From e528ca51ead787a4eb7c446bb96c6bd3767691d3 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Wed, 10 Apr 2024 16:07:10 +0200
Subject: [PATCH 1/4] Test that unknown properties are accepted in credProps
 extension

---
 .../yubico/webauthn/RelyingPartyRegistrationSpec.scala | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
index 39f20a1b2..0ddcccbd6 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -258,12 +258,20 @@ class RelyingPartyRegistrationSpec
                 },
                 "clientExtensionResults": {
                   "appidExclude": true,
-                  "org.example.foo": "bar"
+                  "org.example.foo": "bar",
+                  "credProps": {
+                    "rk": false,
+                    "unknownProperty": ["unknown-value"]
+                  }
                 }
               }""")
             pkc.getClientExtensionResults.getExtensionIds should contain(
               "appidExclude"
             )
+            pkc.getClientExtensionResults.getExtensionIds should contain(
+              "credProps"
+            )
+            pkc.getClientExtensionResults.getExtensionIds should not contain ("org.example.foo")
           }
         }
 

From d46c0aa394a075cb70cb8c20d07b42d5ac0c6a78 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Wed, 10 Apr 2024 16:14:36 +0200
Subject: [PATCH 2/4] Allow unknown properties in credProps client extension
 output

---
 NEWS                                                   |  7 +++++++
 .../com/yubico/webauthn/data/ExtensionOutputs.java     | 10 +++++++++-
 .../main/java/com/yubico/webauthn/data/Extensions.java |  2 ++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 4636e0c1a..a035d87f7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+== Version 2.5.2 (unreleased) ==
+
+Fixes:
+
+* Allow unknown properties in `credProps` client extension output.
+
+
 == Version 2.5.1 ==
 
 Changes:
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java
index df76f3aaf..df2a77c84 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionOutputs.java
@@ -4,7 +4,15 @@
 import java.util.Set;
 
 public interface ExtensionOutputs {
-  /** Returns a {@link Set} of the extension IDs for which an extension output is present. */
+  /**
+   * Returns a {@link Set} of recognized extension IDs for which an extension output is present.
+   *
+   * <p>This only includes extension identifiers recognized by the java-webauthn-server library.
+   * Recognized extensions can be found as the properties of {@link
+   * ClientRegistrationExtensionOutputs} for registration ceremonies, and {@link
+   * ClientAssertionExtensionOutputs} for authentication ceremonies. Unknown extension identifiers
+   * are silently ignored.
+   */
   @JsonIgnore
   Set<String> getExtensionIds();
 }
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java
index f9b02cdd5..99c1f2283 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java
@@ -1,6 +1,7 @@
 package com.yubico.webauthn.data;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonValue;
 import com.upokecenter.cbor.CBORObject;
@@ -63,6 +64,7 @@ public static class CredentialProperties {
      *     Credential Properties Extension (credProps)</a>
      */
     @Value
+    @JsonIgnoreProperties(ignoreUnknown = true)
     public static class CredentialPropertiesOutput {
       @JsonProperty("rk")
       private final Boolean rk;

From 9d4d61ff21bc7eedcf80e51158910a1a53fe53bb Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Wed, 10 Apr 2024 16:28:21 +0200
Subject: [PATCH 3/4] Test that authenticatorDisplayName is allowed in
 credProps

---
 .../scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
index 0ddcccbd6..a22647995 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -261,6 +261,7 @@ class RelyingPartyRegistrationSpec
                   "org.example.foo": "bar",
                   "credProps": {
                     "rk": false,
+                    "authenticatorDisplayName": "My passkey",
                     "unknownProperty": ["unknown-value"]
                   }
                 }

From 821e211ddf3dfe94e64019130986dbbcc5d40708 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Mon, 15 Apr 2024 15:05:01 +0200
Subject: [PATCH 4/4] Bump JDK version in release-verify-signatures workflow

---
 .github/workflows/release-verify-signatures.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-verify-signatures.yml b/.github/workflows/release-verify-signatures.yml
index e2ff48b54..e391c06f3 100644
--- a/.github/workflows/release-verify-signatures.yml
+++ b/.github/workflows/release-verify-signatures.yml
@@ -39,7 +39,7 @@ jobs:
 
     strategy:
       matrix:
-        java: ["17.0.7"]
+        java: ["17.0.10"]
         distribution: [temurin, zulu, microsoft]
 
     steps: