From f2a9e2a364e6e15310a48b7c2e8fe2ffcfe9ef4b Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 29 Apr 2025 18:48:34 +0200 Subject: [PATCH 1/3] Add missing JavaDoc to new origins setters --- .../com/yubico/webauthn/RelyingParty.java | 54 +++++++++++++++++++ .../com/yubico/webauthn/RelyingPartyV2.java | 54 +++++++++++++++++++ 2 files changed, 108 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java index 9758ccdd6..6d6f9b019 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java @@ -588,11 +588,65 @@ public static class RelyingPartyBuilder { Optional.empty(); private @NonNull Optional attestationTrustSource = Optional.empty(); + /** + * The allowed origins that returned authenticator responses will be compared against. + * + *

The default is the set containing only the string + * "https://" + {@link #getIdentity()}.getId(). + * + *

If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} and {@link + * RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both false + * (the default), then a successful registration or authentication operation requires + * {@link CollectedClientData#getOrigin()} to exactly equal one of these values. + * + *

If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} is true + * , then the above rule is relaxed to allow any port number in {@link + * CollectedClientData#getOrigin()}, regardless of any port specified. + * + *

If {@link RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} is + * true, then the above rule is relaxed to allow any subdomain, of any depth, of + * any of these values. + * + *

For either of the above relaxations to take effect, both the allowed origin and the client + * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact + * string equality. + * + * @see #getIdentity() + * @see #origins(Optional) + */ public RelyingPartyBuilder origins(@NonNull Set origins) { this.origins = origins; return this; } + /** + * The allowed origins that returned authenticator responses will be compared against. + * + *

If set to empty, this setting reverts to the default value. + * + *

The default is the set containing only the string + * "https://" + {@link #getIdentity()}.getId(). + * + *

If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} and {@link + * RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both false + * (the default), then a successful registration or authentication operation requires + * {@link CollectedClientData#getOrigin()} to exactly equal one of these values. + * + *

If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} is true + * , then the above rule is relaxed to allow any port number in {@link + * CollectedClientData#getOrigin()}, regardless of any port specified. + * + *

If {@link RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} is + * true, then the above rule is relaxed to allow any subdomain, of any depth, of + * any of these values. + * + *

For either of the above relaxations to take effect, both the allowed origin and the client + * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact + * string equality. + * + * @see #getIdentity() + * @see #origins(Set) + */ public RelyingPartyBuilder origins(@NonNull Optional> origins) { this.origins = origins.orElse(null); return this; diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java index 4088d17f0..bd5682677 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java @@ -563,11 +563,65 @@ public static class RelyingPartyV2Builder { Optional.empty(); private @NonNull Optional attestationTrustSource = Optional.empty(); + /** + * The allowed origins that returned authenticator responses will be compared against. + * + *

The default is the set containing only the string + * "https://" + {@link #getIdentity()}.getId(). + * + *

If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} and {@link + * RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both + * false (the default), then a successful registration or authentication operation + * requires {@link CollectedClientData#getOrigin()} to exactly equal one of these values. + * + *

If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} is true + * , then the above rule is relaxed to allow any port number in {@link + * CollectedClientData#getOrigin()}, regardless of any port specified. + * + *

If {@link RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} is + * true, then the above rule is relaxed to allow any subdomain, of any depth, of + * any of these values. + * + *

For either of the above relaxations to take effect, both the allowed origin and the client + * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact + * string equality. + * + * @see #getIdentity() + * @see #origins(Optional) + */ public RelyingPartyV2Builder origins(@NonNull Set origins) { this.origins = origins; return this; } + /** + * The allowed origins that returned authenticator responses will be compared against. + * + *

If set to empty, this setting reverts to the default value. + * + *

The default is the set containing only the string + * "https://" + {@link #getIdentity()}.getId(). + * + *

If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} and {@link + * RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both + * false (the default), then a successful registration or authentication operation + * requires {@link CollectedClientData#getOrigin()} to exactly equal one of these values. + * + *

If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} is true + * , then the above rule is relaxed to allow any port number in {@link + * CollectedClientData#getOrigin()}, regardless of any port specified. + * + *

