Supporting attestation formats (#530)

* Attestation Formats

* Add remark

* Field should be property.

* Collection expression

* Remove formats from assertionOptions

Assertion time attestation is removed from per this PR: https://github.com/w3c/webauthn/pull/1997/files

---------

Co-authored-by: Anders Åberg <[email protected]>

Src/Fido2.Models/CredentialCreateOptions.cs

@@ -49,6 +49,15 @@ public sealed class CredentialCreateOptions
     [JsonPropertyName("attestation")]
     public AttestationConveyancePreference Attestation { get; set; } = AttestationConveyancePreference.None;
 
+    /// <summary>
+    /// This member is intended for use by Relying Parties that wish to select a preference regarding the attestation statement format used, if such an attestation is requested.
+    /// </summary>
+    /// <remarks>
+    /// This parameter is advisory and the authenticator MAY use an attestation statement not enumerated in this parameter.
+    /// </remarks>
+    [JsonPropertyName("attestationFormats")]
+    public IReadOnlyList<AttestationStatementFormatIdentifier> AttestationFormats { get; set; } = [];
+
     /// <summary>
     /// This member is intended for use by Relying Parties that wish to select the appropriate authenticators to participate in the create() operation.
     /// </summary>

Src/Fido2.Models/Objects/AttestationStatementFormatIdentifier.cs

@@ -0,0 +1,55 @@
+using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+/// <summary>
+/// The attestation statement format identifier in WebAuthn specifies the format of the attestation statement that is used to attest to the authenticity of a credential created by a WebAuthn authenticator.
+/// https://www.iana.org/assignments/webauthn/webauthn.xhtml
+/// </summary>
+[JsonConverter(typeof(FidoEnumConverter<AttestationStatementFormatIdentifier>))]
+public enum AttestationStatementFormatIdentifier
+{
+    /// <summary>
+    /// The "packed" attestation statement format is a WebAuthn-optimized format for attestation. It uses a very compact but still extensible encoding method. This format is implementable by authenticators with limited resources (e.g., secure elements).
+    /// </summary>
+    [EnumMember(Value = "packed")]
+    Packed,
+
+    /// <summary>
+    /// The "TPM" attestation statement format returns an attestation statement in the same format as the packed attestation statement format, although the rawData and signature fields are computed differently.
+    /// </summary>
+    [EnumMember(Value = "tpm")]
+    Tpm,
+
+    /// <summary>
+    /// Platform authenticators on versions "N", and later, may provide this proprietary "hardware attestation" statement.
+    /// </summary>
+    [EnumMember(Value = "android-key")]
+    AndroidKey,
+
+    /// <summary>
+    /// Android-based platform authenticators MAY produce an attestation statement based on the Android SafetyNet API.
+    /// </summary>
+    [EnumMember(Value = "android-safetynet")]
+    AndroidSafetyNet,
+
+    /// <summary>
+    /// Used with FIDO U2F authenticators.
+    /// </summary>
+    [EnumMember(Value = "fido-u2f")]
+    FidoU2f,
+
+    /// <summary>
+    /// Used with Apple devices' platform authenticators.
+    /// </summary>
+    [EnumMember(Value = "apple")]
+    Apple,
+
+    /// <summary>
+    /// Used to replace any authenticator-provided attestation statement when a WebAuthn Relying Party indicates it does not wish to receive attestation information.
+    /// </summary>
+    [EnumMember(Value = "none")]
+    None
+}
+

Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyInputs.cs

@@ -3,11 +3,14 @@
 using System;
 using System.Text.Json.Serialization;
 
+/// <summary>
+///  Deprecated: DevicePublickeyKey has been deprecated but is kept around in the code base because of conformance testing tools.
+/// </summary>
 public sealed class AuthenticationExtensionsDevicePublicKeyInputs
 {
     [JsonPropertyName("attestation")]
     public string Attestation { get; set; } = "none";
 
     [JsonPropertyName("attestationFormats")]
-    public string[] AttestationFormats { get; set; } = Array.Empty<string>();
+    public IReadOnlyList<AttestationStatementFormatIdentifier> AttestationFormats { get; set; } = Array.Empty<AttestationStatementFormatIdentifier>();
 }