Merge branch 'main' into credprotect

Author: emlun

NEWS

@@ -1,5 +1,6 @@
 == Version 2.7.0 (unreleased) ==
 
+* Added overloaded setter `RelyingPartyBuilder.origins(Optional<Set<String>>)`.
 * Added support for the CTAP2 `credProtect` extension.
 * (Experimental) Added a new suite of interfaces, starting with
   `CredentialRepositoryV2`. `RelyingParty` can now be configured with a

webauthn-server-attestation/src/integrationTest/scala/com/yubico/fido/metadata/FidoMetadataServiceIntegrationTest.scala

@@ -223,18 +223,18 @@ class FidoMetadataServiceIntegrationTest
 
         it("a YubiKey Bio.") {
           check(
-            "YubiKey Bio Series",
+            "YubiKey Bio Series - FIDO Edition",
             RealExamples.YubikeyBio_5_5_4,
             attachmentHintsUsb,
           )
           check(
-            "YubiKey Bio Series",
+            "YubiKey Bio Series - FIDO Edition",
             RealExamples.YubikeyBio_5_5_5,
             attachmentHintsUsb,
           )
           withProviderContext(List(new BouncyCastleProvider)) { // Needed for JDK<14 because this example uses EdDSA
             check(
-              "YubiKey Bio Series",
+              "YubiKey Bio Series - FIDO Edition",
               RealExamples.YubikeyBio_5_5_6,
               attachmentHintsUsb,
             )

webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java

@@ -588,6 +588,16 @@ public static class RelyingPartyBuilder {
         Optional.empty();
     private @NonNull Optional<AttestationTrustSource> attestationTrustSource = Optional.empty();
 
+    public RelyingPartyBuilder origins(@NonNull Set<String> origins) {
+      this.origins = origins;
+      return this;
+    }
+
+    public RelyingPartyBuilder origins(Optional<Set<String>> origins) {
+      this.origins = origins.orElse(null);
+      return this;
+    }
+
     public static class MandatoryStages {
       private final RelyingPartyBuilder builder = new RelyingPartyBuilder();
 

webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java

@@ -563,6 +563,16 @@ public static class RelyingPartyV2Builder<C extends CredentialRecord> {
         Optional.empty();
     private @NonNull Optional<AttestationTrustSource> attestationTrustSource = Optional.empty();
 
+    public RelyingPartyV2Builder<C> origins(@NonNull Set<String> origins) {
+      this.origins = origins;
+      return this;
+    }
+
+    public RelyingPartyV2Builder<C> origins(Optional<Set<String>> origins) {
+      this.origins = origins.orElse(null);
+      return this;
+    }
+
     /**
      * The extension input to set for the <code>appid</code> and <code>appidExclude</code>
      * extensions.

webauthn-server-core/src/test/java/com/yubico/webauthn/RelyingPartyTest.java

@@ -103,6 +103,88 @@ public void originsIsImmutable() {
     }
   }
 
+  @Test
+  public void testOriginsWithEmptySet() {
+    Set<String> origins = new HashSet<>();
+
+    RelyingParty rp =
+        RelyingParty.builder()
+            .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+            .credentialRepository(unimplementedCredentialRepository())
+            .origins(origins)
+            .build();
+
+    assertEquals(0, rp.getOrigins().size());
+  }
+
+  @Test
+  public void testOriginsWithSet() {
+    Set<String> origins = new HashSet<>();
+    origins.add("test1");
+    origins.add("test2");
+
+    RelyingParty rp =
+        RelyingParty.builder()
+            .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+            .credentialRepository(unimplementedCredentialRepository())
+            .origins(origins)
+            .build();
+
+    assertEquals(2, rp.getOrigins().size());
+  }
+
+  @Test
+  public void testOriginsWithAbsentOptionalSet() {
+    {
+      RelyingParty rp =
+          RelyingParty.builder()
+              .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+              .credentialRepository(unimplementedCredentialRepository())
+              .origins(Optional.empty())
+              .build();
+      assertEquals(1, rp.getOrigins().size());
+    }
+
+    {
+      RelyingPartyV2<RegisteredCredential> rp =
+          RelyingParty.builder()
+              .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+              .credentialRepositoryV2(
+                  new CredentialRepositoryV1ToV2Adapter(unimplementedCredentialRepository()))
+              .origins(Optional.empty())
+              .build();
+      assertEquals(1, rp.getOrigins().size());
+    }
+  }
+
+  @Test
+  public void testOriginsWithOptionalSet() {
+    Set<String> origins = new HashSet<>();
+    origins.add("test1");
+    origins.add("test2");
+
+    {
+      RelyingParty rp =
+          RelyingParty.builder()
+              .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+              .credentialRepository(unimplementedCredentialRepository())
+              .origins(Optional.of(origins))
+              .build();
+      assertEquals(2, rp.getOrigins().size());
+    }
+
+    {
+      RelyingPartyV2<RegisteredCredential> rp =
+          RelyingParty.builder()
+              .identity(RelyingPartyIdentity.builder().id("localhost").name("Test").build())
+              .credentialRepositoryV2(
+                  new CredentialRepositoryV1ToV2Adapter(unimplementedCredentialRepository()))
+              .origins(Optional.of(origins))
+              .build();
+      assertEquals(2, rp.getOrigins().size());
+    }
+  }
+
   @Test
   public void filtersAlgorithmsToThoseAvailable() throws HexException {
     for (Provider prov : Security.getProviders()) {

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala

@@ -118,7 +118,7 @@ class RelyingPartyStartOperationSpec
         .identity(rpId)
         .credentialRepository(credRepo(credentials, userId))
         .preferredPubkeyParams(List(PublicKeyCredentialParameters.ES256).asJava)
-        .origins(Set.empty.asJava)
+        .origins(Set.empty[String].asJava)
       appId.foreach { appid => builder = builder.appId(appid) }
       attestationConveyancePreference.foreach { acp =>
         builder = builder.attestationConveyancePreference(acp)
@@ -1097,7 +1097,7 @@ class RelyingPartyStartOperationSpec
           )
         )
         .preferredPubkeyParams(List(PublicKeyCredentialParameters.ES256).asJava)
-        .origins(Set.empty.asJava)
+        .origins(Set.empty[String].asJava)
       if (usernameRepository) {
         builder.usernameRepository(Helpers.UsernameRepository.withUsers(userId))
       }