spring-projects
diff --git a/‎web/spring-security-web.gradle‎
Lines changed: 1 addition & 0 deletions b/‎web/spring-security-web.gradle‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java‎
Lines changed: 20 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java‎
Lines changed: 21 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java‎
Lines changed: 21 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsMixin.java‎
Lines changed: 25 additions & 6 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsMixin.java‎
Lines changed: 25 additions & 6 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorDeserializer.java‎
Lines changed: 52 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorDeserializer.java‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorMixin.java‎
Lines changed: 33 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorMixin.java‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorSerializer.java‎
Lines changed: 32 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorSerializer.java‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialParametersDeserializer.java‎
Lines changed: 38 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialParametersDeserializer.java‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialParametersMixin.java‎
Lines changed: 9 additions & 0 deletions b/‎web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialParametersMixin.java‎
Lines changed: 9 additions & 0 deletions
@@ -36,6 +36,7 @@ dependencies {
 	api 'org.springframework:spring-web'
 
 	optional 'com.fasterxml.jackson.core:jackson-databind'
+	optional 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
 	optional 'io.projectreactor:reactor-core'
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
 
@@ -62,4 +62,24 @@ public static COSEAlgorithmIdentifier[] values() {
 		return new COSEAlgorithmIdentifier[] { EdDSA, ES256, ES384, ES512, RS256, RS384, RS512, RS1 };
 	}
 
+	public static COSEAlgorithmIdentifier valueOf(long value) {
+		if (COSEAlgorithmIdentifier.EdDSA.getValue() == value) {
+			return EdDSA;
+		} else if (COSEAlgorithmIdentifier.ES256.getValue() == value) {
+			return ES256;
+		} else if (COSEAlgorithmIdentifier.ES384.getValue() == value) {
+			return ES384;
+		} else if (COSEAlgorithmIdentifier.ES512.getValue() == value) {
+			return ES512;
+		} else if (COSEAlgorithmIdentifier.RS256.getValue() == value) {
+			return RS256;
+		} else if (COSEAlgorithmIdentifier.RS384.getValue() == value) {
+			return RS384;
+		} else if (COSEAlgorithmIdentifier.RS512.getValue() == value) {
+			return RS512;
+		} else if (COSEAlgorithmIdentifier.RS1.getValue() == value) {
+			return RS1;
+		}
+		return new COSEAlgorithmIdentifier(value);
+	}
 }
@@ -96,4 +96,25 @@ public COSEAlgorithmIdentifier getAlg() {
 		return this.alg;
 	}
 
+	public static PublicKeyCredentialParameters valueOf(PublicKeyCredentialType type, COSEAlgorithmIdentifier alg) {
+		if (PublicKeyCredentialParameters.EdDSA.getType().equals(type) && PublicKeyCredentialParameters.EdDSA.getAlg().equals(alg)) {
+			return EdDSA;
+		} else if (PublicKeyCredentialParameters.ES256.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return ES256;
+		} else if (PublicKeyCredentialParameters.ES384.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return ES384;
+		} else if (PublicKeyCredentialParameters.ES512.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return ES512;
+		} else if (PublicKeyCredentialParameters.RS256.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return RS256;
+		} else if (PublicKeyCredentialParameters.RS384.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return RS384;
+		} else if (PublicKeyCredentialParameters.RS512.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return RS512;
+		} else if (PublicKeyCredentialParameters.RS1.getType().equals(type) && PublicKeyCredentialParameters.ES256.getAlg().equals(alg)) {
+			return RS1;
+		}
+		return new PublicKeyCredentialParameters(type, alg);
+	}
+
 }
@@ -22,6 +22,7 @@
  * is used by the Relying Party to indicate if user verification is needed.
  *
  * @author Rob Winch
+ * @author Justin Cranford
  * @since 6.4
  */
 public final class UserVerificationRequirement {
@@ -66,4 +67,24 @@ public String getValue() {
 		return this.value;
 	}
 
+	/**
+	 * Gets the value
+	 * @param value the string
+	 * @return the value
+	 * @author Justin Cranford
+	 * @since 6.5
+	 */
+	public static UserVerificationRequirement valueOf(String value) {
+		if (DISCOURAGED.getValue().equals(value)) {
+			return DISCOURAGED;
+		}
+		if (PREFERRED.getValue().equals(value)) {
+			return PREFERRED;
+		}
+		if (REQUIRED.getValue().equals(value)) {
+			return REQUIRED;
+		}
+		return new UserVerificationRequirement(value);
+	}
+
 }
@@ -17,22 +17,41 @@
 package org.springframework.security.web.webauthn.jackson;
 
 import java.time.Duration;
+import java.util.List;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 
+import org.springframework.security.web.webauthn.api.AttestationConveyancePreference;
+import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
+import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
+import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
 
