Remove U2F AppId config environment variable

The setting fell back to a default value when not set, which could
cause domain mismatch issues. The features that used this were removed
in commit 1f823bc, so there's little
reason to keep this configuration setting.

Author: emlun

webauthn-server-demo/src/main/java/demo/webauthn/Config.java

@@ -26,13 +26,10 @@
 
 import com.yubico.internal.util.CollectionUtil;
 import com.yubico.webauthn.data.RelyingPartyIdentity;
-import com.yubico.webauthn.extension.appid.AppId;
-import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import java.net.MalformedURLException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Optional;
 import java.util.Set;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -49,26 +46,21 @@ public class Config {
   private final Set<String> origins;
   private final int port;
   private final RelyingPartyIdentity rpIdentity;
-  private final Optional<AppId> appId;
 
-  private Config(
-      Set<String> origins, int port, RelyingPartyIdentity rpIdentity, Optional<AppId> appId) {
+  private Config(Set<String> origins, int port, RelyingPartyIdentity rpIdentity) {
     this.origins = CollectionUtil.immutableSet(origins);
     this.port = port;
     this.rpIdentity = rpIdentity;
-    this.appId = appId;
   }
 
   private static Config instance;
 
   private static Config getInstance() {
     if (instance == null) {
       try {
-        instance = new Config(computeOrigins(), computePort(), computeRpIdentity(), computeAppId());
+        instance = new Config(computeOrigins(), computePort(), computeRpIdentity());
       } catch (MalformedURLException e) {
         throw new RuntimeException(e);
-      } catch (InvalidAppIdException e) {
-        throw new RuntimeException(e);
       }
     }
     return instance;
@@ -86,10 +78,6 @@ public static RelyingPartyIdentity getRpIdentity() {
     return getInstance().rpIdentity;
   }
 
-  public static Optional<AppId> getAppId() {
-    return getInstance().appId;
-  }
-
   private static Set<String> computeOrigins() {
     final String origins = System.getenv("YUBICO_WEBAUTHN_ALLOWED_ORIGINS");
 
@@ -143,14 +131,4 @@ private static RelyingPartyIdentity computeRpIdentity() throws MalformedURLExcep
     logger.info("RP identity: {}", result);
     return result;
   }
-
-  private static Optional<AppId> computeAppId() throws InvalidAppIdException {
-    final String appId = System.getenv("YUBICO_WEBAUTHN_U2F_APPID");
-    logger.debug("YUBICO_WEBAUTHN_U2F_APPID: {}", appId);
-
-    AppId result = appId == null ? new AppId("https://localhost:8443") : new AppId(appId);
-
-    logger.debug("U2F AppId: {}", result.getId());
-    return Optional.of(result);
-  }
 }

webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java

@@ -60,7 +60,6 @@
 import com.yubico.webauthn.data.exception.Base64UrlException;
 import com.yubico.webauthn.exception.AssertionFailedException;
 import com.yubico.webauthn.exception.RegistrationFailedException;
-import com.yubico.webauthn.extension.appid.AppId;
 import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import demo.webauthn.data.AssertionRequestWrapper;
 import demo.webauthn.data.AssertionResponse;
@@ -123,17 +122,15 @@ public WebAuthnServer()
         newCache(),
         newCache(),
         Config.getRpIdentity(),
-        Config.getOrigins(),
-        Config.getAppId());
+        Config.getOrigins());
   }
 
   public WebAuthnServer(
       InMemoryRegistrationStorage userStorage,
       Cache<ByteArray, RegistrationRequest> registerRequestStorage,
       Cache<ByteArray, AssertionRequestWrapper> assertRequestStorage,
       RelyingPartyIdentity rpIdentity,
-      Set<String> origins,
-      Optional<AppId> appId)
+      Set<String> origins)
       throws InvalidAppIdException, CertificateException, CertPathValidatorException,
           InvalidAlgorithmParameterException, Base64UrlException, DigestException,
           FidoMetadataDownloaderException, UnexpectedLegalHeader, IOException,
@@ -153,7 +150,6 @@ public WebAuthnServer(
             .allowOriginSubdomain(false)
             .allowUntrustedAttestation(true)
             .validateSignatureCounter(true)
-            .appId(appId)
             .build();
   }
 

webauthn-server-demo/src/test/scala/demo/webauthn/WebAuthnServerSpec.scala

@@ -38,7 +38,6 @@ import com.yubico.webauthn.data.Generators.arbitraryAuthenticatorTransport
 import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions
 import com.yubico.webauthn.data.RelyingPartyIdentity
 import com.yubico.webauthn.data.ResidentKeyRequirement
-import com.yubico.webauthn.extension.appid.AppId
 import demo.webauthn.data.AssertionRequestWrapper
 import demo.webauthn.data.CredentialRegistration
 import demo.webauthn.data.RegistrationRequest
@@ -72,7 +71,6 @@ class WebAuthnServerSpec
   private val rpId =
     RelyingPartyIdentity.builder().id("localhost").name("Test party").build()
   private val origins = Set("localhost").asJava
-  private val appId = Optional.empty[AppId]
 
   describe("WebAuthnServer") {
 
@@ -176,7 +174,6 @@ class WebAuthnServerSpec
           newCache(),
           rpId,
           Set("https://localhost").asJava,
-          appId,
         )
 
         val (cred, keypair) = {
@@ -292,7 +289,6 @@ class WebAuthnServerSpec
           assertionRequests,
           rpId,
           origins,
-          appId,
         )
       }
     }
@@ -340,7 +336,6 @@ class WebAuthnServerSpec
       newCache(),
       rpId,
       origins,
-      appId,
     )
   }
 
@@ -400,7 +395,6 @@ class WebAuthnServerSpec
       newCache(),
       rpId,
       origins,
-      appId,
     )
   }