diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
deleted file mode 100644
index 286857edd..000000000
--- a/.github/workflows/scan.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: static code analysis
-# Documentation: https://github.com/Yubico/yes-static-code-analysis
-
-on:
- push:
- schedule:
- - cron: '0 0 * * 1'
-
-env:
- SCAN_IMG:
- yubico-yes-docker-local.jfrog.io/static-code-analysis/java:v1
- SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
-
-jobs:
- build:
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@master
-
- - name: Scan and fail on warnings
- run: |
- if [ "${SECRET}" != "" ]; then
- docker login yubico-yes-docker-local.jfrog.io/ \
- -u svc-static-code-analysis-reader -p ${SECRET}
- docker pull ${SCAN_IMG}
- docker run -v${PWD}:/k \
- -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
- else
- echo "No docker registry credentials, not scanning"
- fi
-
- - uses: actions/upload-artifact@master
- if: failure()
- with:
- name: suppression_files
- path: suppression_files
diff --git a/NEWS b/NEWS
index b9a4e3d6a..f994ea0e0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+== Version 1.12.4 ==
+
+Deprecated features:
+
+* Option `RelyingParty.allowUnrequestedExtensions` deprecated. The `false`
+ setting (default) is not compatible with WebAuthn Level 2 since authenticators
+ are now always allowed to add unsolicited extensions. The next major version
+ release will remove this option and always behave as if the option had been
+ set to `true`.
+* Enum value `AttestationType.ECDAA`. ECDAA was removed in WebAuthn Level 2.
+* Function `TokenBindingStatus.fromJsonString(String)` deprecated. It should not
+ have been part of the public API to begin with.
+
+
== Version 1.12.3 ==
Fixes:
diff --git a/README b/README
index cd0e0afde..73a0938d6 100644
--- a/README
+++ b/README
@@ -25,7 +25,7 @@ Maven:
com.yubico
webauthn-server-core
- 1.12.3
+ 1.12.4
compile
----------
@@ -33,7 +33,7 @@ Maven:
Gradle:
----------
-compile 'com.yubico:webauthn-server-core:1.12.3'
+compile 'com.yubico:webauthn-server-core:1.12.4'
----------
=== Semantic versioning
diff --git a/build.gradle b/build.gradle
index 13a282d97..493f2df33 100644
--- a/build.gradle
+++ b/build.gradle
@@ -5,7 +5,7 @@ buildscript {
dependencies {
classpath 'com.cinnober.gradle:semver-git:2.5.0'
classpath 'com.diffplug.spotless:spotless-plugin-gradle:6.3.0'
- classpath 'io.github.cosmicsilence:gradle-scalafix:0.1.8'
+ classpath 'io.github.cosmicsilence:gradle-scalafix:0.1.13'
}
}
plugins {
@@ -148,6 +148,12 @@ subprojects { project ->
if (project.plugins.hasPlugin('scala')) {
project.scalafix {
configFile = rootProject.file('scalafix.conf')
+
+ // Work around dependency resolution issues in April 2022
+ semanticdb {
+ autoConfigure = true
+ version = '4.5.5'
+ }
}
dependencies.scalafix('com.github.liancheng:organize-imports_2.13:0.6.0')
project.tasks.spotlessApply.dependsOn(project.tasks.scalafix)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
index 1242b1906..b0a3fb813 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
@@ -319,8 +319,13 @@ public class RelyingParty {
*
* @see ยง9. WebAuthn
* Extensions
+ * @deprecated The false setting (default) is not compatible with WebAuthn Level 2
+ * since authenticators are now always allowed to add unsolicited extensions. The next major
+ * version release will remove this option and always behave as if the option had been set to
+ *
+ * true.
