Skip to content

Commit

Permalink
Merge pull request #363 from Yubico/credProps-authenticatorDisplayName
Browse files Browse the repository at this point in the history
Added credProps.authenticatorDisplayName
  • Loading branch information
fdennis authored Jul 19, 2024
2 parents b670381 + a1a3e2f commit 362f1b4
Show file tree
Hide file tree
Showing 10 changed files with 309 additions and 3 deletions.
4 changes: 4 additions & 0 deletions NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@ New features:
* (Experimental) Added property `RegisteredCredential.transports`.
** NOTE: Experimental features may receive breaking changes without a major
version increase.
* (Experimental) Added property `credProps.authenticatorDisplayName`.
** NOTE: Experimental features may receive breaking changes without a major
version increase.
* (Experimental) Added `credProps` extension to assertion extension outputs.


== Version 2.5.2 ==
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import com.yubico.webauthn.data.AuthenticatorResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientAssertionExtensionOutputs;
import com.yubico.webauthn.data.Extensions;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions;
import com.yubico.webauthn.data.UserIdentity;
Expand Down Expand Up @@ -281,4 +282,33 @@ public Optional<AuthenticatorAssertionExtensionOutputs> getAuthenticatorExtensio
return AuthenticatorAssertionExtensionOutputs.fromAuthenticatorData(
credentialResponse.getResponse().getParsedAuthenticatorData());
}

/**
* Retrieve a suitable nickname for this credential, if one is available. This MAY differ from
* {@link RegistrationResult#getAuthenticatorDisplayName() the value returned during
* registration}, if any. In that case the application may want to offer the user to update the
* previously stored value, if any.
*
* <p>This returns the <code>authenticatorDisplayName</code> output from the <a
* href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
* <code>credProps</code></a> extension.
*
* @return A user-chosen or vendor-default display name for the credential, if available.
* Otherwise empty.
* @see <a
* href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
* <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
* (credProps)</a>
* @see RegistrationResult#getAuthenticatorDisplayName()
* @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
* @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
* the standard matures.
*/
@JsonIgnore
@Deprecated
public Optional<String> getAuthenticatorDisplayName() {
return getClientExtensionOutputs()
.flatMap(outputs -> outputs.getCredProps())
.flatMap(credProps -> credProps.getAuthenticatorDisplayName());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import com.yubico.webauthn.data.AuthenticatorResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientAssertionExtensionOutputs;
import com.yubico.webauthn.data.Extensions;
import com.yubico.webauthn.data.PublicKeyCredential;
import java.util.Optional;
import lombok.AccessLevel;
Expand Down Expand Up @@ -243,4 +244,33 @@ public Optional<AuthenticatorAssertionExtensionOutputs> getAuthenticatorExtensio
return AuthenticatorAssertionExtensionOutputs.fromAuthenticatorData(
credentialResponse.getResponse().getParsedAuthenticatorData());
}

/**
* Retrieve a suitable nickname for this credential, if one is available. This MAY differ from
* {@link RegistrationResult#getAuthenticatorDisplayName() the value returned during
* registration}, if any. In that case the application may want to offer the user to update the
* previously stored value, if any.
*
* <p>This returns the <code>authenticatorDisplayName</code> output from the <a
* href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
* <code>credProps</code></a> extension.
*
* @return A user-chosen or vendor-default display name for the credential, if available.
* Otherwise empty.
* @see <a
* href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
* <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
* (credProps)</a>
* @see RegistrationResult#getAuthenticatorDisplayName()
* @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
* @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
* the standard matures.
*/
@JsonIgnore
@Deprecated
public Optional<String> getAuthenticatorDisplayName() {
return getClientExtensionOutputs()
.flatMap(outputs -> outputs.getCredProps())
.flatMap(credProps -> credProps.getAuthenticatorDisplayName());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import com.yubico.webauthn.data.AuthenticatorResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.Extensions;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
import java.io.IOException;
Expand Down Expand Up @@ -367,6 +368,33 @@ public Optional<Boolean> isDiscoverable() {
.flatMap(credProps -> credProps.getRk());
}

