From 5884bde7b9e6db8f56af3c451386539a9a72ecb7 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 15 May 2019 13:16:30 +0200
Subject: [PATCH 01/25] Fix value polarity in allowUntrustedAttestation javadoc
---
.../src/main/java/com/yubico/webauthn/RelyingParty.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
index f5b2c7e8c..b40c51162 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
@@ -223,7 +223,7 @@ public class RelyingParty {
private final boolean allowUnrequestedExtensions = false;
/**
- * If true
, {@link #finishRegistration(FinishRegistrationOptions) finishRegistration} will only allow
+ * If false
, {@link #finishRegistration(FinishRegistrationOptions) finishRegistration} will only allow
* registrations where the attestation signature can be linked to a trusted attestation root. This excludes self
* attestation and none attestation.
*
From 0790b6030f5b40ecb74b7c91a4aa55f26f59cb88 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 15 May 2019 13:51:14 +0200
Subject: [PATCH 02/25] Link Javadoc to developers.yubico.com instead of
github.io
---
README | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/README b/README
index 9161fc4b5..f1477e3ce 100644
--- a/README
+++ b/README
@@ -67,9 +67,9 @@ but the authentication mechanism alone does not make a security system.
link:https://bugs.chromium.org/p/chromium/issues/detail?id=847878[bug in
Chrome] which will not be worked around here. To work around this in
application code, you can omit the
- link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`]
+ link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`]
when constructing an
- link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`]
+ link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`]
value if the `userHandle` is empty. See
https://github.com/Yubico/java-webauthn-server/issues/12 .
@@ -77,20 +77,20 @@ but the authentication mechanism alone does not make a security system.
== Documentation
See the
-link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/package-summary.html[Javadoc]
+link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc]
for in-depth API documentation.
== Quick start
Implement the
-link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
+link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
interface with your database access logic. See
link:https://github.com/Yubico/java-webauthn-server/blob/master/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`]
for an example.
Instantiate the
-link:https://yubico.github.io/java-webauthn-server/webauthn-server-core/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
+link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
class:
[source,java]
From 95c7317f2b14ee1a512826273dafcb91d5488a0a Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 15 May 2019 13:57:08 +0200
Subject: [PATCH 03/25] Don't deploy Javadoc to GitHub pages anymore
---
.travis.yml | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 2a461383d..d63a8ea9d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,10 +4,6 @@ branches:
except:
- tmp
-env:
- global:
- secure: sX5sJd2EUgzIT7uQN0YxA3faVHymBG/QPZ/St5IPqoQIXjZAMYBM0D1MrVOYaSOhgVKOJt+5vwCYU7MlY9Ha0rUPJgUPT+6CkVgUVCsQ1e8srAzaYp4ceIYaW2XpUIwhKHPBezulV3nLANRs0FibEN+eqTgL5A/qKtsU49BtQ1iUAVFFOzGcR48avo1UYxS0FLw+7MRLgH5NA6KJVHiGChx9P3oLYAhPylgDzRv6iFf5H5v9azQI4eLo6bSQwm++j0UpH4t8m+at7eGuzNsadYY0M9SoUwuJxQZiwtImYJJtGJD92QtV9m+yny4+RocXchgZDj3e9vx06ZqXaeF3U3o49YUX5ACerVV12yOxGZsuuxfevaQa9Mk4xEOwGkhva5I+8vfo8MRxm7ymelExn25zpsMlmj6GjBio3z1q/FGYdyXrcGoVNrvAgozs+0yW2jYtDVo7DNu8J2mur/C/gmi+xA6rkuEJQIQ3hWuWYVe7DUzdii5MG9/9AdwI14b3uyezh1EJ8tza5MScDQijTvD9sGxarruKS59VuJapqrJSU5E87CnlU6gQx7qXJVGvpTXZOw7ZzsdszSDQ3Jc9uNBSdtBQ2i7egEyTE+RQWsdtje/H0s3ZYyIw8qrQ1kIUDQKk7jl8Uvwf+zn/36JBgZMVIIO0hmDFnyB9wBGd7lk=
-
jdk:
- openjdk8
- oraclejdk8
@@ -18,21 +14,9 @@ script:
stages:
- test
- mutation-test
- - deploy
jobs:
include:
- stage: mutation-test
jdk: oraclejdk8
script: ./gradlew pitest coveralls
-
- - stage: deploy
- jdk: oraclejdk8
- script: ./gradlew assembleJavadoc
- deploy:
- provider: pages
- skip-cleanup: true
- github-token: $PAGES_DEPLOY_KEY
- on:
- branch: master
- local-dir: 'build/javadoc'
From 3b9298463b915d6e0532f59f6722cfc50979f3bf Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 15 May 2019 14:59:06 +0200
Subject: [PATCH 04/25] Change demo button label from username-less to resident
credential
---
webauthn-server-demo/src/main/webapp/index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webauthn-server-demo/src/main/webapp/index.html b/webauthn-server-demo/src/main/webapp/index.html
index 4141892a8..f93be695d 100644
--- a/webauthn-server-demo/src/main/webapp/index.html
+++ b/webauthn-server-demo/src/main/webapp/index.html
@@ -546,7 +546,7 @@ Test your WebAuthn device
- Register new account with username-less credential
+ Register new account with resident credential
From 8081e741a7bc0f191f47f7c300f932e9fceb5b4d Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 21 May 2019 17:37:11 +0200
Subject: [PATCH 05/25] Add timeout parameter
---
.../webauthn/StartAssertionOptions.java | 34 +++++++
.../webauthn/StartRegistrationOptions.java | 35 +++++++
.../RelyingPartyStartOperationSpec.scala | 97 +++++++++++++++++++
3 files changed, 166 insertions(+)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
index 5d958f020..e503be09f 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
@@ -80,9 +80,19 @@ public class StartAssertionOptions {
@NonNull
private final Optional userVerification;
+ /**
+ * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation.
