Update fido mds blob parsing

.github/workflows/CI.yml

@@ -17,21 +17,21 @@ jobs:
             -   name: Setup .NET SDK 8.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 8.0.417
+                    dotnet-version: 8.0.420
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
             -   name: Setup .NET SDK 9.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 9.0.310
+                    dotnet-version: 9.0.313
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
             -   name: Setup .NET SDK 10.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 10.0.102
+                    dotnet-version: 10.0.203
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}

.github/workflows/Release.yml

@@ -28,21 +28,21 @@ jobs:
             -   name: Setup .NET SDK 8.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 8.0.417
+                    dotnet-version: 8.0.420
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
             -   name: Setup .NET SDK 9.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 9.0.310
+                    dotnet-version: 9.0.313
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}
             -   name: Setup .NET SDK 10.0
                 uses: actions/setup-dotnet@v5
                 with:
-                    dotnet-version: 10.0.102
+                    dotnet-version: 10.0.203
                     source-url: ${{ secrets.NUGET_SOURCE }}
                 env:
                     NUGET_AUTH_TOKEN: ${{ secrets.PACKAGES_TOKEN }}

README.md

@@ -61,9 +61,9 @@ The documentation for each project is described in its README.md file.
 
 ### Required dependencies
 
-- [.NET SDK 8.0.417+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
-- [.NET SDK 9.0.310+](https://dotnet.microsoft.com/en-us/download/dotnet/9.0)
-- [.NET SDK 10.0.102+](https://dotnet.microsoft.com/en-us/download/dotnet/10.0)
+- [.NET SDK 8.0.420+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
+- [.NET SDK 9.0.313+](https://dotnet.microsoft.com/en-us/download/dotnet/9.0)
+- [.NET SDK 10.0.203+](https://dotnet.microsoft.com/en-us/download/dotnet/10.0)
 
 ## Tips for Contribution
 

demo/WebAuthn.Net.Demo.FidoConformance/Middleware/RequestLoggingMiddleware.cs

@@ -38,7 +38,10 @@ public async Task InvokeAsync(HttpContext context, RequestDelegate next)
         var json = Encoding.UTF8.GetString(ms.ToArray());
         var element = JsonSerializer.Deserialize<JsonElement>(json);
         var intendedJson = JsonSerializer.Serialize(element, _jsonSerializerOptions);
+// Error CA1873 : Evaluation of this argument may be expensive and unnecessary if logging is disabled (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1873)
+#pragma warning disable CA1873
         _logger.LogRequestInformation(context.Request.Method, context.Request.GetEncodedPathAndQuery(), intendedJson);
+#pragma warning restore CA1873
         await next(context);
     }
 }

demo/WebAuthn.Net.Demo.FidoConformance/README.md

@@ -16,7 +16,7 @@ This project contains a demo application designed for passing the [FIDO conforma
 
 These steps need to be performed only if you have not done them before.
 
-1. Install .NET SDK versions [.NET SDK 8.0.417+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0), [.NET SDK 9.0.310+](https://dotnet.microsoft.com/en-us/download/dotnet/9.0) and [.NET SDK 10.0.102+](https://dotnet.microsoft.com/en-us/download/dotnet/10.0).
+1. Install .NET SDK versions [.NET SDK 8.0.420+](https://dotnet.microsoft.com/en-us/download/dotnet/8.0), [.NET SDK 9.0.313+](https://dotnet.microsoft.com/en-us/download/dotnet/9.0) and [.NET SDK 10.0.203+](https://dotnet.microsoft.com/en-us/download/dotnet/10.0).
 2. [Trust the ASP.NET Core HTTPS development certificate](https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-10.0&tabs=visual-studio%2Clinux-sles#trust-the-aspnet-core-https-development-certificate)
 
 ### Starting the FIDO Conformance test

demo/WebAuthn.Net.Demo.Mvc/WebAuthn.Net.Demo.Mvc.csproj

@@ -15,8 +15,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="OpenTelemetry.Exporter.Prometheus.AspNetCore" Version="1.15.0-beta.1"/>
-    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.15.0"/>
+    <PackageReference Include="OpenTelemetry.Exporter.Prometheus.AspNetCore" Version="1.15.3-beta.1"/>
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.15.3"/>
   </ItemGroup>
 
 </Project>

global.json

@@ -1,6 +1,6 @@
 {
     "sdk": {
-        "version": "10.0.102",
+        "version": "10.0.203",
         "rollForward": "latestPatch",
         "allowPrerelease": false
     }

src/WebAuthn.Net.OpenTelemetry/WebAuthn.Net.OpenTelemetry.csproj

@@ -26,7 +26,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="OpenTelemetry" Version="1.15.0"/>
+    <PackageReference Include="OpenTelemetry" Version="1.15.3"/>
   </ItemGroup>
 
 </Project>

src/WebAuthn.Net/Services/FidoMetadata/Implementation/FidoMetadataDecoder/DefaultFidoMetadataDecoder.cs

