Extract slightly non-default test for YubiKey 5 NFC FIPS

emlun · emlun · commit fa5da9c49f76 · 2021-06-23T17:28:29.000+02:00
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyCeremoniesSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyCeremoniesSpec.scala
@@ -53,81 +53,86 @@ class RelyingPartyCeremoniesSpec
       .credentialRepository(credentialRepo)
       .build()
 
-  testWithEachProvider { it =>
-    describe("The default RelyingParty settings") {
+  private def createCheck(
+      modRp: RelyingParty => RelyingParty = identity
+  )(testData: RealExamples.Example): Unit = {
+    val registrationRp =
+      modRp(newRp(testData, Helpers.CredentialRepository.empty))
 
-      describe("can register and then authenticate") {
-        def check(testData: RealExamples.Example): Unit = {
-          val registrationRp =
-            newRp(testData, Helpers.CredentialRepository.empty)
-
-          val registrationResult = registrationRp.finishRegistration(
-            FinishRegistrationOptions
-              .builder()
-              .request(
-                PublicKeyCredentialCreationOptions
-                  .builder()
-                  .rp(testData.rp)
-                  .user(testData.user)
-                  .challenge(testData.attestation.challenge)
-                  .pubKeyCredParams(
-                    List(PublicKeyCredentialParameters.ES256).asJava
-                  )
-                  .build()
-              )
-              .response(testData.attestation.credential)
-              .build()
-          );
-
-          registrationResult.getKeyId.getId should equal(
-            testData.attestation.credential.getId
-          )
-          registrationResult.isAttestationTrusted should be(false)
-          registrationResult.getAttestationMetadata.isPresent should be(false)
-
-          val assertionRp = newRp(
-            testData,
-            Helpers.CredentialRepository.withUser(
-              testData.user,
-              Helpers.toRegisteredCredential(testData.user, registrationResult),
-            ),
-          )
-
-          val assertionResult = assertionRp.finishAssertion(
-            FinishAssertionOptions
-              .builder()
-              .request(
-                AssertionRequest
-                  .builder()
-                  .publicKeyCredentialRequestOptions(
-                    PublicKeyCredentialRequestOptions
+    val registrationResult = registrationRp.finishRegistration(
+      FinishRegistrationOptions
+        .builder()
+        .request(
+          PublicKeyCredentialCreationOptions
+            .builder()
+            .rp(testData.rp)
+            .user(testData.user)
+            .challenge(testData.attestation.challenge)
+            .pubKeyCredParams(
+              List(PublicKeyCredentialParameters.ES256).asJava
+            )
+            .build()
+        )
+        .response(testData.attestation.credential)
+        .build()
+    );
+
+    registrationResult.getKeyId.getId should equal(
+      testData.attestation.credential.getId
+    )
+    registrationResult.isAttestationTrusted should be(false)
+    registrationResult.getAttestationMetadata.isPresent should be(false)
+
+    val assertionRp = newRp(
+      testData,
+      Helpers.CredentialRepository.withUser(
+        testData.user,
+        Helpers.toRegisteredCredential(testData.user, registrationResult),
+      ),
+    ).toBuilder
+      .allowUnrequestedExtensions(true)
+      .build()
+
+    val assertionResult = assertionRp.finishAssertion(
+      FinishAssertionOptions
+        .builder()
+        .request(
+          AssertionRequest
+            .builder()
+            .publicKeyCredentialRequestOptions(
+              PublicKeyCredentialRequestOptions
+                .builder()
+                .challenge(testData.assertion.challenge)
+                .allowCredentials(
+                  List(
+                    PublicKeyCredentialDescriptor
                       .builder()
-                      .challenge(testData.assertion.challenge)
-                      .allowCredentials(
-                        List(
-                          PublicKeyCredentialDescriptor
-                            .builder()
-                            .id(testData.assertion.id)
-                            .build()
-                        ).asJava
-                      )
+                      .id(testData.assertion.id)
                       .build()
-                  )
-                  .username(testData.user.getName)
-                  .build()
-              )
-              .response(testData.assertion.credential)
-              .build()
-          )
-
-          assertionResult.isSuccess should be(true)
-          assertionResult.getCredentialId should equal(testData.assertion.id)
-          assertionResult.getUserHandle should equal(testData.user.getId)
-          assertionResult.getUsername should equal(testData.user.getName)
-          assertionResult.getSignatureCount should be >= testData.attestation.authenticatorData.getSignatureCounter
-          assertionResult.isSignatureCounterValid should be(true)
-        }
+                  ).asJava
+                )
+                .build()
+            )
+            .username(testData.user.getName)
+            .build()
+        )
+        .response(testData.assertion.credential)
+        .build()
+    )
+
+    assertionResult.isSuccess should be(true)
+    assertionResult.getCredentialId should equal(testData.assertion.id)
+    assertionResult.getUserHandle should equal(testData.user.getId)
+    assertionResult.getUsername should equal(testData.user.getName)
+    assertionResult.getSignatureCount should be >= testData.attestation.authenticatorData.getSignatureCounter
+    assertionResult.isSignatureCounterValid should be(true)
+  }
+
+  testWithEachProvider { it =>
+    describe("The default RelyingParty settings") {
+      val check = createCheck()(_)
 
+      describe("can register and then authenticate") {
         it("a YubiKey NEO.") {
           check(RealExamples.YubiKeyNeo)
         }
@@ -161,9 +166,11 @@ class RelyingPartyCeremoniesSpec
         it("a Security Key NFC by Yubico.") {
           check(RealExamples.SecurityKeyNfc)
         }
-        it("a YubiKey 5 NFC FIPS.") {
+
+        ignore("a YubiKey 5 NFC FIPS.") { // TODO Un-ignore when allowUnrequestedExtensions default changes to true
           check(RealExamples.YubikeyFips5Nfc)
         }
+
         it("a YubiKey 5Ci FIPS.") {
           check(RealExamples.Yubikey5ciFips)
         }
@@ -176,5 +183,18 @@ class RelyingPartyCeremoniesSpec
         }
       }
     }
+
+    describe("The default RelyingParty settings, but with allowUnrequestedExtensions(true)") {
+
+      describe("can register and then authenticate") {
+        val check = createCheck(rp =>
+          rp.toBuilder.allowUnrequestedExtensions(true).build()
+        )(_)
+
+        it("a YubiKey 5 NFC FIPS.") { // TODO Delete when allowUnrequestedExtensions default changes to true
+          check(RealExamples.YubikeyFips5Nfc)
+        }
+      }
+    }
   }
 }
