Add more missing mixins and deserializers

Author: justincranford

web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java

@@ -112,7 +112,7 @@ public static AuthenticatorTransport valueOf(String value) {
 	}
 
 	public static AuthenticatorTransport[] values() {
-		return new AuthenticatorTransport[] { USB, NFC, BLE, HYBRID, INTERNAL };
+		return new AuthenticatorTransport[] { USB, NFC, BLE, SMART_CARD, HYBRID, INTERNAL };
 	}
 
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputDeserializer.java

@@ -39,13 +39,13 @@ class AuthenticationExtensionsClientInputDeserializer extends StdDeserializer<Au
 	}
 
 	@Override
-	public AuthenticationExtensionsClientInput deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
-		while (parser.nextToken() != JsonToken.END_OBJECT) {
+	public AuthenticationExtensionsClientInput deserialize(JsonParser parser, DeserializationContext ctxt)
+			throws IOException {
+		if (parser.nextToken() != JsonToken.END_OBJECT) {
 			String extensionId = parser.currentName();
 			Object value = parser.readValueAs(Object.class);
 			return new ImmutableAuthenticationExtensionsClientInput(extensionId, value);
 		}
-
 		return null;
 	}
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputsDeserializer.java

@@ -26,9 +26,7 @@
 
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 /**
  * Jackson deserializer for {@link AuthenticationExtensionsClientInputs}
@@ -44,12 +42,13 @@ class AuthenticationExtensionsClientInputsDeserializer extends StdDeserializer<A
 	}
 
 	@Override
-	public AuthenticationExtensionsClientInputs deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+	public AuthenticationExtensionsClientInputs deserialize(JsonParser parser, DeserializationContext ctxt)
+			throws IOException {
 		final AuthenticationExtensionsClientInputDeserializer authenticationExtensionsClientInputDeserializer = new AuthenticationExtensionsClientInputDeserializer();
 
 		final List<AuthenticationExtensionsClientInput> extensions = new ArrayList<>();
-		while (p.nextToken() != JsonToken.END_OBJECT) {
-			extensions.add(authenticationExtensionsClientInputDeserializer.deserialize(p, ctxt));
+		while (parser.nextToken() != JsonToken.END_OBJECT) {
+			extensions.add(authenticationExtensionsClientInputDeserializer.deserialize(parser, ctxt));
 		}
 		return new ImmutableAuthenticationExtensionsClientInputs(extensions);
 	}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaDeserializer.java

@@ -16,7 +16,6 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
-import com.fasterxml.jackson.core.JacksonException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -44,18 +43,17 @@ class AuthenticatorSelectionCriteriaDeserializer extends StdDeserializer<Authent
 	}
 
 	@Override
-	public AuthenticatorSelectionCriteria deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
+	public AuthenticatorSelectionCriteria deserialize(JsonParser parser, DeserializationContext ctxt)
+			throws IOException {
 		final AuthenticatorSelectionCriteriaBuilder builder = AuthenticatorSelectionCriteria.builder();
 		while (parser.nextToken() != JsonToken.END_OBJECT) {
 			final String fieldName = parser.currentName();
+			parser.nextToken();
 			if ("authenticatorAttachment".equals(fieldName)) {
-				parser.nextToken(); // Move to value
 				builder.authenticatorAttachment(AuthenticatorAttachment.valueOf(parser.getText()));
 			} else if ("residentKey".equals(fieldName)) {
-				parser.nextToken(); // Move to value
 				builder.residentKey(ResidentKeyRequirement.valueOf(parser.getText()));
 			} else if ("userVerification".equals(fieldName)) {
-				parser.nextToken(); // Move to value
 				builder.userVerification(UserVerificationRequirement.valueOf(parser.getText()));
 			} else {
 				throw new IOException("Unsupported field name: " + fieldName);

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaSerializer.java

@@ -20,7 +20,6 @@
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
-import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
 
 import java.io.IOException;
 
@@ -29,7 +28,7 @@
  *
  * @author Rob Winch
  * @author Justin Cranford
- * @since 6.5
+ * @since 6.4
  */
 @SuppressWarnings("serial")
 class AuthenticatorSelectionCriteriaSerializer extends StdSerializer<AuthenticatorSelectionCriteria> {
@@ -42,12 +41,18 @@ class AuthenticatorSelectionCriteriaSerializer extends StdSerializer<Authenticat
 	public void serialize(AuthenticatorSelectionCriteria value, JsonGenerator gen, SerializerProvider provider)
 			throws IOException {
 		gen.writeStartObject();
-		gen.writeFieldName("authenticatorAttachment");
-		gen.writeString(value.getAuthenticatorAttachment().getValue());
-		gen.writeFieldName("residentKey");
-		gen.writeString(value.getResidentKey().getValue());
-		gen.writeFieldName("userVerification");
-		gen.writeString(value.getUserVerification().getValue());
+		if (value.getAuthenticatorAttachment() != null) {
+			gen.writeFieldName("authenticatorAttachment");
+			gen.writeString(value.getAuthenticatorAttachment().getValue());
+		}
+		if (value.getResidentKey() != null) {
+			gen.writeFieldName("residentKey");
+			gen.writeString(value.getResidentKey().getValue());
+		}
+		if (value.getUserVerification() != null) {
+			gen.writeFieldName("userVerification");
+			gen.writeString(value.getUserVerification().getValue());
+		}
 		gen.writeEndObject();
 	}
 

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorTransportDeserializer.java

@@ -16,19 +16,18 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
-import java.io.IOException;
-
-import com.fasterxml.jackson.core.JacksonException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
-
 import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
 
+import java.io.IOException;
+
 /**
  * Jackson deserializer for {@link AuthenticatorTransport}
  *
  * @author Rob Winch
+ * @author Justin Cranford
  * @since 6.4
  */
 @SuppressWarnings("serial")
@@ -40,14 +39,9 @@ class AuthenticatorTransportDeserializer extends StdDeserializer<AuthenticatorTr
 
 	@Override
 	public AuthenticatorTransport deserialize(JsonParser parser, DeserializationContext ctxt)
-			throws IOException, JacksonException {
+			throws IOException {
 		String transportValue = parser.readValueAs(String.class);
-		for (AuthenticatorTransport transport : AuthenticatorTransport.values()) {
-			if (transport.getValue().equals(transportValue)) {
-				return transport;
-			}
-		}
-		return null;
+		return AuthenticatorTransport.valueOf(transportValue);
 	}
 
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorTransportSerializer.java

@@ -30,6 +30,7 @@
  * @author Rob Winch
  * @since 6.4
  */
+@SuppressWarnings("serial")
 class AuthenticatorTransportSerializer extends JsonSerializer<AuthenticatorTransport> {
 
 	@Override

web/src/main/java/org/springframework/security/web/webauthn/jackson/COSEAlgorithmIdentifierDeserializer.java

@@ -16,19 +16,18 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
-import java.io.IOException;
-
-import com.fasterxml.jackson.core.JacksonException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
-
 import org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier;
 
+import java.io.IOException;
+
 /**
  * Jackson serializer for {@link COSEAlgorithmIdentifier}
  *
  * @author Rob Winch
+ * @author Justin Cranford
  * @since 6.4
  */
 @SuppressWarnings("serial")
@@ -40,14 +39,9 @@ class COSEAlgorithmIdentifierDeserializer extends StdDeserializer<COSEAlgorithmI
 
 	@Override
 	public COSEAlgorithmIdentifier deserialize(JsonParser parser, DeserializationContext ctxt)
-			throws IOException, JacksonException {
+			throws IOException {
 		Long transportValue = parser.readValueAs(Long.class);
-		for (COSEAlgorithmIdentifier identifier : COSEAlgorithmIdentifier.values()) {
-			if (identifier.getValue() == transportValue.longValue()) {
-				return identifier;
-			}
-		}
-		return null;
+		return COSEAlgorithmIdentifier.valueOf(transportValue);
 	}
 
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialTypeDeserializer.java renamed to web/src/main/java/org/springframework/security/web/webauthn/jackson/DurationDeserializer.java

@@ -17,35 +17,32 @@
 package org.springframework.security.web.webauthn.jackson;
 
 import java.io.IOException;
+import java.time.Duration;
 
-import com.fasterxml.jackson.core.JacksonException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
 
-import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
-
 /**
- * Jackson deserializer for {@link PublicKeyCredentialType}
+ * Jackson deserializer for {@link Duration}
  *
- * @author Rob Winch
- * @since 6.4
+ * @author Justin Cranford
+ * @since 6.5
  */
 @SuppressWarnings("serial")
-class PublicKeyCredentialTypeDeserializer extends StdDeserializer<PublicKeyCredentialType> {
+class DurationDeserializer extends StdDeserializer<Duration> {
 
 	/**
-	 * Creates a new instance.
+	 * Creates an instance.
 	 */
-	PublicKeyCredentialTypeDeserializer() {
-		super(PublicKeyCredentialType.class);
+	DurationDeserializer() {
+		super(Duration.class);
 	}
 
 	@Override
-	public PublicKeyCredentialType deserialize(JsonParser parser, DeserializationContext ctxt)
-			throws IOException, JacksonException {
-		String type = parser.readValueAs(String.class);
-		return PublicKeyCredentialType.valueOf(type);
+	public Duration deserialize(JsonParser parser, DeserializationContext ctxt)
+			throws IOException {
+		long millis = parser.getLongValue();
+		return Duration.ofMillis(millis);
 	}
-
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsMixin.java

@@ -18,6 +18,8 @@
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import org.springframework.security.web.webauthn.api.AttestationConveyancePreference;
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
 import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
@@ -38,14 +40,14 @@
  * @author Justin Cranford
  * @since 6.4
  */
-public abstract class PublicKeyCredentialCreationOptionsMixin {
+abstract class PublicKeyCredentialCreationOptionsMixin {
 	@JsonCreator
 	public PublicKeyCredentialCreationOptionsMixin(
 		@JsonProperty("rp") PublicKeyCredentialRpEntity rp,
 		@JsonProperty("user") PublicKeyCredentialUserEntity user,
 		@JsonProperty("challenge") Bytes challenge,
 		@JsonProperty("pubKeyCredParams") List<PublicKeyCredentialParameters> pubKeyCredParams,
-		@JsonProperty("timeout") Duration timeout,
+		@JsonProperty("timeout") @JsonSerialize(using=DurationSerializer.class) @JsonDeserialize(using=DurationDeserializer.class) Duration timeout,
 		@JsonProperty("excludeCredentials") List<PublicKeyCredentialDescriptor> excludeCredentials,
 		@JsonProperty("authenticatorSelection") AuthenticatorSelectionCriteria authenticatorSelection,
 		@JsonProperty("attestation") AttestationConveyancePreference attestation,