[PM-7257] android add support for web authn resident key credential property in our net mobile app 2 (#3170)

* [PM-7257] feat: add ability to override `clientDataHash` * [PM-7257] feat: add support for clientDataHash and extensions * PM-7257 Updated the origin to be the correct one and not the android one to be passed to the Fido2Client --------- Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
2025-12-20 18:23:51 +00:00 · 2024-04-19 15:52:19 +02:00
parent 76e0f7e1a4
commit c1522e249d
12 changed files with 217 additions and 82 deletions
--- a/test/Core.Test/Services/Fido2ClientCreateCredentialTests.cs
+++ b/test/Core.Test/Services/Fido2ClientCreateCredentialTests.cs
@@ -5,6 +5,7 @@ using System.Text.Json;
 using System.Text.Json.Nodes;
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
+using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.Core.Utilities.Fido2;
@@ -320,6 +321,49 @@ namespace Bit.Core.Test.Services
            Assert.Equal(Fido2ClientException.ErrorCode.NotAllowedError, exception.Code);
        }

+        [Fact]
+        public async Task AssertCredentialAsync_ConstructsClientDataHash_WhenHashIsNotProvided()
+        {
+            // Arrange
+            var mockHash = RandomBytes(32);
+            _sutProvider.GetDependency<ICryptoFunctionService>()
+                .HashAsync(Arg.Any<byte[]>(), Arg.Is(CryptoHashAlgorithm.Sha256))
+                .Returns(Task.FromResult(mockHash));
+            _sutProvider.GetDependency<IFido2AuthenticatorService>()
+                .MakeCredentialAsync(Arg.Any<Fido2AuthenticatorMakeCredentialParams>(), _sutProvider.GetDependency<IFido2MakeCredentialUserInterface>())
+                .Returns(_authenticatorResult);
+
+            // Act
+            await _sutProvider.Sut.CreateCredentialAsync(_params);
+
+            // Assert
+            await _sutProvider.GetDependency<IFido2AuthenticatorService>().Received()
+                .GetAssertionAsync(
+                    Arg.Is((Fido2AuthenticatorGetAssertionParams x) => x.Hash == mockHash),
+                    Arg.Any<IFido2GetAssertionUserInterface>()
+                );
+        }
+
+        [Fact]
+        public async Task AssertCredentialAsync_UsesProvidedClientDataHash_WhenHashIsProvided()
+        {
+            // Arrange
+            var mockHash = RandomBytes(32);
+            _sutProvider.GetDependency<IFido2AuthenticatorService>()
+                .MakeCredentialAsync(Arg.Any<Fido2AuthenticatorMakeCredentialParams>(), _sutProvider.GetDependency<IFido2MakeCredentialUserInterface>())
+                .Returns(_authenticatorResult);
+
+            // Act
+            await _sutProvider.Sut.CreateCredentialAsync(_params, mockHash);
+
+            // Assert
+            await _sutProvider.GetDependency<IFido2AuthenticatorService>().Received()
+                .GetAssertionAsync(
+                    Arg.Is((Fido2AuthenticatorGetAssertionParams x) => x.Hash == mockHash),
+                    Arg.Any<IFido2GetAssertionUserInterface>()
+                );
+        }
+
        [Fact]
        public async Task CreateCredentialAsync_ReturnsCredPropsRkTrue_WhenCreatingDiscoverableCredential()
        {