Add PRF extension

Author: fdennis

webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java

@@ -30,6 +30,7 @@
 import com.yubico.webauthn.RelyingParty;
 import com.yubico.webauthn.StartAssertionOptions;
 import com.yubico.webauthn.extension.appid.AppId;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Optional;
 import java.util.Set;
@@ -55,15 +56,18 @@ public class AssertionExtensionInputs implements ExtensionInputs {
 
   private final AppId appid;
   private final Extensions.LargeBlob.LargeBlobAuthenticationInput largeBlob;
+  private final Extensions.Prf.PrfAuthenticationInput prf;
   private final Boolean uvm;
 
   @JsonCreator
   private AssertionExtensionInputs(
       @JsonProperty("appid") AppId appid,
       @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobAuthenticationInput largeBlob,
+      @JsonProperty("prf") Extensions.Prf.PrfAuthenticationInput prf,
       @JsonProperty("uvm") Boolean uvm) {
     this.appid = appid;
     this.largeBlob = largeBlob;
+    this.prf = prf;
     this.uvm = (uvm != null && uvm) ? true : null;
   }
 
@@ -78,6 +82,7 @@ public AssertionExtensionInputs merge(AssertionExtensionInputs other) {
     return new AssertionExtensionInputs(
         this.appid != null ? this.appid : other.appid,
         this.largeBlob != null ? this.largeBlob : other.largeBlob,
+        this.prf != null ? this.prf : other.prf,
         this.uvm != null ? this.uvm : other.uvm);
   }
 
@@ -95,6 +100,9 @@ public Set<String> getExtensionIds() {
     if (largeBlob != null) {
       ids.add(Extensions.LargeBlob.EXTENSION_ID);
     }
+    if (prf != null) {
+      ids.add(Extensions.Prf.EXTENSION_ID);
+    }
     if (getUvm()) {
       ids.add(Extensions.Uvm.EXTENSION_ID);
     }
@@ -172,6 +180,38 @@ public AssertionExtensionInputsBuilder largeBlob(
       return this;
     }
 
+    /**
+     * Enable the Pseudo-random function extension (<code>prf</code>).
+     *
+     * <p>Alias of <code>prf(new Extensions.Prf.PrfRegistrationInput(eval))
+     * </code>.
+     *
+     * @param eval an {@link Extensions.Prf.PrfValues} value to set as the <code>eval</code>
+     *     attribute of the <code>prf</code> extension input.
+     * @see #prf(Extensions.Prf.PrfRegistrationInput)
+     * @see <a
+     *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">§10.5.
+     *     Large blob storage extension (largeBlob)</a>
+     */
+    public AssertionExtensionInputsBuilder prf(
+        Extensions.Prf.PrfValues eval,
+        HashMap<PublicKeyCredentialDescriptor, Extensions.Prf.PrfValues> evalByCredential) {
+      this.prf = new Extensions.Prf.PrfAuthenticationInput(eval, evalByCredential);
+      return this;
+    }
+
+    /**
+     * Enable the Pseudo-random function extension (<code>prf</code>).
+     *
+     * @see <a
+     *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">§10.5.
+     *     Large blob storage extension (largeBlob)</a>
+     */
+    public AssertionExtensionInputsBuilder prf(Extensions.Prf.PrfAuthenticationInput prf) {
+      this.prf = prf;
+      return this;
+    }
+
     /**
      * Enable the User Verification Method Extension (<code>uvm</code>).
      *
@@ -233,6 +273,30 @@ private Extensions.LargeBlob.LargeBlobAuthenticationInput getLargeBlobJson() {
         : null;
   }
 
+  /**
+   * The input to the Pseudo-random function extension (<code>prf</code>).
+   *
+   * <p>This extension allows a Relying Party to evaluate outputs from a pseudo-random function
+   * (PRF) associated with a credential.
+   *
+   * @see Extensions.LargeBlob.LargeBlobAuthenticationInput#read()
+   * @see Extensions.LargeBlob.LargeBlobAuthenticationInput#write(ByteArray)
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">§10.5.
+   *     Large blob storage extension (largeBlob)</a>
+   */
+  public Optional<Extensions.Prf.PrfAuthenticationInput> getPrf() {
+    return Optional.ofNullable(prf);
+  }
+
+  /** For JSON serialization, to omit false and null values. */
+  @JsonProperty("prf")
+  private Extensions.Prf.PrfAuthenticationInput getPrfJson() {
+    return prf != null && (prf.getEval().isPresent() || prf.getEvalByCredential().isPresent())
+        ? prf
+        : null;
+  }
+
   /**
    * @return <code>true</code> if the User Verification Method Extension (<code>uvm</code>) is
    *     enabled, <code>false</code> otherwise.

webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java

@@ -66,12 +66,16 @@ public class ClientAssertionExtensionOutputs implements ClientExtensionOutputs {
 
   private final Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob;
 
+  private final Extensions.Prf.PrfAuthenticationOutput prf;
+
   @JsonCreator
   private ClientAssertionExtensionOutputs(
       @JsonProperty("appid") Boolean appid,
-      @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob) {
+      @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobAuthenticationOutput largeBlob,
+      @JsonProperty("prf") Extensions.Prf.PrfAuthenticationOutput prf) {
     this.appid = appid;
     this.largeBlob = largeBlob;
+    this.prf = prf;
   }
 
   @Override
@@ -84,6 +88,9 @@ public Set<String> getExtensionIds() {
     if (largeBlob != null) {
       ids.add(Extensions.LargeBlob.EXTENSION_ID);
     }
+    if (prf != null) {
+      ids.add(Extensions.Prf.EXTENSION_ID);
+    }
     return ids;
   }
 
@@ -114,6 +121,20 @@ public Optional<Extensions.LargeBlob.LargeBlobAuthenticationOutput> getLargeBlob
     return Optional.ofNullable(largeBlob);
   }
 
+  /**
+   * The extension output for the <a
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">Large blob
+   * storage (<code>largeBlob</code>) extension</a>, if any.
+   *
+   * @see com.yubico.webauthn.data.Extensions.Prf.PrfRegistrationOutput
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">§10.5.Large
+   *     blob storage extension (largeBlob)</a>
+   */
+  public Optional<Extensions.Prf.PrfAuthenticationOutput> getPrf() {
+    return Optional.ofNullable(prf);
+  }
+
   public static class ClientAssertionExtensionOutputsBuilder {
 
     /**

webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java

@@ -58,15 +58,19 @@ public class ClientRegistrationExtensionOutputs implements ClientExtensionOutput
 
   private final Extensions.LargeBlob.LargeBlobRegistrationOutput largeBlob;
 
+  private final Extensions.Prf.PrfRegistrationOutput prf;
+
   @JsonCreator
   private ClientRegistrationExtensionOutputs(
       @JsonProperty("appidExclude") Boolean appidExclude,
       @JsonProperty("credProps")
           Extensions.CredentialProperties.CredentialPropertiesOutput credProps,
-      @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobRegistrationOutput largeBlob) {
+      @JsonProperty("largeBlob") Extensions.LargeBlob.LargeBlobRegistrationOutput largeBlob,
+      @JsonProperty("prf") Extensions.Prf.PrfRegistrationOutput prf) {
     this.appidExclude = appidExclude;
     this.credProps = credProps;
     this.largeBlob = largeBlob;
+    this.prf = prf;
   }
 
   @Override
@@ -82,6 +86,9 @@ public Set<String> getExtensionIds() {
     if (largeBlob != null) {
       ids.add(Extensions.LargeBlob.EXTENSION_ID);
     }
+    if (prf != null) {
+      ids.add(Extensions.Prf.EXTENSION_ID);
+    }
     return ids;
   }
 
@@ -127,4 +134,16 @@ public Optional<Extensions.CredentialProperties.CredentialPropertiesOutput> getC
   public Optional<Extensions.LargeBlob.LargeBlobRegistrationOutput> getLargeBlob() {
     return Optional.ofNullable(largeBlob);
   }
+
+  /**
+   * The extension output for the Pseudo-random function (<code>prf</code>), if any.
+   *
+   * @see com.yubico.webauthn.data.Extensions.Prf.PrfRegistrationOutput
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-large-blob-extension">§10.5.Large
+   *     blob storage extension (largeBlob)</a>
+   */
+  public Optional<Extensions.Prf.PrfRegistrationOutput> getPrf() {
+    return Optional.ofNullable(prf);
+  }
 }