| 1 | // Copyright (c) 2018, Yubico AB | |
| 2 | // All rights reserved. | |
| 3 | // | |
| 4 | // Redistribution and use in source and binary forms, with or without | |
| 5 | // modification, are permitted provided that the following conditions are met: | |
| 6 | // | |
| 7 | // 1. Redistributions of source code must retain the above copyright notice, this | |
| 8 | // list of conditions and the following disclaimer. | |
| 9 | // | |
| 10 | // 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 11 | // this list of conditions and the following disclaimer in the documentation | |
| 12 | // and/or other materials provided with the distribution. | |
| 13 | // | |
| 14 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 15 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 16 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 17 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 18 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 19 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 20 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 21 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 22 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 23 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 24 | ||
| 25 | package com.yubico.webauthn; | |
| 26 | ||
| 27 | import com.yubico.webauthn.data.AuthenticatorSelectionCriteria; | |
| 28 | import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions; | |
| 29 | import com.yubico.webauthn.data.PublicKeyCredentialHint; | |
| 30 | import com.yubico.webauthn.data.RegistrationExtensionInputs; | |
| 31 | import com.yubico.webauthn.data.UserIdentity; | |
| 32 | import java.util.Arrays; | |
| 33 | import java.util.Collections; | |
| 34 | import java.util.List; | |
| 35 | import java.util.Optional; | |
| 36 | import lombok.Builder; | |
| 37 | import lombok.NonNull; | |
| 38 | import lombok.Value; | |
| 39 | ||
| 40 | /** Parameters for {@link RelyingParty#startRegistration(StartRegistrationOptions)}. */ | |
| 41 | @Value | |
| 42 | @Builder(toBuilder = true) | |
| 43 | public class StartRegistrationOptions { | |
| 44 | ||
| 45 | /** Identifiers for the user creating a credential. */ | |
| 46 | @NonNull private final UserIdentity user; | |
| 47 | ||
| 48 | /** | |
| 49 | * Constraints on what kind of authenticator the user is allowed to use to create the credential, | |
| 50 | * and on features that authenticator must or should support. | |
| 51 | */ | |
| 52 | private final AuthenticatorSelectionCriteria authenticatorSelection; | |
| 53 | ||
| 54 | /** Extension inputs for this registration operation. */ | |
| 55 | @NonNull @Builder.Default | |
| 56 | private final RegistrationExtensionInputs extensions = | |
| 57 | RegistrationExtensionInputs.builder().build(); | |
| 58 | ||
| 59 | /** | |
| 60 | * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration | |
| 61 | * operation. | |
| 62 | * | |
| 63 | * <p>This library does not take the timeout into account in any way, other than passing it | |
| 64 | * through to the {@link PublicKeyCredentialCreationOptions} so it can be used as an argument to | |
| 65 | * <code>navigator.credentials.create()</code> on the client side. | |
| 66 | * | |
| 67 | * <p>The default is empty. | |
| 68 | */ | |
| 69 | private final Long timeout; | |
| 70 | ||
| 71 | /** | |
| 72 | * Zero or more hints, in descending order of preference, to guide the user agent in interacting | |
| 73 | * with the user during this registration operation. | |
| 74 | * | |
| 75 | * <p>For example, the {@link PublicKeyCredentialHint#SECURITY_KEY} hint may be used to ask the | |
| 76 | * client to emphasize the option of registering with an external security key, or the {@link | |
| 77 | * PublicKeyCredentialHint#CLIENT_DEVICE} hint may be used to ask the client to emphasize the | |
