Merge PR #168

Yubico · Jan 30, 2025 · f1d2dbc · f1d2dbc
2 parents a35cd4b + 6183499
commit f1d2dbc
Show file tree

Hide file tree

Showing 10 changed files with 42 additions and 14 deletions.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,22 @@
+* Version 2.8.0 (released 2025-01-30)
+ ** new
+  - updated targetSdk to 35
+  - added experimental desktop platforms support
+ ** fido module:
+  - added updateUserInformation subcommand in credential management
+  - added extensible support for FIDO extensions
+  - added processing of defined FIDO extensions:
+    - credBlob
+    - credProps
+    - credProtect
+    - hmac-secret / prf
+    - largeBlob
+    - minPinLength
+ ** general:
+  - integrated spotless plugin for java source code formatting
+  - improved integration tests to run on older YubiKeys
+  - improved javadoc
+  - updated build dependencies and libraries
 * Version 2.7.0 (released 2024-08-30)
  ** new
   - support for communication over SCP03 and SCP11 protocols

diff --git a/build.gradle b/build.gradle
@@ -35,7 +35,7 @@ allprojects {
 }
 
 subprojects {
-    version = '2.7.1-SNAPSHOT'
+    version = '2.8.1-SNAPSHOT'
     ext.pomName = "Yubico YubiKit ${project.name.capitalize()}"
 
 

diff --git a/...android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivBioMultiProtocolTests.java b/...android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivBioMultiProtocolTests.java
@@ -16,12 +16,15 @@
 
 package com.yubico.yubikit.testing.piv;
 
+import com.yubico.yubikit.testing.AlwaysManualTest;
 import com.yubico.yubikit.testing.framework.PivInstrumentedTests;
 import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 public class PivBioMultiProtocolTests extends PivInstrumentedTests {
 
   @Test
+  @Category(AlwaysManualTest.class)
   public void testAuthenticate() throws Throwable {
     withPivSession(PivBioMultiProtocolDeviceTests::testAuthenticate);
   }

diff --git a/testing-android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivTests.java b/testing-android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivTests.java
@@ -30,7 +30,8 @@
   PivTests.NoScpTests.class,
   PivTests.Scp11bTests.class,
   PivJcaProviderTests.NoScpTests.class,
-  PivJcaProviderTests.Scp11bTests.class
+  PivJcaProviderTests.Scp11bTests.class,
+  PivBioMultiProtocolTests.class
 })
 public class PivTests {
   public static class NoScpTests extends PivInstrumentedTests {

diff --git a/...integrationTest/java/com/yubico/yubikit/testing/desktop/piv/PivBioMultiProtocolTests.java b/...integrationTest/java/com/yubico/yubikit/testing/desktop/piv/PivBioMultiProtocolTests.java
@@ -15,13 +15,16 @@
  */
 package com.yubico.yubikit.testing.desktop.piv;
 
+import com.yubico.yubikit.testing.desktop.AlwaysManualTest;
 import com.yubico.yubikit.testing.desktop.framework.PivInstrumentedTests;
 import com.yubico.yubikit.testing.piv.PivBioMultiProtocolDeviceTests;
 import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 public class PivBioMultiProtocolTests extends PivInstrumentedTests {
 
   @Test
+  @Category(AlwaysManualTest.class)
   public void testAuthenticate() throws Throwable {
     withPivSession(PivBioMultiProtocolDeviceTests::testAuthenticate);
   }

diff --git a/...ing-desktop/src/integrationTest/java/com/yubico/yubikit/testing/desktop/piv/PivTests.java b/...ing-desktop/src/integrationTest/java/com/yubico/yubikit/testing/desktop/piv/PivTests.java
@@ -32,7 +32,8 @@
   PivTests.NoScpTests.class,
   PivTests.Scp11bTests.class,
   PivJcaProviderTests.NoScpTests.class,
-  PivJcaProviderTests.Scp11bTests.class
+  PivJcaProviderTests.Scp11bTests.class,
+  PivBioMultiProtocolTests.class
 })
 public class PivTests {
   public static class NoScpTests extends PivInstrumentedTests {

diff --git a/testing/src/main/java/com/yubico/yubikit/testing/TestState.java b/testing/src/main/java/com/yubico/yubikit/testing/TestState.java
@@ -72,16 +72,13 @@ protected TestState(Builder<?> builder) {
     this.currentDevice = builder.device;
     this.usbPid = builder.usbPid;
     this.scpKid = builder.scpKid;
-    this.scpParameters = new ScpParameters(builder.device, this.scpKid);
-    this.reconnectDeviceCallback = builder.reconnectDeviceCallback;
-    this.isUsbTransport = builder.device.getTransport() == Transport.USB;
-
-    setupJca();
-  }
 
-  private void setupJca() {
     Security.removeProvider("BC");
     Security.insertProviderAt(new BouncyCastleProvider(), 1);
+
+    this.scpParameters = new ScpParameters(builder.device, this.scpKid);
+    this.reconnectDeviceCallback = builder.reconnectDeviceCallback;
+    this.isUsbTransport = builder.device.getTransport() == Transport.USB;
   }
 
   public boolean isUsbTransport() {

diff --git a/testing/src/main/java/com/yubico/yubikit/testing/openpgp/OpenPgpDeviceTests.java b/testing/src/main/java/com/yubico/yubikit/testing/openpgp/OpenPgpDeviceTests.java
@@ -83,6 +83,7 @@ private static int[] getSupportedRsaKeySizes(OpenPgpSession openpgp) {
 
   public static void testGenerateRequiresAdmin(OpenPgpSession openpgp, OpenPgpTestState state)
       throws Exception {
+    Assume.assumeTrue("Device FW not at least 5.2.0.", openpgp.getVersion().isAtLeast(5, 2, 0));
 
     try {
       openpgp.generateEcKey(KeyRef.DEC, OpenPgpCurve.BrainpoolP256R1);
@@ -537,6 +538,7 @@ public static void testUnverifyPin(OpenPgpSession openpgp, OpenPgpTestState stat
 
   public static void testDeleteKey(OpenPgpSession openpgp, OpenPgpTestState state)
       throws Exception {
+    Assume.assumeTrue("Device FW not at least 4.0.0.", openpgp.getVersion().isAtLeast(4, 0, 0));
     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
     kpg.initialize(2048);
     KeyPair pair = kpg.generateKeyPair();
@@ -559,6 +561,7 @@ public static void testDeleteKey(OpenPgpSession openpgp, OpenPgpTestState state)
 
   public static void testCertificateManagement(OpenPgpSession openpgp, OpenPgpTestState state)
       throws Exception {
+    Assume.assumeTrue("Device FW not at least 5.2.0.", openpgp.getVersion().isAtLeast(5, 2, 0));
     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
     kpg.initialize(2048);
     KeyPair pair = kpg.generateKeyPair();

diff --git a/testing/src/main/java/com/yubico/yubikit/testing/piv/PivJcaSigningTests.java b/testing/src/main/java/com/yubico/yubikit/testing/piv/PivJcaSigningTests.java
@@ -17,6 +17,7 @@
 package com.yubico.yubikit.testing.piv;
 
 import static com.yubico.yubikit.piv.PivSession.FEATURE_CV25519;
+import static com.yubico.yubikit.piv.PivSession.FEATURE_P384;
 import static com.yubico.yubikit.piv.PivSession.FEATURE_RSA3072_RSA4096;
 import static com.yubico.yubikit.testing.piv.PivJcaUtils.setupJca;
 import static com.yubico.yubikit.testing.piv.PivJcaUtils.tearDownJca;
@@ -87,6 +88,10 @@ public static void testSign(PivSession piv, PivTestState state, KeyType keyType)
       return;
     }
 
+    if (!piv.supports(FEATURE_P384) && keyType == KeyType.ECCP384) {
+      return;
+    }
+
     if (state.isInvalidKeyType(keyType)) {
       return;
     }

diff --git a/testing/src/main/java/com/yubico/yubikit/testing/piv/PivTestState.java b/testing/src/main/java/com/yubico/yubikit/testing/piv/PivTestState.java
@@ -18,7 +18,6 @@
 
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeFalse;
 import static org.junit.Assume.assumeTrue;
 
 import com.yubico.yubikit.core.UsbPid;
@@ -88,9 +87,6 @@ protected PivTestState(Builder builder) throws Throwable {
 
     DeviceInfo deviceInfo = getDeviceInfo();
 
-    // skip MPE devices
-    assumeFalse("Ignoring MPE device", isMpe(deviceInfo));
-
     boolean isPivFipsCapable = isFipsCapable(deviceInfo, Capability.PIV);
     boolean hasPinComplexity = deviceInfo != null && deviceInfo.getPinComplexity();