If {@link RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} is + * true, then the above rule is relaxed to allow any subdomain, of any depth, of + * any of these values. + * + *

For either of the above relaxations to take effect, both the allowed origin and the client + * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact + * string equality. + * + * @see #getIdentity() + * @see #origins(Set) + */ public RelyingPartyV2Builder origins(@NonNull Optional> origins) { this.origins = origins.orElse(null); return this; From 1bccb6727df62dfa8b25e9b6d8aa1a1144306800 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 29 Apr 2025 19:09:45 +0200 Subject: [PATCH 2/3] Add @since tags to JavaDoc of features added in 2.7.0 --- .../yubico/webauthn/RegistrationResult.java | 1 + .../com/yubico/webauthn/RelyingParty.java | 2 + .../com/yubico/webauthn/RelyingPartyV2.java | 2 + .../data/AssertionExtensionInputs.java | 2 + ...enticatorRegistrationExtensionOutputs.java | 1 + .../data/ClientAssertionExtensionOutputs.java | 1 + .../ClientRegistrationExtensionOutputs.java | 1 + .../com/yubico/webauthn/data/Extensions.java | 40 +++++++++++++++++++ .../data/RegistrationExtensionInputs.java | 5 +++ 9 files changed, 55 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java index 378b5a9a6..eaef31959 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java @@ -386,6 +386,7 @@ public Optional isDiscoverable() { * * @return the credProtect extension policy that was set for the credential, if * available. + * @since 2.7.0 * @see * StartRegistrationOptions.StartRegistrationOptionsBuilder#extensions(RegistrationExtensionInputs) * @see diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java index 6d6f9b019..e7908df60 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java @@ -611,6 +611,7 @@ public static class RelyingPartyBuilder { * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact * string equality. * + * @since 0.6.0 * @see #getIdentity() * @see #origins(Optional) */ @@ -644,6 +645,7 @@ public RelyingPartyBuilder origins(@NonNull Set origins) { * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact * string equality. * + * @since 2.7.0 * @see #getIdentity() * @see #origins(Set) */ diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java index bd5682677..f75157324 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java @@ -586,6 +586,7 @@ public static class RelyingPartyV2Builder { * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact * string equality. * + * @since 2.7.0 * @see #getIdentity() * @see #origins(Optional) */ @@ -619,6 +620,7 @@ public RelyingPartyV2Builder origins(@NonNull Set origins) { * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact * string equality. * + * @since 2.7.0 * @see #getIdentity() * @see #origins(Set) */ diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java index abc744a90..ee539ee58 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java @@ -199,6 +199,7 @@ public AssertionExtensionInputsBuilder largeBlob( * with a "fallback" input for credentials without their own input. * * + * @since 2.7.0 * @see Extensions.Prf.PrfAuthenticationInput#eval(Extensions.Prf.PrfValues) * @see Extensions.Prf.PrfAuthenticationInput#evalByCredential(Map) * @see Extensions.Prf.PrfAuthenticationInput#evalByCredentialWithFallback(Map, @@ -278,6 +279,7 @@ private Extensions.LargeBlob.LargeBlobAuthenticationInput getLargeBlobJson() { *