+ *
+ * The default is empty.
+ *
+ */
+ @NonNull
+ private final Optional timeout;
+
public static class StartAssertionOptionsBuilder {
private @NonNull Optional username = Optional.empty();
private @NonNull Optional userVerification = Optional.empty();
+ private @NonNull Optional timeout = Optional.empty();
/**
* The username of the user to authenticate, if the user has already been identified.
@@ -141,5 +151,29 @@ public StartAssertionOptionsBuilder userVerification(@NonNull Optional
+ * The default is empty.
+ *
+ */
+ public StartAssertionOptionsBuilder timeout(@NonNull Optional timeout) {
+ if (timeout.isPresent() && timeout.get() <= 0) {
+ throw new IllegalArgumentException("timeout must be positive, was: " + timeout.get());
+ }
+ this.timeout = timeout;
+ return this;
+ }
+
+ /**
+ * The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation.
+ *
+ * The default is empty.
+ *
+ */
+ public StartAssertionOptionsBuilder timeout(long timeout) {
+ return this.timeout(Optional.of(timeout));
+ }
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
index 3660c86c9..f2f87eed3 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
@@ -25,6 +25,7 @@
package com.yubico.webauthn;
import com.yubico.webauthn.data.AuthenticatorSelectionCriteria;
+import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.RegistrationExtensionInputs;
import com.yubico.webauthn.data.UserIdentity;
import java.util.Optional;
@@ -58,12 +59,22 @@ public class StartRegistrationOptions {
@Builder.Default
private final RegistrationExtensionInputs extensions = RegistrationExtensionInputs.builder().build();
+ /**
+ * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
+ *
+ * The default is empty.
+ *
+ */
+ @NonNull
+ private final Optional timeout;
+
public static StartRegistrationOptionsBuilder.MandatoryStages builder() {
return new StartRegistrationOptionsBuilder.MandatoryStages();
}
public static class StartRegistrationOptionsBuilder {
private @NonNull Optional authenticatorSelection = Optional.empty();
+ private @NonNull Optional timeout = Optional.empty();
public static class MandatoryStages {
private final StartRegistrationOptionsBuilder builder = new StartRegistrationOptionsBuilder();
@@ -87,6 +98,30 @@ public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull Optional<
public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull AuthenticatorSelectionCriteria authenticatorSelection) {
return this.authenticatorSelection(Optional.of(authenticatorSelection));
}
+
+ /**
+ * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
+ *
+ * The default is empty.
+ *
+ */
+ public StartRegistrationOptionsBuilder timeout(@NonNull Optional timeout) {
+ if (timeout.isPresent() && timeout.get() <= 0) {
+ throw new IllegalArgumentException("timeout must be positive, was: " + timeout.get());
+ }
+ this.timeout = timeout;
+ return this;
+ }
+
+ /**
+ * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
+ *
+ * The default is empty.
+ *
+ */
+ public StartRegistrationOptionsBuilder timeout(long timeout) {
+ return this.timeout(Optional.of(timeout));
+ }
}
}
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
index df7339445..5d61940dd 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
@@ -28,6 +28,8 @@ import java.util.Optional
import com.yubico.internal.util.scala.JavaConverters._
import com.yubico.scalacheck.gen.JavaGenerators._
+import com.yubico.webauthn.data.AuthenticatorAttachment
+import com.yubico.webauthn.data.AuthenticatorSelectionCriteria
import com.yubico.webauthn.data.PublicKeyCredentialDescriptor
import com.yubico.webauthn.data.ByteArray
import com.yubico.webauthn.data.UserIdentity
@@ -38,6 +40,7 @@ import com.yubico.webauthn.extension.appid.AppId
import com.yubico.webauthn.extension.appid.Generators._
import org.junit.runner.RunWith
import org.scalacheck.Arbitrary._
+import org.scalacheck.Gen
import org.scalatest.FunSpec
import org.scalatest.Matchers
import org.scalatest.junit.JUnitRunner
@@ -104,6 +107,56 @@ class RelyingPartyStartOperationSpec extends FunSpec with Matchers with Generato
request2.getChallenge.size should be >= 32
}
+ it("allows setting the timeout to empty.") {
+ val pkcco = relyingParty().startRegistration(
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(Optional.empty[java.lang.Long])
+ .build())
+ pkcco.getTimeout.asScala shouldBe 'empty
+ }
+
+ it("allows setting the timeout to a positive value.") {
+ val rp = relyingParty()
+
+ forAll(Gen.posNum[Long]) { timeout: Long =>
+ val pkcco = rp.startRegistration(
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(timeout)
+ .build())
+
+ pkcco.getTimeout.asScala should equal (Some(timeout))
+ }
+ }
+
+ it("does not allow setting the timeout to zero or negative.") {
+ an [IllegalArgumentException] should be thrownBy {
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(0)
+ }
+
+ an [IllegalArgumentException] should be thrownBy {
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(Optional.of[java.lang.Long](0L))
+ }
+
+ forAll(Gen.negNum[Long]) { timeout: Long =>
+ an [IllegalArgumentException] should be thrownBy {