| 78 | * option of registering a built-in passkey provider. | |
| 79 | * | |
| 80 | * <p>These hints are not requirements, and do not bind the user-agent, but may guide it in | |
| 81 | * providing the best experience by using contextual information about the request. | |
| 82 | * | |
| 83 | * <p>Hints MAY contradict preferences in {@link #getAuthenticatorSelection()}. When this occurs, | |
| 84 | * the hints take precedence. | |
| 85 | * | |
| 86 | * <p>This library does not take these hints into account in any way, other than passing them | |
| 87 | * through to the {@link PublicKeyCredentialCreationOptions} so they can be used in the argument | |
| 88 | * to <code>navigator.credentials.create()</code> on the client side. | |
| 89 | * | |
| 90 | * <p>The default is empty. | |
| 91 | * | |
| 92 | * @see PublicKeyCredentialHint | |
| 93 | * @see StartRegistrationOptionsBuilder#hints(List) | |
| 94 | * @see StartRegistrationOptionsBuilder#hints(String...) | |
| 95 | * @see StartRegistrationOptionsBuilder#hints(PublicKeyCredentialHint...) | |
| 96 | * @see <a | |
| 97 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints">PublicKeyCredentialCreationOptions.hints</a> | |
| 98 | * @see <a | |
| 99 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#enumdef-publickeycredentialhints">§5.8.7. | |
| 100 | * User-agent Hints Enumeration (enum PublicKeyCredentialHints)</a> | |
| 101 | */ | |
| 102 | private final List<String> hints; | |
| 103 | ||
| 104 | private StartRegistrationOptions( | |
| 105 |
1
1. <init> : negated conditional → KILLED |
@NonNull UserIdentity user, |
| 106 | AuthenticatorSelectionCriteria authenticatorSelection, | |
| 107 |
1
1. <init> : negated conditional → KILLED |
@NonNull RegistrationExtensionInputs extensions, |
| 108 | Long timeout, | |
| 109 | List<String> hints) { | |
| 110 | this.user = user; | |
| 111 | this.authenticatorSelection = authenticatorSelection; | |
| 112 | this.extensions = extensions; | |
| 113 | this.timeout = timeout; | |
| 114 |
1
1. <init> : negated conditional → KILLED |
this.hints = hints == null ? Collections.emptyList() : Collections.unmodifiableList(hints); |
| 115 | } | |
| 116 | ||
| 117 | /** | |
| 118 | * Constraints on what kind of authenticator the user is allowed to use to create the credential, | |
| 119 | * and on features that authenticator must or should support. | |
| 120 | */ | |
| 121 | public Optional<AuthenticatorSelectionCriteria> getAuthenticatorSelection() { | |
| 122 |
1
1. getAuthenticatorSelection : replaced return value with Optional.empty for com/yubico/webauthn/StartRegistrationOptions::getAuthenticatorSelection → KILLED |
return Optional.ofNullable(authenticatorSelection); |
| 123 | } | |
| 124 | ||
| 125 | /** | |
| 126 | * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration | |
| 127 | * operation. | |
| 128 | * | |
| 129 | * <p>This library does not take the timeout into account in any way, other than passing it | |
| 130 | * through to the {@link PublicKeyCredentialCreationOptions} so it can be used as an argument to | |
| 131 | * <code>navigator.credentials.create()</code> on the client side. | |
| 132 | * | |
| 133 | * <p>The default is empty. | |
| 134 | */ | |
| 135 | public Optional<Long> getTimeout() { | |
| 136 |
1
1. getTimeout : replaced return value with Optional.empty for com/yubico/webauthn/StartRegistrationOptions::getTimeout → KILLED |
return Optional.ofNullable(timeout); |
| 137 | } | |
| 138 | ||
| 139 | public static StartRegistrationOptionsBuilder.MandatoryStages builder() { | |
| 140 |
1
1. builder : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions::builder → KILLED |
return new StartRegistrationOptionsBuilder.MandatoryStages(); |
| 141 | } | |
| 142 | ||
| 143 | public static class StartRegistrationOptionsBuilder { | |
| 144 | private AuthenticatorSelectionCriteria authenticatorSelection = null; | |
| 145 | private Long timeout = null; | |
| 146 | ||
| 147 | public static class MandatoryStages { | |
| 148 | private final StartRegistrationOptionsBuilder builder = new StartRegistrationOptionsBuilder(); | |
| 149 | ||
| 150 | /** | |
| 151 | * {@link StartRegistrationOptionsBuilder#user(UserIdentity) user} is a required parameter. | |
| 152 | * | |
| 153 | * @see StartRegistrationOptionsBuilder#user(UserIdentity) | |
| 154 | */ | |
| 155 | public StartRegistrationOptionsBuilder user(UserIdentity user) { | |
| 156 |
1
1. user : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder$MandatoryStages::user → KILLED |
return builder.user(user); |
| 157 | } | |
| 158 | } | |
| 159 | ||
| 160 | /** | |
| 161 | * Constraints on what kind of authenticator the user is allowed to use to create the | |
| 162 | * credential, and on features that authenticator must or should support. | |
| 163 | */ | |
| 164 | public StartRegistrationOptionsBuilder authenticatorSelection( | |
| 165 |
1
1. authenticatorSelection : negated conditional → KILLED |
@NonNull Optional<AuthenticatorSelectionCriteria> authenticatorSelection) { |
| 166 |
1
1. authenticatorSelection : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::authenticatorSelection → KILLED |
return this.authenticatorSelection(authenticatorSelection.orElse(null)); |
| 167 | } | |
| 168 | ||
| 169 | /** | |
| 170 | * Constraints on what kind of authenticator the user is allowed to use to create the | |
| 171 | * credential, and on features that authenticator must or should support. | |
| 172 | */ | |
| 173 | public StartRegistrationOptionsBuilder authenticatorSelection( | |
| 174 | AuthenticatorSelectionCriteria authenticatorSelection) { | |
| 175 | this.authenticatorSelection = authenticatorSelection; | |
| 176 |
1
1. authenticatorSelection : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::authenticatorSelection → KILLED |
return this; |
| 177 | } | |
| 178 | ||
| 179 | /** | |
| 180 | * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration | |
| 181 | * operation. | |
| 182 | * | |
| 183 | * <p>This library does not take the timeout into account in any way, other than passing it | |
| 184 | * through to the {@link PublicKeyCredentialCreationOptions} so it can be used as an argument to | |
| 185 | * <code>navigator.credentials.create()</code> on the client side. | |
| 186 | * | |
| 187 | * <p>The default is empty. | |
| 188 | */ | |
| 189 |
1
1. timeout : negated conditional → KILLED |
public StartRegistrationOptionsBuilder timeout(@NonNull Optional<Long> timeout) { |
| 190 |
3
1. timeout : negated conditional → KILLED 2. timeout : changed conditional boundary → KILLED 3. timeout : negated conditional → KILLED |
if (timeout.isPresent() && timeout.get() <= 0) { |
| 191 | throw new IllegalArgumentException("timeout must be positive, was: " + timeout.get()); | |
| 192 | } | |
| 193 | this.timeout = timeout.orElse(null); | |
| 194 |
1
1. timeout : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::timeout → KILLED |
return this; |
| 195 | } | |
| 196 | ||
| 197 | /** | |
| 198 | * The value for {@link PublicKeyCredentialCreationOptions#getTimeout()} for this registration | |
| 199 | * operation. | |
| 200 | * | |
| 201 | * <p>This library does not take the timeout into account in any way, other than passing it | |
| 202 | * through to the {@link PublicKeyCredentialCreationOptions} so it can be used as an argument to | |
| 203 | * <code>navigator.credentials.create()</code> on the client side. | |
| 204 | * | |
| 205 | * <p>The default is empty. | |
| 206 | */ | |
| 207 | public StartRegistrationOptionsBuilder timeout(long timeout) { | |
| 208 |
1
1. timeout : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::timeout → KILLED |
return this.timeout(Optional.of(timeout)); |
