Added credProps.authenticatorDisplayName

Author: fdennis

NEWS

@@ -51,6 +51,9 @@ New features:
 * (Experimental) Added property `RegisteredCredential.transports`.
  ** NOTE: Experimental features may receive breaking changes without a major
     version increase.
+* (Experimental) Added property `credProps.authenticatorDisplayName`.
+ ** NOTE: Experimental features may receive breaking changes without a major
+    version increase.
 
 
 == Version 2.5.2 ==

webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java

@@ -30,17 +30,7 @@
 import com.yubico.internal.util.CertificateParser;
 import com.yubico.webauthn.RelyingParty.RelyingPartyBuilder;
 import com.yubico.webauthn.attestation.AttestationTrustSource;
-import com.yubico.webauthn.data.AttestationType;
-import com.yubico.webauthn.data.AuthenticatorAttachment;
-import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
-import com.yubico.webauthn.data.AuthenticatorData;
-import com.yubico.webauthn.data.AuthenticatorDataFlags;
-import com.yubico.webauthn.data.AuthenticatorRegistrationExtensionOutputs;
-import com.yubico.webauthn.data.AuthenticatorResponse;
-import com.yubico.webauthn.data.ByteArray;
-import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
-import com.yubico.webauthn.data.PublicKeyCredential;
-import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
+import com.yubico.webauthn.data.*;
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
@@ -367,6 +357,30 @@ public Optional<Boolean> isDiscoverable() {
         .flatMap(credProps -> credProps.getRk());
   }
 
+  /**
+   * Retrieve a suitable nickname for this credential, if one is available.
+   *
+   * <p>This returns the <code>authenticatorDisplayName</code> output from the <a
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-authenticator-credential-properties-extension">
+   * <code>credProps</code></a> extension.
+   *
+   * @return A user-chosen or vendor-default display name for the credential, if available.
+   *     Otherwise empty.
+   * @see <a
+   *     href="https://w3c.github.io/webauthn/#dom-credentialpropertiesoutput-authenticatordisplayname">§10.1.3.
+   *     Credential Properties Extension (credProps), "authenticatorDisplayName" output</a>
+   * @see Extensions.CredentialProperties.CredentialPropertiesOutput#getAuthenticatorDisplayName()
+   * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change as
+   *     the standard matures.
+   */
+  @JsonIgnore
+  @Deprecated
+  public Optional<String> getAuthenticatorDisplayName() {
+    return getClientExtensionOutputs()
+        .flatMap(outputs -> outputs.getCredProps())
+        .flatMap(credProps -> credProps.getAuthenticatorDisplayName());
+  }
+
   /**
    * The <a
    * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#attestation-trust-path">attestation

webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java

@@ -6,6 +6,7 @@
 import com.fasterxml.jackson.annotation.JsonValue;
 import com.upokecenter.cbor.CBORObject;
 import com.upokecenter.cbor.CBORType;
+import com.yubico.webauthn.RegistrationResult;
 import com.yubico.webauthn.StartRegistrationOptions;
 import com.yubico.webauthn.extension.uvm.KeyProtectionType;
 import com.yubico.webauthn.extension.uvm.MatcherProtectionType;
@@ -71,9 +72,15 @@ public static class CredentialPropertiesOutput {
       @JsonProperty("rk")
       private final Boolean rk;
 
+      @JsonProperty("authenticatorDisplayName")
+      private final String authenticatorDisplayName;
+
       @JsonCreator
-      private CredentialPropertiesOutput(@JsonProperty("rk") Boolean rk) {
+      private CredentialPropertiesOutput(
+          @JsonProperty("rk") Boolean rk,
+          @JsonProperty("authenticatorDisplayName") String authenticatorDisplayName) {
         this.rk = rk;
+        this.authenticatorDisplayName = authenticatorDisplayName;
       }
 
       /**
@@ -105,6 +112,24 @@ private CredentialPropertiesOutput(@JsonProperty("rk") Boolean rk) {
       public Optional<Boolean> getRk() {
         return Optional.ofNullable(rk);
       }
+
+      /**
+       * This OPTIONAL property is a human-palatable description of the credential's managing
+       * authenticator, chosen by the user.
+       *
+       * <p>If the RP includes an <code>[$credential record/authenticatorDisplayName$]</code>
+       * [=struct/item=] in [=credential records=], the [=[RP]=] MAY offer this value, if present,
+       * as a default value for the <code>[$credential record/authenticatorDisplayName$]</code> of
+       * the new [=credential record=].
+       *
+       * @see RegistrationResult#getAuthenticatorDisplayName()
+       * @deprecated EXPERIMENTAL: This feature is from a not yet mature standard; it could change
+       *     as the standard matures.
+       */
+      @Deprecated
+      public Optional<String> getAuthenticatorDisplayName() {
+        return Optional.ofNullable(authenticatorDisplayName);
+      }
     }
   }
 

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala

@@ -4289,6 +4289,51 @@ class RelyingPartyRegistrationSpec
         }
       }
 
+      describe("expose the credProps.authenticatorDisplayName extension output as RegistrationResult.getAuthenticatorDisplayName()") {
+        val testDataBase = RegistrationTestData.Packed.BasicAttestation
+        val testData = testDataBase.copy(requestedExtensions =
+          testDataBase.request.getExtensions.toBuilder.credProps().build()
+        )
+
+        it("""when set to "hej".""") {
+          val result = rp.finishRegistration(
+            FinishRegistrationOptions
+              .builder()
+              .request(testData.request)
+              .response(
+                testData.response.toBuilder
+                  .clientExtensionResults(
+                    ClientRegistrationExtensionOutputs
+                      .builder()
+                      .credProps(
+                        CredentialPropertiesOutput
+                          .builder()
+                          .authenticatorDisplayName("hej")
+                          .build()
+                      )
+                      .build()
+                  )
+                  .build()
+              )
+              .build()
+          )
+
+          result.getAuthenticatorDisplayName.toScala should equal(Some("hej"))
+        }
+
+        it("when not available.") {
+          val result = rp.finishRegistration(
+            FinishRegistrationOptions
+              .builder()
+              .request(testData.request)
+              .response(testData.response)
+              .build()
+          )
+
+          result.getAuthenticatorDisplayName.toScala should equal(None)
+        }
+      }
+
       describe("support the largeBlob extension") {
         it("being enabled at registration time.") {
           val testData = RegistrationTestData.Packed.BasicAttestation

webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala

@@ -867,8 +867,14 @@ object Generators {
     object CredProps {
       def credentialPropertiesOutput: Gen[CredentialPropertiesOutput] =
         for {
-          rk <- arbitrary[Boolean]
-        } yield CredentialPropertiesOutput.builder().rk(rk).build()
+          rk <- arbitrary[Option[Boolean]]
+          authenticatorDisplayName <- arbitrary[Option[String]]
+        } yield {
+          val b = CredentialPropertiesOutput.builder()
+          rk.foreach(b.rk(_))
+          authenticatorDisplayName.foreach(b.authenticatorDisplayName)
+          b.build()
+        }
     }
 
     object LargeBlob {