mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-22 03:52:15 +00:00
Merge branch '6.4.x'
This commit is contained in:
Josh Cummings
commit
e42865b926
@ -50,6 +50,7 @@ import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apereo.cas.client.validation.AssertionImpl;
|
||||
import org.instancio.Instancio;
|
||||
import org.instancio.InstancioApi;
|
||||
import org.instancio.InstancioOfClassApi;
|
||||
import org.instancio.Select;
|
||||
import org.instancio.generator.Generator;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
@ -59,6 +60,7 @@ import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
|
||||
import org.springframework.core.ResolvableType;
|
||||
import org.springframework.core.type.filter.AssignableTypeFilter;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
@ -217,21 +219,31 @@ import org.springframework.security.web.savedrequest.SimpleSavedRequest;
|
||||
import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
|
||||
import org.springframework.security.web.session.HttpSessionCreatedEvent;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutputs;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticatorAttachment;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
|
||||
import org.springframework.security.web.webauthn.api.Bytes;
|
||||
import org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput;
|
||||
import org.springframework.security.web.webauthn.api.CredentialPropertiesOutput;
|
||||
import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput;
|
||||
import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs;
|
||||
import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs;
|
||||
import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredential;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
|
||||
import org.springframework.security.web.webauthn.api.TestAuthenticationAssertionResponses;
|
||||
import org.springframework.security.web.webauthn.api.TestBytes;
|
||||
import org.springframework.security.web.webauthn.api.TestPublicKeyCredential;
|
||||
import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialRequestOptions;
|
||||
import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity;
|
||||
import org.springframework.security.web.webauthn.api.UserVerificationRequirement;
|
||||
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication;
|
||||
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken;
|
||||
import org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@ -621,6 +633,27 @@ class SpringSecurityCoreVersionSerializableTests {
|
||||
.allowCredentials(List.of(descriptor))
|
||||
.build()
|
||||
);
|
||||
|
||||
CredentialPropertiesOutput credentialOutput = new CredentialPropertiesOutput(false);
|
||||
AuthenticationExtensionsClientOutputs outputs = new ImmutableAuthenticationExtensionsClientOutputs(credentialOutput);
|
||||
AuthenticatorAssertionResponse response = TestAuthenticationAssertionResponses.createAuthenticatorAssertionResponse()
|
||||
.build();
|
||||
PublicKeyCredential<AuthenticatorAssertionResponse> credential = TestPublicKeyCredential.createPublicKeyCredential(
|
||||
response, outputs)
|
||||
.build();
|
||||
RelyingPartyAuthenticationRequest authRequest = new RelyingPartyAuthenticationRequest(
|
||||
TestPublicKeyCredentialRequestOptions.create().build(),
|
||||
credential
|
||||
);
|
||||
WebAuthnAuthenticationRequestToken requestToken = new WebAuthnAuthenticationRequestToken(authRequest);
|
||||
requestToken.setDetails(details);
|
||||
generatorByClassName.put(CredentialPropertiesOutput.class, (o) -> credentialOutput);
|
||||
generatorByClassName.put(ImmutableAuthenticationExtensionsClientOutputs.class, (o) -> outputs);
|
||||
generatorByClassName.put(AuthenticatorAssertionResponse.class, (r) -> response);
|
||||
generatorByClassName.put(RelyingPartyAuthenticationRequest.class, (r) -> authRequest);
|
||||
generatorByClassName.put(PublicKeyCredential.class, (r) -> credential);
|
||||
generatorByClassName.put(WebAuthnAuthenticationRequestToken.class, (r) -> requestToken);
|
||||
generatorByClassName.put(AuthenticatorAttachment.class, (r) -> AuthenticatorAttachment.PLATFORM);
|
||||
// @formatter:on
|
||||
generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class,
|
||||
(r) -> TestPublicKeyCredentialUserEntity.userEntity().id(TestBytes.get()).build());
|
||||
@ -784,7 +817,11 @@ class SpringSecurityCoreVersionSerializableTests {
|
||||
}
|
||||
|
||||
private static InstancioApi<?> instancioWithDefaults(Class<?> clazz) {
|
||||
InstancioApi<?> instancio = Instancio.of(clazz);
|
||||
InstancioOfClassApi<?> instancio = Instancio.of(clazz);
|
||||
ResolvableType[] generics = ResolvableType.forClass(clazz).getGenerics();
|
||||
for (ResolvableType type : generics) {
|
||||
instancio.withTypeParameters(type.resolve());
|
||||
}
|
||||
if (generatorByClassName.containsKey(clazz)) {
|
||||
instancio.supply(Select.all(clazz), generatorByClassName.get(clazz));
|
||||
}
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,8 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* A <a href="https://www.w3.org/TR/webauthn-3/#client-extension-output">client extension
|
||||
* output</a> entry in {@link AuthenticationExtensionsClientOutputs}.
