Release 0.3.0

- Major API overhaul; public API changes include but are not limited to: - Reorganised package structure - `CredentialRepository.getCredentialIdsForUsername(String)` now returns `Set` instead of `List` - Most data classes now expose a builder instead of a public constructor - Shortcut constants added to `COSEAlgorithmIdentifier` and `PublicKeyCredentialParameters` - Exception `U2fBadConfigurationException` renamed to `BadConfigurationException` - `RelyingParty.startRegistration` now accepts one `StartRegistrationOptions` parameter instead of several parameters - `RelyingParty.finishRegistration` now accepts one `FinishRegistrationOptions` parameter instead of several parameters - `RelyingParty.startAssertion` now accepts one `StartAssertionOptions` parameter instead of several parameters - `RelyingParty.finishAssertion` now accepts one `FinishAssertionOptions` parameter instead of several parameters - `RelyingParty.finishRegistration` now throws checked `RegistrationFailedException` instead of `IllegalArgumentException` on most failures - `RelyingParty.finishAssertion` now throws checked `AssertionFailedException` instead of `IllegalArgumentException` on most failures - Class `MetadataResolver` replaced with interface - Constructor `CollectedClientData(JsonNode)` deleted - Type of fields `StartAssertionOptions.extensions`, `StartRegistrationOptions.extensions` and `PublicKeyCredential.clientExtensionOutputs` narrowed from `JsonNode` to `ObjectNode` - Parameters `StartRegistrationOptions.excludeCredentials` and `StartAssertionOptions.allowCredentials` deleted; they are now discovered automatically from the `CredentialRepository`. If custom control over `excludeCredentials` or `allowCredentials` is needed, modify the `PublicKeyCredentialCreationOptions` or `PublicKeyCredentialRequestOptions` object manually. - `COSEAlgorithmIdentifier` is now an actual enum - Extensions are now passed and returned as domain objects instead of as Jackson types - Type parameter added to `PublicKeyCredential` to express extensions type - Fields `CollectedClientData.authenticatorExtensions` and `.clientExtensions` deleted - Fixed a bug in `AuthenticatorDataFlags` that caused the `ED` (0x80) flag to never be set - All classes in `com.yubico.webauthn.data` can now be serialized and deserialized using Jackson - JSON output has been slightly changed: - `AttestationObject`, `AuthenticatorData` and `CollectedClientData` now serialize back to Base64Url encoded bytes instead of to JSON objects - Member `_attestationObject` removed from serialized `AuthenticatorAttestationResponse` - Member `authenticatorData` removed from serialized `AuthenticatorAttestationResponse` - New methods `ByteArray.size(): int` and `.isEmpty(): boolean` - `ByteArray` is now `Comparable` to itself - Added support for `appid` extension
Yubico · Oct 1, 2018 · 536bb84 · 536bb84
2 parents 5bb3a25 + 39d643b
commit 536bb84
Show file tree

