Add non-discoverable creds tests

Yubico · Jan 16, 2025 · c693097 · c693097
1 parent d1a46d5
commit c693097
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 10 deletions.
diff --git a/tests/device/conftest.py b/tests/device/conftest.py
@@ -1,4 +1,5 @@
 from fido2.hid import CtapHidDevice, list_descriptors, open_connection, open_device
+from fido2.cose import CoseKey
 from fido2.ctap2 import Ctap2
 from fido2.ctap2.pin import ClientPin, PinProtocolV1, PinProtocolV2
 from fido2.ctap2.credman import CredentialManagement
@@ -265,6 +266,15 @@ def info(ctap2):
     return ctap2.get_info()
 
 
+@pytest.fixture(params=[CoseKey.for_alg(alg) for alg in CoseKey.supported_algorithms()])
+def algorithm(request, info):
+    alg_cls = request.param
+    alg = {"alg": alg_cls.ALGORITHM, "type": "public-key"}
+    if alg not in info.algorithms:
+        pytest.skip(f"Algorithm {alg_cls.__name__} not supported")
+    return alg
+
+
 @pytest.fixture(params=[PinProtocolV1, PinProtocolV2])
 def pin_protocol(request, info):
     proto = request.param

diff --git a/tests/device/test_credentials.py b/tests/device/test_credentials.py
@@ -0,0 +1,30 @@
+from fido2.server import Fido2Server
+
+
+def test_make_assert(client, pin_protocol, algorithm):
+    rp = {"id": "example.com", "name": "Example RP"}
+    server = Fido2Server(rp)
+    user = {"id": b"user_id", "name": "A. User"}
+
+    create_options, state = server.register_begin(user)
+
+    # Create a credential
+    result = client.make_credential(
+        {
+            **create_options["publicKey"],
+            "pubKeyCredParams": [algorithm],
+        }
+    )
+
+    auth_data = server.register_complete(state, result)
+    cred = auth_data.credential_data
+    assert cred.public_key[3] == algorithm["alg"]
+    credentials = [cred]
+
+    # Get assertion
+    request_options, state = server.authenticate_begin(credentials)
+
+    # Authenticate the credential
+    result = client.get_assertion(request_options.public_key).get_response(0)
+    cred_data = server.authenticate_complete(state, credentials, result)
+    assert cred_data == cred
diff --git a/tests/device/test_credman.py b/tests/device/test_credman.py
@@ -1,4 +1,3 @@
-from fido2.cose import CoseKey
 from fido2.ctap import CtapError
 from fido2.ctap2.pin import ClientPin
 from fido2.ctap2.credman import CredentialManagement
@@ -14,15 +13,6 @@ def preconditions(dev_manager):
         pytest.skip("CredentialManagement not supported by authenticator")
 
 
-@pytest.fixture(params=[CoseKey.for_alg(alg) for alg in CoseKey.supported_algorithms()])
-def algorithm(request, info):
-    alg_cls = request.param
-    alg = {"alg": alg_cls.ALGORITHM, "type": "public-key"}
-    if alg not in info.algorithms:
-        pytest.skip(f"Algorithm {alg_cls.__name__} not supported")
-    return alg
-
-
 def get_credman(ctap2, pin_protocol, permissions=ClientPin.PERMISSION.CREDENTIAL_MGMT):
     token = ClientPin(ctap2, pin_protocol).get_pin_token(TEST_PIN, permissions)
     return CredentialManagement(ctap2, pin_protocol, token)