Fix incorrect javadoc on AssertionResult.signatureCounterValid

Author: emlun

NEWS

@@ -5,6 +5,8 @@
   - CVE-2020-10672
   - CVE-2020-10969
   - CVE-2020-11620
+- Fixed incorrect JavaDoc on AssertionResult.isSignatureCounterValid(): it will
+  also return true if both counters are zero.
 
 
 == Version 1.6.2 ==

webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResult.java

@@ -91,8 +91,13 @@ public class AssertionResult {
     private final long signatureCount;
 
     /**
-     * <code>true</code> if and only if the {@link AuthenticatorData#getSignatureCounter() signature counter value}
-     * in the assertion was strictly greater than {@link RegisteredCredential#getSignatureCount() the stored one}.
+     * <code>true</code> if and only if at least one of the following is true:
+     * <ul>
+     *   <li>The {@link AuthenticatorData#getSignatureCounter() signature counter value} in the assertion was strictly
+     *   greater than {@link RegisteredCredential#getSignatureCount() the stored one}.</li>
+     *   <li>The {@link AuthenticatorData#getSignatureCounter() signature counter value} in the assertion and
+     *   {@link RegisteredCredential#getSignatureCount() the stored one} were both zero.</li>
+     * </ul>
      *
      * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sec-authenticator-data">§6.1. Authenticator
      * Data</a>