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(timeout)
+ }
+
+ an [IllegalArgumentException] should be thrownBy {
+ StartRegistrationOptions.builder()
+ .user(userId)
+ .timeout(Optional.of[java.lang.Long](timeout))
+ }
+ }
+ }
}
describe("RelyingParty.startAssertion") {
@@ -152,6 +205,50 @@ class RelyingPartyStartOperationSpec extends FunSpec with Matchers with Generato
}
}
+ it("allows setting the timeout to empty.") {
+ val req = relyingParty().startAssertion(
+ StartAssertionOptions.builder()
+ .timeout(Optional.empty[java.lang.Long])
+ .build())
+ req.getPublicKeyCredentialRequestOptions.getTimeout.asScala shouldBe 'empty
+ }
+
+ it("allows setting the timeout to a positive value.") {
+ val rp = relyingParty()
+
+ forAll(Gen.posNum[Long]) { timeout: Long =>
+ val req = rp.startAssertion(
+ StartAssertionOptions.builder()
+ .timeout(timeout)
+ .build())
+
+ req.getPublicKeyCredentialRequestOptions.getTimeout.asScala should equal (Some(timeout))
+ }
+ }
+
+ it("does not allow setting the timeout to zero or negative.") {
+ an [IllegalArgumentException] should be thrownBy {
+ StartAssertionOptions.builder()
+ .timeout(0)
+ }
+
+ an [IllegalArgumentException] should be thrownBy {
+ StartAssertionOptions.builder()
+ .timeout(Optional.of[java.lang.Long](0L))
+ }
+
+ forAll(Gen.negNum[Long]) { timeout: Long =>
+ an [IllegalArgumentException] should be thrownBy {
+ StartAssertionOptions.builder()
+ .timeout(timeout)
+ }
+
+ an [IllegalArgumentException] should be thrownBy {
+ StartAssertionOptions.builder()
+ .timeout(Optional.of[java.lang.Long](timeout))
+ }
+ }
+ }
}
}
From 0290ee58060696b51d79e805e71386060487ff33 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 21 May 2019 17:42:33 +0200
Subject: [PATCH 06/25] Implement timeout parameter logic
---
.../src/main/java/com/yubico/webauthn/RelyingParty.java | 2 ++
1 file changed, 2 insertions(+)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
index b40c51162..6d521d6ff 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
@@ -292,6 +292,7 @@ public PublicKeyCredentialCreationOptions startRegistration(StartRegistrationOpt
)
.authenticatorSelection(startRegistrationOptions.getAuthenticatorSelection())
.extensions(startRegistrationOptions.getExtensions())
+ .timeout(startRegistrationOptions.getTimeout())
;
attestationConveyancePreference.ifPresent(builder::attestation);
return builder.build();
@@ -344,6 +345,7 @@ public AssertionRequest startAssertion(StartAssertionOptions startAssertionOptio
.appid(appId)
.build()
)
+ .timeout(startAssertionOptions.getTimeout())
;
startAssertionOptions.getUserVerification().ifPresent(pkcro::userVerification);
From a662ba7a9052af2d9adc62e75808ebe5710227a2 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 21 May 2019 18:11:04 +0200
Subject: [PATCH 07/25] Fix faulty JavaDoc links in README
---
README | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/README b/README
index f1477e3ce..2caf6c625 100644
--- a/README
+++ b/README
@@ -67,9 +67,9 @@ but the authentication mechanism alone does not make a security system.
link:https://bugs.chromium.org/p/chromium/issues/detail?id=847878[bug in
Chrome] which will not be worked around here. To work around this in
application code, you can omit the
- link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`]
+ link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.html#userHandle-java.util.Optional[`userHandle`]
when constructing an
- link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`]
+ link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/data/AuthenticatorAssertionResponse.html[`AuthenticatorAssertionResponse`]
value if the `userHandle` is empty. See
https://github.com/Yubico/java-webauthn-server/issues/12 .
@@ -77,20 +77,20 @@ but the authentication mechanism alone does not make a security system.
== Documentation
See the
-link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/package-summary.html[Javadoc]
for in-depth API documentation.
== Quick start
Implement the
-link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
interface with your database access logic. See
link:https://github.com/Yubico/java-webauthn-server/blob/master/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`]
for an example.
Instantiate the
-link:https://developers.yubico.com/java-webauthn-server-JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/latest/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
class:
[source,java]
From de9ef326099a9afc64925ba5d171f4c5c4947eeb Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 21 May 2019 19:01:33 +0200
Subject: [PATCH 08/25] Call out that timeout is only passed through
---
.../yubico/webauthn/StartAssertionOptions.java | 15 +++++++++++++++
.../yubico/webauthn/StartRegistrationOptions.java | 15 +++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
index e503be09f..7bfdba6b4 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
@@ -83,6 +83,11 @@ public class StartAssertionOptions {
/**
* The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialRequestOptions} so it can be used as an argument to
+ * navigator.credentials.get()
on the client side.
