Add support for largeBlob extension (#508)

* Add `largeBlob` support

* `dotnet format`

Author: Joshua Coffey

Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs

@@ -62,6 +62,14 @@ public sealed class AuthenticationExtensionsClientInputs
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
     public AuthenticationExtensionsPRFInputs? PRF { get; set; }
 
+    /// <summary>
+    /// This client registration extension and authentication extension allows a Relying Party to store opaque data associated with a credential.
+    /// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+    /// </summary>
+    [JsonPropertyName("largeBlob")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public AuthenticationExtensionsLargeBlobInputs? LargeBlob { get; set; }
+
     /// <summary>
     /// This registration extension allows relying parties to specify a credential protection policy when creating a credential.
     /// Additionally, authenticators MAY choose to establish a default credential protection policy greater than <c>UserVerificationOptional</c> (the lowest level)

Src/Fido2.Models/Objects/AuthenticationExtensionsClientOutputs.cs

@@ -59,6 +59,13 @@ public class AuthenticationExtensionsClientOutputs
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
     public AuthenticationExtensionsPRFOutputs? PRF { get; set; }
 
+    /// <summary>
+    /// This client registration extension and authentication extension allows a Relying Party to store opaque data associated with a credential.
+    /// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+    /// </summary>
+    [JsonPropertyName("largeBlob")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public AuthenticationExtensionsLargeBlobOutputs? LargeBlob { get; set; }
 
     /// <summary>
     /// The <c>CredentialProtectionPolicy</c> stored alongside the created credential

Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobInputs.cs

@@ -0,0 +1,57 @@
+#nullable enable
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+/// <summary>
+/// Input values for the largeBlob extension.
+///
+/// Note: If a value is specified for <see cref="Write"/>, and the assertion is intended to be invoked on a web browser,
+/// additional transformation must be performed on the client side before calling navigator.credentials.get().
+/// Specifically, the value must be converted from a base64url-encoded string to a Uint8Array.
+/// 
+/// https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargeblobinputs
+/// </summary>
+public sealed class AuthenticationExtensionsLargeBlobInputs
+{
+    /// <summary>
+    /// Requests that the credential be created with largeBlob support.
+    ///
+    /// A value of <c>Required</c> will cause credential creation to fail on the client side if largeBlob support is not available.
+    /// A value of <c>Preferred</c> will allow credential creation to succeed even if largeBlob support is not available.
+    ///
+    /// Valid only during registration.
+    /// 
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-support
+    /// </summary>
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    [JsonPropertyName("support")]
+    public LargeBlobSupport? Support { get; set; }
+
+    /// <summary>
+    /// Whether or not to read from the blob.
+    ///
+    /// Cannot be used in combination with <see cref="Write"/>.
+    /// 
+    /// Valid only during assertion.
+    ///
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-read
+    /// </summary>
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+    [JsonPropertyName("read")]
+    public bool Read { get; set; }
+
+    /// <summary>
+    /// A blob to write to the authenticator.
+    ///
+    /// Cannot be used in combination with <see cref="Read"/>.
+    ///
+    /// Valid only during assertion.
+    ///
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargeblobinputs-write
+    /// </summary>
+    [JsonConverter(typeof(Base64UrlConverter))]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    [JsonPropertyName("write")]
+    public byte[]? Write { get; set; }
+}

Src/Fido2.Models/Objects/AuthenticationExtensionsLargeBlobOutputs.cs

@@ -0,0 +1,48 @@
+#nullable enable
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+/// <summary>
+/// Output values for the largeBlob extension.
+///
+/// Note: If the assertion is intended to be run on a web browser, additional transformation must be performed
+/// on the client extension output on the browser side after calling navigator.credentials.get(). Specifically,
+/// the value of <c>largeBlob.blob</c> must be converted from a Uint8Array to a base64url-encoded string.
+/// 
+/// https://w3c.github.io/webauthn/#dictdef-authenticationextensionslargebloboutputs
+/// </summary>
+public sealed class AuthenticationExtensionsLargeBlobOutputs
+{
+    /// <summary>
+    /// Whether or not the credential was created with largeBlob support.
+    ///
+    /// Valid only during registration.
+    ///
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-supported
+    /// </summary>
+    [JsonPropertyName("supported")]
+    public bool Supported { get; set; } = false;
+
+    /// <summary>
+    /// The blob read from the authenticator.
+    ///
+    /// Valid only during assertion.
+    ///
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-blob
+    /// </summary>
+    [JsonConverter(typeof(Base64UrlConverter))]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    [JsonPropertyName("blob")]
+    public byte[]? Blob { get; set; }
+
+    /// <summary>
+    /// Whether or not a blob was written to the authenticator.
+    ///
+    /// Valid only during assertion.
+    ///
+    /// https://w3c.github.io/webauthn/#dom-authenticationextensionslargebloboutputs-written
+    /// </summary>
+    [JsonPropertyName("written")]
+    public bool Written { get; set; } = false;
+}

Src/Fido2.Models/Objects/LargeBlobSupport.cs

@@ -0,0 +1,23 @@
+using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+/// <summary>
+/// The possible values for requesting the largeBlob extension during credential registration.
+/// 
+/// https://w3c.github.io/webauthn/#sctn-large-blob-extension
+/// </summary>
+[JsonConverter(typeof(FidoEnumConverter<LargeBlobSupport>))]
+public enum LargeBlobSupport
+{
+    /// <summary>
+    /// largeBlob support is required -- credential creation will fail if largeBlob is not supported
+    /// </summary>
+    [EnumMember(Value = "required")] Required,
+
+    /// <summary>
+    /// largeBlob support is preferred -- credential creation will succeed even if largeBlob is not supported.
+    /// </summary>
+    [EnumMember(Value = "preferred")] Preferred
+}