*/
- @Builder.Default private final boolean allowUnrequestedExtensions = false;
+ @Deprecated @Builder.Default private final boolean allowUnrequestedExtensions = false;
/**
* If false, {@link #finishRegistration(FinishRegistrationOptions)
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
index 7378e6761..1d0034855 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
@@ -32,6 +32,7 @@
import java.util.stream.Stream;
import lombok.AccessLevel;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -77,25 +78,27 @@ public enum AttestationConveyancePreference implements JsonStringSerializable {
*/
DIRECT("direct");
- @NonNull private final String id;
+ @Getter @NonNull private final String value;
- private static Optional fromString(@NonNull String id) {
- return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
+ private static Optional fromString(@NonNull String value) {
+ return Stream.of(values()).filter(v -> v.value.equals(value)).findAny();
}
@JsonCreator
- private static AttestationConveyancePreference fromJsonString(@NonNull String id) {
- return fromString(id)
+ private static AttestationConveyancePreference fromJsonString(@NonNull String value) {
+ return fromString(value)
.orElseThrow(
() ->
new IllegalArgumentException(
String.format(
"Unknown %s value: %s",
- AttestationConveyancePreference.class.getSimpleName(), id)));
+ AttestationConveyancePreference.class.getSimpleName(), value)));
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getValue()} instead. */
public String toJsonString() {
- return id;
+ return value;
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
index b7627950c..ada006c6c 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
@@ -114,7 +114,9 @@ public enum AttestationType {
* @see FIDO
* ECDAA Algorithm
+ * @deprecated ECDAA was removed in WebAuthn Level 2.
*/
+ @Deprecated
ECDAA,
/**
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
index d719dd282..af65ecd70 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
@@ -31,6 +31,7 @@
import java.util.Optional;
import java.util.stream.Stream;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -73,25 +74,27 @@ public enum AuthenticatorAttachment implements JsonStringSerializable {
*/
PLATFORM("platform");
- @NonNull private final String id;
+ @Getter @NonNull private final String value;
- private static Optional fromString(@NonNull String id) {
- return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
+ private static Optional fromString(@NonNull String value) {
+ return Stream.of(values()).filter(v -> v.value.equals(value)).findAny();
}
@JsonCreator
- private static AuthenticatorAttachment fromJsonString(@NonNull String id) {
- return fromString(id)
+ private static AuthenticatorAttachment fromJsonString(@NonNull String value) {
+ return fromString(value)
.orElseThrow(
() ->
new IllegalArgumentException(
String.format(
"Unknown %s value: %s",
- AuthenticatorAttachment.class.getSimpleName(), id)));
+ AuthenticatorAttachment.class.getSimpleName(), value)));
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getValue()} instead. */
public String toJsonString() {
- return id;
+ return value;
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
index e47cfeb10..ee111974d 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
@@ -152,6 +152,8 @@ public static AuthenticatorTransport fromU2fTransport(Transport transport) {
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getId()} instead. */
public String toJsonString() {
return id;
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
index 83f8b8d43..ffe494177 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
@@ -51,21 +51,21 @@ public final class ByteArray implements Comparable, JsonStringSeriali
@NonNull private final byte[] bytes;
- @NonNull private final String base64;
+ @NonNull private final String base64url;
/** Create a new instance by copying the contents of bytes. */
public ByteArray(@NonNull byte[] bytes) {
this.bytes = BinaryUtil.copy(bytes);
- this.base64 = BASE64URL_ENCODER.encodeToString(this.bytes);
+ this.base64url = BASE64URL_ENCODER.encodeToString(this.bytes);
}
- private ByteArray(String base64) throws Base64UrlException {
+ private ByteArray(String base64url) throws Base64UrlException {
try {
- this.bytes = BASE64URL_DECODER.decode(base64);
+ this.bytes = BASE64URL_DECODER.decode(base64url);
} catch (IllegalArgumentException e) {
- throw new Base64UrlException("Invalid Base64Url encoding: " + base64, e);
+ throw new Base64UrlException("Invalid Base64Url encoding: " + base64url, e);
}
- this.base64 = base64;
+ this.base64url = base64url;
}
/** Create a new instance by decoding base64 as classic Base64 data. */
@@ -74,13 +74,13 @@ public static ByteArray fromBase64(@NonNull final String base64) {
}
/**
- * Create a new instance by decoding base64 as Base64Url data.