+ *
+ *
* The default is empty.
*
*/
@@ -155,6 +160,11 @@ public StartAssertionOptionsBuilder userVerification(@NonNull UserVerificationRe
/**
* The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialRequestOptions} so it can be used as an argument to
+ * navigator.credentials.get()
on the client side.
+ *
+ *
* The default is empty.
*
*/
@@ -169,6 +179,11 @@ public StartAssertionOptionsBuilder timeout(@NonNull Optional timeout) {
/**
* The value for {@link PublicKeyCredentialRequestOptions#getTimeout()} for this authentication operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialRequestOptions} so it can be used as an argument to
+ * navigator.credentials.get()
on the client side.
+ *
+ *
* The default is empty.
*
*/
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
index f2f87eed3..52ba8a525 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
@@ -62,6 +62,11 @@ public class StartRegistrationOptions {
/**
* The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialCreationOptions} so it can be used as an argument to
+ * navigator.credentials.create()
on the client side.
+ *
+ *
* The default is empty.
*
*/
@@ -102,6 +107,11 @@ public StartRegistrationOptionsBuilder authenticatorSelection(@NonNull Authentic
/**
* The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialCreationOptions} so it can be used as an argument to
+ * navigator.credentials.create()
on the client side.
+ *
+ *
* The default is empty.
*
*/
@@ -116,6 +126,11 @@ public StartRegistrationOptionsBuilder timeout(@NonNull Optional timeout)
/**
* The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration operation.
*
+ * This library does not take the timeout into account in any way, other than passing it through to the {@link
+ * PublicKeyCredentialCreationOptions} so it can be used as an argument to
+ * navigator.credentials.create()
on the client side.
+ *
+ *
* The default is empty.
*
*/
From 519b251c56dc7097ac7d2bb1ca5f0c6e312e818f Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 17:41:58 +0200
Subject: [PATCH 09/25] Bump Jackson dependency to version 2.9.9
In response to CVE-2019-12086
---
webauthn-server-core/build.gradle | 6 +++---
webauthn-server-demo/build.gradle | 4 ++--
yubico-util/build.gradle | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle
index e17ab63dd..5a55eb390 100644
--- a/webauthn-server-core/build.gradle
+++ b/webauthn-server-core/build.gradle
@@ -11,9 +11,9 @@ dependencies {
compile(
project(':yubico-util'),
'com.augustcellars.cose:cose-java:0.9.4',
- 'com.fasterxml.jackson.core:jackson-databind:2.9.6',
- 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6',
- 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.6',
+ 'com.fasterxml.jackson.core:jackson-databind:2.9.9',
+ 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.9',
+ 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.9',
'com.google.guava:guava:19.0',
'org.apache.httpcomponents:httpclient:4.5.2',
'org.bouncycastle:bcpkix-jdk15on:1.54',
diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle
index 427948bc6..7b0f7ba07 100644
--- a/webauthn-server-demo/build.gradle
+++ b/webauthn-server-demo/build.gradle
@@ -27,8 +27,8 @@ dependencies {
project(':webauthn-server-attestation'),
project(':webauthn-server-core'),
- 'com.fasterxml.jackson.core:jackson-core:2.9.6',
- 'com.fasterxml.jackson.core:jackson-databind:2.9.6',
+ 'com.fasterxml.jackson.core:jackson-core:2.9.9',
+ 'com.fasterxml.jackson.core:jackson-databind:2.9.9',
'com.google.guava:guava:24.1-jre',
'javax.ws.rs:javax.ws.rs-api:2.1',
'org.eclipse.jetty:jetty-server:9.4.9.v20180320',
diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle
index d94018784..ed008c366 100644
--- a/yubico-util/build.gradle
+++ b/yubico-util/build.gradle
@@ -7,7 +7,7 @@ project.ext.publishMe = true
dependencies {
compile(
- 'com.fasterxml.jackson.core:jackson-databind:2.9.6',
+ 'com.fasterxml.jackson.core:jackson-databind:2.9.9',
'com.google.guava:guava:19.0',
'org.bouncycastle:bcpkix-jdk15on:1.54',
)
From c70ba5316bbde6f357ada5dd67de04a01a6005c8 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 17:47:48 +0200
Subject: [PATCH 10/25] Update NEWS
---
NEWS | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/NEWS b/NEWS
index 6c8660ee9..8925951f3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
== Version 1.3.0 (unreleased) ==
+Security fixes:
+
+* Bumped Jackson dependency to version 2.9.9 which has patched CVE-2019-12086
+
New features:
* New optional parameter `timeout` added to `StartRegistrationOptions` and
From 8afee2eb7f0c012fda05ef5649fe6e116d9a61cf Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 17:58:30 +0200
Subject: [PATCH 11/25] Remove Table of contents heading
---
README | 2 --
1 file changed, 2 deletions(-)
diff --git a/README b/README
index 2caf6c625..4e36b0697 100644
--- a/README
+++ b/README
@@ -14,8 +14,6 @@ for a server to support Web Authentication. This includes registering
authenticators and authenticating registered authenticators.
