webauthn registerCredential returns transports

The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
This commit is contained in:
Rob Winch
2024-12-04 15:21:49 -06:00
parent cc2506b0c1
commit 9c3b11914d
2 changed files with 57 additions and 1 deletions

View File

@@ -45,6 +45,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse;
import org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder;
import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
import org.springframework.security.web.webauthn.api.Bytes;
import org.springframework.security.web.webauthn.api.CredentialRecord;
import org.springframework.security.web.webauthn.api.PublicKeyCredential;
@@ -224,6 +225,47 @@ class Webauthn4jRelyingPartyOperationsTests {
assertThatIllegalArgumentException().isThrownBy(() -> this.rpOperations.registerCredential(null));
}
@Test
void registerCredentialWhenDefaultTransportsThenSuccess() {
PublicKeyCredentialCreationOptions creationOptions = TestPublicKeyCredentialCreationOptions
.createPublicKeyCredentialCreationOptions()
.build();
PublicKeyCredential<AuthenticatorAttestationResponse> publicKeyCredential = TestPublicKeyCredential
.createPublicKeyCredential()
.build();
RelyingPartyPublicKey rpPublicKey = new RelyingPartyPublicKey(publicKeyCredential, this.label);
ImmutableRelyingPartyRegistrationRequest rpRegistrationRequest = new ImmutableRelyingPartyRegistrationRequest(
creationOptions, rpPublicKey);
CredentialRecord credentialRecord = this.rpOperations.registerCredential(rpRegistrationRequest);
assertThat(credentialRecord).isNotNull();
assertThat(credentialRecord.getCredentialId()).isNotNull();
assertThat(credentialRecord.getTransports()).containsExactlyInAnyOrder(AuthenticatorTransport.INTERNAL,
AuthenticatorTransport.HYBRID);
}
@Test
void registerCredentialWhenInternalTransportThenCredentialRecordHasTransport() {
PublicKeyCredentialCreationOptions creationOptions = TestPublicKeyCredentialCreationOptions
.createPublicKeyCredentialCreationOptions()
.build();
AuthenticatorAttestationResponse response = TestAuthenticatorAttestationResponse
.createAuthenticatorAttestationResponse()
.transports(AuthenticatorTransport.INTERNAL)
.build();
PublicKeyCredential<AuthenticatorAttestationResponse> publicKeyCredential = TestPublicKeyCredential
.createPublicKeyCredential()
.response(response)
.build();
RelyingPartyPublicKey rpPublicKey = new RelyingPartyPublicKey(publicKeyCredential, this.label);
ImmutableRelyingPartyRegistrationRequest rpRegistrationRequest = new ImmutableRelyingPartyRegistrationRequest(
creationOptions, rpPublicKey);
CredentialRecord credentialRecord = this.rpOperations.registerCredential(rpRegistrationRequest);
assertThat(credentialRecord).isNotNull();
assertThat(credentialRecord.getTransports()).containsExactlyInAnyOrder(AuthenticatorTransport.INTERNAL);
}
@Test
void registerCredentialWhenExistsThenException() {
PublicKeyCredentialCreationOptions creationOptions = TestPublicKeyCredentialCreationOptions