From 5884bde7b9e6db8f56af3c451386539a9a72ecb7 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 May 2019 13:16:30 +0200 Subject: [PATCH 01/25] Fix value polarity in allowUntrustedAttestation javadoc --- .../src/main/java/com/yubico/webauthn/RelyingParty.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java index f5b2c7e8c..b40c51162 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java @@ -223,7 +223,7 @@ public class RelyingParty { private final boolean allowUnrequestedExtensions = false; /** - * If true, {@link #finishRegistration(FinishRegistrationOptions) finishRegistration} will only allow + * If false, {@link #finishRegistration(FinishRegistrationOptions) finishRegistration} will only allow * registrations where the attestation signature can be linked to a trusted attestation root. This excludes self * attestation and none attestation. * From 0790b6030f5b40ecb74b7c91a4aa55f26f59cb88 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 May 2019 13:51:14 +0200 Subject: [PATCH 02/25] Link Javadoc to developers.yubico.com instead of github.io --- README | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README b/README index 9161fc4b5..f1477e3ce 100644 --- a/README +++ b/README @@ -67,9 +67,9 @@ but the authentication mechanism alone does not make a security system. link:https://bugs.chromium.org/p/chromium/issues/detail?id=847878[bug in Chrome] which will not be worked around here. To work around this in application code, you can omit the - link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`] + link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`] when constructing an - link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`] + link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`] value if the `userHandle` is empty. See https://github.com/Yubico/java-webauthn-server/issues/12 . @@ -77,20 +77,20 @@ but the authentication mechanism alone does not make a security system. == Documentation See the -link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/package-summary.html[Javadoc] +link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc] for in-depth API documentation. == Quick start Implement the -link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`] +link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`] interface with your database access logic. See link:https://github.com/Yubico/java-webauthn-server/blob/master/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`] for an example. Instantiate the -link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/RelyingParty.html[`RelyingParty`] +link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`] class: [source,java] From 95c7317f2b14ee1a512826273dafcb91d5488a0a Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 May 2019 13:57:08 +0200 Subject: [PATCH 03/25] Don't deploy Javadoc to GitHub pages anymore --- .travis.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2a461383d..d63a8ea9d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,10 +4,6 @@ branches: except: - tmp -env: - global: - secure: sX5sJd2EUgzIT7uQN0YxA3faVHymBG/QPZ/St5IPqoQIXjZAMYBM0D1MrVOYaSOhgVKOJt+5vwCYU7MlY9Ha0rUPJgUPT+6CkVgUVCsQ1e8srAzaYp4ceIYaW2XpUIwhKHPBezulV3nLANRs0FibEN+eqTgL5A/qKtsU49BtQ1iUAVFFOzGcR48avo1UYxS0FLw+7MRLgH5NA6KJVHiGChx9P3oLYAhPylgDzRv6iFf5H5v9azQI4eLo6bSQwm++j0UpH4t8m+at7eGuzNsadYY0M9SoUwuJxQZiwtImYJJtGJD92QtV9m+yny4+RocXchgZDj3e9vx06ZqXaeF3U3o49YUX5ACerVV12yOxGZsuuxfevaQa9Mk4xEOwGkhva5I+8vfo8MRxm7ymelExn25zpsMlmj6GjBio3z1q/FGYdyXrcGoVNrvAgozs+0yW2jYtDVo7DNu8J2mur/C/gmi+xA6rkuEJQIQ3hWuWYVe7DUzdii5MG9/9AdwI14b3uyezh1EJ8tza5MScDQijTvD9sGxarruKS59VuJapqrJSU5E87CnlU6gQx7qXJVGvpTXZOw7ZzsdszSDQ3Jc9uNBSdtBQ2i7egEyTE+RQWsdtje/H0s3ZYyIw8qrQ1kIUDQKk7jl8Uvwf+zn/36JBgZMVIIO0hmDFnyB9wBGd7lk= - jdk: - openjdk8 - oraclejdk8 @@ -18,21 +14,9 @@ script: stages: - test - mutation-test - - deploy jobs: include: - stage: mutation-test jdk: oraclejdk8 script: ./gradlew pitest coveralls - - - stage: deploy - jdk: oraclejdk8 - script: ./gradlew assembleJavadoc - deploy: - provider: pages - skip-cleanup: true - github-token: $PAGES_DEPLOY_KEY - on: - branch: master - local-dir: 'build/javadoc' From 3b9298463b915d6e0532f59f6722cfc50979f3bf Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 May 2019 14:59:06 +0200 Subject: [PATCH 04/25] Change demo button label from username-less to resident credential --- webauthn-server-demo/src/main/webapp/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webauthn-server-demo/src/main/webapp/index.html b/webauthn-server-demo/src/main/webapp/index.html index 4141892a8..f93be695d 100644 --- a/webauthn-server-demo/src/main/webapp/index.html +++ b/webauthn-server-demo/src/main/webapp/index.html @@ -546,7 +546,7 @@

