add test for PIV ResetPin

Yubico · Jun 27, 2024 · be696e2 · be696e2
1 parent da79989
commit be696e2
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Pin.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Pin.cs
@@ -1233,6 +1233,7 @@ public bool TryResetPin(ReadOnlyMemory<byte> puk, ReadOnlyMemory<byte> newPin, o
 
             if (resetResponse.Status == ResponseStatus.ConditionsNotSatisfied)
             {
+                retriesRemaining = null;
                 throw new SecurityException(
                     string.Format(
                         CultureInfo.CurrentCulture,

diff --git a/Yubico.YubiKey/tests/integration/Yubico/YubiKey/PinComplexityTests.cs b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/PinComplexityTests.cs
@@ -45,7 +45,7 @@ public class PinComplexityTests
         private readonly ReadOnlyMemory<byte> invalidPuk = new ReadOnlyMemory<byte>(Encoding.ASCII.GetBytes("33333333"));
 
         [SkippableFact]
-        public void SettingInvalidPivPin_Throws()
+        public void ChangePivPinToInvalidValue_ThrowsSecurityException()
         {
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(StandardTestDevice.Fw5Fips);
             Skip.IfNot(testDevice.IsPinComplexityEnabled);
@@ -61,7 +61,7 @@ public void SettingInvalidPivPin_Throws()
         }
 
         [SkippableFact]
-        public void SettingInvalidPivPuk_Throws()
+        public void ChangePivPukToInvalidValue_ThrowsSecurityException()
         {
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(StandardTestDevice.Fw5Fips);
             Skip.IfNot(testDevice.IsPinComplexityEnabled);
@@ -78,7 +78,23 @@ public void SettingInvalidPivPuk_Throws()
         }
 
         [SkippableFact]
-        public void SettingInvalidFido2Pin_Throws()
+        public void ResetPivPinToInvalidValue_ThrowsSecurityException()
+        {
+            IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(StandardTestDevice.Fw5Fips);
+            Skip.IfNot(testDevice.IsPinComplexityEnabled);
+
+            using var pivSession = new PivSession(testDevice);
+            pivSession.ResetApplication();
+
+            Assert.True(pivSession.TryResetPin(defaultPuk, complexPin, out _));
+            int? retriesRemaining = 3;
+            var e = Assert.Throws<SecurityException>(() => pivSession.TryResetPin(defaultPuk, invalidPin, out retriesRemaining));
+            Assert.Equal(ExceptionMessages.PinComplexityViolation, e.Message);
+            Assert.Null(retriesRemaining);
+        }        
+
+        [SkippableFact]
+        public void SetFido2PinToInvalidValue_ThrowsFido2Exception()
         {
             IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(StandardTestDevice.Fw5Fips);
             Skip.IfNot(testDevice.IsPinComplexityEnabled);