|
||||
@ -24,7 +26,7 @@ package org.springframework.security.web.webauthn.api;
|
||||
* @see AuthenticationExtensionsClientOutputs#getOutputs()
|
||||
* @see CredentialPropertiesOutput
|
||||
*/
|
||||
public interface AuthenticationExtensionsClientOutput<T> {
|
||||
public interface AuthenticationExtensionsClientOutput<T> extends Serializable {
|
||||
|
||||
/**
|
||||
* Gets the <a href="https://www.w3.org/TR/webauthn-3/#extension-identifier">extension
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,7 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@ -31,7 +32,7 @@ import java.util.List;
|
||||
* @since 6.4
|
||||
* @see PublicKeyCredential#getClientExtensionResults()
|
||||
*/
|
||||
public interface AuthenticationExtensionsClientOutputs {
|
||||
public interface AuthenticationExtensionsClientOutputs extends Serializable {
|
||||
|
||||
/**
|
||||
* Gets all of the {@link AuthenticationExtensionsClientOutput}.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,8 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
/**
|
||||
* The <a href=
|
||||
* "https://www.w3.org/TR/webauthn-3/#authenticatorassertionresponse">AuthenticatorAssertionResponse</a>
|
||||
@ -38,6 +40,9 @@ package org.springframework.security.web.webauthn.api;
|
||||
*/
|
||||
public final class AuthenticatorAssertionResponse extends AuthenticatorResponse {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 324976481675434298L;
|
||||
|
||||
private final Bytes authenticatorData;
|
||||
|
||||
private final Bytes signature;
|
||||
|
||||
@ -16,6 +16,10 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.ObjectStreamException;
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* The <a href=
|
||||
* "https://www.w3.org/TR/webauthn-3/#enumdef-authenticatorattachment">AuthenticatorAttachment</a>.
|
||||
@ -23,7 +27,10 @@ package org.springframework.security.web.webauthn.api;
|
||||
* @author Rob Winch
|
||||
* @since 6.4
|
||||
*/
|
||||
public final class AuthenticatorAttachment {
|
||||
public final class AuthenticatorAttachment implements Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 8446133215195918090L;
|
||||
|
||||
/**
|
||||
* Indicates <a href=
|
||||
@ -85,4 +92,9 @@ public final class AuthenticatorAttachment {
|
||||
return new AuthenticatorAttachment[] { CROSS_PLATFORM, PLATFORM };
|
||||
}
|
||||
|
||||
@Serial
|
||||
private Object readResolve() throws ObjectStreamException {
|
||||
return valueOf(this.value);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,8 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* The <a href=
|
||||
* "https://www.w3.org/TR/webauthn-3/#iface-authenticatorresponse">AuthenticatorResponse</a>
|
||||
@ -26,7 +28,7 @@ package org.springframework.security.web.webauthn.api;
|
||||
* @author Rob Winch
|
||||
* @since 6.4
|
||||
*/
|
||||
public abstract class AuthenticatorResponse {
|
||||
public abstract class AuthenticatorResponse implements Serializable {
|
||||
|
||||
private final Bytes clientDataJSON;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,9 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* <a href=
|
||||
* "https://www.w3.org/TR/webauthn-3/#dictdef-credentialpropertiesoutput">CredentialPropertiesOutput</a>
|
||||
@ -27,6 +30,9 @@ package org.springframework.security.web.webauthn.api;
|
||||
public class CredentialPropertiesOutput
|
||||
implements AuthenticationExtensionsClientOutput<CredentialPropertiesOutput.ExtensionOutput> {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -3201699313968303331L;
|
||||
|
||||
/**
|
||||
* The extension id.
