Update spec URLs to Level 2 where appropriate

Author: emlun

test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/meta/VersionInfoTest.java

@@ -19,7 +19,7 @@ public void specPropertiesAreSet() {
     final Specification spec = versionInfo.getSpecification();
     assertTrue(spec.getLatestVersionUrl().toExternalForm().startsWith("https://"));
     assertTrue(spec.getUrl().toExternalForm().startsWith("https://"));
-    assertTrue(spec.getReleaseDate().isAfter(LocalDate.of(2021, 2, 24)));
+    assertTrue(!spec.getReleaseDate().isBefore(LocalDate.of(2021, 4, 8)));
     assertNotNull(spec.getStatus());
   }
 

webauthn-server-core/build.gradle

@@ -54,13 +54,13 @@ jar {
   manifest {
     attributes([
       'Specification-Title': 'Web Authentication: An API for accessing Public Key Credentials',
-      'Specification-Version': 'Level 2 Proposed Recommendation 2021-02-25',
+      'Specification-Version': 'Level 2 Proposed Recommendation 2021-04-08',
       'Specification-Vendor': 'World Wide Web Consortium',
 
-      'Specification-Url': 'https://www.w3.org/TR/2021/PR-webauthn-2-20210225/',
+      'Specification-Url': 'https://www.w3.org/TR/2021/REC-webauthn-2-20210408/',
       'Specification-Url-Latest': 'https://www.w3.org/TR/webauthn-2/',
-      'Specification-W3c-Status': 'proposed-recommendation',
-      'Specification-Release-Date': '2021-02-25',
+      'Specification-W3c-Status': 'recommendation',
+      'Specification-Release-Date': '2021-04-08',
 
       'Implementation-Id': 'java-webauthn-server',
       'Implementation-Title': 'Yubico Web Authentication server library',

webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionRequest.java

@@ -51,7 +51,7 @@ public class AssertionRequest {
    * The username of the user to authenticate, if the user has already been identified.
    *
    * <p>If this is absent, this indicates that this is a request for an assertion by a <a
-   * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#client-side-resident-public-key-credential-source">client-side-resident
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-side-discoverable-public-key-credential-source">client-side-resident
    * credential</a>, and identification of the user has been deferred until the response is
    * received.
    */
@@ -70,7 +70,7 @@ private AssertionRequest(
    * The username of the user to authenticate, if the user has already been identified.
    *
    * <p>If this is absent, this indicates that this is a request for an assertion by a <a
-   * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#client-side-resident-public-key-credential-source">client-side-resident
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-side-discoverable-public-key-credential-source">client-side-resident
    * credential</a>, and identification of the user has been deferred until the response is
    * received.
    */
@@ -120,7 +120,7 @@ public AssertionRequestBuilder publicKeyCredentialRequestOptions(
      * The username of the user to authenticate, if the user has already been identified.
      *
      * <p>If this is absent, this indicates that this is a request for an assertion by a <a
-     * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#client-side-resident-public-key-credential-source">client-side-resident
+     * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-side-discoverable-public-key-credential-source">client-side-resident
      * credential</a>, and identification of the user has been deferred until the response is
      * received.
      */
@@ -132,7 +132,7 @@ public AssertionRequestBuilder username(@NonNull Optional<String> username) {
      * The username of the user to authenticate, if the user has already been identified.
      *
      * <p>If this is absent, this indicates that this is a request for an assertion by a <a
-     * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#client-side-resident-public-key-credential-source">client-side-resident
+     * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-side-discoverable-public-key-credential-source">client-side-resident
      * credential</a>, and identification of the user has been deferred until the response is
      * received.
      */

webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResult.java

@@ -48,19 +48,20 @@ public class AssertionResult {
   private final boolean success;
 
   /**
-   * The <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">credential ID</a>
-   * of the credential used for the assertion.
+   * The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">credential
+   * ID</a> of the credential used for the assertion.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">Credential ID</a>
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">Credential
+   *     ID</a>
    * @see PublicKeyCredentialRequestOptions#getAllowCredentials()
    */
   @NonNull private final ByteArray credentialId;
 
   /**
-   * The <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#user-handle">user handle</a> of
-   * the authenticated user.
+   * The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">user handle</a>
+   * of the authenticated user.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#user-handle">User Handle</a>
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">User Handle</a>
    * @see UserIdentity#getId()
    * @see #getUsername()
    */
@@ -74,7 +75,7 @@ public class AssertionResult {
   @NonNull private final String username;
 