/**
* Retrieve a suitable nickname for this credential, if one is available.
*
* <p>This returns the <code>authenticatorDisplayName</code> output from the <a
* href="https://w3c.github.io/webauthn/#sctn-authenticator-credential-properties-extension">
* <code>credProps</code></a> extension.
*
* @return A user-chosen or vendor-default display name for the credential, if available.
* Otherwise empty.
* @see <a
* href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
* <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
* (credProps)</a>
* @see AssertionResult#getAuthenticatorDisplayName()
* @see AssertionResultV2#getAuthenticatorDisplayName()
* @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
* @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
* the standard matures.
*/
@JsonIgnore
@Deprecated
public Optional<String> getAuthenticatorDisplayName() {
return getClientExtensionOutputs()
.flatMap(outputs -> outputs.getCredProps())
.flatMap(credProps -> credProps.getAuthenticatorDisplayName());
}

/**
* The <a
* href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#attestation-trust-path">attestation
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,18 @@ public class ClientAssertionExtensionOutputs implements ClientExtensionOutputs {
*/
private final Boolean appid;

private final Extensions.CredentialProperties.CredentialPropertiesOutput credProps;

private final Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob;

@JsonCreator
private ClientAssertionExtensionOutputs(
@JsonProperty("appid") Boolean appid,
@JsonProperty("credProps")
Extensions.CredentialProperties.CredentialPropertiesOutput credProps,
@JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob) {
this.appid = appid;
this.credProps = credProps;
this.largeBlob = largeBlob;
}

Expand All @@ -81,6 +86,9 @@ public Set<String> getExtensionIds() {
if (appid != null) {
ids.add(Extensions.Appid.EXTENSION_ID);
}
if (credProps != null) {
ids.add(Extensions.CredentialProperties.EXTENSION_ID);
}
if (largeBlob != null) {
ids.add(Extensions.LargeBlob.EXTENSION_ID);
}
Expand All @@ -100,6 +108,24 @@ public Optional<Boolean> getAppid() {
return Optional.ofNullable(appid);
}

/**
* The extension output for the Credential Properties Extension (<code>credProps</code>), if any.
*
* <p>This value MAY be present but have all members empty if the extension was successfully
* processed but no credential properties could be determined.
*
* @see com.yubico.webauthn.data.Extensions.CredentialProperties.CredentialPropertiesOutput
* @see <a
* href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-authenticator-credential-properties-extension">§10.4.
* Credential Properties Extension (credProps)</a>
* @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
* the standard matures.
*/
@Deprecated
public Optional<Extensions.CredentialProperties.CredentialPropertiesOutput> getCredProps() {
return Optional.ofNullable(credProps);
}

/**
* The extension output for the <a
* href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">Large blob
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
import com.fasterxml.jackson.annotation.JsonValue;
import com.upokecenter.cbor.CBORObject;
import com.upokecenter.cbor.CBORType;
import com.yubico.webauthn.AssertionResult;
import com.yubico.webauthn.AssertionResultV2;
import com.yubico.webauthn.RegistrationResult;
import com.yubico.webauthn.StartRegistrationOptions;
import com.yubico.webauthn.extension.uvm.KeyProtectionType;
import com.yubico.webauthn.extension.uvm.MatcherProtectionType;
Expand Down Expand Up @@ -71,9 +74,15 @@ public static class CredentialPropertiesOutput {
@JsonProperty("rk")
private final Boolean rk;

@JsonProperty("authenticatorDisplayName")
private final String authenticatorDisplayName;

@JsonCreator
private CredentialPropertiesOutput(@JsonProperty("rk") Boolean rk) {
private CredentialPropertiesOutput(
@JsonProperty("rk") Boolean rk,
@JsonProperty("authenticatorDisplayName") String authenticatorDisplayName) {
this.rk = rk;
this.authenticatorDisplayName = authenticatorDisplayName;
}

/**
Expand Down Expand Up @@ -105,6 +114,34 @@ private CredentialPropertiesOutput(@JsonProperty("rk") Boolean rk) {
public Optional<Boolean> getRk() {
return Optional.ofNullable(rk);
}