 /**
  * Jackson mixin for {@link PublicKeyCredentialCreationOptions}
  *
  * @author Rob Winch
  * @since 6.4
  */
-@JsonInclude(JsonInclude.Include.NON_NULL)
-abstract class PublicKeyCredentialCreationOptionsMixin {
-
-	@JsonSerialize(using = DurationSerializer.class)
-	private Duration timeout;
-
+public abstract class PublicKeyCredentialCreationOptionsMixin {
+	@JsonCreator
+	public PublicKeyCredentialCreationOptionsMixin(
+			@JsonProperty("rp") PublicKeyCredentialRpEntity rp,
+			@JsonProperty("user") PublicKeyCredentialUserEntity user,
+			@JsonProperty("challenge") Bytes challenge,
+			@JsonProperty("pubKeyCredParams") List<PublicKeyCredentialParameters> pubKeyCredParams,
+			@JsonProperty("timeout") Duration timeout,
+			@JsonProperty("excludeCredentials") List<PublicKeyCredentialDescriptor> excludeCredentials,
+			@JsonProperty("authenticatorSelection") AuthenticatorSelectionCriteria authenticatorSelection,
+			@JsonProperty("attestation") AttestationConveyancePreference attestation,
+			@JsonProperty("extensions") AuthenticationExtensionsClientInputs extensions
+	) {
+	}
 }
@@ -0,0 +1,52 @@
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
+import org.springframework.security.web.webauthn.api.Bytes;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class PublicKeyCredentialDescriptorDeserializer extends StdDeserializer<PublicKeyCredentialDescriptor> {
+
+    public PublicKeyCredentialDescriptorDeserializer() {
+        super(PublicKeyCredentialDescriptor.class);
+    }
+
+    @Override
+    public PublicKeyCredentialDescriptor deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+		final PublicKeyCredentialDescriptorBuilder builder = PublicKeyCredentialDescriptor.builder();
+
+        while (p.nextToken() != JsonToken.END_OBJECT) {
+            final String fieldName = p.currentName();
+            if ("type".equals(fieldName)) {
+                p.nextToken();
+				builder.type(PublicKeyCredentialType.valueOf(p.getText()));
+            } else if ("id".equals(fieldName)) {
+				p.nextToken();
+				builder.id(new Bytes(p.getBinaryValue()));
+			} else if ("transports".equals(fieldName)) {
+                p.nextToken();
+				if (p.currentToken() != JsonToken.START_ARRAY) {
+					throw new IOException("Expected array for 'transports', but found: " + p.currentToken());
+				}
+				final List<AuthenticatorTransport> transports = new ArrayList<>();
+				while (p.nextToken() != JsonToken.END_ARRAY) {
+					transports.add(AuthenticatorTransport.valueOf(p.getText()));
+				}
+				builder.transports(transports.toArray(new AuthenticatorTransport[0]));
+            } else {
+                p.skipChildren();
+            }
+        }
+
+        return builder.build();
+    }
+}
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
+
+/**
+ * Jackson mixin for {@link PublicKeyCredentialType}
+ *
+ * @author Rob Winch
+ * @since 6.4
+ */
+@JsonSerialize(using = PublicKeyCredentialDescriptorSerializer.class)
+@JsonDeserialize(using = PublicKeyCredentialDescriptorDeserializer.class)
+abstract class PublicKeyCredentialDescriptorMixin {
+
+}
@@ -0,0 +1,32 @@
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor;
+
+import java.io.IOException;
+
+public class PublicKeyCredentialDescriptorSerializer extends StdSerializer<PublicKeyCredentialDescriptor> {
+
+    public PublicKeyCredentialDescriptorSerializer() {
+        super(PublicKeyCredentialDescriptor.class);
+    }
+
+    @Override
+    public void serialize(PublicKeyCredentialDescriptor value, JsonGenerator gen, SerializerProvider provider) throws IOException {
+        gen.writeStartObject();
+        gen.writeFieldName("type");
+        gen.writeString(value.getType().getValue());
+        gen.writeFieldName("id");
+        gen.writeBinary(value.getId().getBytes());
+		gen.writeFieldName("transports");
+		gen.writeStartArray();
+		for (final AuthenticatorTransport transport : value.getTransports()) {
+			gen.writeString(transport.getValue());
+		}
+		gen.writeEndArray();
+		gen.writeEndObject();
+    }
+}
@@ -0,0 +1,38 @@
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
+
+import java.io.IOException;
+
+public class PublicKeyCredentialParametersDeserializer extends StdDeserializer<PublicKeyCredentialParameters> {
+
+    public PublicKeyCredentialParametersDeserializer() {
+        super(PublicKeyCredentialParameters.class);
+    }
+
+    @Override
+    public PublicKeyCredentialParameters deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+		PublicKeyCredentialType type = null;
+		COSEAlgorithmIdentifier alg = null;
+        while (p.nextToken() != JsonToken.END_OBJECT) {
+            final String fieldName = p.currentName();
+			if ("type".equals(fieldName)) {
+                p.nextToken();
+				type = PublicKeyCredentialType.valueOf(p.getText());
+            } else if ("alg".equals(fieldName)) {
+                p.nextToken();
+				alg = COSEAlgorithmIdentifier.valueOf(p.getLongValue());
+            } else {
+                p.skipChildren();
+            }
+        }
+
+        return PublicKeyCredentialParameters.valueOf(type, alg);
+    }
+}
@@ -0,0 +1,9 @@
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+
+@JsonSerialize(using = PublicKeyCredentialParametersSerializer.class)
+@JsonDeserialize(using = PublicKeyCredentialParametersDeserializer.class)
+public abstract class PublicKeyCredentialParametersMixin {
+}