This extension allows a Relying Party to evaluate outputs from a pseudo-random function * (PRF) associated with a credential. * + * @since 2.7.0 * @see Extensions.Prf.PrfAuthenticationInput#eval(Extensions.Prf.PrfValues) * @see Extensions.Prf.PrfAuthenticationInput#evalByCredential(Map) * @see Extensions.Prf.PrfAuthenticationInput#evalByCredentialWithFallback(Map, diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorRegistrationExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorRegistrationExtensionOutputs.java index dce81f315..a15aa228b 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorRegistrationExtensionOutputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorRegistrationExtensionOutputs.java @@ -144,6 +144,7 @@ public Set getExtensionIds() { * href="https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-credProtect-extension">Credential * Protection (credProtect) extension, if any. This indicates the credential protection * policy that was set for the credential. + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java index e10f4f92b..bba69646b 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java @@ -126,6 +126,7 @@ public Optional getLargeBlob * href="https://www.w3.org/TR/2025/WD-webauthn-3-20250127/#prf-extension">Pseudo-random function * (prf) extension, if any. * + * @since 2.7.0 * @see com.yubico.webauthn.data.Extensions.Prf.PrfAuthenticationOutput * @see §10.1.4. * Pseudo-random function extension (prf) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java index 364a41d70..7a661a198 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java @@ -140,6 +140,7 @@ public Optional getLargeBlob() * href="https://www.w3.org/TR/2025/WD-webauthn-3-20250127/#prf-extension">Pseudo-random function * (prf) extension, if any. * + * @since 2.7.0 * @see com.yubico.webauthn.data.Extensions.Prf.PrfRegistrationOutput * @see §10.1.4. * Pseudo-random function extension (prf) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java index 3ff16f1ad..edc2d7dee 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Extensions.java @@ -120,6 +120,7 @@ public Optional getRk() { /** * Definitions for the Credential Protection (credProtect) extension. * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -138,6 +139,7 @@ public static class CredentialProtection { *

  • {@link #UV_REQUIRED} * * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -151,6 +153,7 @@ public enum CredentialProtectionPolicy { * is the default behaviour if the extension is not specified; note however that some browsers * may set a different default extension input if the extension is not explicitly specified. * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -173,6 +176,7 @@ public enum CredentialProtectionPolicy { * was set in the call to {@link RelyingParty#startAssertion(StartAssertionOptions)}, and is * empty when neither was set. * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -184,6 +188,7 @@ public enum CredentialProtectionPolicy { /** * In this configuration, performing some form of user verification is always REQUIRED. * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -226,6 +231,7 @@ private static CredentialProtectionPolicy fromJsonString(@NonNull String value) *

    Instances may be created using the {@link #prefer(CredentialProtectionPolicy)} and {@link * #require(CredentialProtectionPolicy)} factory functions. * + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -236,6 +242,7 @@ public static class CredentialProtectionInput { * The requested credential protection policy. This policy may or may not be satisfied; see * {@link #isEnforceCredentialProtectionPolicy()}. * + * @since 2.7.0 * @see CredentialProtectionPolicy * @see #isEnforceCredentialProtectionPolicy() * @see . {@link CredentialProtectionInput#require(CredentialProtectionPolicy)} sets * this to true. * + * @since 2.7.0 * @see CredentialProtectionPolicy * @see #getCredentialProtectionPolicy() * @see credProtect extension input that requests the given policy when * possible. The browser is requested to continue the registration even if this policy * cannot be satisfied. + * @since 2.7.0 * @see #require(CredentialProtectionPolicy) * @see CTAP2 @@ -321,6 +330,7 @@ public static CredentialProtectionInput prefer( * @param policy the policy to require. * @return a credProtect extension input that requires the given policy. The * browser is requested to abort the registration if this policy cannot be satisfied. + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -374,6 +384,7 @@ public static CredentialProtectionInput require( * authenticator extension output does not equal the {@link * CredentialProtectionInput#getCredentialProtectionPolicy() credentialProtectionPolicy} set * in the request. + * @since 2.7.0 * @see CTAP2 * §12.1. Credential Protection (credProtect) @@ -751,6 +762,7 @@ public Optional getWritten() { /** * Definitions for the Pseudo-random function extension (prf). * + * @since 2.7.0 * @see §10.1.4. * Pseudo-random function extension (prf) */ @@ -764,6 +776,7 @@ public static class Prf { *