   /**
-   * The new <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#signcount">signature
+   * The new <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#signcount">signature
    * count</a> of the credential used for the assertion.
    *
    * <p>You should update this value in your database.
@@ -95,7 +96,8 @@ public class AssertionResult {
    *       zero.
    * </ul>
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sec-authenticator-data">§6.1.
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-authenticator-data">§6.1.
    *     Authenticator Data</a>
    * @see AuthenticatorData#getSignatureCounter()
    * @see RegisteredCredential#getSignatureCount()

webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionOptions.java

@@ -45,7 +45,7 @@ public class FinishAssertionOptions {
    * The client's response to the {@link #getRequest() request}.
    *
    * @see <a
-   *     href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#getAssertion">navigator.credentials.get()</a>
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-getAssertion">navigator.credentials.get()</a>
    */
   @NonNull
   private final PublicKeyCredential<AuthenticatorAssertionResponse, ClientAssertionExtensionOutputs>

webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationOptions.java

@@ -46,7 +46,7 @@ public class FinishRegistrationOptions {
    * The client's response to the {@link #getRequest() request}.
    *
    * <p><a
-   * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#createCredential">navigator.credentials.create()</a>
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-createCredential">navigator.credentials.create()</a>
    */
   @NonNull
   private final PublicKeyCredential<

webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java

@@ -324,7 +324,7 @@ public boolean verifyX5cRequirements(X509Certificate cert, ByteArray aaguid) {
 
   /**
    * Parses an AAGUID into bytes. Refer to <a
-   * href="https://www.w3.org/TR/webauthn/#sctn-packed-attestation-cert-requirements">Packed
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-packed-attestation-cert-requirements">Packed
    * Attestation Statement Certificate Requirements</a> on the W3C web site for details of the ASN.1
    * structure that this method parses.
    *

webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java

@@ -48,20 +48,21 @@
 public final class RegisteredCredential {
 
   /**
-   * The <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">credential ID</a>
-   * of the credential.
+   * The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">credential
+   * ID</a> of the credential.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">Credential ID</a>
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">Credential
+   *     ID</a>
    * @see RegistrationResult#getKeyId()
    * @see PublicKeyCredentialDescriptor#getId()
    */
   @NonNull private final ByteArray credentialId;
 
   /**
-   * The <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#user-handle">user handle</a> of
-   * the user the credential is registered to.
+   * The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">user handle</a>
+   * of the user the credential is registered to.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#user-handle">User Handle</a>
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">User Handle</a>
    * @see UserIdentity#getId()
    */
   @NonNull private final ByteArray userHandle;
@@ -79,13 +80,14 @@ public final class RegisteredCredential {
   @NonNull private final ByteArray publicKeyCose;
 
   /**
-   * The stored <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#signcount">signature
+   * The stored <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#signcount">signature
    * count</a> of the credential.
    *
    * <p>This is used to validate the {@link AuthenticatorData#getSignatureCounter() signature
    * counter} in authentication assertions.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sec-authenticator-data">§6.1.
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-authenticator-data">§6.1.
    *     Authenticator Data</a>
    * @see AuthenticatorData#getSignatureCounter()
    * @see AssertionResult#getSignatureCount()

webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java

@@ -47,13 +47,15 @@
 public class RegistrationResult {
 
   /**
-   * The <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">credential ID</a>
-   * and <a
-   * href="https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialdescriptor-transports">transports</a>
-   * of the created credential.
+   * The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">credential
+   * ID</a> and <a
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-publickeycredentialdescriptor-transports">transports</a>of
+   * the created credential.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#credential-id">Credential ID</a>
-   * @see <a href="https://www.w3.org/TR/webauthn-2/#dictionary-credential-descriptor">5.8.3.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">Credential
+   *     ID</a>
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dictionary-credential-descriptor">5.8.3.
    *     Credential Descriptor (dictionary PublicKeyCredentialDescriptor)</a>
    * @see PublicKeyCredential#getId()
    */
@@ -69,12 +71,13 @@ public class RegistrationResult {
 
