Table of Contents

Class RelyingParty

Namespace
Yubico.YubiKey.Fido2
Assembly
Yubico.YubiKey.dll

A FIDO2 RelyingParty, consisting of ID and name. This is used when the FIDO2 standard specifies a PublicKeyCredentialRpEntity.

public class RelyingParty
Inheritance
object
RelyingParty

Remarks

A relying party (RP) can specify its ID, but a client can also build an RP ID based on the domain of the page its currently communicating with. In addition, an authenticator or a platform can specify a "human-readable" name of the RP to display to the user.

This class holds the RP ID and name, and can encode and decode them as part of CBOR structures.

The FIDO2 standard specifies that when communicating with the authenticator, the ID is a required element. The W3C standard says the ID is optional. This seeming contradiction is because the RP is not required to specify an ID. In that case, the client will build an ID from the domain it is communicating with. Either way, an ID must be passed to the authenticator. Hence, when building am instance of RelyingParty, an ID is required.

The W3C standard declares the name a required element, and the FIDO2 standard declares it optional. Because the FIDO2 standard specifically prescribes authenticator functionality, this class will allow a null name.

Constructors

RelyingParty(ReadOnlyMemory<byte>)

Constructs a new instance of RelyingParty based on the encoded value.

public RelyingParty(ReadOnlyMemory<byte> encodedRelyingParty)

Parameters

encodedRelyingParty ReadOnlyMemory<byte>

The CBOR-encoded relying party info.

Remarks

This constructor expects the encoding to follow this template.

map {
  "id"          --text string--
  "name"        --text string-- (optional)
}

Exceptions

Ctap2DataException

The encodedRelyingParty is not a correct encoding.

RelyingParty(string)

Constructs a new instance of RelyingParty.

public RelyingParty(string id)

Parameters

id string

The relying party ID.

Properties

Id

The id component of the RelyingParty.

public string Id { get; set; }

Property Value

string

Name

The name component of the RelyingParty.

public string? Name { get; set; }

Property Value

string

RelyingPartyIdHash

The SHA-256 digest of the RelyingParty.Id.

public ReadOnlyMemory<byte> RelyingPartyIdHash { get; }

Property Value

ReadOnlyMemory<byte>

Remarks

When a RelyingParty object is created, the constructor will build the RelyingPartyIdHash. It is the digest of the UTF8 byte array version of the string that is the Id.

Methods

CborEncode()

Return a new byte array that is the object encoded following the FIDO2/CBOR standard.

public byte[] CborEncode()

Returns

byte[]

The encoded construct.

Exceptions

InvalidOperationException

The object contains no data.

IsMatchingRelyingPartyId(ReadOnlyMemory<byte>)

Determine if the candidateHash the same as the computed RelyingPartyIdHash of this object. This is likely used when searching for a RelyingParty when all you have is the RelyingPartyIdHash, or when given a RelyingParty and a RelyingPartyIdHash (e.g. enumerating relying parties), and want to verify that the given value is correct.

public bool IsMatchingRelyingPartyId(ReadOnlyMemory<byte> candidateHash)

Parameters

candidateHash ReadOnlyMemory<byte>

The purported relying party Id hash

Returns

bool

A boolean, true if the candidate matches the hash inside the object and false otherwise.