Version 2.1.0
webauthn-server-core
:
Changes:
- Log messages on attestation certificate path validation failure now include the attestation object.
Deprecations:
- Deprecated method
AssertionResult.getCredentialId(): ByteArray
. Use.getCredential().getCredentialId()
instead. - Deprecated method
AssertionResult.getUserHandle(): ByteArray
. Use.getCredential().getUserHandle()
instead.
New features:
- Added function
COSEAlgorithmIdentifier.fromPublicKey(ByteArray)
. - Added method
AssertionResult.getCredential(): RegisteredCredential
. - Added support for the
"tpm"
attestation statement format. - Added support for ES384 and ES512 signature algorithms.
- Added property
policyTreeValidator
toTrustRootsResult
. If set, the given predicate function will be used to validate the certificate policy tree after successful attestation certificate path validation. This may be required for some JCA providers to accept attestation certificates with critical certificate policy extensions. See the JavaDoc forTrustRootsResultBuilder.policyTreeValidator(Predicate)
for more information. - Added enum value
AttestationConveyancePreference.ENTERPRISE
. - (Experimental) Added constant
AuthenticatorTransport.HYBRID
.
Fixes:
- Fixed various typos and mistakes in JavaDocs.
- Moved version constraints for test dependencies from meta-module
webauthn-server-parent
to unpublished test meta-module. yubico-util
dependency removed from downstream compile scope.- Fixed missing JavaDoc on
TrustRootsResult
getters and builder setters.
webauthn-server-attestation
:
Changes:
- The
AuthenticatorToBeFiltered
argument of theFidoMetadataService
runtime filter now omits zero AAGUIDs. - Promoted log messages in
FidoMetadataDownloader
about BLOB signature failure and cache corruption from DEBUG level to WARN level.
New features:
- Added method
FidoMetadataDownloader.refreshBlob()
.
Fixes:
- Fixed various typos and mistakes in JavaDocs.
FidoMetadataDownloader
now verifies the SHA-256 hash of the cached trust root certificate, as promised in the JavaDoc ofuseTrustRootCacheFile
anduseTrustRootCache
.- BouncyCastle dependency dropped.
- Guava dependency dropped (but still remains in core module).
- If BLOB download fails,
FidoMetadataDownloader
now correctly falls back to cache if available.
Artifacts built with openjdk 17.0.4.1 2022-08-12
.