-== Table of contents
-
toc::[]
From 972cc8282b1d9445390abc5c208f73f4e5c4ca05 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 18:47:02 +0200
Subject: [PATCH 12/25] Upgrade Scala to version 2.12.8
---
webauthn-server-attestation/build.gradle | 6 +++---
webauthn-server-core/build.gradle | 6 +++---
webauthn-server-demo/build.gradle | 6 +++---
yubico-util-scala/build.gradle | 6 +++---
yubico-util/build.gradle | 6 +++---
5 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle
index 2e359902e..1f25915d8 100644
--- a/webauthn-server-attestation/build.gradle
+++ b/webauthn-server-attestation/build.gradle
@@ -17,9 +17,9 @@ dependencies {
project(':yubico-util-scala'),
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.10.0',
- 'org.scala-lang:scala-library:2.11.3',
- 'org.scalacheck:scalacheck_2.11:1.13.5',
- 'org.scalatest:scalatest_2.11:3.0.4',
+ 'org.scala-lang:scala-library:2.12.8',
+ 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalatest:scalatest_2.12:3.0.4',
)
}
diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle
index 5a55eb390..19a04a0a8 100644
--- a/webauthn-server-core/build.gradle
+++ b/webauthn-server-core/build.gradle
@@ -23,9 +23,9 @@ dependencies {
project(':yubico-util-scala'),
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.10.0',
- 'org.scala-lang:scala-library:2.11.3',
- 'org.scalacheck:scalacheck_2.11:1.13.5',
- 'org.scalatest:scalatest_2.11:3.0.4',
+ 'org.scala-lang:scala-library:2.12.8',
+ 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalatest:scalatest_2.12:3.0.4',
)
}
diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle
index 7b0f7ba07..b10c6af78 100644
--- a/webauthn-server-demo/build.gradle
+++ b/webauthn-server-demo/build.gradle
@@ -53,9 +53,9 @@ dependencies {
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.10.0',
- 'org.scala-lang:scala-library:2.11.3',
- 'org.scalacheck:scalacheck_2.11:1.13.5',
- 'org.scalatest:scalatest_2.11:3.0.4',
+ 'org.scala-lang:scala-library:2.12.8',
+ 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalatest:scalatest_2.12:3.0.4',
)
modules {
diff --git a/yubico-util-scala/build.gradle b/yubico-util-scala/build.gradle
index 6a7b17414..b1959605b 100644
--- a/yubico-util-scala/build.gradle
+++ b/yubico-util-scala/build.gradle
@@ -5,12 +5,12 @@ apply plugin: 'scala'
dependencies {
compile(
- 'org.scala-lang:scala-library:2.11.3',
- 'org.scalacheck:scalacheck_2.11:1.13.5',
+ 'org.scala-lang:scala-library:2.12.8',
+ 'org.scalacheck:scalacheck_2.12:1.13.5',
)
testCompile(
- 'org.scalatest:scalatest_2.11:3.0.4',
+ 'org.scalatest:scalatest_2.12:3.0.4',
)
}
diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle
index ed008c366..3a699442a 100644
--- a/yubico-util/build.gradle
+++ b/yubico-util/build.gradle
@@ -14,9 +14,9 @@ dependencies {
testCompile(
project(':yubico-util-scala'),
- 'org.scala-lang:scala-library:2.11.3',
- 'org.scalacheck:scalacheck_2.11:1.13.5',
- 'org.scalatest:scalatest_2.11:3.0.4',
+ 'org.scala-lang:scala-library:2.12.8',
+ 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalatest:scalatest_2.12:3.0.4',
)
}
From b589b502a3a62e1fba50de86b8131c0f7c264cb3 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:25:00 +0200
Subject: [PATCH 13/25] Fix Scala 2.12 compilation issues
---
.../webauthn/RelyingPartyAssertionSpec.scala | 14 +++++++-------
.../webauthn/RelyingPartyRegistrationSpec.scala | 6 +++---
.../test/scala/com/yubico/webauthn/test/Util.scala | 1 +
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
index e36f28c5b..aaa9abb65 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
@@ -246,7 +246,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv
)
val step: FinishAssertionSteps#Step1 = steps.begin.next
- step.validations shouldBe a [Failure[_]]
+ toStepWithUtilities(step).validations shouldBe a [Failure[_]]
step.validations.failed.get shouldBe an [IllegalArgumentException]
step.tryNext shouldBe a [Failure[_]]
}
@@ -690,12 +690,12 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv
}
{
- def checks[Step <: FinishAssertionSteps.Step[_]](stepsToStep: FinishAssertionSteps => Step) = {
- def check[A]
+ def checks[Next <: FinishAssertionSteps.Step[_], Step <: FinishAssertionSteps.Step[Next]](stepsToStep: FinishAssertionSteps => Step) = {
+ def check[Ret]
(stepsToStep: FinishAssertionSteps => Step)
- (chk: Step => A)
+ (chk: Step => Ret)
(uvr: UserVerificationRequirement, authData: ByteArray)
- : A = {
+ : Ret = {
val steps = finishAssertion(
userVerificationRequirement = uvr,
authenticatorData = authData
@@ -718,7 +718,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv
describe("12. Verify that the User Present bit of the flags in authData is set.") {
val flagOn: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) | 0x04 | 0x01).toByte).toArray)
val flagOff: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, ((Defaults.authenticatorData.getBytes.toVector(32) | 0x04) & 0xfe).toByte).toArray)
- val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step12](_.begin.next.next.next.next.next.next.next.next.next.next.next.next)
+ val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step13, FinishAssertionSteps#Step12](_.begin.next.next.next.next.next.next.next.next.next.next.next.next)
it("Fails if UV is discouraged and flag is not set.") {
checkFails(UserVerificationRequirement.DISCOURAGED, flagOff)
@@ -748,7 +748,7 @@ class RelyingPartyAssertionSpec extends FunSpec with Matchers with GeneratorDriv
describe("13. If user verification is required for this assertion, verify that the User Verified bit of the flags in authData is set.") {
val flagOn: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) | 0x04).toByte).toArray)