    {@link #getFirst()} is always present, but {@link #getSecond()} is empty when only one * input or output was given. * + * @since 2.7.0 * @see #one(ByteArray) * @see #two(ByteArray, ByteArray) * @see #oneOrTwo(ByteArray, Optional) @@ -778,6 +791,7 @@ public static class PrfValues { /** * The first PRF input to evaluate, or the result of that evaluation. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFValues.first * @see §10.1.4. @@ -788,6 +802,7 @@ public static class PrfValues { /** * The second PRF input to evaluate, if any, or the result of that evaluation. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFValues.second * @see §10.1.4. @@ -806,6 +821,7 @@ private PrfValues( /** * The second PRF input to evaluate, if any, or the result of that evaluation. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFValues.second */ @@ -817,6 +833,7 @@ public Optional getSecond() { * Construct a {@link PrfValues} with a single PRF input or output. * * @param first the PRF input or output. Must not be null. + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFValues @@ -832,6 +849,7 @@ public static PrfValues one(@NonNull ByteArray first) { * * @param first the first PRF input or output. Must not be null. * @param second the second PRF input or output. Must not be null. + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFValues @@ -848,6 +866,7 @@ public static PrfValues two(@NonNull ByteArray first, @NonNull ByteArray second) * * @param first the first PRF input or output. Must not be null. * @param second the second PRF input or output, if any. Must not be null, but may be empty. + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFValues @@ -864,6 +883,7 @@ public static PrfValues oneOrTwo( * Inputs for the Pseudo-random function extension (prf) in authentication * ceremonies. * + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFInputs @@ -876,6 +896,7 @@ public static class PrfAuthenticationInput { * PRF inputs to use for any credential without a dedicated input listed in {@link * #getEvalByCredential()}. * + * @since 2.7.0 * @see #eval(PrfValues) * @see #evalByCredentialWithFallback(Map, PrfValues) * @see getEval() { * mapping here fall back to the inputs in {@link #getEval()} if present, otherwise no PRF is * evaluated for those credentials. * + * @since 2.7.0 * @see #evalByCredential(Map) * @see #evalByCredentialWithFallback(Map, PrfValues) * @see descriptorsToIds( /** * Use the same PRF inputs for all credentials. * + * @since 2.7.0 * @see #getEval() * @see AuthenticationExtensionsPRFInputs.eval @@ -971,6 +996,7 @@ public static PrfAuthenticationInput eval(@NonNull PrfValues eval) { * Use different PRF inputs for different credentials, and skip PRF evaluation for any * credentials not present in the map. * + * @since 2.7.0 * @see #getEvalByCredential() * @see AuthenticationExtensionsPRFInputs.evalByCredential @@ -989,6 +1015,7 @@ public static PrfAuthenticationInput evalByCredential( * @param evalByCredential a map of credential IDs to PRF inputs to use for that credential. * @param eval "fallback" inputs to use for any credential not listed in * evalByCredential. + * @since 2.7.0 * @see #getEvalByCredential() * @see #getEval() () * @see prf) in registration * ceremonies. * + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFInputs @@ -1022,6 +1050,7 @@ public static class PrfRegistrationInput { * this, in which case a follow-up authentication ceremony may be needed in order to evaluate * the PRF. * + * @since 2.7.0 * @see #eval(PrfValues) * @see AuthenticationExtensionsPRFInputs.eval @@ -1040,6 +1069,7 @@ private PrfRegistrationInput(@JsonProperty("eval") PrfValues eval) { * this, in which case a follow-up authentication ceremony may be needed in order to evaluate * the PRF. * + * @since 2.7.0 * @see #eval(PrfValues) * @see AuthenticationExtensionsPRFInputs.eval @@ -1053,6 +1083,7 @@ public Optional getEval() { /** * Enable PRF for the created credential, without evaluating the PRF at this time. * + * @since 2.7.0 * @see #eval(PrfValues) * @see §10.1.4. * Pseudo-random function extension (prf) @@ -1066,6 +1097,7 @@ public static PrfRegistrationInput enable() { * given inputs. Note that not all authenticators support this, in which case a follow-up * authentication ceremony may be needed in order to evaluate the PRF. * + * @since 2.7.0 * @see #enable() * @see #getEval() * @see prf) in registration * ceremonies. * + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFOutputs @@ -1094,6 +1127,7 @@ public static class PrfRegistrationOutput { /** * true if, and only if, a PRF is available for use with the created credential. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.enabled * @see §10.1.4. @@ -1105,6 +1139,7 @@ public static class PrfRegistrationOutput { * The results of evaluating the PRF for the inputs given in {@link * PrfRegistrationInput#getEval() eval}, if any. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.results * @see §10.1.4. @@ -1122,6 +1157,7 @@ public static class PrfRegistrationOutput { /** * true if, and only if, a PRF is available for use with the created credential. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.enabled * @see §10.1.4. @@ -1135,6 +1171,7 @@ public Optional getEnabled() { * The results of evaluating the PRF for the inputs given in {@link * PrfRegistrationInput#getEval() eval}, if any. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.results * @see §10.1.4. @@ -1149,6 +1186,7 @@ public Optional getResults() { * Outputs for the Pseudo-random function extension (prf) in authentication * ceremonies. * + * @since 2.7.0 * @see dictionary * AuthenticationExtensionsPRFOutputs @@ -1163,6 +1201,7 @@ public static class PrfAuthenticationOutput { * PrfAuthenticationInput#getEval() eval} or {@link * PrfAuthenticationInput#getEvalByCredential() evalByCredential}, if any. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.results * @see §10.1.4. @@ -1180,6 +1219,7 @@ public static class PrfAuthenticationOutput { * PrfAuthenticationInput#getEval() eval} or {@link * PrfAuthenticationInput#getEvalByCredential() evalByCredential}, if any. * + * @since 2.7.0 * @see AuthenticationExtensionsPRFOutputs.results * @see §10.1.4. diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java index 5ab22c099..8d5c70145 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java @@ -120,6 +120,7 @@ public boolean getCredProps() { /** * @return The Credential Protection (credProtect) extension input, if set. + * @since 2.7.0 * @see * RegistrationExtensionInputsBuilder#credProtect(Extensions.CredentialProtection.CredentialProtectionInput) * @see getLargeBlob() *

