Merge pull request #1444 from webauthn4j/update-webauthn4j-to-0.25.0

chore(deps): bump webauthn4jVersion from 0.24.1.RELEASE to 0.25.0.RELEASE

build.gradle

@@ -25,7 +25,7 @@ buildscript {
         httpBuilderVersion = '0.7.2'
 
         //Libraries
-        webauthn4jVersion = '0.24.1.RELEASE'
+        webauthn4jVersion = '0.25.0.RELEASE'
         springSecurityVersion = '6.0.2'
         hibernateValidatorVersion = '8.0.1.Final'
         thymeleafVersion = '3.0.4.RELEASE'

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/config/WebSecurityBeanConfig.java

@@ -41,16 +41,16 @@
 import com.webauthn4j.springframework.security.webauthn.sample.app.security.ExampleExtensionClientInput;
 import com.webauthn4j.util.Base64Util;
 import com.webauthn4j.util.CertificateUtil;
-import com.webauthn4j.validator.attestation.statement.androidkey.AndroidKeyAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.androidsafetynet.AndroidSafetyNetAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.apple.AppleAnonymousAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.none.NoneAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.packed.PackedAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.tpm.TPMAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.statement.u2f.FIDOU2FAttestationStatementValidator;
-import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator;
-import com.webauthn4j.validator.attestation.trustworthiness.certpath.DefaultCertPathTrustworthinessValidator;
-import com.webauthn4j.validator.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessValidator;
+import com.webauthn4j.verifier.attestation.statement.androidkey.AndroidKeyAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.androidsafetynet.AndroidSafetyNetAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.apple.AppleAnonymousAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.none.NoneAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.packed.PackedAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.tpm.TPMAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.statement.u2f.FIDOU2FAttestationStatementVerifier;
+import com.webauthn4j.verifier.attestation.trustworthiness.certpath.CertPathTrustworthinessVerifier;
+import com.webauthn4j.verifier.attestation.trustworthiness.certpath.DefaultCertPathTrustworthinessVerifier;
+import com.webauthn4j.verifier.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessVerifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.Resource;
@@ -124,21 +124,21 @@ public ServerPropertyProvider serverPropertyProvider(ChallengeRepository challen
 
     @Bean
     public WebAuthnManager webAuthnManager(
-            CertPathTrustworthinessValidator certPathTrustworthinessValidator,
+            CertPathTrustworthinessVerifier certPathTrustworthinessVerifier,
             ObjectConverter objectConverter
     ) {
         return new WebAuthnManager(
                 Arrays.asList(
-                        new PackedAttestationStatementValidator(),
-                        new FIDOU2FAttestationStatementValidator(),
-                        new AndroidKeyAttestationStatementValidator(),
-                        new AndroidSafetyNetAttestationStatementValidator(),
-                        new TPMAttestationStatementValidator(),
-                        new AppleAnonymousAttestationStatementValidator(),
-                        new NoneAttestationStatementValidator()
+                        new PackedAttestationStatementVerifier(),
+                        new FIDOU2FAttestationStatementVerifier(),
+                        new AndroidKeyAttestationStatementVerifier(),
+                        new AndroidSafetyNetAttestationStatementVerifier(),
+                        new TPMAttestationStatementVerifier(),
+                        new AppleAnonymousAttestationStatementVerifier(),
+                        new NoneAttestationStatementVerifier()
                 ),
-                certPathTrustworthinessValidator,
-                new DefaultSelfAttestationTrustworthinessValidator(),
+                certPathTrustworthinessVerifier,
+                new DefaultSelfAttestationTrustworthinessVerifier(),
                 objectConverter
         );
     }
@@ -182,12 +182,12 @@ MetadataBLOBBasedTrustAnchorRepository metadataBLOBBasedTrustAnchorRepository(Ob
     }
 
     @Bean
-    public DefaultCertPathTrustworthinessValidator defaultCertPathTrustworthinessValidator(
+    public DefaultCertPathTrustworthinessVerifier defaultCertPathTrustworthinessVerifier(
             MetadataStatementsBasedTrustAnchorRepository metadataStatementsBasedTrustAnchorRepository,
             MetadataBLOBBasedTrustAnchorRepository metadataBLOBBasedTrustAnchorRepository) {
-        DefaultCertPathTrustworthinessValidator defaultCertPathTrustworthinessValidator = new DefaultCertPathTrustworthinessValidator(new AggregatingTrustAnchorRepository(metadataStatementsBasedTrustAnchorRepository, metadataBLOBBasedTrustAnchorRepository));
-        defaultCertPathTrustworthinessValidator.setFullChainProhibited(true);
-        return defaultCertPathTrustworthinessValidator;
+        DefaultCertPathTrustworthinessVerifier defaultCertPathTrustworthinessVerifier = new DefaultCertPathTrustworthinessVerifier(new AggregatingTrustAnchorRepository(metadataStatementsBasedTrustAnchorRepository, metadataBLOBBasedTrustAnchorRepository));
+        defaultCertPathTrustworthinessVerifier.setFullChainProhibited(true);
+        return defaultCertPathTrustworthinessVerifier;
     }
 
     public X509Certificate mds3TestRootCertificate(){

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/security/ExampleExtensionAuthenticatorOutput.java