Hide file tree

Showing 189 changed files with 5,905 additions and 3,962 deletions.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,62 @@
+== Version 0.3.0 ==
+
+* Major API overhaul; public API changes include but are not limited to:
+ ** Reorganised package structure
+ ** `CredentialRepository.getCredentialIdsForUsername(String)` now returns `Set`
+    instead of `List`
+ ** Most data classes now expose a builder instead of a public constructor
+ ** Shortcut constants added to `COSEAlgorithmIdentifier` and
+    `PublicKeyCredentialParameters`
+ ** Exception `U2fBadConfigurationException` renamed to
+    `BadConfigurationException`
+ ** `RelyingParty.startRegistration` now accepts one `StartRegistrationOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishRegistration` now accepts one
+    `FinishRegistrationOptions` parameter instead of several parameters
+ ** `RelyingParty.startAssertion` now accepts one `StartAssertionOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishAssertion` now accepts one `FinishAssertionOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishRegistration` now throws checked
+    `RegistrationFailedException` instead of `IllegalArgumentException` on most
+    failures
+ ** `RelyingParty.finishAssertion` now throws checked
+    `AssertionFailedException` instead of `IllegalArgumentException` on most
+    failures
+ ** Class `MetadataResolver` replaced with interface
+ ** Constructor `CollectedClientData(JsonNode)` deleted
+ ** Type of fields `StartAssertionOptions.extensions`,
+    `StartRegistrationOptions.extensions` and
+    `PublicKeyCredential.clientExtensionOutputs` narrowed from `JsonNode` to
+    `ObjectNode`
+ ** Parameters `StartRegistrationOptions.excludeCredentials` and
+    `StartAssertionOptions.allowCredentials` deleted; they are now discovered
+    automatically from the `CredentialRepository`. If custom control over
+    `excludeCredentials` or `allowCredentials` is needed, modify the
+    `PublicKeyCredentialCreationOptions` or `PublicKeyCredentialRequestOptions`
+    object manually.
+ ** `COSEAlgorithmIdentifier` is now an actual enum
+ ** Extensions are now passed and returned as domain objects instead of as Jackson
+    types
+ ** Type parameter added to `PublicKeyCredential` to express extensions type
+ ** Fields `CollectedClientData.authenticatorExtensions` and `.clientExtensions`
+    deleted
+* Fixed a bug in `AuthenticatorDataFlags` that caused the `ED` (0x80) flag to
+  never be set
+* All classes in `com.yubico.webauthn.data` can now be serialized and
+  deserialized using Jackson
+ ** JSON output has been slightly changed:
+  *** `AttestationObject`, `AuthenticatorData` and `CollectedClientData` now serialize back to
+    Base64Url encoded bytes instead of to JSON objects
+  *** Member `_attestationObject` removed from serialized
+      `AuthenticatorAttestationResponse`
+  *** Member `authenticatorData` removed from serialized
+      `AuthenticatorAttestationResponse`
+* New methods `ByteArray.size(): int` and `.isEmpty(): boolean`
+* `ByteArray` is now `Comparable` to itself
+* Added support for `appid` extension
+
+
 == Version 0.2.0 ==
 
 * Core library now recognises username as an internally relevant concept

diff --git a/build.gradle b/build.gradle
@@ -73,8 +73,6 @@ allprojects  {
 evaluationDependsOnChildren()
 
 subprojects {
-  apply plugin: 'info.solidsoft.pitest'
-
   task packageSources(type: Jar) {
     classifier = 'sources'
     from sourceSets.main.allSource
@@ -148,21 +146,6 @@ subprojects {
       }
     }
   }
-
-  pitest {
-    pitestVersion = '1.4.2'
-
-    timestampedReports = false
-    outputFormats = ['XML', 'HTML']
-
-    avoidCallsTo = [
-      'java.util.logging',
-      'org.apache.log4j',
-      'org.slf4j',
-      'org.apache.commons.logging',
-      'com.google.common.io.Closeables',
-    ]
-  }
 }
 
 task pitestMerge(type: com.yubico.gradle.pitest.tasks.PitestMergeTask)

diff --git a/settings.gradle b/settings.gradle
@@ -1,3 +1,6 @@
 rootProject.name = 'webauthn-server-parent'
+include ':webauthn-server-attestation'
 include ':webauthn-server-core'
 include ':webauthn-server-demo'
+include ':yubico-util'
+include ':yubico-util-scala'
diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle
@@ -0,0 +1,30 @@
+description = 'Yubico WebAuthn attestation subsystem'
+
+apply plugin: 'java'
+
+dependencies {
+
+  compile(
+    project(':webauthn-server-core'),
+    'org.bouncycastle:bcpkix-jdk15on:1.54',
+    'com.google.guava:guava:19.0',
+  )
+
+  testCompile(
+    'org.mockito:mockito-core:2.10.0',
+  )
+
+}
+
+
+jar {
+  manifest {
+    attributes([
+      'Implementation-Id': 'java-webauthn-server-attestation',
+      'Implementation-Title': project.description,
+      'Implementation-Version': project.version,
+      'Implementation-Vendor': 'Yubico',
+    ])
+  }
+}
+
diff --git a/...yubico/u2f/attestation/DeviceMatcher.java → ...o/webauthn/attestation/DeviceMatcher.java b/...yubico/u2f/attestation/DeviceMatcher.java → ...o/webauthn/attestation/DeviceMatcher.java
@@ -1,6 +1,6 @@
 /* Copyright 2015 Yubico */
 
-package com.yubico.u2f.attestation;
+package com.yubico.webauthn.attestation;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import java.security.cert.X509Certificate;

diff --git a/...hn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java b/...hn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java
@@ -0,0 +1,10 @@
+/* Copyright 2015 Yubico */
+
+package com.yubico.webauthn.attestation;
+
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+
+public interface MetadataResolver {
+    Optional<MetadataObject> resolve(X509Certificate attestationCertificate);
+}