Add more missing mixins and deserializers

Author: justincranford

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputDeserializer.java

@@ -40,14 +40,8 @@ class AuthenticationExtensionsClientInputDeserializer extends StdDeserializer<Au
 
 	@Override
 	public AuthenticationExtensionsClientInput deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
-//		if (parser.currentToken() != JsonToken.START_OBJECT) {
-//			ctxt.reportInputMismatch(this, "Expected START_OBJECT token");
-//		}
-//
 		while (parser.nextToken() != JsonToken.END_OBJECT) {
 			String extensionId = parser.currentName();
-			parser.nextToken();
-
 			Object value = parser.readValueAs(Object.class);
 			return new ImmutableAuthenticationExtensionsClientInput(extensionId, value);
 		}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputsDeserializer.java

@@ -45,10 +45,6 @@ class AuthenticationExtensionsClientInputsDeserializer extends StdDeserializer<A
 
 	@Override
 	public AuthenticationExtensionsClientInputs deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
-//		if (p.currentToken() != JsonToken.START_OBJECT) {
-//			ctxt.reportInputMismatch(this, "Expected START_OBJECT token for AuthenticationExtensionsClientInputs");
-//		}
-//
 		final AuthenticationExtensionsClientInputDeserializer authenticationExtensionsClientInputDeserializer = new AuthenticationExtensionsClientInputDeserializer();
 
 		final List<AuthenticationExtensionsClientInput> extensions = new ArrayList<>();

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaDeserializer.java

@@ -51,14 +51,14 @@ public AuthenticatorSelectionCriteria deserialize(JsonParser parser, Deserializa
 			if ("authenticatorAttachment".equals(fieldName)) {
 				parser.nextToken(); // Move to value
 				builder.authenticatorAttachment(AuthenticatorAttachment.valueOf(parser.getText()));
-			} else if ("requireResidentKey".equals(fieldName)) {
+			} else if ("residentKey".equals(fieldName)) {
 				parser.nextToken(); // Move to value
 				builder.residentKey(ResidentKeyRequirement.valueOf(parser.getText()));
 			} else if ("userVerification".equals(fieldName)) {
 				parser.nextToken(); // Move to value
 				builder.userVerification(UserVerificationRequirement.valueOf(parser.getText()));
 			} else {
-				parser.skipChildren(); // Ignore unknown fields
+				throw new IOException("Unsupported field name: " + fieldName);
 			}
 		}
 		return builder.build();

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialDescriptorDeserializer.java

@@ -43,7 +43,7 @@ public PublicKeyCredentialDescriptor deserialize(JsonParser p, DeserializationCo
 				}
 				builder.transports(transports.toArray(new AuthenticatorTransport[0]));
             } else {
-                p.skipChildren();
+				throw new IOException("Unsupported field name: " + fieldName);
             }
         }
 

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialParametersDeserializer.java

@@ -29,7 +29,7 @@ public PublicKeyCredentialParameters deserialize(JsonParser p, DeserializationCo
                 p.nextToken();
 				alg = COSEAlgorithmIdentifier.valueOf(p.getLongValue());
             } else {
-                p.skipChildren();
+				throw new IOException("Unsupported field name: " + fieldName);
             }
         }
 

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialRequestOptionsDeserializer.java

@@ -74,7 +74,7 @@ public PublicKeyCredentialRequestOptions deserialize(JsonParser parser, Deserial
 				parser.nextToken();
 				builder.extensions(parser.readValueAs(AuthenticationExtensionsClientInputs.class));
 			} else {
-				parser.skipChildren();
+				throw new IOException("Unsupported field name: " + fieldName);
 			}
 		}
 

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialUserEntityDeserializer.java

@@ -33,7 +33,7 @@ public PublicKeyCredentialUserEntity deserialize(JsonParser p, DeserializationCo
                 p.nextToken();
 				builder.displayName(p.getText());
             } else {
-                p.skipChildren();
+				throw new IOException("Unsupported field name: " + fieldName);
             }
         }
 

web/src/test/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsGivens.java

@@ -1,6 +1,7 @@
 package org.springframework.security.web.webauthn.jackson;
 
 import org.springframework.security.web.webauthn.api.AttestationConveyancePreference;
+import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput;
 import org.springframework.security.web.webauthn.api.AuthenticatorAttachment;
 import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
 import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
@@ -19,7 +20,6 @@
 import org.springframework.security.web.webauthn.api.UserVerificationRequirement;
 
 import java.time.Duration;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -31,30 +31,102 @@
  */
 public final class PublicKeyCredentialCreationOptionsGivens {
 	private PublicKeyCredentialCreationOptionsGivens() {}
+
 	public static PublicKeyCredentialCreationOptions create() {
 		return PublicKeyCredentialCreationOptions.builder()
-			.rp(PublicKeyCredentialRpEntity.builder().id("example.com").name("Example RP").build())
-			.user(ImmutablePublicKeyCredentialUserEntity.builder().name("name").id(Bytes.random()).displayName("displayName").build())
+			.rp(
+				PublicKeyCredentialRpEntity.builder()
+					.id("example.com")
+					.name("Example RP")
+					.build()
+			)
+			.user(
+				ImmutablePublicKeyCredentialUserEntity.builder()
+					.name("name")
+					.id(Bytes.random())
+					.displayName("displayName")
+					.build()
+			)
 			.challenge(Bytes.random())
-			.pubKeyCredParams(List.of(PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.RS512))
+			.pubKeyCredParams(
+				List.of(
+					PublicKeyCredentialParameters.EdDSA,
+					PublicKeyCredentialParameters.ES256,
+					PublicKeyCredentialParameters.ES384,
+					PublicKeyCredentialParameters.ES512,
+					PublicKeyCredentialParameters.RS256,
+					PublicKeyCredentialParameters.RS384,
+					PublicKeyCredentialParameters.RS512,
+					PublicKeyCredentialParameters.RS1
+				)
+			)
 			.timeout(Duration.ofSeconds(60))
-			.excludeCredentials(Collections.singletonList(
-				PublicKeyCredentialDescriptor.builder()
-					.id(Bytes.random())
-					.type(PublicKeyCredentialType.PUBLIC_KEY)
-					.transports(Set.of(AuthenticatorTransport.INTERNAL, AuthenticatorTransport.HYBRID))
+			.excludeCredentials(
+				List.of(
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.USB))
+						.build(),
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.NFC))
+						.build(),
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.BLE))
+						.build(),
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.SMART_CARD))
+						.build(),
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.HYBRID))
+						.build(),
+					PublicKeyCredentialDescriptor.builder()
+						.id(Bytes.random())
+						.type(PublicKeyCredentialType.PUBLIC_KEY)
+						.transports(Set.of(AuthenticatorTransport.INTERNAL))
+						.build()
+				)
+			)
+			.authenticatorSelection(
+				AuthenticatorSelectionCriteria.builder()
+					.userVerification(UserVerificationRequirement.PREFERRED)
+					.residentKey(ResidentKeyRequirement.REQUIRED)
+					.authenticatorAttachment(AuthenticatorAttachment.PLATFORM)
 					.build()
-			))
-			.authenticatorSelection(AuthenticatorSelectionCriteria.builder()
-				.userVerification(UserVerificationRequirement.PREFERRED)
-				.residentKey(ResidentKeyRequirement.REQUIRED)
-				.authenticatorAttachment(AuthenticatorAttachment.PLATFORM)
-				.build()
 			)
 			.attestation(AttestationConveyancePreference.DIRECT)
 			.extensions(
-				new ImmutableAuthenticationExtensionsClientInputs(new CredProtectAuthenticationExtensionsClientInput(new CredProtect(ProtectionPolicy.USER_VERIFICATION_REQUIRED, true)))
+				new ImmutableAuthenticationExtensionsClientInputs(
+					new CredProtectAuthenticationExtensionsClientInput(new CredProtect(ProtectionPolicy.USER_VERIFICATION_REQUIRED, true)),
+					new MinPinLengthAuthenticationExtensionsClientInput(true)
+				)
 			)
 			.build();
 	}
+
+	// ImmutableAuthenticationExtensionsClientInputs wraps a List<AuthenticationExtensionsClientInput<T>>.
+	// Since only CredProtectAuthenticationExtensionsClientInput implements AuthenticationExtensionsClientInput<T>,
+	// a second class is needed to help test with two extensions.
+	/**
+	 * Implements <a href=
+	 * "https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-minpinlength-extension">
+	 * Minimum PIN Length Extension (minPinLength)</a>.
+	 *
+	 * @author Justin Cranford
+	 * @since 6.5
+	 */
+	record MinPinLengthAuthenticationExtensionsClientInput(Boolean getInput) implements AuthenticationExtensionsClientInput<Boolean> {
+		@Override
+		public String getExtensionId() {
+			return "minPinLength";
+		}
+	}
 }

web/src/test/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsTests.java

@@ -40,20 +40,9 @@ class PublicKeyCredentialCreationOptionsTests {
 	@BeforeEach
 	void setup() {
 		this.mapper = new ObjectMapper();
-//		this.mapper.enable(SerializationFeature.INDENT_OUTPUT);
+		this.mapper.enable(SerializationFeature.INDENT_OUTPUT);
 //		this.mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
 		this.mapper.registerModule(new WebauthnJackson2Module());
-//		this.mapper.addMixIn(
-//				ImmutablePublicKeyCredentialUserEntity.class,
-//				PublicKeyCredentialUserEntityMixin.class
-//		);
-//		this.mapper.addMixin(PublicKeyCredentialCreationOptions.class, PublicKeyCredentialCreationOptionsMixin.class);
-//		this.mapper.addMixin(ImmutablePublicKeyCredentialUserEntity.class, PublicKeyCredentialUserEntityMixin.class);
-//		this.mapper.addMixin(PublicKeyCredentialUserEntity.class, PublicKeyCredentialUserEntityMixin.class);
-//		this.mapper.addMixin(PublicKeyCredentialRpEntity.class, PublicKeyCredentialRpEntityMixin.class);
-//		this.mapper.addMixin(PublicKeyCredentialParameters.class, PublicKeyCredentialParametersMixin.class);
-//		this.mapper.addMixin(AuthenticatorSelectionCriteria.class, AuthenticatorSelectionCriteriaMixin.class);
-//
 //		this.mapper.addMixin(PublicKeyCredentialRequestOptions.class, PublicKeyCredentialRequestOptionsMixin.class);
 //		this.mapper.addMixin(ImmutableAuthenticationExtensionsClientInputs.class, AuthenticationExtensionsClientInputsMixin.class);
 //		this.mapper.addMixin(AuthenticationExtensionsClientInputs.class, AuthenticationExtensionsClientInputsMixin.class);