@@ -396,7 +396,7 @@ private bool TryDecodeMetadataStatement(MetadataStatementJSON metadataStatement,
             metadataStatement.KeyScope,
             metadataStatement.MultiDeviceCredentialSupport,
             authenticatorGetInfo,
-            metadataStatement.CxpConfigUrl);
+            metadataStatement.CxConfigUrl);
         return true;
     }
 

src/WebAuthn.Net/Services/FidoMetadata/Models/FidoMetadataDecoder/Enums/AuthenticatorAttachmentHint.cs

@@ -77,5 +77,12 @@ public enum AuthenticatorAttachmentHint : ushort
     ///     should also be set.
     /// </summary>
     [EnumMember(Value = "wifi_direct")]
-    ATTACHMENT_HINT_WIFI_DIRECT = 0x0100
+    ATTACHMENT_HINT_WIFI_DIRECT = 0x0100,
+
+    /// <summary>
+    ///     This flag MAY be set to indicate that an external authenticator is able to communicate by ISO7816 messages with the FIDO User Device. As part of authenticator metadata, or when reporting characteristics through discovery, if this flag is set, the ATTACHMENT_HINT_WIRED flag
+    ///     should also be set.
+    /// </summary>
+    [EnumMember(Value = "smart-card")]
+    ATTACHMENT_HINT_SMART_CARD = 0x0200
 }

src/WebAuthn.Net/Services/FidoMetadata/Models/FidoMetadataDecoder/Enums/KeyProtectionType.cs

@@ -48,5 +48,14 @@ public enum KeyProtectionType : ushort
     ///     Refer to [UAFProtocol] for more details.
     /// </summary>
     [EnumMember(Value = "remote_handle")]
-    KEY_PROTECTION_REMOTE_HANDLE = 0x0010
+    KEY_PROTECTION_REMOTE_HANDLE = 0x0010,
+
+    /// <summary>
+    ///     This flag MUST be set if the private key is designed to exist in multiple hardware devices (i.e, key belongs to a multidevice credential). If this flag is not set, the key is expected to be a single-device key.
+    ///     If this flag is set, the authenticator SHALL set the "Credential Backup State" flags [WebAuthn] in the assertion accordingly.
+    ///     If this flag is set, support for multi-device credentialsSHALL be declared in the Metadata Statement
+    ///     If a key generated by a sync fabric can be imported by an authenticator, this flag can be combined with one of KEY_PROTECTION_SECURE_ELEMENT, KEY_PROTECTION_TEE, or KEY_PROTECTION_SOFTWARE in order to express the key protection state after the import.
+    /// </summary>
+    [EnumMember(Value = "sync_fabric")]
+    KEY_PROTECTION_SYNC_FABRIC = 0x0020
 }

src/WebAuthn.Net/Services/FidoMetadata/Models/FidoMetadataDecoder/MetadataStatement.cs

@@ -285,7 +285,7 @@ public class MetadataStatement
     ///         The information is the same reported by an authenticator when invoking the 'authenticatorGetInfo' method, see <a href="https://fidoalliance.org/specs/fido-v2.2-ps-20250714/fido-client-to-authenticator-protocol-v2.2-ps-20250714.html#authenticatorGetInfo">[FIDOCTAP]</a>.
     ///     </para>
     /// </param>
-    /// <param name="cxpConfigUrl">
+    /// <param name="cxConfigURL">
     ///     <para>Specifies the URL for retrieving the configuration details for the credential export protocol (CXP).</para>
     ///     <para>
     ///         When importing credentials, the passkey provider to export the credential might retrieve the configuration details for the credential export protocol in order to provide additional security. More details can be found in Credential Export Protocol specification that can
@@ -327,7 +327,7 @@ public MetadataStatement(
         string? keyScope,
         string? multiDeviceCredentialSupport,
         AuthenticatorGetInfo? authenticatorGetInfo,
-        string? cxpConfigUrl)
+        string? cxConfigURL)
     {
         LegalHeader = legalHeader;
         Aaid = aaid;
@@ -363,7 +363,7 @@ public MetadataStatement(
         KeyScope = keyScope;
         MultiDeviceCredentialSupport = multiDeviceCredentialSupport;
         AuthenticatorGetInfo = authenticatorGetInfo;
-        CxpConfigUrl = cxpConfigUrl;
+        CxConfigUrl = cxConfigURL;
     }
 
     /// <summary>
@@ -840,5 +840,5 @@ public MetadataStatement(
     ///         be found on the FIDO <a href="https://fidoalliance.org/specifications-credential-exchange-specifications/">Credential Exchange Specifications</a> web page.
     ///     </para>
     /// </summary>
-    public string? CxpConfigUrl { get; }
+    public string? CxConfigUrl { get; }
 }

src/WebAuthn.Net/Services/FidoMetadata/Models/FidoMetadataProvider/Protocol/Json/MetadataStatementJSON.cs

