From 87e31a213d5f32ff8f8267ee6228fb7558e2a8c8 Mon Sep 17 00:00:00 2001
From: Max Batischev <mblancer@mail.ru>
Date: Fri, 17 Jan 2025 14:14:46 +0300
Subject: [PATCH] Make PublicKeyCredentialRequestOptions Serializable

Closes gh-16432

Signed-off-by: Max Batischev <mblancer@mail.ru>
---
 .../api/AuthenticationExtensionsClientInput.java     |  6 ++++--
 .../api/AuthenticationExtensionsClientInputs.java    |  5 +++--
 .../web/webauthn/api/AuthenticatorTransport.java     | 10 ++++++++--
 .../security/web/webauthn/api/Bytes.java             |  8 ++++++--
 ...edProtectAuthenticationExtensionsClientInput.java | 12 ++++++++++--
 ...ImmutableAuthenticationExtensionsClientInput.java |  6 +++++-
 ...mmutableAuthenticationExtensionsClientInputs.java |  6 +++++-
 .../webauthn/api/PublicKeyCredentialDescriptor.java  |  9 +++++++--
 .../api/PublicKeyCredentialRequestOptions.java       |  8 ++++++--
 .../web/webauthn/api/PublicKeyCredentialType.java    | 10 ++++++++--
 .../webauthn/api/UserVerificationRequirement.java    | 10 ++++++++--
 11 files changed, 70 insertions(+), 20 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInput.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInput.java
index f3fb229af1b..736a3b29609 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInput.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInput.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
 /**
  * A <a href="https://www.w3.org/TR/webauthn-3/#client-extension-input">client extension
  * input</a> entry in the {@link AuthenticationExtensionsClientInputs}.
@@ -25,7 +27,7 @@
  * @since 6.4
  * @see ImmutableAuthenticationExtensionsClientInput
  */
-public interface AuthenticationExtensionsClientInput<T> {
+public interface AuthenticationExtensionsClientInput<T> extends Serializable {
 
 	/**
 	 * Gets the <a href="https://www.w3.org/TR/webauthn-3/#extension-identifier">extension
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java
index 44a26a41c12..3befaa601fc 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.util.List;
 
 /**
@@ -31,7 +32,7 @@
  * @since 6.4
  * @see PublicKeyCredentialCreationOptions#getExtensions()
  */
-public interface AuthenticationExtensionsClientInputs {
+public interface AuthenticationExtensionsClientInputs extends Serializable {
 
 	/**
 	 * Gets all of the {@link AuthenticationExtensionsClientInput}.
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java
index 33e9d2123cb..8f725d1d80c 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#enumdef-authenticatortransport">AuthenticatorTransport</a>
@@ -25,7 +29,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class AuthenticatorTransport {
+public final class AuthenticatorTransport implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	/**
 	 * <a href="https://www.w3.org/TR/webauthn-3/#dom-authenticatortransport-usb">usbc</a>
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
index 6fbcc3596c6..1b871db7acd 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,10 +16,12 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Base64;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
@@ -28,7 +30,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class Bytes {
+public final class Bytes implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private static final SecureRandom RANDOM = new SecureRandom();
 
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java b/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java
index 22372717595..e2e8c70bc4d 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * Implements <a href=
  * "https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-credProtect-extension">
@@ -27,6 +31,8 @@
 public class CredProtectAuthenticationExtensionsClientInput
 		implements AuthenticationExtensionsClientInput<CredProtectAuthenticationExtensionsClientInput.CredProtect> {
 
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final CredProtect input;
 
 	public CredProtectAuthenticationExtensionsClientInput(CredProtect input) {
@@ -43,7 +49,9 @@ public CredProtect getInput() {
 		return this.input;
 	}
 
-	public static class CredProtect {
+	public static class CredProtect implements Serializable {
+
+		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 		private final ProtectionPolicy credProtectionPolicy;
 
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java
index eb656c3cdfb..d7da31c081f 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * An immutable {@link AuthenticationExtensionsClientInput}.
  *
@@ -26,6 +28,8 @@
  */
 public class ImmutableAuthenticationExtensionsClientInput<T> implements AuthenticationExtensionsClientInput<T> {
 
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	/**
 	 * https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension
 	 */
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java
index cef29f378a5..dfea2d93ea4 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,8 @@
 import java.util.Arrays;
 import java.util.List;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * An immutable implementation of {@link AuthenticationExtensionsClientInputs}.
  *
@@ -27,6 +29,8 @@
  */
 public class ImmutableAuthenticationExtensionsClientInputs implements AuthenticationExtensionsClientInputs {
 
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
 	private final List<AuthenticationExtensionsClientInput> inputs;
 
 	public ImmutableAuthenticationExtensionsClientInputs(List<AuthenticationExtensionsClientInput> inputs) {
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java
index ad454814b0f..5f4b331aa3b 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,8 +16,11 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.util.Set;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialdescriptor">PublicKeyCredentialDescriptor</a>
@@ -29,7 +32,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class PublicKeyCredentialDescriptor {
+public final class PublicKeyCredentialDescriptor implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final PublicKeyCredentialType type;
 
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java
index b0cf592009c..1bdc880d30d 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,12 +16,14 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.function.Consumer;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
@@ -32,7 +34,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class PublicKeyCredentialRequestOptions {
+public final class PublicKeyCredentialRequestOptions implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final Bytes challenge;
 
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java
index 57f1c6ec463..e00b7f1c75e 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * The <a href=
  * "https://www.w3.org/TR/webauthn-3/#enum-credentialType">PublicKeyCredentialType</a>
@@ -24,7 +28,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class PublicKeyCredentialType {
+public final class PublicKeyCredentialType implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	/**
 	 * The only credential type that currently exists.
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java b/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java
index adc915015b5..ca331118288 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#enumdef-userverificationrequirement">UserVerificationRequirement</a>
@@ -24,7 +28,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class UserVerificationRequirement {
+public final class UserVerificationRequirement implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	/**
 	 * The <a href=