@@ -18,7 +18,7 @@
 
 import com.webauthn4j.data.extension.SingleValueExtensionOutputBase;
 import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput;
-import com.webauthn4j.validator.exception.ConstraintViolationException;
+import com.webauthn4j.verifier.exception.ConstraintViolationException;
 
 import java.io.Serializable;
 

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/security/ExampleExtensionClientInput.java

@@ -19,7 +19,7 @@
 import com.webauthn4j.data.extension.SingleValueExtensionInputBase;
 import com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput;
 import com.webauthn4j.data.extension.client.RegistrationExtensionClientInput;
-import com.webauthn4j.validator.exception.ConstraintViolationException;
+import com.webauthn4j.verifier.exception.ConstraintViolationException;
 
 import java.io.Serializable;
 

samples/spa/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/api/validator/AuthenticatorFormValidator.java

@@ -18,7 +18,7 @@
 
 import com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidator;
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.AuthenticatorForm;
-import com.webauthn4j.validator.exception.ValidationException;
+import com.webauthn4j.verifier.exception.VerificationException;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
 
@@ -56,7 +56,7 @@ public void validate(HttpServletRequest request, AuthenticatorForm form, Errors
                         form.getAttestationObject().getAttestationObjectBase64(),
                         form.getTransports(),
                         form.getClientExtensionsJSON());
-            } catch (ValidationException exception) {
+            } catch (VerificationException exception) {
                 errors.reject("e.AuthenticatorFormValidator.invalidAuthenticator", "AuthenticatorEntity is invalid.");
             }
 

samples/spa/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/api/validator/spring/ProfileCreateFormValidator.java

@@ -19,7 +19,7 @@
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.AuthenticatorForm;
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.ProfileCreateForm;
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.validator.AuthenticatorFormValidator;
-import com.webauthn4j.validator.exception.ValidationException;
+import com.webauthn4j.verifier.exception.VerificationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
@@ -59,7 +59,7 @@ public void validate(Object target, Errors errors) {
             for (AuthenticatorForm authenticator : form.getAuthenticators()) {
                 try {
                     authenticatorFormValidator.validate(request, authenticator, errors);
-                } catch (ValidationException exception) {
+                } catch (VerificationException exception) {
                     errors.rejectValue("authenticators", "e.ProfileCreateFormValidator.invalidAuthenticator", "AuthenticatorEntity is invalid.");
                 }
             }

samples/spa/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/api/validator/spring/ProfileUpdateFormValidator.java

@@ -19,7 +19,7 @@
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.AuthenticatorForm;
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.ProfileUpdateForm;
 import com.webauthn4j.springframework.security.webauthn.sample.app.api.validator.AuthenticatorFormValidator;
-import com.webauthn4j.validator.exception.ValidationException;
+import com.webauthn4j.verifier.exception.VerificationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
@@ -59,7 +59,7 @@ public void validate(Object target, Errors errors) {
             for (AuthenticatorForm authenticator : form.getAuthenticators()) {
                 try {
                     authenticatorFormValidator.validate(request, authenticator, errors);
-                } catch (ValidationException exception) {
+                } catch (VerificationException exception) {
                     errors.rejectValue("authenticators", "e.ProfileUpdateFormValidator.invalidAuthenticator", "AuthenticatorEntity is invalid.");
                 }
             }

samples/spa/src/main/java/com/webauthn4j/springframework/security/webauthn/sample/app/config/WebSecurityBeanConfig.java

@@ -101,7 +101,7 @@ public ServerPropertyProvider serverPropertyProvider(RpIdProvider rpIdProvider,
     public WebAuthnManager webAuthnManager(ObjectConverter objectConverter) {
 
         WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager(objectConverter);
-        webAuthnManager.getAuthenticationDataValidator().setCrossOriginAllowed(true);
+        webAuthnManager.getAuthenticationDataVerifier().setCrossOriginAllowed(true);
         return webAuthnManager;
     }
 

webauthn4j-spring-security-core/src/main/java/com/webauthn4j/springframework/security/WebAuthnAuthenticationProvider.java

@@ -142,7 +142,7 @@ void doAuthenticate(WebAuthnAssertionAuthenticationToken authenticationToken, We
         );
 
         try {
-            webAuthnManager.validate(authenticationRequest, authenticationParameters);
+            webAuthnManager.verify(authenticationRequest, authenticationParameters);
         } catch (WebAuthnException e) {
             throw ExceptionUtil.wrapWithAuthenticationException(e);
         }

webauthn4j-spring-security-core/src/main/java/com/webauthn4j/springframework/security/WebAuthnRegistrationRequestValidator.java

@@ -78,7 +78,7 @@ public WebAuthnRegistrationRequestValidationResponse validate(HttpServletRequest
                 createRegistrationParameters(httpServletRequest);
 
         try {
-            RegistrationData response = webAuthnManager.validate(webAuthnRegistrationRequest, webAuthnRegistrationParameters);
+            RegistrationData response = webAuthnManager.verify(webAuthnRegistrationRequest, webAuthnRegistrationParameters);
             return new WebAuthnRegistrationRequestValidationResponse(
                     response.getCollectedClientData(),
                     response.getAttestationObject(),

webauthn4j-spring-security-core/src/main/java/com/webauthn4j/springframework/security/util/internal/ExceptionUtil.java

@@ -38,51 +38,51 @@ private ExceptionUtil() {
     @SuppressWarnings("squid:S3776")
     public static RuntimeException wrapWithAuthenticationException(WebAuthnException e) {
         // ValidationExceptions
-        if (e instanceof com.webauthn4j.validator.exception.BadAaguidException) {
+        if (e instanceof com.webauthn4j.verifier.exception.BadAaguidException) {
             return new BadAaguidException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.BadAlgorithmException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadAlgorithmException) {
             return new BadAlgorithmException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.BadAttestationStatementException) {
-            if (e instanceof com.webauthn4j.validator.exception.KeyDescriptionValidationException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadAttestationStatementException) {
+            if (e instanceof com.webauthn4j.verifier.exception.KeyDescriptionValidationException) {
                 return new KeyDescriptionValidationException(e.getMessage(), e);
             } else {
                 return new BadAttestationStatementException(e.getMessage(), e);
             }
-        } else if (e instanceof com.webauthn4j.validator.exception.BadChallengeException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadChallengeException) {
             return new BadChallengeException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.BadOriginException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadOriginException) {
             return new BadOriginException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.BadRpIdException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadRpIdException) {
             return new BadRpIdException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.BadSignatureException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.BadSignatureException) {
             return new BadSignatureException(e.getMessage(), e);
         } else if (e instanceof com.webauthn4j.metadata.exception.BadStatusException) {
             return new BadStatusException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.CertificateException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.CertificateException) {
             return new CertificateException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.ConstraintViolationException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.ConstraintViolationException) {
             return new ConstraintViolationException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.MaliciousCounterValueException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.MaliciousCounterValueException) {
             return new MaliciousCounterValueException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.InconsistentClientDataTypeException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.InconsistentClientDataTypeException) {
             return new InconsistentClientDataTypeException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.MissingChallengeException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.MissingChallengeException) {
             return new MissingChallengeException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.PublicKeyMismatchException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.PublicKeyMismatchException) {
             return new PublicKeyMismatchException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.SelfAttestationProhibitedException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.SelfAttestationProhibitedException) {
             return new SelfAttestationProhibitedException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.TokenBindingException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.TokenBindingException) {
             return new TokenBindingException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.TrustAnchorNotFoundException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.TrustAnchorNotFoundException) {
             return new TrustAnchorNotFoundException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.UnexpectedExtensionException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.UnexpectedExtensionException) {
             return new UnexpectedExtensionException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.UserNotPresentException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.UserNotPresentException) {
             return new UserNotPresentException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.UserNotVerifiedException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.UserNotVerifiedException) {
             return new UserNotVerifiedException(e.getMessage(), e);
-        } else if (e instanceof com.webauthn4j.validator.exception.ValidationException) {
+        } else if (e instanceof com.webauthn4j.verifier.exception.VerificationException) {
             return new ValidationException("WebAuthn validation error", e);
         }
         // DataConversionException

webauthn4j-spring-security-core/src/test/java/com/webauthn4j/springframework/security/WebAuthnAuthenticationProviderTest.java

@@ -105,7 +105,7 @@ public void authenticate_test() {
 
         ArgumentCaptor<AuthenticationRequest> requestCaptor = ArgumentCaptor.forClass(AuthenticationRequest.class);
         ArgumentCaptor<AuthenticationParameters> parameterCaptor = ArgumentCaptor.forClass(AuthenticationParameters.class);
-        verify(webAuthnManager).validate(requestCaptor.capture(), parameterCaptor.capture());
+        verify(webAuthnManager).verify(requestCaptor.capture(), parameterCaptor.capture());
 
 
         assertThat(authenticatedToken.getPrincipal()).isEqualTo(webAuthnPrincipal);
@@ -126,7 +126,7 @@ public void authenticate_with_BadChallengeException_from_authenticationContextVa
         when(webAuthnCredentialRecord.getAttestedCredentialData()).thenReturn(mock(AttestedCredentialData.class));
         when(webAuthnCredentialRecord.getAttestationStatement()).thenReturn(mock(AttestationStatement.class));
 
-        doThrow(com.webauthn4j.validator.exception.BadChallengeException.class).when(webAuthnManager).validate((AuthenticationRequest) any(), any());
+        doThrow(com.webauthn4j.verifier.exception.BadChallengeException.class).when(webAuthnManager).verify((AuthenticationRequest) any(), any());
 
         //When
         WebAuthnAuthenticationRequest request = mock(WebAuthnAuthenticationRequest.class);