Test your WebAuthn device

From 8081e741a7bc0f191f47f7c300f932e9fceb5b4d Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 21 May 2019 17:37:11 +0200 Subject: [PATCH 05/25] Add timeout parameter --- .../webauthn/StartAssertionOptions.java | 34 +++++++ .../webauthn/StartRegistrationOptions.java | 35 +++++++ .../RelyingPartyStartOperationSpec.scala | 97 +++++++++++++++++++ 3 files changed, 166 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java index 5d958f020..e503be09f 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java @@ -80,9 +80,19 @@ public class StartAssertionOptions { @NonNull private final Optional userVerification; + /** + * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation. + *

+ * The default is empty. + *

+ */ + @NonNull + private final Optional timeout; + public static class StartAssertionOptionsBuilder { private @NonNull Optional username = Optional.empty(); private @NonNull Optional userVerification = Optional.empty(); + private @NonNull Optional timeout = Optional.empty(); /** * The username of the user to authenticate, if the user has already been identified. @@ -141,5 +151,29 @@ public StartAssertionOptionsBuilder userVerification(@NonNull Optional + * The default is empty. + *

+ */ + public StartAssertionOptionsBuilder timeout(@NonNull Optional timeout) { + if (timeout.isPresent() && timeout.get() <= 0) { + throw new IllegalArgumentException("timeout must be positive, was: " + timeout.get()); + } + this.timeout = timeout; + return this; + } + + /** + * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation. + *

+ * The default is empty. + *

+ */ + public StartAssertionOptionsBuilder timeout(long timeout) { + return this.timeout(Optional.of(timeout)); + } } } diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java index 3660c86c9..f2f87eed3 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java @@ -25,6 +25,7 @@ package com.yubico.webauthn; import com.yubico.webauthn.data.AuthenticatorSelectionCriteria; +import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions; import com.yubico.webauthn.data.RegistrationExtensionInputs; import com.yubico.webauthn.data.UserIdentity; import java.util.Optional; @@ -58,12 +59,22 @@ public class StartRegistrationOptions { @Builder.Default private final RegistrationExtensionInputs extensions = RegistrationExtensionInputs.builder().build(); + /** + * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. + *

+ * The default is empty. + *

+ */ + @NonNull + private final Optional timeout; + public static StartRegistrationOptionsBuilder.MandatoryStages builder() { return new StartRegistrationOptionsBuilder.MandatoryStages(); } public static class StartRegistrationOptionsBuilder { private @NonNull Optional authenticatorSelection = Optional.empty(); + private @NonNull Optional timeout = Optional.empty(); public static class MandatoryStages { private final StartRegistrationOptionsBuilder builder = new StartRegistrationOptionsBuilder(); @@ -87,6 +98,30 @@ public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull Optional< public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull AuthenticatorSelectionCriteria authenticatorSelection) { return this.authenticatorSelection(Optional.of(authenticatorSelection)); } + + /** + * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. + *

+ * The default is empty. + *

+ */ + public StartRegistrationOptionsBuilder timeout(@NonNull Optional timeout) { + if (timeout.isPresent() && timeout.get() <= 0) { + throw new IllegalArgumentException("timeout must be positive, was: " + timeout.get()); + } + this.timeout = timeout; + return this; + } + + /** + * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. + *

+ * The default is empty. + *

+ */ + public StartRegistrationOptionsBuilder timeout(long timeout) { + return this.timeout(Optional.of(timeout)); + } } } diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala index df7339445..5d61940dd 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala @@ -28,6 +28,8 @@ import java.util.Optional import com.yubico.internal.util.scala.JavaConverters._ import com.yubico.scalacheck.gen.JavaGenerators._ +import com.yubico.webauthn.data.AuthenticatorAttachment +import com.yubico.webauthn.data.AuthenticatorSelectionCriteria import com.yubico.webauthn.data.PublicKeyCredentialDescriptor import com.yubico.webauthn.data.ByteArray import com.yubico.webauthn.data.UserIdentity @@ -38,6 +40,7 @@ import com.yubico.webauthn.extension.appid.AppId import com.yubico.webauthn.extension.appid.Generators._ import org.junit.runner.RunWith import org.scalacheck.Arbitrary._ +import org.scalacheck.Gen import org.scalatest.FunSpec import org.scalatest.Matchers import org.scalatest.junit.JUnitRunner @@ -104,6 +107,56 @@ class RelyingPartyStartOperationSpec extends FunSpec with Matchers with Generato request2.getChallenge.size should be >= 32 } + it("allows setting the timeout to empty.") { + val pkcco = relyingParty().startRegistration( + StartRegistrationOptions.builder() + .user(userId) + .timeout(Optional.empty[java.lang.Long]) + .build()) + pkcco.getTimeout.asScala shouldBe 'empty + } + + it("allows setting the timeout to a positive value.") { + val rp = relyingParty() + + forAll(Gen.posNum[Long]) { timeout: Long => + val pkcco = rp.startRegistration( + StartRegistrationOptions.builder() + .user(userId) + .timeout(timeout) + .build()) + + pkcco.getTimeout.asScala should equal (Some(timeout)) + } + } + + it("does not allow setting the timeout to zero or negative.") { + an [IllegalArgumentException] should be thrownBy { + StartRegistrationOptions.builder() + .user(userId) + .timeout(0) + } + + an [IllegalArgumentException] should be thrownBy { + StartRegistrationOptions.builder() + .user(userId) + .timeout(Optional.of[java.lang.Long](0L)) + } + + forAll(Gen.negNum[Long]) { timeout: Long => + an [IllegalArgumentException] should be thrownBy { + StartRegistrationOptions.builder() + .user(userId) + .timeout(timeout) + } + + an [IllegalArgumentException] should be thrownBy { + StartRegistrationOptions.builder() + .user(userId) + .timeout(Optional.of[java.lang.Long](timeout)) + } + } + } } describe("RelyingParty.startAssertion") { @@ -152,6 +205,50 @@ class RelyingPartyStartOperationSpec extends FunSpec with Matchers with Generato } } + it("allows setting the timeout to empty.") { + val req = relyingParty().startAssertion( + StartAssertionOptions.builder() + .timeout(Optional.empty[java.lang.Long]) + .build()) + req.getPublicKeyCredentialRequestOptions.getTimeout.asScala shouldBe 'empty + } + + it("allows setting the timeout to a positive value.") { + val rp = relyingParty() + + forAll(Gen.posNum[Long]) { timeout: Long => + val req = rp.startAssertion( + StartAssertionOptions.builder() + .timeout(timeout) + .build()) + + req.getPublicKeyCredentialRequestOptions.getTimeout.asScala should equal (Some(timeout)) + } + } + + it("does not allow setting the timeout to zero or negative.") { + an [IllegalArgumentException] should be thrownBy { + StartAssertionOptions.builder() + .timeout(0) + } + + an [IllegalArgumentException] should be thrownBy { + StartAssertionOptions.builder() + .timeout(Optional.of[java.lang.Long](0L)) + } + + forAll(Gen.negNum[Long]) { timeout: Long => + an [IllegalArgumentException] should be thrownBy { + StartAssertionOptions.builder() + .timeout(timeout) + } + + an [IllegalArgumentException] should be thrownBy { + StartAssertionOptions.builder() + .timeout(Optional.of[java.lang.Long](timeout)) + } + } + } } } From 0290ee58060696b51d79e805e71386060487ff33 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 21 May 2019 17:42:33 +0200 Subject: [PATCH 06/25] Implement timeout parameter logic --- .../src/main/java/com/yubico/webauthn/RelyingParty.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java index b40c51162..6d521d6ff 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java @@ -292,6 +292,7 @@ public PublicKeyCredentialCreationOptions startRegistration(StartRegistrationOpt ) .authenticatorSelection(startRegistrationOptions.getAuthenticatorSelection()) .extensions(startRegistrationOptions.getExtensions()) + .timeout(startRegistrationOptions.getTimeout()) ; attestationConveyancePreference.ifPresent(builder::attestation); return builder.build(); @@ -344,6 +345,7 @@ public AssertionRequest startAssertion(StartAssertionOptions startAssertionOptio .appid(appId) .build() ) + .timeout(startAssertionOptions.getTimeout()) ; startAssertionOptions.getUserVerification().ifPresent(pkcro::userVerification); From a662ba7a9052af2d9adc62e75808ebe5710227a2 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 21 May 2019 18:11:04 +0200 Subject: [PATCH 07/25] Fix faulty JavaDoc links in README --- README | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README b/README index f1477e3ce..2caf6c625 100644 --- a/README +++ b/README @@ -67,9 +67,9 @@ but the authentication mechanism alone does not make a security system. link:https://bugs.chromium.org/p/chromium/issues/detail?id=847878[bug in Chrome] which will not be worked around here. To work around this in application code, you can omit the - link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`] + link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`] when constructing an - link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`] + link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`] value if the `userHandle` is empty. See https://github.com/Yubico/java-webauthn-server/issues/12 . @@ -77,20 +77,20 @@ but the authentication mechanism alone does not make a security system. == Documentation See the -link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc] +link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc] for in-depth API documentation. == Quick start Implement the -link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`] +link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`] interface with your database access logic. See link:https://github.com/Yubico/java-webauthn-server/blob/master/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`] for an example. Instantiate the -link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`] +link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`] class: [source,java] From de9ef326099a9afc64925ba5d171f4c5c4947eeb Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 21 May 2019 19:01:33 +0200 Subject: [PATCH 08/25] Call out that timeout is only passed through --- .../yubico/webauthn/StartAssertionOptions.java | 15 +++++++++++++++ .../yubico/webauthn/StartRegistrationOptions.java | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java index e503be09f..7bfdba6b4 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java @@ -83,6 +83,11 @@ public class StartAssertionOptions { /** * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialRequestOptions} so it can be used as an argument to + * navigator.credentials.get() on the client side. + *

+ *

* The default is empty. *

*/ @@ -155,6 +160,11 @@ public StartAssertionOptionsBuilder userVerification(@NonNull UserVerificationRe /** * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialRequestOptions} so it can be used as an argument to + * navigator.credentials.get() on the client side. + *

+ *

* The default is empty. *

*/ @@ -169,6 +179,11 @@ public StartAssertionOptionsBuilder timeout(@NonNull Optional timeout) { /** * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialRequestOptions} so it can be used as an argument to + * navigator.credentials.get() on the client side. + *

+ *

* The default is empty. *

*/ diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java index f2f87eed3..52ba8a525 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java @@ -62,6 +62,11 @@ public class StartRegistrationOptions { /** * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialCreationOptions} so it can be used as an argument to + * navigator.credentials.create() on the client side. + *

+ *

* The default is empty. *

*/ @@ -102,6 +107,11 @@ public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull Authentic /** * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialCreationOptions} so it can be used as an argument to + * navigator.credentials.create() on the client side. + *

+ *

* The default is empty. *

*/ @@ -116,6 +126,11 @@ public StartRegistrationOptionsBuilder timeout(@NonNull Optional timeout) /** * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation. *

+ * This library does not take the timeout into account in any way, other than passing it through to the {@link + * PublicKeyCredentialCreationOptions} so it can be used as an argument to + * navigator.credentials.create() on the client side. + *

+ *

* The default is empty. *

*/ From 519b251c56dc7097ac7d2bb1ca5f0c6e312e818f Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 17:41:58 +0200 Subject: [PATCH 09/25] Bump Jackson dependency to version 2.9.9 In response to CVE-2019-12086 --- webauthn-server-core/build.gradle | 6 +++--- webauthn-server-demo/build.gradle | 4 ++-- yubico-util/build.gradle | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle index e17ab63dd..5a55eb390 100644 --- a/webauthn-server-core/build.gradle +++ b/webauthn-server-core/build.gradle @@ -11,9 +11,9 @@ dependencies { compile( project(':yubico-util'), 'com.augustcellars.cose:cose-java:0.9.4', - 'com.fasterxml.jackson.core:jackson-databind:2.9.6', - 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6', - 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.6', + 'com.fasterxml.jackson.core:jackson-databind:2.9.9', + 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.9', + 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.9', 'com.google.guava:guava:19.0', 'org.apache.httpcomponents:httpclient:4.5.2', 'org.bouncycastle:bcpkix-jdk15on:1.54', diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle index 427948bc6..7b0f7ba07 100644 --- a/webauthn-server-demo/build.gradle +++ b/webauthn-server-demo/build.gradle @@ -27,8 +27,8 @@ dependencies { project(':webauthn-server-attestation'), project(':webauthn-server-core'), - 'com.fasterxml.jackson.core:jackson-core:2.9.6', - 'com.fasterxml.jackson.core:jackson-databind:2.9.6', + 'com.fasterxml.jackson.core:jackson-core:2.9.9', + 'com.fasterxml.jackson.core:jackson-databind:2.9.9', 'com.google.guava:guava:24.1-jre', 'javax.ws.rs:javax.ws.rs-api:2.1', 'org.eclipse.jetty:jetty-server:9.4.9.v20180320', diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle index d94018784..ed008c366 100644 --- a/yubico-util/build.gradle +++ b/yubico-util/build.gradle @@ -7,7 +7,7 @@ project.ext.publishMe = true dependencies { compile( - 'com.fasterxml.jackson.core:jackson-databind:2.9.6', + 'com.fasterxml.jackson.core:jackson-databind:2.9.9', 'com.google.guava:guava:19.0', 'org.bouncycastle:bcpkix-jdk15on:1.54', ) From c70ba5316bbde6f357ada5dd67de04a01a6005c8 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 17:47:48 +0200 Subject: [PATCH 10/25] Update NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 6c8660ee9..8925951f3 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,9 @@ == Version 1.3.0 (unreleased) == +Security fixes: + +* Bumped Jackson dependency to version 2.9.9 which has patched CVE-2019-12086 + New features: * New optional parameter `timeout` added to `StartRegistrationOptions` and From 8afee2eb7f0c012fda05ef5649fe6e116d9a61cf Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 17:58:30 +0200 Subject: [PATCH 11/25] Remove Table of contents heading --- README | 2 -- 1 file changed, 2 deletions(-) diff --git a/README b/README index 2caf6c625..4e36b0697 100644 --- a/README +++ b/README @@ -14,8 +14,6 @@ for a server to support Web Authentication. This includes registering authenticators and authenticating registered authenticators. -== Table of contents - toc::[] From 972cc8282b1d9445390abc5c208f73f4e5c4ca05 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 18:47:02 +0200 Subject: [PATCH 12/25] Upgrade Scala to version 2.12.8 --- webauthn-server-attestation/build.gradle | 6 +++--- webauthn-server-core/build.gradle | 6 +++--- webauthn-server-demo/build.gradle | 6 +++--- yubico-util-scala/build.gradle | 6 +++--- yubico-util/build.gradle | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle index 2e359902e..1f25915d8 100644 --- a/webauthn-server-attestation/build.gradle +++ b/webauthn-server-attestation/build.gradle @@ -17,9 +17,9 @@ dependencies { project(':yubico-util-scala'), 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.10.0', - 'org.scala-lang:scala-library:2.11.3', - 'org.scalacheck:scalacheck_2.11:1.13.5', - 'org.scalatest:scalatest_2.11:3.0.4', + 'org.scala-lang:scala-library:2.12.8', + 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalatest:scalatest_2.12:3.0.4', ) } diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle index 5a55eb390..19a04a0a8 100644 --- a/webauthn-server-core/build.gradle +++ b/webauthn-server-core/build.gradle @@ -23,9 +23,9 @@ dependencies { project(':yubico-util-scala'), 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.10.0', - 'org.scala-lang:scala-library:2.11.3', - 'org.scalacheck:scalacheck_2.11:1.13.5', - 'org.scalatest:scalatest_2.11:3.0.4', + 'org.scala-lang:scala-library:2.12.8', + 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalatest:scalatest_2.12:3.0.4', ) } diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle index 7b0f7ba07..b10c6af78 100644 --- a/webauthn-server-demo/build.gradle +++ b/webauthn-server-demo/build.gradle @@ -53,9 +53,9 @@ dependencies { 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.10.0', - 'org.scala-lang:scala-library:2.11.3', - 'org.scalacheck:scalacheck_2.11:1.13.5', - 'org.scalatest:scalatest_2.11:3.0.4', + 'org.scala-lang:scala-library:2.12.8', + 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalatest:scalatest_2.12:3.0.4', ) modules { diff --git a/yubico-util-scala/build.gradle b/yubico-util-scala/build.gradle index 6a7b17414..b1959605b 100644 --- a/yubico-util-scala/build.gradle +++ b/yubico-util-scala/build.gradle @@ -5,12 +5,12 @@ apply plugin: 'scala' dependencies { compile( - 'org.scala-lang:scala-library:2.11.3', - 'org.scalacheck:scalacheck_2.11:1.13.5', + 'org.scala-lang:scala-library:2.12.8', + 'org.scalacheck:scalacheck_2.12:1.13.5', ) testCompile( - 'org.scalatest:scalatest_2.11:3.0.4', + 'org.scalatest:scalatest_2.12:3.0.4', ) } diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle index ed008c366..3a699442a 100644 --- a/yubico-util/build.gradle +++ b/yubico-util/build.gradle @@ -14,9 +14,9 @@ dependencies { testCompile( project(':yubico-util-scala'), - 