From b496de8ef2269d5994cd064855dbd5db460dd114 Mon Sep 17 00:00:00 2001
From: Dain Nilsson <dain@yubico.com>
Date: Wed, 15 Jan 2025 16:53:35 +0100
Subject: [PATCH] Add tests for credblob

---
 tests/device/test_credblob.py | 49 +++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 tests/device/test_credblob.py

diff --git a/tests/device/test_credblob.py b/tests/device/test_credblob.py
new file mode 100644
index 0000000..158b94f
--- /dev/null
+++ b/tests/device/test_credblob.py
@@ -0,0 +1,49 @@
+from fido2.server import Fido2Server
+
+import os
+import pytest
+
+
+@pytest.fixture(autouse=True, scope="module")
+def preconditions(dev_manager):
+    if "credBlob" not in dev_manager.info.extensions:
+        pytest.skip("CredBlob not supported by authenticator")
+
+
+def test_read_write(client):
+    rp = {"id": "example.com", "name": "Example RP"}
+    server = Fido2Server(rp)
+    user = {"id": b"user_id", "name": "A. User"}
+
+    create_options, state = server.register_begin(
+        user,
+        resident_key_requirement="required",
+        user_verification="required",
+    )
+
+    # Create a credential
+    blob = os.urandom(32)
+    result = client.make_credential(
+        {
+            **create_options["publicKey"],
+            "extensions": {"credBlob": blob},
+        }
+    )
+    auth_data = server.register_complete(state, result)
+    credentials = [auth_data.credential_data]
+
+    assert auth_data.extensions["credBlob"] is True
+
+    request_options, state = server.authenticate_begin(
+        credentials, user_verification="required"
+    )
+
+    selection = client.get_assertion(
+        {
+            **request_options["publicKey"],
+            "extensions": {"getCredBlob": True},
+        }
+    )
+    result = selection.get_response(0)
+
+    assert result.response.authenticator_data.extensions.get("credBlob") == blob