| 209 | } | |
| 210 | ||
| 211 | /** | |
| 212 | * Zero or more hints, in descending order of preference, to guide the user agent in interacting | |
| 213 | * with the user during this registration operation. | |
| 214 | * | |
| 215 | * <p>Setting this property multiple times overwrites any value set previously. | |
| 216 | * | |
| 217 | * <p>For example, the {@link PublicKeyCredentialHint#SECURITY_KEY} hint may be used to ask the | |
| 218 | * client to emphasize the option of registering with an external security key, or the {@link | |
| 219 | * PublicKeyCredentialHint#CLIENT_DEVICE} hint may be used to ask the client to emphasize the | |
| 220 | * option of registering a built-in passkey provider. | |
| 221 | * | |
| 222 | * <p>These hints are not requirements, and do not bind the user-agent, but may guide it in | |
| 223 | * providing the best experience by using contextual information about the request. | |
| 224 | * | |
| 225 | * <p>Hints MAY contradict preferences in {@link #getAuthenticatorSelection()}. When this | |
| 226 | * occurs, the hints take precedence. | |
| 227 | * | |
| 228 | * <p>This library does not take these hints into account in any way, other than passing them | |
| 229 | * through to the {@link PublicKeyCredentialCreationOptions} so they can be used in the argument | |
| 230 | * to <code>navigator.credentials.create()</code> on the client side. | |
| 231 | * | |
| 232 | * <p>The default is empty. | |
| 233 | * | |
| 234 | * @see PublicKeyCredentialHint | |
| 235 | * @see StartRegistrationOptions#getHints() | |
| 236 | * @see StartRegistrationOptionsBuilder#hints(List) | |
| 237 | * @see StartRegistrationOptionsBuilder#hints(PublicKeyCredentialHint...) | |
| 238 | * @see <a | |
| 239 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints">PublicKeyCredentialCreationOptions.hints</a> | |
| 240 | * @see <a | |
| 241 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#enumdef-publickeycredentialhints">§5.8.7. | |
| 242 | * User-agent Hints Enumeration (enum PublicKeyCredentialHints)</a> | |
| 243 | */ | |
| 244 |
1
1. hints : negated conditional → KILLED |
public StartRegistrationOptionsBuilder hints(@NonNull String... hints) { |
| 245 | this.hints = Arrays.asList(hints); | |
| 246 |
1
1. hints : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::hints → KILLED |
return this; |
| 247 | } | |
| 248 | ||
| 249 | /** | |
| 250 | * Zero or more hints, in descending order of preference, to guide the user agent in interacting | |
| 251 | * with the user during this registration operation. | |
| 252 | * | |
| 253 | * <p>Setting this property multiple times overwrites any value set previously. | |
| 254 | * | |
| 255 | * <p>For example, the {@link PublicKeyCredentialHint#SECURITY_KEY} hint may be used to ask the | |
| 256 | * client to emphasize the option of registering with an external security key, or the {@link | |
| 257 | * PublicKeyCredentialHint#CLIENT_DEVICE} hint may be used to ask the client to emphasize the | |
| 258 | * option of registering a built-in passkey provider. | |
| 259 | * | |
| 260 | * <p>These hints are not requirements, and do not bind the user-agent, but may guide it in | |
| 261 | * providing the best experience by using contextual information about the request. | |
| 262 | * | |
| 263 | * <p>Hints MAY contradict preferences in {@link #getAuthenticatorSelection()}. When this | |
| 264 | * occurs, the hints take precedence. | |
| 265 | * | |
| 266 | * <p>This library does not take these hints into account in any way, other than passing them | |
| 267 | * through to the {@link PublicKeyCredentialCreationOptions} so they can be used in the argument | |
| 268 | * to <code>navigator.credentials.create()</code> on the client side. | |
| 269 | * | |
| 270 | * <p>The default is empty. | |
| 271 | * | |
| 272 | * @see PublicKeyCredentialHint | |