'org.scala-lang:scala-library:2.11.3', - 'org.scalacheck:scalacheck_2.11:1.13.5', - 'org.scalatest:scalatest_2.11:3.0.4', + 'org.scala-lang:scala-library:2.12.8', + 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalatest:scalatest_2.12:3.0.4', ) } From b589b502a3a62e1fba50de86b8131c0f7c264cb3 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:25:00 +0200 Subject: [PATCH 13/25] Fix Scala 2.12 compilation issues --- .../webauthn/RelyingPartyAssertionSpec.scala | 14 +++++++------- .../webauthn/RelyingPartyRegistrationSpec.scala | 6 +++--- .../test/scala/com/yubico/webauthn/test/Util.scala | 1 + 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala index e36f28c5b..aaa9abb65 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala @@ -246,7 +246,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv ) val step: FinishAssertionSteps#Step1 = steps.begin.next - step.validations shouldBe a [Failure[_]] + toStepWithUtilities(step).validations shouldBe a [Failure[_]] step.validations.failed.get shouldBe an [IllegalArgumentException] step.tryNext shouldBe a [Failure[_]] } @@ -690,12 +690,12 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv } { - def checks[Step <: FinishAssertionSteps.Step[_]](stepsToStep: FinishAssertionSteps => Step) = { - def check[A] + def checks[Next <: FinishAssertionSteps.Step[_], Step <: FinishAssertionSteps.Step[Next]](stepsToStep: FinishAssertionSteps => Step) = { + def check[Ret] (stepsToStep: FinishAssertionSteps => Step) - (chk: Step => A) + (chk: Step => Ret) (uvr: UserVerificationRequirement, authData: ByteArray) - : A = { + : Ret = { val steps = finishAssertion( userVerificationRequirement = uvr, authenticatorData = authData @@ -718,7 +718,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv describe("12. Verify that the User Present bit of the flags in authData is set.") { val flagOn: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) | 0x04 | 0x01).toByte).toArray) val flagOff: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, ((Defaults.authenticatorData.getBytes.toVector(32) | 0x04) & 0xfe).toByte).toArray) - val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step12](_.begin.next.next.next.next.next.next.next.next.next.next.next.next) + val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step13, FinishAssertionSteps#Step12](_.begin.next.next.next.next.next.next.next.next.next.next.next.next) it("Fails if UV is discouraged and flag is not set.") { checkFails(UserVerificationRequirement.DISCOURAGED, flagOff) @@ -748,7 +748,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv describe("13. If user verification is required for this assertion, verify that the User Verified bit of the flags in authData is set.") { val flagOn: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) | 0x04).toByte).toArray) val flagOff: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) & 0xfb).toByte).toArray) - val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step13](_.begin.next.next.next.next.next.next.next.next.next.next.next.next.next) + val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step14, FinishAssertionSteps#Step13](_.begin.next.next.next.next.next.next.next.next.next.next.next.next.next) it("Succeeds if UV is discouraged and flag is not set.") { checkSucceeds(UserVerificationRequirement.DISCOURAGED, flagOff) diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala index 67560fbcd..ebbcb1559 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala @@ -400,7 +400,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD def uvOn(authData: ByteArray): ByteArray = new ByteArray(authData.getBytes.updated(32, (authData.getBytes()(32) | 0x04).toByte)) def uvOff(authData: ByteArray): ByteArray = new ByteArray(authData.getBytes.updated(32, (authData.getBytes()(32) & 0xfb).toByte)) - def checks[Step <: FinishRegistrationSteps.Step[_]](stepsToStep: FinishRegistrationSteps => Step) = { + def checks[Next <: FinishRegistrationSteps.Step[_], Step <: FinishRegistrationSteps.Step[Next]](stepsToStep: FinishRegistrationSteps => Step) = { def check[B] (stepsToStep: FinishRegistrationSteps => Step) (chk: Step => B) @@ -427,7 +427,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD } describe("10. Verify that the User Present bit of the flags in authData is set.") { - val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step10](_.begin.next.next.next.next.next.next.next.next.next) + val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step11, FinishRegistrationSteps#Step10](_.begin.next.next.next.next.next.next.next.next.next) it("Fails if UV is discouraged and flag is not set.") { checkFails(UserVerificationRequirement.DISCOURAGED, upOff) @@ -455,7 +455,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD } describe("11. If user verification is required for this registration, verify that the User Verified bit of the flags in authData is set.") { - val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step11](_.begin.next.next.next.next.next.next.next.next.next.next) + val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step12, FinishRegistrationSteps#Step11](_.begin.next.next.next.next.next.next.next.next.next.next) it("Succeeds if UV is discouraged and flag is not set.") { checkSucceeds(UserVerificationRequirement.DISCOURAGED, uvOff) diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala index 94bdd78ba..bd7dd0263 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala @@ -33,6 +33,7 @@ import com.yubico.internal.util.CertificateParser import org.bouncycastle.cert.X509CertificateHolder import org.bouncycastle.openssl.PEMParser +import scala.language.reflectiveCalls import scala.util.Try From e2d053386a1cf2e53fd17aef5de13c93e09d33a7 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:35:02 +0200 Subject: [PATCH 14/25] Upgrade Mockito --- build.gradle | 2 +- webauthn-server-attestation/build.gradle | 2 +- webauthn-server-core/build.gradle | 2 +- webauthn-server-demo/build.gradle | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 137da416f..48028093f 100644 --- a/build.gradle +++ b/build.gradle @@ -139,7 +139,7 @@ subprojects { project -> testCompile( 'junit:junit:4.12', - 'org.mockito:mockito-core:2.8.47', + 'org.mockito:mockito-core:2.27.0', ) } diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle index 1f25915d8..af46cd4ca 100644 --- a/webauthn-server-attestation/build.gradle +++ b/webauthn-server-attestation/build.gradle @@ -16,7 +16,7 @@ dependencies { project(':webauthn-server-core').sourceSets.test.output, project(':yubico-util-scala'), 'commons-io:commons-io:2.5', - 'org.mockito:mockito-core:2.10.0', + 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', 'org.scalacheck:scalacheck_2.12:1.13.5', 'org.scalatest:scalatest_2.12:3.0.4', diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle index 19a04a0a8..341d6076f 100644 --- a/webauthn-server-core/build.gradle +++ b/webauthn-server-core/build.gradle @@ -22,7 +22,7 @@ dependencies { testCompile( project(':yubico-util-scala'), 'commons-io:commons-io:2.5', - 'org.mockito:mockito-core:2.10.0', + 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', 'org.scalacheck:scalacheck_2.12:1.13.5', 'org.scalatest:scalatest_2.12:3.0.4', diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle index b10c6af78..a8ef0dab8 100644 --- a/webauthn-server-demo/build.gradle +++ b/webauthn-server-demo/build.gradle @@ -52,7 +52,7 @@ dependencies { project(':yubico-util-scala'), 'commons-io:commons-io:2.5', - 'org.mockito:mockito-core:2.10.0', + 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', 'org.scalacheck:scalacheck_2.12:1.13.5', 'org.scalatest:scalatest_2.12:3.0.4', From 8d8f33a167e92a64829187e5241eab8a28863410 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:39:35 +0200 Subject: [PATCH 15/25] Use JDK10 and JDK11 in Travis build --- .travis.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d63a8ea9d..27247ca1f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,8 +5,11 @@ branches: - tmp jdk: - - openjdk8 - oraclejdk8 + - oraclejdk11 + - openjdk8 + - openjdk10 + - openjdk11 script: - ./gradlew check assembleJavadoc @@ -18,5 +21,5 @@ stages: jobs: include: - stage: mutation-test - jdk: oraclejdk8 + jdk: oraclejdk11 script: ./gradlew pitest coveralls From 9a371e5efca0b76db0a29c6453a1feb876853bd2 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:41:35 +0200 Subject: [PATCH 16/25] Ignore all tmp- branches in Travis build --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 27247ca1f..79950c176 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ language: java branches: except: - - tmp + - /tmp-?.*/ jdk: - oraclejdk8 From 7b48996f4557a34541dc0313577e4e4ae72cb0f4 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:50:10 +0200 Subject: [PATCH 17/25] Upgrade ScalaCheck --- webauthn-server-attestation/build.gradle | 2 +- webauthn-server-core/build.gradle | 2 +- webauthn-server-demo/build.gradle | 2 +- yubico-util-scala/build.gradle | 2 +- yubico-util/build.gradle | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle index af46cd4ca..d56ea8273 100644 --- a/webauthn-server-attestation/build.gradle +++ b/webauthn-server-attestation/build.gradle @@ -18,7 +18,7 @@ dependencies { 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', - 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalacheck:scalacheck_2.12:1.14.0', 'org.scalatest:scalatest_2.12:3.0.4', ) } diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle index 341d6076f..2f16d63dc 100644 --- a/webauthn-server-core/build.gradle +++ b/webauthn-server-core/build.gradle @@ -24,7 +24,7 @@ dependencies { 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', - 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalacheck:scalacheck_2.12:1.14.0', 'org.scalatest:scalatest_2.12:3.0.4', ) diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle index a8ef0dab8..8aba200f8 100644 --- a/webauthn-server-demo/build.gradle +++ b/webauthn-server-demo/build.gradle @@ -54,7 +54,7 @@ dependencies { 'commons-io:commons-io:2.5', 'org.mockito:mockito-core:2.27.0', 'org.scala-lang:scala-library:2.12.8', - 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalacheck:scalacheck_2.12:1.14.0', 'org.scalatest:scalatest_2.12:3.0.4', ) diff --git a/yubico-util-scala/build.gradle b/yubico-util-scala/build.gradle index b1959605b..872c49203 100644 --- a/yubico-util-scala/build.gradle +++ b/yubico-util-scala/build.gradle @@ -6,7 +6,7 @@ dependencies { compile( 'org.scala-lang:scala-library:2.12.8', - 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalacheck:scalacheck_2.12:1.14.0', ) testCompile( diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle index 3a699442a..f0c574d89 100644 --- a/yubico-util/build.gradle +++ b/yubico-util/build.gradle @@ -15,7 +15,7 @@ dependencies { testCompile( project(':yubico-util-scala'), 'org.scala-lang:scala-library:2.12.8', - 'org.scalacheck:scalacheck_2.12:1.13.5', + 'org.scalacheck:scalacheck_2.12:1.14.0', 'org.scalatest:scalatest_2.12:3.0.4', ) } From 9443bc64a8844375f9dae0ab12e88485f8ecce52 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:59:01 +0200 Subject: [PATCH 18/25] Fix ambiguous String.lines() call --- .../attestation/StandardMetadataServiceSpec.scala | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala index c3fc75e78..ed2bae0e3 100644 --- a/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala +++ b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala @@ -101,7 +101,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers { s"""{ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847", "version": 1, - "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"], + "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"], "vendorInfo": {}, "devices": [ { @@ -159,7 +159,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers { s"""{ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847", "version": 1, - "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"], + "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"], "vendorInfo": {}, "devices": [] }""" @@ -197,7 +197,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers { s"""{ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847", "version": 1, - "trustedCertificates": ["${TestAuthenticator.toPem(cacaca._1).lines.mkString(raw"\n")}"], + "trustedCertificates": ["${TestAuthenticator.toPem(cacaca._1).linesIterator.mkString(raw"\n")}"], "vendorInfo": {}, "devices": [ { @@ -227,7 +227,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers { s"""{ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847", "version": 1, - "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"], + "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"], "vendorInfo": {}, "devices": [ { From d3096a740784ab7ed3f5f05b9e0e892820b7d0a2 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 19:59:25 +0200 Subject: [PATCH 19/25] Fix use of deprecated class PropertyCheckConfig --- .../webauthn/data/PublicKeyCredentialDescriptorSpec.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala index 3902246a9..07e239184 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala @@ -38,7 +38,7 @@ class PublicKeyCredentialDescriptorSpec extends FunSpec with Matchers with Gener describe("which is consistent with") { - implicit val generatorDrivenConfig = PropertyCheckConfig(minSuccessful = 300) + implicit val generatorDrivenConfig = PropertyCheckConfiguration(minSuccessful = 300) it("equals.") { forAll { (a: PublicKeyCredentialDescriptor, b: PublicKeyCredentialDescriptor) => From ad5e6680fb73ecfd3130336b81d830956462e97a Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 20:14:17 +0200 Subject: [PATCH 20/25] Update README to reflect that project now builds in JDK10+ --- README | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/README b/README index 4e36b0697..4218f3a43 100644 --- a/README +++ b/README @@ -326,21 +326,13 @@ version is derived from the most recent Git tag. Builds done on a tagged commit will have a plain `x.y.z` version number, while a build on any other commit will result in a version number containing the abbreviated commit hash. -Although the `.jar` artifact of this project can be used in JDK version 8 or -later, the project as a whole currently builds only in JDK 8. This is because -most tests are written in Scala, which -https://docs.scala-lang.org/overviews/jdk-compatibility/overview.html#jdk-9\--up-compatibility-notes[currently -only supports JDK 8]. Therefore compiling the tests can currently only be done -in JDK 8, and so `./gradlew build` and similar tasks will fail in JDKs other -than 8. - -To run the tests (requires JDK 8): +To run the tests: ---------- $ ./gradlew check ---------- -To run the http://pitest.org/[PIT mutation tests] (requires JDK 8): +To run the http://pitest.org/[PIT mutation tests]: ---------- $ ./gradlew pitest From 874c8305c26ccd324d50357a254a89f8193fa05b Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 20:14:35 +0200 Subject: [PATCH 21/25] Call out functional purity as a major feature --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index 4218f3a43..e7666f4a0 100644 --- a/README +++ b/README @@ -44,6 +44,7 @@ compile 'com.yubico:webauthn-server-core:1.2.0' - Performs all necessary https://www.w3.org/TR/webauthn/#rp-operations[validation logic] on the response from the client +- No mutable state or side effects - everything (except builders) is thread safe - Optionally integrates with a "metadata service" to verify https://www.w3.org/TR/webauthn/#sctn-attestation[authenticator attestations] and annotate responses with additional authenticator metadata From 6cf2eaf1ca8b767cab1b1285e395e1a432ec5c80 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 28 May 2019 20:22:11 +0200 Subject: [PATCH 22/25] Remove source/target compatibility setting from demo subproject --- webauthn-server-demo/build.gradle | 3 --- 1 file changed, 3 deletions(-) diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle index 8aba200f8..16e952d28 100644 --- a/webauthn-server-demo/build.gradle +++ b/webauthn-server-demo/build.gradle @@ -14,9 +14,6 @@ apply plugin: 'war' apply plugin: 'application' apply from: 'gretty-2.2.0.plugin' -sourceCompatibility = '1.8' -targetCompatibility = '1.8' - configurations { forJdk10 } From 2eeff7d9aef9ad495ebb2e8a546fd34ba37ef253 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 29 May 2019 15:10:17 +0200 Subject: [PATCH 23/25] Have Travis ignore branches only if they start with tmp --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 79950c176..09bf7d103 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ language: java branches: except: - - /tmp-?.*/ + - /^tmp-?.*/ jdk: - oraclejdk8 From dbb1f1efda9810fe8d9934eebfeb15c530698402 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 29 May 2019 17:32:54 +0200 Subject: [PATCH 24/25] Run mutation tests and coveralls upload in JDK8 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 09bf7d103..b393420e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,5 +21,5 @@ stages: jobs: include: - stage: mutation-test - jdk: oraclejdk11 + jdk: oraclejdk8 script: ./gradlew pitest coveralls From a003f64ee897af3d633ae83ecefb74b5b5dd39a6 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 4 Jun 2019 17:53:25 +0200 Subject: [PATCH 25/25] Add javadoc fix to NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 8925951f3..2a148c1b6 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,10 @@ New features: * New optional parameter `timeout` added to `StartRegistrationOptions` and `StartAssertionOptions` +Bug fixes: + +* Fixed polarity error in javadoc for `RelyingParty.allowUntrustedAttestation` + == Version 1.2.0 ==