Merge remote-tracking branch 'origin/7.0.x'

jzheaux · jzheaux · commit 85e2d9298b92 · 2026-02-12T16:46:14.000-07:00
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -102,7 +102,7 @@ org-sonarsource-scanner-gradle-sonarqube-gradle-plugin = "org.sonarsource.scanne
 org-instancio-instancio-junit = "org.instancio:instancio-junit:3.7.1"
 
 spring-nullability = 'io.spring.nullability:io.spring.nullability.gradle.plugin:0.0.11'
-webauthn4j-core = 'com.webauthn4j:webauthn4j-core:0.29.7.RELEASE'
+webauthn4j-core = 'com.webauthn4j:webauthn4j-core:0.31.0.RELEASE'
 com-password4j-password4j = { module = "com.password4j:password4j", version.ref = "com-password4j" }
 
 [plugins]
diff --git a/webauthn/spring-security-webauthn.gradle b/webauthn/spring-security-webauthn.gradle
@@ -18,10 +18,12 @@ dependencies {
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
 	optional 'tools.jackson.core:jackson-databind'
+	optional 'com.fasterxml.jackson.core:jackson-databind'
 
 	provided 'jakarta.servlet:jakarta.servlet-api'
 
 	testImplementation project(path: ':spring-security-core', configuration: 'tests')
+	testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor'
 	testImplementation 'io.projectreactor:reactor-test'
 	testImplementation 'jakarta.xml.bind:jakarta.xml.bind-api'
 	testImplementation 'jakarta.websocket:jakarta.websocket-api'
diff --git a/webauthn/src/test/java/org/springframework/security/web/webauthn/api/TestAuthenticatorAttestationResponses.java b/webauthn/src/test/java/org/springframework/security/web/webauthn/api/TestAuthenticatorAttestationResponses.java
@@ -21,7 +21,7 @@ public final class TestAuthenticatorAttestationResponses {
 	public static AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder createAuthenticatorAttestationResponse() {
 		return AuthenticatorAttestationResponse.builder()
 			.attestationObject(Bytes.fromBase64(
-					"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUy9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNhdAAAAALraVWanqkAfvZZFYZpVEg0AEDWRLOHq0Wxw4cOkCemynKqlAQIDJiABIVgg4Hkrn2kbGmpZTdoDZUNrppo93OqgQV7ONzVvo5GLCFciWCCrf6yIQggq2BfZntawxRsBBbWG_FWkYAoU8yPipS-5hg-p1VREax-qKTGn1Bp92fRMjRMunH7XwSlf9mMWJdY3VvAkicTChlxVd256yk4jEiXiJ5BuwugdpT7fBOYtymjpQECAyYgASFYIJK-2epPEw0ujHN-gvVp2Hp3ef8CzU3zqwO5ylx8L2OsIlggK5x5OlTGEPxLS-85TAABum4aqVK4CSWJ7LYDdkjuBLk"))
+					"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUy9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNhdAAAAALraVWanqkAfvZZFYZpVEg0AEDWRLOHq0Wxw4cOkCemynKqlAQIDJiABIVgg4Hkrn2kbGmpZTdoDZUNrppo93OqgQV7ONzVvo5GLCFciWCCrf6yIQggq2BfZntawxRsBBbWG_FWkYAoU8yPipS-5hg=="))
 			.clientDataJSON(Bytes.fromBase64(
 					"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicTdsQ2RkM1NWUXhkQy12OHBuUkFHRW4xQjJNLXQ3WkVDV1B3Q0FtaFd2YyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyIsImNyb3NzT3JpZ2luIjpmYWxzZX0"))
 			.transports(AuthenticatorTransport.HYBRID, AuthenticatorTransport.INTERNAL);
diff --git a/webauthn/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java b/webauthn/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java
@@ -43,6 +43,8 @@
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import tools.jackson.databind.json.JsonMapper;
+import tools.jackson.dataformat.cbor.CBORMapper;
 
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -78,6 +80,7 @@
 import static org.assertj.core.api.Assertions.assertThatRuntimeException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.RETURNS_SELF;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyNoInteractions;
 
@@ -613,9 +616,11 @@ void authenticateThenWa4jRequestCredentialIdIsRawIdBytes() throws Exception {
 
 		ImmutableCredentialRecord credentialRecord = TestCredentialRecords.fullUserCredential().build();
 		given(this.userCredentials.findByCredentialId(publicKey.getRawId())).willReturn(credentialRecord);
-		ObjectMapper json = mock(ObjectMapper.class);
-		ObjectMapper cbor = mock(ObjectMapper.class);
-		given(cbor.getFactory()).willReturn(mock(CBORFactory.class));
+		JsonMapper json = new JsonMapper();
+		CBORMapper cbor = mock(CBORMapper.class);
+		CBORMapper.Builder builder = mock(CBORMapper.Builder.class, RETURNS_SELF);
+		given(builder.build()).willReturn(cbor);
+		given(cbor.rebuild()).willReturn(builder);
 		AttestationObject attestationObject = mock(AttestationObject.class);
 		AuthenticatorData wa4jAuthData = mock(AuthenticatorData.class);
 		given(attestationObject.getAuthenticatorData()).willReturn(wa4jAuthData);