@@ -287,7 +287,7 @@ public class MetadataStatementJSON
     ///         The information is the same reported by an authenticator when invoking the 'authenticatorGetInfo' method, see <a href="https://fidoalliance.org/specs/fido-v2.2-ps-20250714/fido-client-to-authenticator-protocol-v2.2-ps-20250714.html#authenticatorGetInfo">[FIDOCTAP]</a>.
     ///     </para>
     /// </param>
-    /// <param name="cxpConfigUrl">
+    /// <param name="cxConfigUrl">
     ///     <para>Specifies the URL for retrieving the configuration details for the credential export protocol (CXP).</para>
     ///     <para>
     ///         When importing credentials, the passkey provider to export the credential might retrieve the configuration details for the credential export protocol in order to provide additional security. More details can be found in Credential Export Protocol specification that can
@@ -330,7 +330,7 @@ public MetadataStatementJSON(
         string? keyScope,
         string? multiDeviceCredentialSupport,
         AuthenticatorGetInfoJSON? authenticatorGetInfo,
-        string? cxpConfigUrl)
+        string? cxConfigUrl)
     {
         LegalHeader = legalHeader;
         Aaid = aaid;
@@ -366,7 +366,7 @@ public MetadataStatementJSON(
         KeyScope = keyScope;
         MultiDeviceCredentialSupport = multiDeviceCredentialSupport;
         AuthenticatorGetInfo = authenticatorGetInfo;
-        CxpConfigUrl = cxpConfigUrl;
+        CxConfigUrl = cxConfigUrl;
     }
 
     /// <summary>
@@ -924,7 +924,7 @@ public MetadataStatementJSON(
     ///         be found on the FIDO <a href="https://fidoalliance.org/specifications-credential-exchange-specifications/">Credential Exchange Specifications</a> web page.
     ///     </para>
     /// </summary>
-    [JsonPropertyName("cxpConfigURL")]
+    [JsonPropertyName("cxConfigURL")]
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
-    public string? CxpConfigUrl { get; }
+    public string? CxConfigUrl { get; }
 }

tests/WebAuthn.Net.Tests.Unit/Services/AuthenticationCeremony/Implementation/DefaultAuthenticationCeremonyService/Abstractions/AbstractAuthenticationCeremonyServiceTests.cs

@@ -114,7 +114,7 @@ public virtual async Task SetupServices()
                 Options,
                 safeJsonDeserializer,
                 fakeFidoHttpClientProvider.Client,
-                new FakeTimeProvider(DateTimeOffset.Parse("2023-10-20T16:36:38Z", CultureInfo.InvariantCulture)));
+                new FakeTimeProvider(DateTimeOffset.Parse("2026-04-27T16:36:38Z", CultureInfo.InvariantCulture)));
             var downloadMetadataResult = await metadataProvider.DownloadMetadataAsync(CancellationToken.None);
             if (downloadMetadataResult.HasError)
             {

tests/WebAuthn.Net.Tests.Unit/Services/FidoMetadata/Implementation/DefaultFidoMetadataDecoderTests.cs

@@ -48,7 +48,7 @@ public async Task SetupServices()
             Options,
             safeJsonDeserializer,
             FakeFidoHttpClientProvider.Client,
-            new FakeTimeProvider(DateTimeOffset.Parse("2023-10-20T16:36:38Z", CultureInfo.InvariantCulture)));
+            new FakeTimeProvider(DateTimeOffset.Parse("2026-04-27T16:36:38Z", CultureInfo.InvariantCulture)));
         Decoder = new(
             new DefaultEnumMemberAttributeSerializer<UserVerificationMethod>(),
             new DefaultEnumMemberAttributeSerializer<ProtocolFamily>(),

tests/WebAuthn.Net.Tests.Unit/Services/FidoMetadata/Implementation/DefaultFidoMetadataProviderTests.cs

@@ -43,7 +43,7 @@ public void SetupServices()
             Options,
             safeJsonDeserializer,
             FakeFidoHttpClientProvider.Client,
-            new FakeTimeProvider(DateTimeOffset.Parse("2023-10-20T16:36:38Z", CultureInfo.InvariantCulture)));
+            new FakeTimeProvider(DateTimeOffset.Parse("2026-04-27T16:36:38Z", CultureInfo.InvariantCulture)));
     }
 
     [TearDown]

tests/WebAuthn.Net.Tests.Unit/Services/RegistrationCeremony/Implementation/DefaultRegistrationCeremonyService/Abstractions/AbstractRegistrationCeremonyServiceTests.cs

@@ -109,7 +109,7 @@ public virtual async Task SetupServices()
                 Options,
                 safeJsonDeserializer,
                 fakeFidoHttpClientProvider.Client,
-                new FakeTimeProvider(DateTimeOffset.Parse("2023-10-20T16:36:38Z", CultureInfo.InvariantCulture)));
+                new FakeTimeProvider(DateTimeOffset.Parse("2026-04-27T16:36:38Z", CultureInfo.InvariantCulture)));
             var downloadMetadataResult = await metadataProvider.DownloadMetadataAsync(CancellationToken.None);
             if (downloadMetadataResult.HasError)
             {