Add tests for CTAP 2.2/2.3 EncCredStoreState and AuthenticatorConfigCommands

This commit adds comprehensive test coverage for the new CTAP 2.2/2.3
properties and methods:

Unit Tests (Fido2InfoTests.cs):
- Updated Decode_AuthenticatorInfo() to verify both new properties
- Added GetSampleEncoded() entries for EncCredStoreState (key 0x1E)
  and AuthenticatorConfigCommands (key 0x1F)
- Added Decode_AuthenticatorConfigCommands_Correct() to validate
  parsing of authenticator config command list
- Added Decode_NoAuthenticatorConfigCommands_Null() to verify null
  handling when field is absent
- Added Decode_EncCredStoreState_Correct() to validate parsing of
  encrypted credential store state
- Added Decode_NoEncCredStoreState_Null() to verify null handling
  when field is absent
- Added CompareIntLists() helper method for integer list comparison

Integration Tests (Fido2Tests.cs):
- Added AuthenticatorInfo_GetCredStoreState_BothRuns_Returns_SameCredStoreState()
  test that mirrors the GetIdentifier test pattern
- Verifies GetCredStoreState() decrypts credential store state correctly
  using persistent PIN/UV auth token
- Tests that credential store state remains consistent across multiple
  sessions with the same persistent token
- Requires YubiKey firmware 5.8.0+ and physical device for execution

The tests follow the same patterns as existing EncIdentifier tests,
ensuring consistency with the codebase testing standards.

Author: DennisDyallo

Yubico.YubiKey/tests/integration/Yubico/YubiKey/Fido2/Fido2Tests.cs

@@ -72,6 +72,41 @@ public void AuthenticatorInfo_GetIdentifier_BothRuns_Returns_SameIdentifier()
         Assert.True(identifier1.Value.Span.SequenceEqual(identifier2.Value.Span));
     }
 
+    [SkippableFact(typeof(DeviceNotFoundException))]
+    public void AuthenticatorInfo_GetCredStoreState_BothRuns_Returns_SameCredStoreState()
+    {
+        ReadOnlyMemory<byte>? credStoreState1;
+        ReadOnlyMemory<byte>? credStoreState2;
+        ReadOnlyMemory<byte>? ppuat;
+
+        // First run
+        using (var session = GetSession(minFw: FirmwareVersion.V5_8_0))
+        {
+            session.VerifyPin(PinUvAuthTokenPermissions.PersistentCredentialManagementReadOnly);
+            Assert.NotNull(session.AuthTokenPersistent);
+
+            ppuat = session.AuthTokenPersistent.Value.ToArray();
+            credStoreState1 = session.AuthenticatorInfo.GetCredStoreState(ppuat.Value);
+
+            Assert.NotNull(credStoreState1);
+            Assert.NotEmpty(credStoreState1.Value.ToArray());
+        }
+
+        // Second run, reuse ppuat
+        using (var session = GetSession(persistentPinUvAuthToken: ppuat.Value))
+        {
+            session.VerifyPin(PinUvAuthTokenPermissions.PersistentCredentialManagementReadOnly);
+            Assert.NotNull(session.AuthTokenPersistent);
+
+            credStoreState2 = session.AuthenticatorInfo.GetCredStoreState(ppuat.Value);
+
+            Assert.NotNull(credStoreState2);
+            Assert.NotEmpty(credStoreState2.Value.ToArray());
+        }
+
+        Assert.True(credStoreState1.Value.Span.SequenceEqual(credStoreState2.Value.Span));
+    }
+
     #endregion
 
     #region CredentialManagement

Yubico.YubiKey/tests/unit/Yubico/YubiKey/Fido2/Fido2InfoTests.cs

@@ -31,6 +31,8 @@ public void Decode_AuthenticatorInfo()
             var fido2Info = new AuthenticatorInfo(GetSampleEncoded());
             Assert.NotNull(fido2Info);
             Assert.NotNull(fido2Info.EncIdentifier);
+            Assert.NotNull(fido2Info.EncCredStoreState);
+            Assert.NotNull(fido2Info.AuthenticatorConfigCommands);
         }
 
         [Fact]
@@ -625,6 +627,87 @@ public void Extensions_IsSupported_Correct(
             Assert.Equal(expectedValue, isSupported);
         }
 
+        [Fact]
+        public void Decode_AuthenticatorConfigCommands_Correct()
+        {
+            int[] correctInts = new int[] { 1, 2, 3 };
+
+            byte[] encodedData = GetSampleEncoded();
+
+            var fido2Info = new AuthenticatorInfo(encodedData);
+            Assert.NotNull(fido2Info.AuthenticatorConfigCommands);
+            if (fido2Info.AuthenticatorConfigCommands is null)
+            {
+                return;
+            }
+
+            bool isValid = CompareIntLists(correctInts, fido2Info.AuthenticatorConfigCommands);
+
+            Assert.True(isValid);
+        }
+
+        [Fact]
+        public void Decode_NoAuthenticatorConfigCommands_Null()
+        {
+            byte[] encodedData = GetMinimumEncoded();
+
+            var fido2Info = new AuthenticatorInfo(encodedData);
+            Assert.Null(fido2Info.AuthenticatorConfigCommands);
+        }
+
+        [Fact]
+        public void Decode_EncCredStoreState_Correct()
+        {
+            byte[] correctValue = "encCredStoreStateByte"u8.ToArray();
+
+            byte[] encodedData = GetSampleEncoded();
+
+            var fido2Info = new AuthenticatorInfo(encodedData);
+            Assert.NotNull(fido2Info.EncCredStoreState);
+            if (fido2Info.EncCredStoreState is null)
+            {
+                return;
+            }
+
+            bool isValid = MemoryExtensions.SequenceEqual(correctValue, fido2Info.EncCredStoreState.Value.Span);
+
+            Assert.True(isValid);
+        }
+
+        [Fact]
+        public void Decode_NoEncCredStoreState_Null()
+        {
+            byte[] encodedData = GetMinimumEncoded();
+
+            var fido2Info = new AuthenticatorInfo(encodedData);
+            Assert.Null(fido2Info.EncCredStoreState);
+        }
+
+        private static bool CompareIntLists(
+            int[] correctInts,
+            IReadOnlyList<int>? candidate)
+        {
+            if (candidate is null)
+            {
+                return false;
+            }
+
+            if (correctInts.Length != candidate.Count)
+            {
+                return false;
+            }
+
+            for (int index = 0; index < correctInts.Length; index++)
+            {
+                if (!candidate.Contains(correctInts[index]))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
         private static bool CompareLongLists(
             long[] correctInts,
             IReadOnlyList<long>? candidate)
@@ -744,7 +827,9 @@ internal static byte[] GetSampleEncoded()
                 .Entry(26, new[] { AuthenticatorTransports.Usb }) // TransportsForReset
                 .Entry(27, true) // PinComplexityPolicy
                 .Entry(28, "Example.com"u8.ToArray()) // PinComplexityPolicyUrl
-                .Entry(29, 33); // MaxPinLength
+                .Entry(29, 33) // MaxPinLength
+                .Entry(30, "encCredStoreStateByte"u8.ToArray()) // EncCredStoreState
+                .Entry(31, new[] { 1, 2, 3 }); // AuthenticatorConfigCommands
 
             var encoded = cborMapWriter.Encode();
             return encoded;