val flagOff: ByteArray = new ByteArray(Defaults.authenticatorData.getBytes.toVector.updated(32, (Defaults.authenticatorData.getBytes.toVector(32) & 0xfb).toByte).toArray)
- val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step13](_.begin.next.next.next.next.next.next.next.next.next.next.next.next.next)
+ val (checkFails, checkSucceeds) = checks[FinishAssertionSteps#Step14, FinishAssertionSteps#Step13](_.begin.next.next.next.next.next.next.next.next.next.next.next.next.next)
it("Succeeds if UV is discouraged and flag is not set.") {
checkSucceeds(UserVerificationRequirement.DISCOURAGED, flagOff)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
index 67560fbcd..ebbcb1559 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -400,7 +400,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
def uvOn(authData: ByteArray): ByteArray = new ByteArray(authData.getBytes.updated(32, (authData.getBytes()(32) | 0x04).toByte))
def uvOff(authData: ByteArray): ByteArray = new ByteArray(authData.getBytes.updated(32, (authData.getBytes()(32) & 0xfb).toByte))
- def checks[Step <: FinishRegistrationSteps.Step[_]](stepsToStep: FinishRegistrationSteps => Step) = {
+ def checks[Next <: FinishRegistrationSteps.Step[_], Step <: FinishRegistrationSteps.Step[Next]](stepsToStep: FinishRegistrationSteps => Step) = {
def check[B]
(stepsToStep: FinishRegistrationSteps => Step)
(chk: Step => B)
@@ -427,7 +427,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
}
describe("10. Verify that the User Present bit of the flags in authData is set.") {
- val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step10](_.begin.next.next.next.next.next.next.next.next.next)
+ val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step11, FinishRegistrationSteps#Step10](_.begin.next.next.next.next.next.next.next.next.next)
it("Fails if UV is discouraged and flag is not set.") {
checkFails(UserVerificationRequirement.DISCOURAGED, upOff)
@@ -455,7 +455,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
}
describe("11. If user verification is required for this registration, verify that the User Verified bit of the flags in authData is set.") {
- val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step11](_.begin.next.next.next.next.next.next.next.next.next.next)
+ val (checkFails, checkSucceeds) = checks[FinishRegistrationSteps#Step12, FinishRegistrationSteps#Step11](_.begin.next.next.next.next.next.next.next.next.next.next)
it("Succeeds if UV is discouraged and flag is not set.") {
checkSucceeds(UserVerificationRequirement.DISCOURAGED, uvOff)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
index 94bdd78ba..bd7dd0263 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
@@ -33,6 +33,7 @@ import com.yubico.internal.util.CertificateParser
import org.bouncycastle.cert.X509CertificateHolder
import org.bouncycastle.openssl.PEMParser
+import scala.language.reflectiveCalls
import scala.util.Try
From e2d053386a1cf2e53fd17aef5de13c93e09d33a7 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:35:02 +0200
Subject: [PATCH 14/25] Upgrade Mockito
---
build.gradle | 2 +-
webauthn-server-attestation/build.gradle | 2 +-
webauthn-server-core/build.gradle | 2 +-
webauthn-server-demo/build.gradle | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/build.gradle b/build.gradle
index 137da416f..48028093f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -139,7 +139,7 @@ subprojects { project ->
testCompile(
'junit:junit:4.12',
- 'org.mockito:mockito-core:2.8.47',
+ 'org.mockito:mockito-core:2.27.0',
)
}
diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle
index 1f25915d8..af46cd4ca 100644
--- a/webauthn-server-attestation/build.gradle
+++ b/webauthn-server-attestation/build.gradle
@@ -16,7 +16,7 @@ dependencies {
project(':webauthn-server-core').sourceSets.test.output,
project(':yubico-util-scala'),
'commons-io:commons-io:2.5',
- 'org.mockito:mockito-core:2.10.0',
+ 'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
'org.scalacheck:scalacheck_2.12:1.13.5',
'org.scalatest:scalatest_2.12:3.0.4',
diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle
index 19a04a0a8..341d6076f 100644
--- a/webauthn-server-core/build.gradle
+++ b/webauthn-server-core/build.gradle
@@ -22,7 +22,7 @@ dependencies {
testCompile(
project(':yubico-util-scala'),
'commons-io:commons-io:2.5',
- 'org.mockito:mockito-core:2.10.0',
+ 'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
'org.scalacheck:scalacheck_2.12:1.13.5',
'org.scalatest:scalatest_2.12:3.0.4',
diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle
index b10c6af78..a8ef0dab8 100644
--- a/webauthn-server-demo/build.gradle
+++ b/webauthn-server-demo/build.gradle
@@ -52,7 +52,7 @@ dependencies {
project(':yubico-util-scala'),
'commons-io:commons-io:2.5',
- 'org.mockito:mockito-core:2.10.0',
+ 'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
'org.scalacheck:scalacheck_2.12:1.13.5',
'org.scalatest:scalatest_2.12:3.0.4',
From 8d8f33a167e92a64829187e5241eab8a28863410 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:39:35 +0200
Subject: [PATCH 15/25] Use JDK10 and JDK11 in Travis build
---
.travis.yml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index d63a8ea9d..27247ca1f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,8 +5,11 @@ branches:
- tmp
jdk:
- - openjdk8
- oraclejdk8
+ - oraclejdk11
+ - openjdk8
+ - openjdk10
+ - openjdk11
script:
- ./gradlew check assembleJavadoc
@@ -18,5 +21,5 @@ stages:
jobs:
include:
- stage: mutation-test
- jdk: oraclejdk8
+ jdk: oraclejdk11
script: ./gradlew pitest coveralls
From 9a371e5efca0b76db0a29c6453a1feb876853bd2 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:41:35 +0200
Subject: [PATCH 16/25] Ignore all tmp- branches in Travis build
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 27247ca1f..79950c176 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,7 +2,7 @@ language: java
branches:
except:
- - tmp
+ - /tmp-?.*/
jdk:
- oraclejdk8
From 7b48996f4557a34541dc0313577e4e4ae72cb0f4 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:50:10 +0200
Subject: [PATCH 17/25] Upgrade ScalaCheck
---
webauthn-server-attestation/build.gradle | 2 +-
webauthn-server-core/build.gradle | 2 +-
webauthn-server-demo/build.gradle | 2 +-
yubico-util-scala/build.gradle | 2 +-
yubico-util/build.gradle | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle
index af46cd4ca..d56ea8273 100644
--- a/webauthn-server-attestation/build.gradle
+++ b/webauthn-server-attestation/build.gradle
@@ -18,7 +18,7 @@ dependencies {
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
- 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalacheck:scalacheck_2.12:1.14.0',
'org.scalatest:scalatest_2.12:3.0.4',
)
}
diff --git a/webauthn-server-core/build.gradle b/webauthn-server-core/build.gradle
index 341d6076f..2f16d63dc 100644
--- a/webauthn-server-core/build.gradle
+++ b/webauthn-server-core/build.gradle
@@ -24,7 +24,7 @@ dependencies {
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
- 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalacheck:scalacheck_2.12:1.14.0',
'org.scalatest:scalatest_2.12:3.0.4',
)
diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle
index a8ef0dab8..8aba200f8 100644
--- a/webauthn-server-demo/build.gradle
+++ b/webauthn-server-demo/build.gradle
@@ -54,7 +54,7 @@ dependencies {
'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.27.0',
'org.scala-lang:scala-library:2.12.8',
- 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalacheck:scalacheck_2.12:1.14.0',
'org.scalatest:scalatest_2.12:3.0.4',
)
diff --git a/yubico-util-scala/build.gradle b/yubico-util-scala/build.gradle
index b1959605b..872c49203 100644
--- a/yubico-util-scala/build.gradle
+++ b/yubico-util-scala/build.gradle
@@ -6,7 +6,7 @@ dependencies {
compile(
'org.scala-lang:scala-library:2.12.8',
- 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalacheck:scalacheck_2.12:1.14.0',
)
testCompile(
diff --git a/yubico-util/build.gradle b/yubico-util/build.gradle
index 3a699442a..f0c574d89 100644
--- a/yubico-util/build.gradle
+++ b/yubico-util/build.gradle
@@ -15,7 +15,7 @@ dependencies {
testCompile(
project(':yubico-util-scala'),
'org.scala-lang:scala-library:2.12.8',
- 'org.scalacheck:scalacheck_2.12:1.13.5',
+ 'org.scalacheck:scalacheck_2.12:1.14.0',
'org.scalatest:scalatest_2.12:3.0.4',
)
}
From 9443bc64a8844375f9dae0ab12e88485f8ecce52 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:59:01 +0200
Subject: [PATCH 18/25] Fix ambiguous String.lines() call
---
.../attestation/StandardMetadataServiceSpec.scala | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala
index c3fc75e78..ed2bae0e3 100644
--- a/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala
+++ b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala
@@ -101,7 +101,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers {
s"""{
"identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
"version": 1,
- "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"],
"vendorInfo": {},
"devices": [
{
@@ -159,7 +159,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers {
s"""{
"identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
"version": 1,
- "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"],
"vendorInfo": {},
"devices": []
}"""
@@ -197,7 +197,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers {
s"""{
"identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
"version": 1,
- "trustedCertificates": ["${TestAuthenticator.toPem(cacaca._1).lines.mkString(raw"\n")}"],
+ "trustedCertificates": ["${TestAuthenticator.toPem(cacaca._1).linesIterator.mkString(raw"\n")}"],
"vendorInfo": {},
"devices": [
{
@@ -227,7 +227,7 @@ class StandardMetadataServiceSpec extends FunSpec with Matchers {
s"""{
"identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
"version": 1,
- "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).linesIterator.mkString(raw"\n")}"],
"vendorInfo": {},
"devices": [
{
From d3096a740784ab7ed3f5f05b9e0e892820b7d0a2 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 19:59:25 +0200
Subject: [PATCH 19/25] Fix use of deprecated class PropertyCheckConfig
---
.../webauthn/data/PublicKeyCredentialDescriptorSpec.scala | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala
index 3902246a9..07e239184 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala
@@ -38,7 +38,7 @@ class PublicKeyCredentialDescriptorSpec extends FunSpec with Matchers with Gener
describe("which is consistent with") {
- implicit val generatorDrivenConfig = PropertyCheckConfig(minSuccessful = 300)
+ implicit val generatorDrivenConfig = PropertyCheckConfiguration(minSuccessful = 300)
it("equals.") {
forAll { (a: PublicKeyCredentialDescriptor, b: PublicKeyCredentialDescriptor) =>
From ad5e6680fb73ecfd3130336b81d830956462e97a Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 20:14:17 +0200
Subject: [PATCH 20/25] Update README to reflect that project now builds in
JDK10+
---
README | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/README b/README
index 4e36b0697..4218f3a43 100644
--- a/README
+++ b/README
@@ -326,21 +326,13 @@ version is derived from the most recent Git tag. Builds done on a tagged commit
will have a plain `x.y.z` version number, while a build on any other commit will
result in a version number containing the abbreviated commit hash.
