Expose credential public key as a PublicKey object #299
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks, I finally have time to properly dig into these. I'll make some small modifications but this looks good to me! Would you like to be credited in the release notes? If yes, would you prefer by real name or by GitHub username? |
|
Sure, I'd appreciate that if you think it appropriate. I'll have to check with my employer about details; I'll get back to you on that. |
emlun
approved these changes
Jun 27, 2023
|
We'd prefer attribution to take the form |
emlun
added a commit
that referenced
this pull request
Jan 30, 2025
`webauthn-server-core`:
New features:
- Added method `getParsedPublicKey(): java.security.PublicKey` to
`RegistrationResult` and `RegisteredCredential`.
- Thanks to Jakob Heher (A-SIT) for the contribution, see
#299
- Added enum parsing functions:
- `AuthenticatorAttachment.fromValue(String): Optional<AuthenticatorAttachment>`
- `PublicKeyCredentialType.fromId(String): Optional<PublicKeyCredentialType>`
- `ResidentKeyRequirement.fromValue(String): Optional<ResidentKeyRequirement>`
- `TokenBindingStatus.fromValue(String): Optional<TokenBindingStatus>`
- `UserVerificationRequirement.fromValue(String): Optional<UserVerificationRequirement>`
- Added public builder to `CredentialPropertiesOutput`.
- Added public factory function
`LargeBlobRegistrationOutput.supported(boolean)`.
- Added public factory functions to `LargeBlobAuthenticationOutput`.
- Added `hints` property to `StartRegistrationOptions`, `StartAssertionOptions`,
`PublicKeyCredentialCreationOptions` and `PublicKeyCredentialRequestOptions`,
and class `PublicKeyCredentialHint` to support them, to support the `hints`
parameter introduced in WebAuthn L3:
https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints
- (Experimental) Added option `isSecurePaymentConfirmation(boolean)` to
`FinishAssertionOptions`. When set, `RelyingParty.finishAssertion()` will
adapt the validation logic for a Secure Payment Confirmation (SPC) response
instead of an ordinary WebAuthn response. See the JavaDoc for details.
- NOTE: Experimental features may receive breaking changes without a major
version increase.
`webauthn-server-attestation`:
New features:
- `FidoMetadataDownloader` now parses the CRLDistributionPoints extension on the
application level, so the `com.sun.security.enableCRLDP=true` system property
setting is no longer necessary.
- Added helper function `CertificateUtil.parseFidoSernumExtension` for parsing
serial number from enterprise attestation certificates.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed in #288; this allows consumers to handle the credential's public key without needing specific CBOR/COSE logic.
I considered
@Getter(lazy=true)-based caching, but ended up deciding against it for three reasons: