Release 0.3.0

- Major API overhaul; public API changes include but are not limited to:
  - Reorganised package structure
  - `CredentialRepository.getCredentialIdsForUsername(String)` now
    returns `Set` instead of `List`
  - Most data classes now expose a builder instead of a public constructor
  - Shortcut constants added to `COSEAlgorithmIdentifier` and
    `PublicKeyCredentialParameters`
  - Exception `U2fBadConfigurationException` renamed to
    `BadConfigurationException`
  - `RelyingParty.startRegistration` now accepts one
    `StartRegistrationOptions` parameter instead of several parameters
  - `RelyingParty.finishRegistration` now accepts one
    `FinishRegistrationOptions` parameter instead of several parameters
  - `RelyingParty.startAssertion` now accepts one
    `StartAssertionOptions` parameter instead of several parameters
  - `RelyingParty.finishAssertion` now accepts one
    `FinishAssertionOptions` parameter instead of several parameters
  - `RelyingParty.finishRegistration` now throws checked
    `RegistrationFailedException` instead of `IllegalArgumentException`
    on most failures
  - `RelyingParty.finishAssertion` now throws checked
    `AssertionFailedException` instead of `IllegalArgumentException` on
    most failures
  - Class `MetadataResolver` replaced with interface
  - Constructor `CollectedClientData(JsonNode)` deleted
  - Type of fields `StartAssertionOptions.extensions`,
    `StartRegistrationOptions.extensions` and
    `PublicKeyCredential.clientExtensionOutputs` narrowed from
    `JsonNode` to `ObjectNode`
  - Parameters `StartRegistrationOptions.excludeCredentials` and
    `StartAssertionOptions.allowCredentials` deleted; they are now
    discovered automatically from the `CredentialRepository`. If custom
    control over `excludeCredentials` or `allowCredentials` is needed,
    modify the `PublicKeyCredentialCreationOptions` or
    `PublicKeyCredentialRequestOptions` object manually.
  - `COSEAlgorithmIdentifier` is now an actual enum
  - Extensions are now passed and returned as domain objects instead of
    as Jackson types
  - Type parameter added to `PublicKeyCredential` to express extensions
    type
  - Fields `CollectedClientData.authenticatorExtensions` and
    `.clientExtensions` deleted
- Fixed a bug in `AuthenticatorDataFlags` that caused the `ED` (0x80)
  flag to never be set
- All classes in `com.yubico.webauthn.data` can now be serialized and
  deserialized using Jackson
  - JSON output has been slightly changed:
    - `AttestationObject`, `AuthenticatorData` and `CollectedClientData`
      now serialize back to Base64Url encoded bytes instead of to JSON
      objects
    - Member `_attestationObject` removed from serialized
      `AuthenticatorAttestationResponse`
    - Member `authenticatorData` removed from serialized
      `AuthenticatorAttestationResponse`
- New methods `ByteArray.size(): int` and `.isEmpty(): boolean`
- `ByteArray` is now `Comparable` to itself
- Added support for `appid` extension

