Add more missing mixins and deserializers

Author: justincranford

.idea/checkstyle-idea.xml

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput;
+import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput;
+
+import java.io.IOException;
+
+/**
+ * Jackson deserializer for {@link AuthenticationExtensionsClientInput}
+ *
+ * @author Justin Cranford
+ * @since 6.5
+ */
+@SuppressWarnings("serial")
+class AuthenticationExtensionsClientInputDeserializer extends StdDeserializer<AuthenticationExtensionsClientInput> {
+
+	AuthenticationExtensionsClientInputDeserializer() {
+		super(AuthenticationExtensionsClientInput.class);
+	}
+
+	@Override
+	public AuthenticationExtensionsClientInput deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
+//		if (parser.currentToken() != JsonToken.START_OBJECT) {
+//			ctxt.reportInputMismatch(this, "Expected START_OBJECT token");
+//		}
+//
+		while (parser.nextToken() != JsonToken.END_OBJECT) {
+			String extensionId = parser.currentName();
+			parser.nextToken();
+
+			Object value = parser.readValueAs(Object.class);
+			return new ImmutableAuthenticationExtensionsClientInput(extensionId, value);
+		}
+
+		return null;
+	}
+}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputDeserializer.java

@@ -16,17 +16,19 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
-
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
 
 /**
  * Jackson mixin for {@link AuthenticationExtensionsClientInputs}
  *
  * @author Rob Winch
+ * @author Justin Cranford
  * @since 6.4
  */
 @JsonSerialize(using = AuthenticationExtensionsClientInputSerializer.class)
+@JsonDeserialize(using = AuthenticationExtensionsClientInputDeserializer.class)
 class AuthenticationExtensionsClientInputMixin {
 
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputMixin.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput;
+import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
+import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Jackson deserializer for {@link AuthenticationExtensionsClientInputs}
+ *
+ * @author Justin Cranford
+ * @since 6.5
+ */
+@SuppressWarnings("serial")
+class AuthenticationExtensionsClientInputsDeserializer extends StdDeserializer<AuthenticationExtensionsClientInputs> {
+
+	AuthenticationExtensionsClientInputsDeserializer() {
+		super(AuthenticationExtensionsClientInputs.class);
+	}
+
+	@Override
+	public AuthenticationExtensionsClientInputs deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+//		if (p.currentToken() != JsonToken.START_OBJECT) {
+//			ctxt.reportInputMismatch(this, "Expected START_OBJECT token for AuthenticationExtensionsClientInputs");
+//		}
+//
+		final AuthenticationExtensionsClientInputDeserializer authenticationExtensionsClientInputDeserializer = new AuthenticationExtensionsClientInputDeserializer();
+
+		final List<AuthenticationExtensionsClientInput> extensions = new ArrayList<>();
+		while (p.nextToken() != JsonToken.END_OBJECT) {
+			extensions.add(authenticationExtensionsClientInputDeserializer.deserialize(p, ctxt));
+		}
+		return new ImmutableAuthenticationExtensionsClientInputs(extensions);
+	}
+}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputsDeserializer.java

@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
@@ -27,6 +28,7 @@
  * @since 6.4
  */
 @JsonSerialize(using = AuthenticationExtensionsClientInputsSerializer.class)
+@JsonDeserialize(using = AuthenticationExtensionsClientInputsDeserializer.class)
 class AuthenticationExtensionsClientInputsMixin {
 
 }

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticationExtensionsClientInputsMixin.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JacksonException;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.AuthenticatorAttachment;
+import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
+import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder;
+import org.springframework.security.web.webauthn.api.ResidentKeyRequirement;
+import org.springframework.security.web.webauthn.api.UserVerificationRequirement;
+
+import java.io.IOException;
+
+/**
+ * Jackson deserializer for {@link AuthenticatorSelectionCriteria}
+ *
+ * @author Rob Winch
+ * @author Justin Cranford
+ * @since 6.4
+ */
+@SuppressWarnings("serial")
+class AuthenticatorSelectionCriteriaDeserializer extends StdDeserializer<AuthenticatorSelectionCriteria> {
+
+	AuthenticatorSelectionCriteriaDeserializer() {
+		super(AuthenticatorSelectionCriteria.class);
+	}
+
+	@Override
+	public AuthenticatorSelectionCriteria deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
+		final AuthenticatorSelectionCriteriaBuilder builder = AuthenticatorSelectionCriteria.builder();
+		while (parser.nextToken() != JsonToken.END_OBJECT) {
+			final String fieldName = parser.currentName();
+			if ("authenticatorAttachment".equals(fieldName)) {
+				parser.nextToken(); // Move to value
+				builder.authenticatorAttachment(AuthenticatorAttachment.valueOf(parser.getText()));
+			} else if ("requireResidentKey".equals(fieldName)) {
+				parser.nextToken(); // Move to value
+				builder.residentKey(ResidentKeyRequirement.valueOf(parser.getText()));
+			} else if ("userVerification".equals(fieldName)) {
+				parser.nextToken(); // Move to value
+				builder.userVerification(UserVerificationRequirement.valueOf(parser.getText()));
+			} else {
+				parser.skipChildren(); // Ignore unknown fields
+			}
+		}
+		return builder.build();
+	}
+
+}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaDeserializer.java

@@ -18,14 +18,19 @@
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
 
 /**
  * Jackson mixin for {@link AuthenticatorSelectionCriteria}
  *
  * @author Rob Winch
+ * @author Justin Cranford
  * @since 6.4
  */
+@JsonSerialize(using = AuthenticatorSelectionCriteriaSerializer.class)
+@JsonDeserialize(using = AuthenticatorSelectionCriteriaDeserializer.class)
 @JsonInclude(JsonInclude.Include.NON_NULL)
 abstract class AuthenticatorSelectionCriteriaMixin {
 

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaMixin.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
+import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
+
+import java.io.IOException;
+
+/**
+ * Jackson serializer for {@link AuthenticatorSelectionCriteria}
+ *
+ * @author Rob Winch
+ * @author Justin Cranford
+ * @since 6.5
+ */
+@SuppressWarnings("serial")
+class AuthenticatorSelectionCriteriaSerializer extends StdSerializer<AuthenticatorSelectionCriteria> {
+
+	AuthenticatorSelectionCriteriaSerializer() {
+		super(AuthenticatorSelectionCriteria.class);
+	}
+
+	@Override
+	public void serialize(AuthenticatorSelectionCriteria value, JsonGenerator gen, SerializerProvider provider)
+			throws IOException {
+		gen.writeStartObject();
+		gen.writeFieldName("authenticatorAttachment");
+		gen.writeString(value.getAuthenticatorAttachment().getValue());
+		gen.writeFieldName("residentKey");
+		gen.writeString(value.getResidentKey().getValue());
+		gen.writeFieldName("userVerification");
+		gen.writeString(value.getUserVerification().getValue());
+		gen.writeEndObject();
+	}
+
+}

web/src/main/java/org/springframework/security/web/webauthn/jackson/AuthenticatorSelectionCriteriaSerializer.java

@@ -16,14 +16,8 @@
 
 package org.springframework.security.web.webauthn.jackson;
 
-import java.time.Duration;
-import java.util.List;
-
 import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
-
 import org.springframework.security.web.webauthn.api.AttestationConveyancePreference;
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
 import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
@@ -34,6 +28,9 @@
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
 
+import java.time.Duration;
+import java.util.List;
+
 /**
  * Jackson mixin for {@link PublicKeyCredentialCreationOptions}
  *

web/src/main/java/org/springframework/security/web/webauthn/jackson/PublicKeyCredentialCreationOptionsMixin.java

@@ -0,0 +1,21 @@
+package org.springframework.security.web.webauthn.jackson;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.springframework.security.web.webauthn.api.ResidentKeyRequirement;
+
+import java.io.IOException;
+
+public class ResidentKeyRequirementDeserializer extends StdDeserializer<ResidentKeyRequirement> {
+
+    public ResidentKeyRequirementDeserializer() {
+        super(ResidentKeyRequirement.class);
+    }
+
+    @Override
+    public ResidentKeyRequirement deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+		String type = p.readValueAs(String.class);
+		return ResidentKeyRequirement.valueOf(type);
+    }
+}