    This extension allows a Relying Party to evaluate outputs from a pseudo-random function * (PRF) associated with a credential. * + * @since 2.7.0 * @see Extensions.Prf.PrfRegistrationInput#enable() * @see Extensions.Prf.PrfRegistrationInput#eval(Extensions.Prf.PrfValues) * @see §10.1.4. @@ -287,6 +289,7 @@ public RegistrationExtensionInputsBuilder credProps(Boolean credProps) { /** * Enable or disable the Credential Protection (credProtect) extension. * + * @since 2.7.0 * @see * Extensions.CredentialProtection.CredentialProtectionInput#prefer(Extensions.CredentialProtection.CredentialProtectionPolicy) * @see @@ -304,6 +307,7 @@ public RegistrationExtensionInputsBuilder credProtect( /** * Enable the Credential Protection (credProtect) extension. * + * @since 2.7.0 * @see * Extensions.CredentialProtection.CredentialProtectionInput#prefer(Extensions.CredentialProtection.CredentialProtectionPolicy) * @see @@ -370,6 +374,7 @@ public RegistrationExtensionInputsBuilder largeBlob( * follow-up authentication ceremony may be needed in order to evaluate the PRF. * * + * @since 2.7.0 * @see Extensions.Prf.PrfRegistrationInput#enable() * @see Extensions.Prf.PrfRegistrationInput#eval(Extensions.Prf.PrfValues) * @see §10.1.4. From 60462b59272fefe7c85e54186ef0ea3d59ec47cc Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 29 Apr 2025 19:21:28 +0200 Subject: [PATCH 3/3] Add "Add @since tags to JavaDoc" to release procedure --- doc/releasing.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/releasing.md b/doc/releasing.md index 98ec783e7..8764e1a08 100644 --- a/doc/releasing.md +++ b/doc/releasing.md @@ -15,6 +15,8 @@ Release candidate versions Gradle build script. Conversely, remove or downgrade to `implementation` any dependencies no longer exposed in the public API. + Add `@since` tags to the JavaDoc for new features. + 3. Run the tests one more time: ``` @@ -105,6 +107,8 @@ Release versions Gradle build script. Conversely, remove or downgrade to `implementation` any dependencies no longer exposed in the public API. + Add `@since` tags to the JavaDoc for new features. + 3. Make a no-fast-forward merge from the last (non release candidate) release to the commit to be released: