte[] userHandle)
+        public Task<List<StoredCredential>> GetCredentialsByUserHandleAsync(byte[] userHandle, CancellationToken cancellationToken = default)
         {
             return Task.FromResult(_storedCredentials.Where(c => c.UserHandle.AsSpan().SequenceEqual(userHandle)).ToList());
         }
@@ -50,7 +51,7 @@ public void AddCredentialToUser(Fido2User user, StoredCredential credential)
             _storedCredentials.Add(credential);
         }
 
-        public Task<List<Fido2User>> GetUsersByCredentialIdAsync(byte[] credentialId)
+        public Task<List<Fido2User>> GetUsersByCredentialIdAsync(byte[] credentialId, CancellationToken cancellationToken = default)
         {
             // our in-mem storage does not allow storing multiple users for a given credentialId. Yours shouldn't either.
             var cred = _storedCredentials.FirstOrDefault(c => c.Descriptor.Id.AsSpan().SequenceEqual(credentialId));