-Although the `.jar` artifact of this project can be used in JDK version 8 or
-later, the project as a whole currently builds only in JDK 8. This is because
-most tests are written in Scala, which
-https://docs.scala-lang.org/overviews/jdk-compatibility/overview.html#jdk-9\--up-compatibility-notes[currently
-only supports JDK 8]. Therefore compiling the tests can currently only be done
-in JDK 8, and so `./gradlew build` and similar tasks will fail in JDKs other
-than 8.
-
-To run the tests (requires JDK 8):
+To run the tests:
----------
$ ./gradlew check
----------
-To run the http://pitest.org/[PIT mutation tests] (requires JDK 8):
+To run the http://pitest.org/[PIT mutation tests]:
----------
$ ./gradlew pitest
From 874c8305c26ccd324d50357a254a89f8193fa05b Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 20:14:35 +0200
Subject: [PATCH 21/25] Call out functional purity as a major feature
---
README | 1 +
1 file changed, 1 insertion(+)
diff --git a/README b/README
index 4218f3a43..e7666f4a0 100644
--- a/README
+++ b/README
@@ -44,6 +44,7 @@ compile 'com.yubico:webauthn-server-core:1.2.0'
- Performs all necessary
https://www.w3.org/TR/webauthn/#rp-operations[validation logic] on the
response from the client
+- No mutable state or side effects - everything (except builders) is thread safe
- Optionally integrates with a "metadata service" to verify
https://www.w3.org/TR/webauthn/#sctn-attestation[authenticator attestations]
and annotate responses with additional authenticator metadata
From 6cf2eaf1ca8b767cab1b1285e395e1a432ec5c80 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 28 May 2019 20:22:11 +0200
Subject: [PATCH 22/25] Remove source/target compatibility setting from demo
subproject
---
webauthn-server-demo/build.gradle | 3 ---
1 file changed, 3 deletions(-)
diff --git a/webauthn-server-demo/build.gradle b/webauthn-server-demo/build.gradle
index 8aba200f8..16e952d28 100644
--- a/webauthn-server-demo/build.gradle
+++ b/webauthn-server-demo/build.gradle
@@ -14,9 +14,6 @@ apply plugin: 'war'
apply plugin: 'application'
apply from: 'gretty-2.2.0.plugin'
-sourceCompatibility = '1.8'
-targetCompatibility = '1.8'
-
configurations {
forJdk10
}
From 2eeff7d9aef9ad495ebb2e8a546fd34ba37ef253 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 29 May 2019 15:10:17 +0200
Subject: [PATCH 23/25] Have Travis ignore branches only if they start with tmp
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 79950c176..09bf7d103 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,7 +2,7 @@ language: java
branches:
except:
- - /tmp-?.*/
+ - /^tmp-?.*/
jdk:
- oraclejdk8
From dbb1f1efda9810fe8d9934eebfeb15c530698402 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Wed, 29 May 2019 17:32:54 +0200
Subject: [PATCH 24/25] Run mutation tests and coveralls upload in JDK8
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 09bf7d103..b393420e6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -21,5 +21,5 @@ stages:
jobs:
include:
- stage: mutation-test
- jdk: oraclejdk11
+ jdk: oraclejdk8
script: ./gradlew pitest coveralls
From a003f64ee897af3d633ae83ecefb74b5b5dd39a6 Mon Sep 17 00:00:00 2001
From: Emil Lundberg
Date: Tue, 4 Jun 2019 17:53:25 +0200
Subject: [PATCH 25/25] Add javadoc fix to NEWS
---
NEWS | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/NEWS b/NEWS
index 8925951f3..2a148c1b6 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ New features:
* New optional parameter `timeout` added to `StartRegistrationOptions` and
`StartAssertionOptions`
+Bug fixes:
+
+* Fixed polarity error in javadoc for `RelyingParty.allowUntrustedAttestation`
+
== Version 1.2.0 ==