Add AttestationConveyancePreference.ENTERPRISE

emlun · emlun · commit f1d7dd2cbe53 · 2022-09-14T16:49:57.000+02:00
diff --git a/NEWS b/NEWS
@@ -27,6 +27,7 @@ New features:
   some JCA providers to accept attestation certificates with critical
   certificate policy extensions. See the JavaDoc for
   `TrustRootsResultBuilder.policyTreeValidator(Predicate)` for more information.
+* Added enum value `AttestationConveyancePreference.ENTERPRISE`.
 * (Experimental) Added constant `AuthenticatorTransport.HYBRID`.
 
 Fixes:
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
@@ -73,7 +73,20 @@ public enum AttestationConveyancePreference {
    * Indicates that the Relying Party wants to receive the attestation statement as generated by the
    * authenticator.
    */
-  DIRECT("direct");
+  DIRECT("direct"),
+
+  /**
+   * This value indicates that the Relying Party wants to receive an attestation statement that may
+   * include uniquely identifying information. This is intended for controlled deployments within an
+   * enterprise where the organization wishes to tie registrations to specific authenticators. User
+   * agents MUST NOT provide such an attestation unless the user agent or authenticator
+   * configuration permits it for the requested RP ID.
+   *
+   * <p>If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that
+   * enterprise attestation is requested, and convey the resulting AAGUID and attestation statement,
+   * unaltered, to the Relying Party.
+   */
+  ENTERPRISE("enterprise");
 
   @JsonValue @Getter @NonNull private final String value;
 
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/EnumsSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/EnumsSpec.scala
@@ -22,6 +22,34 @@ class EnumsSpec
 
   describe("AttestationConveyancePreference") {
     describe("can be parsed from JSON") {
+      it("""value: "none"""") {
+        json.readValue(
+          "\"none\"",
+          classOf[AttestationConveyancePreference],
+        ) should be theSameInstanceAs AttestationConveyancePreference.NONE
+      }
+
+      it("""value: "indirect"""") {
+        json.readValue(
+          "\"indirect\"",
+          classOf[AttestationConveyancePreference],
+        ) should be theSameInstanceAs AttestationConveyancePreference.INDIRECT
+      }
+
+      it("""value: "direct"""") {
+        json.readValue(
+          "\"direct\"",
+          classOf[AttestationConveyancePreference],
+        ) should be theSameInstanceAs AttestationConveyancePreference.DIRECT
+      }
+
+      it("""value: "enterprise"""") {
+        json.readValue(
+          "\"enterprise\"",
+          classOf[AttestationConveyancePreference],
+        ) should be theSameInstanceAs AttestationConveyancePreference.ENTERPRISE
+      }
+
       it("but throws IllegalArgumentException for unknown values.") {
         val result = Try(
           json.readValue("\"foo\"", classOf[AttestationConveyancePreference])