   /**
    * The attestation type <a
-   * href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation-types">§6.4.3.
+   * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation-types">§6.4.3.
    * Attestation Types</a> that was used for the created credential.
    *
    * <p>You can ignore this if authenticator attestation is not relevant to your application.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation-types">§6.4.3.
+   * @see <a
+   *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation-types">§6.4.3.
    *     Attestation Types</a>
    */
   @NonNull private final AttestationType attestationType;
@@ -110,7 +113,7 @@ public class RegistrationResult {
    * com.yubico.webauthn.RelyingParty.RelyingPartyBuilder#metadataService(Optional) metadataService}
    * in {@link RelyingParty}.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
    *     Attestation</a>
    * @see com.yubico.webauthn.RelyingParty.RelyingPartyBuilder#metadataService(Optional)
    */

webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java

@@ -150,7 +150,7 @@ public class RelyingParty {
    * <p>By default, this is not set.
    *
    * @see AssertionExtensionInputs#getAppid()
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-appid-extension">§10.1.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-appid-extension">§10.1.
    *     FIDO AppID Extension (appid)</a>
    */
   @NonNull private final Optional<AppId> appId;
@@ -169,7 +169,7 @@ public class RelyingParty {
    * <p>By default, this is not set.
    *
    * @see PublicKeyCredentialCreationOptions#getAttestation()
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
    *     Attestation</a>
    */
   @NonNull private final Optional<AttestationConveyancePreference> attestationConveyancePreference;
@@ -182,7 +182,7 @@ public class RelyingParty {
    * <p>By default, this is not set.
    *
    * @see PublicKeyCredentialCreationOptions#getAttestation()
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
    *     Attestation</a>
    */
   @NonNull private final Optional<MetadataService> metadataService;
@@ -203,7 +203,7 @@ public class RelyingParty {
    * </ol>
    *
    * @see PublicKeyCredentialCreationOptions#getAttestation()
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
    *     Attestation</a>
    */
   @Builder.Default @NonNull
@@ -306,7 +306,7 @@ public class RelyingParty {
    *
    * <p>The default is <code>false</code>.
    *
-   * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#extensions">§9. WebAuthn
+   * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-extensions">§9. WebAuthn
    *     Extensions</a>
    */
   @Builder.Default private final boolean allowUnrequestedExtensions = false;
@@ -561,7 +561,8 @@ public RelyingPartyBuilder credentialRepository(CredentialRepository credentialR
      * <p>By default, this is not set.
      *
      * @see AssertionExtensionInputs#getAppid()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-appid-extension">§10.1.
+     * @see <a
+     *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-appid-extension">§10.1.
      *     FIDO AppID Extension (appid)</a>
      */
     public RelyingPartyBuilder appId(@NonNull Optional<AppId> appId) {
@@ -581,7 +582,8 @@ public RelyingPartyBuilder appId(@NonNull Optional<AppId> appId) {
      * <p>By default, this is not set.
      *
      * @see AssertionExtensionInputs#getAppid()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-appid-extension">§10.1.
+     * @see <a
+     *     href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-appid-extension">§10.1.
      *     FIDO AppID Extension (appid)</a>
      */
     public RelyingPartyBuilder appId(@NonNull AppId appId) {
@@ -602,7 +604,7 @@ public RelyingPartyBuilder appId(@NonNull AppId appId) {
      * <p>By default, this is not set.
      *
      * @see PublicKeyCredentialCreationOptions#getAttestation()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+     * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
      *     Attestation</a>
      */
     public RelyingPartyBuilder attestationConveyancePreference(
@@ -625,7 +627,7 @@ public RelyingPartyBuilder attestationConveyancePreference(
      * <p>By default, this is not set.
      *
      * @see PublicKeyCredentialCreationOptions#getAttestation()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+     * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
      *     Attestation</a>
      */
     public RelyingPartyBuilder attestationConveyancePreference(
@@ -641,7 +643,7 @@ public RelyingPartyBuilder attestationConveyancePreference(
      * <p>By default, this is not set.
      *
      * @see PublicKeyCredentialCreationOptions#getAttestation()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+     * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
      *     Attestation</a>
      */
     public RelyingPartyBuilder metadataService(@NonNull Optional<MetadataService> metadataService) {
@@ -657,7 +659,7 @@ public RelyingPartyBuilder metadataService(@NonNull Optional<MetadataService> me
      * <p>By default, this is not set.
      *
      * @see PublicKeyCredentialCreationOptions#getAttestation()
-     * @see <a href="https://www.w3.org/TR/2019/PR-webauthn-20190117/#sctn-attestation">§6.4.
+     * @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation">§6.4.
      *     Attestation</a>
      */
     public RelyingPartyBuilder metadataService(@NonNull MetadataService metadataService) {