|
||||
*/
|
||||
@ -59,7 +65,10 @@ public class CredentialPropertiesOutput
|
||||
* @since 6.4
|
||||
* @see #getOutput()
|
||||
*/
|
||||
public static final class ExtensionOutput {
|
||||
public static final class ExtensionOutput implements Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 4557406414847424019L;
|
||||
|
||||
private final boolean rk;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,7 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
@ -26,6 +27,9 @@ import java.util.List;
|
||||
*/
|
||||
public class ImmutableAuthenticationExtensionsClientOutputs implements AuthenticationExtensionsClientOutputs {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4656390173585180393L;
|
||||
|
||||
private final List<AuthenticationExtensionsClientOutput<?>> outputs;
|
||||
|
||||
public ImmutableAuthenticationExtensionsClientOutputs(List<AuthenticationExtensionsClientOutput<?>> outputs) {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,9 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* <a href="https://www.w3.org/TR/webauthn-3/#iface-pkcredential">PublicKeyCredential</a>
|
||||
* contains the attributes that are returned to the caller when a new credential is
|
||||
@ -24,7 +27,10 @@ package org.springframework.security.web.webauthn.api;
|
||||
* @author Rob Winch
|
||||
* @since 6.4
|
||||
*/
|
||||
public final class PublicKeyCredential<R extends AuthenticatorResponse> {
|
||||
public final class PublicKeyCredential<R extends AuthenticatorResponse> implements Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -1864035469276082606L;
|
||||
|
||||
private final String id;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,8 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.authentication;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest;
|
||||
@ -30,6 +32,9 @@ import org.springframework.util.Assert;
|
||||
*/
|
||||
public class WebAuthnAuthenticationRequestToken extends AbstractAuthenticationToken {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -1682693433877522403L;
|
||||
|
||||
private final RelyingPartyAuthenticationRequest webAuthnRequest;
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,6 +16,9 @@
|
||||
|
||||
package org.springframework.security.web.webauthn.management;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
|
||||
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredential;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions;
|
||||
@ -29,7 +32,10 @@ import org.springframework.util.Assert;
|
||||
* @since 6.4
|
||||
* @see WebAuthnRelyingPartyOperations#authenticate(RelyingPartyAuthenticationRequest)
|
||||
*/
|
||||
public class RelyingPartyAuthenticationRequest {
|
||||
public class RelyingPartyAuthenticationRequest implements Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -928083091875202086L;
|
||||
|
||||
private final PublicKeyCredentialRequestOptions requestOptions;
|
||||
|
||||
|
||||
@ -0,0 +1,37 @@
|
||||
/*
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.webauthn.api;
|
||||
|
||||
/**
|
||||
* @author Max Batischev
|
||||
*/
|
||||
public final class TestAuthenticationAssertionResponses {
|
||||
|
||||
public static AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder createAuthenticatorAssertionResponse() {
|
||||
return AuthenticatorAssertionResponse.builder()
|
||||
.authenticatorData(Bytes.fromBase64("SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MdAAAAAA"))
|
||||
.clientDataJSON(Bytes.fromBase64(
|
||||
"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiaDB2Z3dHUWpvQ3pBekRVc216UHBrLUpWSUpSUmduMEw0S1ZTWU5SY0VaYyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"))
|
||||
.signature(Bytes.fromBase64(
|
||||
"MEUCIAdfzPAn3voyXynwa0IXk1S0envMY5KP3NEe9aj4B2BuAiEAm_KJhQoWXdvfhbzwACU3NM4ltQe7_Il46qFUwtpuTdg"))
|
||||
.userHandle(Bytes.fromBase64("oWJtkJ6vJ_m5b84LB4_K7QKTCTEwLIjCh4tFMCGHO4w"));
|
||||
}
|
||||
|
||||
private TestAuthenticationAssertionResponses() {
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -38,6 +38,17 @@ public final class TestPublicKeyCredential {
|
||||
.clientExtensionResults(clientExtensionResults);
|
||||
}
|
||||
|
||||
public static <R extends AuthenticatorResponse> PublicKeyCredential.PublicKeyCredentialBuilder<R> createPublicKeyCredential(
|
||||
R response, AuthenticationExtensionsClientOutputs outputs) {
|
||||
return PublicKeyCredential.builder()
|
||||
.id("AX6nVVERrH6opMafUGn3Z9EyNEy6cftfBKV_2YxYl1jdW8CSJxMKGXFV3bnrKTiMSJeInkG7C6B2lPt8E5i3KaM")
|
||||
.rawId(Bytes
|
||||
.fromBase64("AX6nVVERrH6opMafUGn3Z9EyNEy6cftfBKV_2YxYl1jdW8CSJxMKGXFV3bnrKTiMSJeInkG7C6B2lPt8E5i3KaM"))
|
||||
.response(response)
|
||||
.type(PublicKeyCredentialType.PUBLIC_KEY)
|
||||
.clientExtensionResults(outputs);
|
||||
}
|
||||
|
||||
private TestPublicKeyCredential() {
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user