refactor: FIDO2 Credential Management Authentication, ApplicationSession

[DennisDyallo]

This pull request refactors the FIDO2 Credential Management command classes to simplify authentication handling and improve flexibility when constructing commands. The main changes remove the decryptAuthToken parameter from several constructors, standardize how PIN/UV authentication parameters are handled, and add new constructors for cases where the authentication parameter is pre-computed. Additionally, logging is updated to use a consistent logger, and some documentation is improved.

FIDO2 Credential Management Command Refactoring:

• Removed the decryptAuthToken parameter from constructors in CredentialManagementCommand and related command classes, simplifying how authentication tokens are handled. Now, authentication is always performed using the protocol's methods, and the SDK no longer conditionally decrypts tokens. [1] [2] [3] [4] [5]
• Added new constructors to CredentialManagementCommand, EnumerateCredentialsBeginCommand, EnumerateCredentialsGetNextCommand, EnumerateRpsBeginCommand, and GetCredentialMetadataCommand to allow instantiating these commands with a pre-computed PIN/UV authentication parameter and protocol version. [1] [2] [3] [4] [5]
• Introduced static methods like GetAuthenticationMessage to help callers generate the correct message to use for PIN/UV authentication for each command. [1] [2] [3]

Fido2Session and Logging Improvements:

• Updated all logging in Fido2Session partial classes to use the unified Logger property instead of the private _log field, ensuring consistency in logging throughout the codebase. [1] [2] [3] [4] [5] [6] [7]
• Refactored the GetCredentialMetadata method in Fido2Session.CredMgmt.cs to use the new authentication parameter handling: it now computes the authentication parameter before constructing the command and uses the new constructor, retrying with a new token if needed. [1] [2] [3]

Documentation and Code Quality:

• Improved XML documentation for properties and constructors, clarifying usage and intent, especially around authentication parameters and direct command access. [1] [2] [3] [4] [5]
• Minor code quality improvements, such as using is not null for null checks and adding missing using directives. [1] [2] [3]

[Copilot]

Pull Request Overview

This PR refactors the FIDO2 Credential Management command classes to simplify authentication handling and improve code maintainability. The main purpose is to standardize how PIN/UV authentication parameters are handled across FIDO2 commands, replacing conditional token decryption with a more structured approach.

Key changes include:

• Removed decryptAuthToken parameters from credential management command constructors and simplified authentication token handling
• Added new constructors that accept pre-computed authentication parameters and introduced static helper methods for generating authentication messages
• Updated Fido2Session to inherit from ApplicationSession and standardized logging to use the unified Logger property

Reviewed Changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
FidoIntegrationTestBase.cs	Added using directive for Commands namespace and updated default device type to Any
Fido2Tests.cs	Enhanced integration tests with better setup, credential creation, and improved command testing patterns
YubiKeyFeatureExtensions.cs	Added support detection for FIDO2 CTAP2.2 standard
YubiKeyFeature.cs	Added FidoCtap22 enum value for CTAP2.2 feature detection
Fido2Session.cs	Refactored to inherit from ApplicationSession and updated constructor/disposal patterns
Fido2Session.Pin.cs	Updated all logging calls to use unified Logger property
Fido2Session.MakeCredential.cs	Updated logging to use unified Logger property
Fido2Session.LargeBlobs.cs	Updated logging to use unified Logger property
Fido2Session.GetAssertion.cs	Updated logging to use unified Logger property
Fido2Session.CredMgmt.cs	Major refactoring of credential management methods to use new authentication parameter handling
Fido2Session.Config.cs	Updated logging to use unified Logger property
Fido2Session.BioEnrollment.cs	Updated logging to use unified Logger property
GetCredentialMetadataCommand.cs	Added new constructor for pre-computed auth params and static helper method
EnumerateRpsBeginResponse.cs	Modernized null checks using is not null pattern
EnumerateRpsBeginCommand.cs	Added new constructor and static helper method for authentication message generation
EnumerateCredentialsGetNextCommand.cs	Added new constructor for pre-computed auth params
EnumerateCredentialsBeginCommand.cs	Added new constructor and static helper method for authentication message generation
CredentialManagementCommand.cs	Removed decryptAuthToken parameter and added new constructor for pre-computed auth params
ApplicationSession.cs	Enhanced XML documentation for Connection property

Comments suppressed due to low confidence (1)

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/Fido2Session.CredMgmt.cs:1

• There's trailing whitespace at the end of this line that should be removed.

// Copyright 2025 Yubico AB

[github-actions]

Test Results: Windows

    2 files      2 suites   9s ⏱️
3 972 tests 3 972 ✅ 0 💤 0 ❌
3 974 runs  3 974 ✅ 0 💤 0 ❌

Results for commit dcf1b86.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results: Ubuntu

    2 files      2 suites   14s ⏱️
3 964 tests 3 964 ✅ 0 💤 0 ❌
3 966 runs  3 966 ✅ 0 💤 0 ❌

Results for commit dcf1b86.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results: MacOS

    2 files      2 suites   11s ⏱️
3 964 tests 3 964 ✅ 0 💤 0 ❌
3 966 runs  3 966 ✅ 0 💤 0 ❌

Results for commit b7654ee.

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
Yubico.Core	40%	31%	4371	➖
Yubico.YubiKey	51%	47%	21102	➖
Summary	49% (36168 / 73593)	44% (8886 / 20109)	25473	➖

Minimum allowed line rate is 40%