+ * Create a new instance by decoding base64url as Base64Url data.
*
- * @throws Base64UrlException if base64 is not valid Base64Url data.
+ * @throws Base64UrlException if base64url is not valid Base64Url data.
*/
@JsonCreator
- public static ByteArray fromBase64Url(@NonNull final String base64) throws Base64UrlException {
- return new ByteArray(base64);
+ public static ByteArray fromBase64Url(@NonNull final String base64url) throws Base64UrlException {
+ return new ByteArray(base64url.split("=")[0]);
}
/**
@@ -122,9 +122,9 @@ public String getBase64() {
return BASE64_ENCODER.encodeToString(bytes);
}
- /** @return the content bytes encoded as Base64Url data. */
+ /** @return the content bytes encoded as Base64Url data, without padding. */
public String getBase64Url() {
- return base64;
+ return base64url;
}
/** @return the content bytes encoded as hexadecimal data. */
@@ -133,10 +133,11 @@ public String getHex() {
return BinaryUtil.toHex(bytes);
}
- /** Used by JSON serializer. */
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getBase64Url()} instead. */
public String toJsonString() {
- return base64;
+ return base64url;
}
@Override
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
index 7d24cb231..ec51c54b5 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
@@ -66,6 +66,8 @@ private static COSEAlgorithmIdentifier fromJson(long id) {
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getId()} instead. */
public long toJsonNumber() {
return id;
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
index 298f6297f..33498820b 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
@@ -31,6 +31,7 @@
import java.util.Optional;
import java.util.stream.Stream;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -51,7 +52,7 @@
public enum PublicKeyCredentialType implements JsonStringSerializable {
PUBLIC_KEY("public-key");
- @NonNull private final String id;
+ @Getter @NonNull private final String id;
private static Optional fromString(@NonNull String id) {
return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
@@ -69,6 +70,8 @@ private static PublicKeyCredentialType fromJsonString(@NonNull String id) {
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getId()} instead. */
public String toJsonString() {
return id;
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ResidentKeyRequirement.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ResidentKeyRequirement.java
index 0c690c2f8..2a7426a9a 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ResidentKeyRequirement.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ResidentKeyRequirement.java
@@ -31,6 +31,7 @@
import java.util.Optional;
import java.util.stream.Stream;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -96,24 +97,27 @@ public enum ResidentKeyRequirement implements JsonStringSerializable {
*/
REQUIRED("required");
- @NonNull private final String id;
+ @Getter @NonNull private final String value;
- private static Optional fromString(@NonNull String id) {
- return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
+ private static Optional fromString(@NonNull String value) {
+ return Stream.of(values()).filter(v -> v.value.equals(value)).findAny();
}
@JsonCreator
- private static ResidentKeyRequirement fromJsonString(@NonNull String id) {
- return fromString(id)
+ private static ResidentKeyRequirement fromJsonString(@NonNull String value) {
+ return fromString(value)
.orElseThrow(
() ->
new IllegalArgumentException(
String.format(
- "Unknown %s value: %s", ResidentKeyRequirement.class.getSimpleName(), id)));
+ "Unknown %s value: %s",
+ ResidentKeyRequirement.class.getSimpleName(), value)));
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getValue()} instead. */
public String toJsonString() {
- return id;
+ return value;
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
index 4070b45ef..2b177aa63 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
@@ -31,6 +31,7 @@
import java.util.Arrays;
import java.util.Optional;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -58,24 +59,32 @@ public enum TokenBindingStatus implements JsonStringSerializable {
*/
SUPPORTED("supported");
- @NonNull private final String id;
+ @Getter @NonNull private final String value;
private static Optional fromString(@NonNull String value) {
- return Arrays.stream(values()).filter(v -> v.id.equals(value)).findAny();
+ return Arrays.stream(values()).filter(v -> v.value.equals(value)).findAny();
}
@JsonCreator
- public static TokenBindingStatus fromJsonString(@NonNull String id) {
- return fromString(id)
+ @Deprecated
+ /**
+ * @deprecated Use
+ * {@link CollectedClientData#getTokenBinding()}.{@link TokenBindingInfo#getStatus() getStatus()}
+ * instead.
+ */
+ public static TokenBindingStatus fromJsonString(@NonNull String value) {
+ return fromString(value)
.orElseThrow(
() ->
new IllegalArgumentException(
String.format(
- "Unknown %s value: %s", TokenBindingStatus.class.getSimpleName(), id)));
+ "Unknown %s value: %s", TokenBindingStatus.class.getSimpleName(), value)));
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getValue()} instead. */
public String toJsonString() {
- return id;
+ return value;
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
index 53b3e1879..19b36f265 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
@@ -31,6 +31,7 @@
import java.util.Optional;
import java.util.stream.Stream;
import lombok.AllArgsConstructor;
+import lombok.Getter;
import lombok.NonNull;
/**
@@ -66,25 +67,27 @@ public enum UserVerificationRequirement implements JsonStringSerializable {
*/
REQUIRED("required");
- @NonNull private final String id;
+ @Getter @NonNull private final String value;
- private static Optional fromString(@NonNull String id) {
- return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
+ private static Optional fromString(@NonNull String value) {
+ return Stream.of(values()).filter(v -> v.value.equals(value)).findAny();
}
@JsonCreator
- private static UserVerificationRequirement fromJsonString(@NonNull String id) {
- return fromString(id)
+ private static UserVerificationRequirement fromJsonString(@NonNull String value) {
+ return fromString(value)
.orElseThrow(
() ->
new IllegalArgumentException(
String.format(
"Unknown %s value: %s",
- UserVerificationRequirement.class.getSimpleName(), id)));
+ UserVerificationRequirement.class.getSimpleName(), value)));
}
@Override
+ @Deprecated
+ /** @deprecated Use {@link #getValue()} instead. */
public String toJsonString() {
- return id;
+ return value;
}
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
index a8063f341..00f969d97 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
@@ -57,8 +57,9 @@ static Optional fromString(@NonNull String id) {
return Stream.of(values()).filter(v -> v.id.equals(id)).findAny();
}
- /** Used by JSON serializer. */
@Override
+ @Deprecated
+ /** @deprecated This will be removed in the next major version release. */
public String toJsonString() {
return id;
}
diff --git a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializable.java b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializable.java
index a2d5ae40b..b9454d922 100644
--- a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializable.java
+++ b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializable.java
@@ -24,7 +24,11 @@
package com.yubico.internal.util.json;
+@Deprecated
+/** @deprecated This will be removed in the next major version. */
public interface JsonLongSerializable {
+ @Deprecated
+ /** @deprecated This will be removed in the next major version. */
long toJsonNumber();
}
diff --git a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializer.java b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializer.java
index f6588da7a..420b960ea 100644
--- a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializer.java
+++ b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonLongSerializer.java
@@ -29,6 +29,8 @@
import com.fasterxml.jackson.databind.SerializerProvider;
import java.io.IOException;
+@Deprecated
+/** @deprecated This will be removed in the next major version. */
public class JsonLongSerializer extends JsonSerializer {
@Override
diff --git a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializable.java b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializable.java
index 06e43e8ec..648963d3c 100644
--- a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializable.java
+++ b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializable.java
@@ -24,7 +24,11 @@
package com.yubico.internal.util.json;
+@Deprecated
+/** @deprecated This will be removed in the next major version. */
public interface JsonStringSerializable {
+ @Deprecated
+ /** @deprecated This will be removed in the next major version. */
String toJsonString();
}
diff --git a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializer.java b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializer.java
index a2a728d67..cb62ceb1a 100644
--- a/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializer.java
+++ b/yubico-util/src/main/java/com/yubico/internal/util/json/JsonStringSerializer.java
@@ -29,6 +29,8 @@
import com.fasterxml.jackson.databind.SerializerProvider;
import java.io.IOException;
+@Deprecated
+/** @deprecated This will be removed in the next major version. */
public class JsonStringSerializer extends JsonSerializer {
@Override