Merge branch 'release-2.5.0' into fido-mds-no-verify-cache

Author: emlun

NEWS

@@ -2,6 +2,13 @@
 
 `webauthn-server-core`:
 
+Breaking changes to experimental features:
+
+* Added Jackson annotation `@JsonProperty` to method
+  `RegisteredCredential.isBackedUp()`, changing the property name from
+  `backedUp` to `backupState`. `backedUp` is still accepted during
+  deserialization but will no longer be emitted during serialization.
+
 New features:
 
 * Added method `.isUserVerified()` to `RegistrationResult` and `AssertionResult`
@@ -18,6 +25,11 @@ New features:
   from cache or when explicitly given. Default setting is `false`, which
   preserves the previous behaviour.
 
+Fixes:
+
+* Made Jackson setting `PROPAGATE_TRANSIENT_MARKER` unnecessary for JSON
+  serialization with Jackson version 2.15.0-rc1 and later.
+
 
 == Version 2.4.1 ==
 

webauthn-server-core/build.gradle.kts

@@ -26,6 +26,7 @@ dependencies {
   testImplementation(platform(project(":test-platform")))
   testImplementation(project(":yubico-util-scala"))
   testImplementation("com.fasterxml.jackson.core:jackson-databind")
+  testImplementation("com.fasterxml.jackson.datatype:jackson-datatype-jdk8")
   testImplementation("com.upokecenter:cbor")
   testImplementation("junit:junit")
   testImplementation("org.bouncycastle:bcpkix-jdk18on")

webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java

@@ -24,6 +24,7 @@
 
 package com.yubico.webauthn;
 
+import com.fasterxml.jackson.annotation.JsonAlias;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.yubico.webauthn.data.AttestedCredentialData;
@@ -153,7 +154,7 @@ private RegisteredCredential(
       @NonNull @JsonProperty("publicKeyCose") ByteArray publicKeyCose,
       @JsonProperty("signatureCount") long signatureCount,
       @JsonProperty("backupEligible") Boolean backupEligible,
-      @JsonProperty("backupState") Boolean backupState) {
+      @JsonProperty("backupState") @JsonAlias("backedUp") Boolean backupState) {
     this.credentialId = credentialId;
     this.userHandle = userHandle;
     this.publicKeyCose = publicKeyCose;
@@ -183,6 +184,7 @@ private RegisteredCredential(
    *     the standard matures.
    */
   @Deprecated
+  @JsonProperty("backupEligible")
   public Optional<Boolean> isBackupEligible() {
     return Optional.ofNullable(backupEligible);
   }
@@ -206,6 +208,7 @@ public Optional<Boolean> isBackupEligible() {
    *     the standard matures.
    */
   @Deprecated
+  @JsonProperty("backupState")
   public Optional<Boolean> isBackedUp() {
     return Optional.ofNullable(backupState);
   }

webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttestationResponse.java

@@ -82,7 +82,10 @@ public class AuthenticatorAttestationResponse implements AuthenticatorResponse {
   private final SortedSet<AuthenticatorTransport> transports;
 
   /** The {@link #attestationObject} parsed as a domain object. */
-  @NonNull @JsonIgnore private final transient AttestationObject attestation;
+  @NonNull
+  @JsonIgnore
+  @Getter(onMethod = @__({@JsonIgnore}))
+  private final transient AttestationObject attestation;
 
   @NonNull
   @JsonIgnore

webauthn-server-core/src/test/scala/com/yubico/webauthn/Generators.scala

@@ -73,13 +73,21 @@ object Generators {
           userHandle <- arbitrary[ByteArray]
           publicKeyCose <- arbitrary[ByteArray]
           signatureCount <- arbitrary[Int]
-        } yield RegisteredCredential
-          .builder()
-          .credentialId(credentialId)
-          .userHandle(userHandle)
-          .publicKeyCose(publicKeyCose)
-          .signatureCount(signatureCount)
-          .build()
+          backupFlags <- Gen.option(arbitraryBackupFlags.arbitrary)
+        } yield {
+          val b = RegisteredCredential
+            .builder()
+            .credentialId(credentialId)
+            .userHandle(userHandle)
+            .publicKeyCose(publicKeyCose)
+            .signatureCount(signatureCount)
+          backupFlags.foreach({
+            case ((be, bs)) =>
+              b.backupEligible(be)
+              b.backupState(bs)
+          })
+          b.build()
+        }
       )
     )
 

webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala

@@ -273,13 +273,16 @@ object Generators {
       )
     )
 
+  val arbitraryBackupFlags: Arbitrary[(Boolean, Boolean)] = Arbitrary(
+    arbitrary[(Boolean, Boolean)].map({ case (be, bs) => (be, be && bs) })
+  )
+
   def authenticatorDataBytes(
       extensionsGen: Gen[Option[CBORObject]],
       rpIdHashGen: Gen[ByteArray] = byteArray(32),
       upFlagGen: Gen[Boolean] = Gen.const(true),
       uvFlagGen: Gen[Boolean] = arbitrary[Boolean],
-      backupFlagsGen: Gen[(Boolean, Boolean)] =
-        arbitrary[(Boolean, Boolean)].map({ case (be, bs) => (be, be && bs) }),
+      backupFlagsGen: Gen[(Boolean, Boolean)] = arbitraryBackupFlags.arbitrary,
       signatureCountGen: Gen[ByteArray] = byteArray(4),
   ): Gen[ByteArray] =
     halfsized(

webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala

@@ -27,8 +27,11 @@ package com.yubico.webauthn.data
 import com.fasterxml.jackson.core.`type`.TypeReference
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.databind.exc.ValueInstantiationException
+import com.fasterxml.jackson.databind.json.JsonMapper
+import com.fasterxml.jackson.databind.node.BooleanNode
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.databind.node.TextNode
+import com.fasterxml.jackson.datatype.jdk8.Jdk8Module
 import com.yubico.internal.util.JacksonCodecs
 import com.yubico.webauthn.AssertionRequest
 import com.yubico.webauthn.AssertionResult
@@ -54,7 +57,11 @@ class JsonIoSpec
     with Matchers
     with ScalaCheckDrivenPropertyChecks {
 
-  def json: ObjectMapper = JacksonCodecs.json()
+  val json: ObjectMapper =
+    JsonMapper
+      .builder()
+      .addModule(new Jdk8Module())
+      .build()
 
   describe("The class") {
 
@@ -533,4 +540,23 @@ class JsonIoSpec
     }
   }
 
+  describe("The class RegisteredCredential") {
+    it("""does not have a "backedUp" property when newly serialized.""") {
+      forAll { cred: RegisteredCredential =>
+        val tree = json.valueToTree(cred).asInstanceOf[ObjectNode]
+        tree.has("backedUp") should be(false)
+      }
+    }
+
+    it("""can be parsed with the previous "backedUp" property name.""") {
+      forAll { cred: RegisteredCredential =>
+        val tree = json.valueToTree(cred).asInstanceOf[ObjectNode]
+        tree.set[ObjectNode]("backedUp", BooleanNode.TRUE)
+        tree.remove("backupState")
+        val cred2 = json.treeToValue(tree, classOf[RegisteredCredential])
+        cred2.isBackedUp.toScala should equal(Some(true))
+      }
+    }
+  }
+
 }

yubico-util/src/main/java/com/yubico/internal/util/JacksonCodecs.java

@@ -3,9 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.fasterxml.jackson.core.Base64Variants;
 import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.MapperFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
@@ -23,8 +21,6 @@ public static ObjectMapper cbor() {
   public static ObjectMapper json() {
     return JsonMapper.builder()
         .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true)
-        .configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false)
-        .configure(MapperFeature.PROPAGATE_TRANSIENT_MARKER, true)
         .serializationInclusion(Include.NON_ABSENT)
         .defaultBase64Variant(Base64Variants.MODIFIED_FOR_URL)
         .addModule(new Jdk8Module())