Author: emlun

NEWS

@@ -1,3 +1,62 @@
+== Version 0.3.0 ==
+
+* Major API overhaul; public API changes include but are not limited to:
+ ** Reorganised package structure
+ ** `CredentialRepository.getCredentialIdsForUsername(String)` now returns `Set`
+    instead of `List`
+ ** Most data classes now expose a builder instead of a public constructor
+ ** Shortcut constants added to `COSEAlgorithmIdentifier` and
+    `PublicKeyCredentialParameters`
+ ** Exception `U2fBadConfigurationException` renamed to
+    `BadConfigurationException`
+ ** `RelyingParty.startRegistration` now accepts one `StartRegistrationOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishRegistration` now accepts one
+    `FinishRegistrationOptions` parameter instead of several parameters
+ ** `RelyingParty.startAssertion` now accepts one `StartAssertionOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishAssertion` now accepts one `FinishAssertionOptions`
+    parameter instead of several parameters
+ ** `RelyingParty.finishRegistration` now throws checked
+    `RegistrationFailedException` instead of `IllegalArgumentException` on most
+    failures
+ ** `RelyingParty.finishAssertion` now throws checked
+    `AssertionFailedException` instead of `IllegalArgumentException` on most
+    failures
+ ** Class `MetadataResolver` replaced with interface
+ ** Constructor `CollectedClientData(JsonNode)` deleted
+ ** Type of fields `StartAssertionOptions.extensions`,
+    `StartRegistrationOptions.extensions` and
+    `PublicKeyCredential.clientExtensionOutputs` narrowed from `JsonNode` to
+    `ObjectNode`
+ ** Parameters `StartRegistrationOptions.excludeCredentials` and
+    `StartAssertionOptions.allowCredentials` deleted; they are now discovered
+    automatically from the `CredentialRepository`. If custom control over
+    `excludeCredentials` or `allowCredentials` is needed, modify the
+    `PublicKeyCredentialCreationOptions` or `PublicKeyCredentialRequestOptions`
+    object manually.
+ ** `COSEAlgorithmIdentifier` is now an actual enum
+ ** Extensions are now passed and returned as domain objects instead of as Jackson
+    types
+ ** Type parameter added to `PublicKeyCredential` to express extensions type
+ ** Fields `CollectedClientData.authenticatorExtensions` and `.clientExtensions`
+    deleted
+* Fixed a bug in `AuthenticatorDataFlags` that caused the `ED` (0x80) flag to
+  never be set
+* All classes in `com.yubico.webauthn.data` can now be serialized and
+  deserialized using Jackson
+ ** JSON output has been slightly changed:
+  *** `AttestationObject`, `AuthenticatorData` and `CollectedClientData` now serialize back to
+    Base64Url encoded bytes instead of to JSON objects
+  *** Member `_attestationObject` removed from serialized
+      `AuthenticatorAttestationResponse`
+  *** Member `authenticatorData` removed from serialized
+      `AuthenticatorAttestationResponse`
+* New methods `ByteArray.size(): int` and `.isEmpty(): boolean`
+* `ByteArray` is now `Comparable` to itself
+* Added support for `appid` extension
+
+
 == Version 0.2.0 ==
 
 * Core library now recognises username as an internally relevant concept

build.gradle

@@ -73,8 +73,6 @@ allprojects  {
 evaluationDependsOnChildren()
 
 subprojects {
-  apply plugin: 'info.solidsoft.pitest'
-
   task packageSources(type: Jar) {
     classifier = 'sources'
     from sourceSets.main.allSource
@@ -148,21 +146,6 @@ subprojects {
       }
     }
   }
-
-  pitest {
-    pitestVersion = '1.4.2'
-
-    timestampedReports = false
-    outputFormats = ['XML', 'HTML']
-
-    avoidCallsTo = [
-      'java.util.logging',
-      'org.apache.log4j',
-      'org.slf4j',
-      'org.apache.commons.logging',
-      'com.google.common.io.Closeables',
-    ]
-  }
 }
 
 task pitestMerge(type: com.yubico.gradle.pitest.tasks.PitestMergeTask)

settings.gradle

@@ -1,3 +1,6 @@
 rootProject.name = 'webauthn-server-parent'
+include ':webauthn-server-attestation'
 include ':webauthn-server-core'
 include ':webauthn-server-demo'
+include ':yubico-util'
+include ':yubico-util-scala'

webauthn-server-attestation/build.gradle

@@ -0,0 +1,30 @@
+description = 'Yubico WebAuthn attestation subsystem'
+
+apply plugin: 'java'
+
+dependencies {
+
+  compile(
+    project(':webauthn-server-core'),
+    'org.bouncycastle:bcpkix-jdk15on:1.54',
+    'com.google.guava:guava:19.0',
+  )
+
+  testCompile(
+    'org.mockito:mockito-core:2.10.0',
+  )
+
+}
+
+
+jar {
+  manifest {
+    attributes([
+      'Implementation-Id': 'java-webauthn-server-attestation',
+      'Implementation-Title': project.description,
+      'Implementation-Version': project.version,
+      'Implementation-Vendor': 'Yubico',
+    ])
+  }
+}
+

webauthn-server-core/src/main/java/com/yubico/u2f/attestation/DeviceMatcher.java renamed to webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/DeviceMatcher.java

@@ -1,6 +1,6 @@
 /* Copyright 2015 Yubico */
 
-package com.yubico.u2f.attestation;
+package com.yubico.webauthn.attestation;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import java.security.cert.X509Certificate;

webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java

@@ -0,0 +1,10 @@
+/* Copyright 2015 Yubico */
+
+package com.yubico.webauthn.attestation;
+
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+
+public interface MetadataResolver {
+    Optional<MetadataObject> resolve(X509Certificate attestationCertificate);
+}