/**
* This OPTIONAL property is a human-palatable description of the credential's managing
* authenticator, chosen by the user.
*
* <p>If the application supports setting "nicknames" for registered credentials, then this
* value may be a suitable default value for such a nickname.
*
* <p>In an authentication ceremony, if this value is different from the stored nickname, then
* the application may want to offer the user to update the stored nickname to match this
* value.
*
* @return A user-chosen or vendor-default display name for the credential, if available.
* Otherwise empty.
* @see <a
* href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">
* <code>authenticatorDisplayName</code> in §10.1.3. Credential Properties Extension
* (credProps)</a>
* @see RegistrationResult#getAuthenticatorDisplayName()
* @see AssertionResult#getAuthenticatorDisplayName()
* @see AssertionResultV2#getAuthenticatorDisplayName()
* @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change
* as the standard matures.
*/
@Deprecated
public Optional<String> getAuthenticatorDisplayName() {
return Optional.ofNullable(authenticatorDisplayName);
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import com.yubico.webauthn.data.AuthenticatorTransport
import com.yubico.webauthn.data.ByteArray
import com.yubico.webauthn.data.ClientAssertionExtensionOutputs
import com.yubico.webauthn.data.CollectedClientData
import com.yubico.webauthn.data.Extensions.CredentialProperties.CredentialPropertiesOutput
import com.yubico.webauthn.data.Extensions.LargeBlob.LargeBlobAuthenticationInput
import com.yubico.webauthn.data.Extensions.LargeBlob.LargeBlobAuthenticationOutput
import com.yubico.webauthn.data.Extensions.Uvm.UvmEntry
Expand Down Expand Up @@ -2845,6 +2846,55 @@ class RelyingPartyAssertionSpec
)
}
}

describe("exposes the credProps.authenticatorDisplayName extension output as getAuthenticatorDisplayName()") {
val pkcTemplate =
TestAuthenticator.createAssertion(
challenge =
request.getPublicKeyCredentialRequestOptions.getChallenge,
credentialKey = credentialKeypair,
credentialId = credential.getId,
)

it("""when set to "hej".""") {
val pkc = pkcTemplate.toBuilder
.clientExtensionResults(
pkcTemplate.getClientExtensionResults.toBuilder
.credProps(
CredentialPropertiesOutput
.builder()
.authenticatorDisplayName("hej")
.build()
)
.build()
)
.build()
val result = rp.finishAssertion(
FinishAssertionOptions
.builder()
.request(request)
.response(pkc)
.build()
)

result.getAuthenticatorDisplayName.toScala should equal(
Some("hej")
)
}

it("when not available.") {
val pkc = pkcTemplate
val result = rp.finishAssertion(
FinishAssertionOptions
.builder()
.request(request)
.response(pkc)
.build()
)

result.getAuthenticatorDisplayName.toScala should equal(None)
}
}
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4289,6 +4289,51 @@ class RelyingPartyRegistrationSpec
}
}

describe("expose the credProps.authenticatorDisplayName extension output as RegistrationResult.getAuthenticatorDisplayName()") {
val testDataBase = RegistrationTestData.Packed.BasicAttestation
val testData = testDataBase.copy(requestedExtensions =
testDataBase.request.getExtensions.toBuilder.credProps().build()
)

it("""when set to "hej".""") {
val result = rp.finishRegistration(
FinishRegistrationOptions
.builder()
.request(testData.request)
.response(
testData.response.toBuilder
.clientExtensionResults(
ClientRegistrationExtensionOutputs
.builder()
.credProps(
CredentialPropertiesOutput
.builder()
.authenticatorDisplayName("hej")
.build()
)
.build()
)
.build()
)
.build()
)

result.getAuthenticatorDisplayName.toScala should equal(Some("hej"))
}

it("when not available.") {
val result = rp.finishRegistration(
FinishRegistrationOptions
.builder()
.request(testData.request)
.response(testData.response)
.build()
)

result.getAuthenticatorDisplayName.toScala should equal(None)
}
}

describe("support the largeBlob extension") {
it("being enabled at registration time.") {
val testData = RegistrationTestData.Packed.BasicAttestation
Expand Down
Loading

1 comment on commit 362f1b4

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mutation test results

Package Coverage Stats Prev Prev
Overall 82 % 🔹 1381 🔺 / 1681 🔺 81 % 1365 / 1669
com.yubico.fido.metadata 69 % 🟢 224 🔺 / 323 🔹 68 % 220 / 323
com.yubico.internal.util 46 % 🔹 57 🔹 / 123 🔹 46 % 57 / 123
com.yubico.webauthn 88 % 🔹 656 🔺 / 742 🔺 88 % 647 / 733
com.yubico.webauthn.attestation 92 % 🔹 13 🔹 / 14 🔹 92 % 13 / 14
com.yubico.webauthn.data 93 % 🔹 406 🔺 / 432 🔺 93 % 403 / 429
com.yubico.webauthn.extension.appid 100 % 🏆 13 🔹 / 13 🔹 100 % 13 / 13
com.yubico.webauthn.extension.uvm 50 % 🔹 12 🔹 / 24 🔹 50 % 12 / 24
com.yubico.webauthn.meta 0 % 🔹 0 🔹 / 10 🔹 0 % 0 / 10

Previous run: b670381 - Diff

Detailed reports: workflow run #275

Please sign in to comment.