| 273 | * @see StartRegistrationOptions#getHints() | |
| 274 | * @see StartRegistrationOptionsBuilder#hints(List) | |
| 275 | * @see StartRegistrationOptionsBuilder#hints(String...) | |
| 276 | * @see <a | |
| 277 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints">PublicKeyCredentialCreationOptions.hints</a> | |
| 278 | * @see <a | |
| 279 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#enumdef-publickeycredentialhints">§5.8.7. | |
| 280 | * User-agent Hints Enumeration (enum PublicKeyCredentialHints)</a> | |
| 281 | */ | |
| 282 |
1
1. hints : negated conditional → KILLED |
public StartRegistrationOptionsBuilder hints(@NonNull PublicKeyCredentialHint... hints) { |
| 283 |
1
1. hints : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::hints → KILLED |
return this.hints( |
| 284 |
1
1. lambda$hints$0 : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::lambda$hints$0 → KILLED |
Arrays.stream(hints).map(PublicKeyCredentialHint::getValue).toArray(String[]::new)); |
| 285 | } | |
| 286 | ||
| 287 | /** | |
| 288 | * Zero or more hints, in descending order of preference, to guide the user agent in interacting | |
| 289 | * with the user during this registration operation. | |
| 290 | * | |
| 291 | * <p>Setting this property multiple times overwrites any value set previously. | |
| 292 | * | |
| 293 | * <p>For example, the {@link PublicKeyCredentialHint#SECURITY_KEY} hint may be used to ask the | |
| 294 | * client to emphasize the option of registering with an external security key, or the {@link | |
| 295 | * PublicKeyCredentialHint#CLIENT_DEVICE} hint may be used to ask the client to emphasize the | |
| 296 | * option of registering a built-in passkey provider. | |
| 297 | * | |
| 298 | * <p>These hints are not requirements, and do not bind the user-agent, but may guide it in | |
| 299 | * providing the best experience by using contextual information about the request. | |
| 300 | * | |
| 301 | * <p>Hints MAY contradict preferences in {@link #getAuthenticatorSelection()}. When this | |
| 302 | * occurs, the hints take precedence. | |
| 303 | * | |
| 304 | * <p>This library does not take these hints into account in any way, other than passing them | |
| 305 | * through to the {@link PublicKeyCredentialCreationOptions} so they can be used in the argument | |
| 306 | * to <code>navigator.credentials.create()</code> on the client side. | |
| 307 | * | |
| 308 | * <p>The default is empty. | |
| 309 | * | |
| 310 | * @see PublicKeyCredentialHint | |
| 311 | * @see StartRegistrationOptions#getHints() | |
| 312 | * @see StartRegistrationOptionsBuilder#hints(String...) | |
| 313 | * @see StartRegistrationOptionsBuilder#hints(PublicKeyCredentialHint...) | |
| 314 | * @see <a | |
| 315 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints">PublicKeyCredentialCreationOptions.hints</a> | |
| 316 | * @see <a | |
| 317 | * href="https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#enumdef-publickeycredentialhints">§5.8.7. | |
| 318 | * User-agent Hints Enumeration (enum PublicKeyCredentialHints)</a> | |
| 319 | */ | |
| 320 |
1
1. hints : negated conditional → NO_COVERAGE |
public StartRegistrationOptionsBuilder hints(@NonNull List<String> hints) { |
| 321 | this.hints = hints; | |
| 322 |
1
1. hints : replaced return value with null for com/yubico/webauthn/StartRegistrationOptions$StartRegistrationOptionsBuilder::hints → NO_COVERAGE |
return this; |
| 323 | } | |
| 324 | } | |
| 325 | } | |
Mutations | ||
| 105 |
1.1 |
|
| 107 |
1.1 |
|
| 114 |
1.1 |
|
| 122 |
1.1 |
|
| 136 |
1.1 |
|
| 140 |
1.1 |
|
| 156 |
1.1 |
|
| 165 |
1.1 |
|
| 166 |
1.1 |
|
| 176 |
1.1 |
|
| 189 |
1.1 |
|
| 190 |
1.1 2.2 3.3 |
|
| 194 |
1.1 |
|
| 208 |
1.1 |
|
| 244 |
1.1 |
|
| 246 |
1.1 |
|
| 282 |
1.1 |
|
| 283 |
1.1 |
|
| 284 |
1.1 |
|
| 320 |
1.1 |
|
| 322 |
1.1 |