From 24ffda28d8f33edb6e42c158dd2ae5b8a2af1f68 Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Wed, 3 Sep 2025 14:32:07 -0500
Subject: [PATCH] Fixes for webauthn tests after JSpecify

Issue gh-17839
---
 .../configurers/WebAuthnConfigurerTests.java  | 47 +++++++++++++++----
 .../config/annotation/web/WebAuthnDslTests.kt |  8 +++-
 .../api/ImmutableCredentialRecord.java        |  2 +-
 .../web/webauthn/api/PublicKeyCredential.java |  7 ++-
 4 files changed, 50 insertions(+), 14 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java
index db96afd6ec..d8465e4e27 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java
@@ -300,7 +300,15 @@ public class WebAuthnConfigurerTests {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults()).webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -316,7 +324,14 @@ public class WebAuthnConfigurerTests {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -332,9 +347,16 @@ public class WebAuthnConfigurerTests {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults())
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+					.disableDefaultRegistrationPage(true)
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -350,9 +372,18 @@ public class WebAuthnConfigurerTests {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin((login) -> login.loginPage("/custom-login-page"))
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+					.formLogin((login) -> login
+						.loginPage("/custom-login-page")
+					)
+					.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+						.disableDefaultRegistrationPage(true)
+					);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
index 7a5ec28d0f..e856e55bd8 100644
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
@@ -1,4 +1,5 @@
 /*
+
  * Copyright 2004-present the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -125,6 +126,8 @@ class WebAuthnDslTests {
             http{
                 formLogin { }
                 webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
                     disableDefaultRegistrationPage = true
                 }
             }
@@ -144,7 +147,10 @@ class WebAuthnDslTests {
         open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http{
                 formLogin { }
-                webAuthn { }
+                webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
+                }
             }
             return http.build()
         }
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java
index eb51de8762..7151aaf582 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java
@@ -211,7 +211,7 @@ public final class ImmutableCredentialRecord implements CredentialRecord {
 			this.label = other.getLabel();
 		}
 
-		public ImmutableCredentialRecordBuilder credentialType(PublicKeyCredentialType credentialType) {
+		public ImmutableCredentialRecordBuilder credentialType(@Nullable PublicKeyCredentialType credentialType) {
 			this.credentialType = credentialType;
 			return this;
 		}
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
index aa2c76230e..438a169d1f 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
@@ -38,7 +38,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 
 	private final String id;
 
-	private final PublicKeyCredentialType type;
+	private final @Nullable PublicKeyCredentialType type;
 
 	private final Bytes rawId;
 
@@ -48,7 +48,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 
 	private final @Nullable AuthenticationExtensionsClientOutputs clientExtensionResults;
 
-	private PublicKeyCredential(String id, PublicKeyCredentialType type, Bytes rawId, R response,
+	private PublicKeyCredential(String id, @Nullable PublicKeyCredentialType type, Bytes rawId, R response,
 			@Nullable AuthenticatorAttachment authenticatorAttachment,
 			@Nullable AuthenticationExtensionsClientOutputs clientExtensionResults) {
 		this.id = id;
@@ -77,7 +77,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 	 * specifies the credential type represented by this object.
 	 * @return the credential type
 	 */
-	public PublicKeyCredentialType getType() {
+	public @Nullable PublicKeyCredentialType getType() {
 		return this.type;
 	}
 
@@ -228,7 +228,6 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 		 */
 		public PublicKeyCredential<R> build() {
 			Assert.notNull(this.id, "id cannot be null");
-			Assert.notNull(this.type, "type cannot be null");
 			Assert.notNull(this.rawId, "rawId cannot be null");
 			Assert.notNull(this.response, "response cannot be null");
 			return new PublicKeyCredential(this.id, this.type, this.rawId, this.response, this.authenticatorAttachment,