This repository was archived by the owner on Jul 6, 2022. It is now read-only.
Conversation
I don't know why it wouldn't be, the constructors for other objects are public. If you aren't using JSON to persist the DeviceRegistration, then you're really stuck, since you need to construct one in order to call the other APIs.
Member
|
Hi, thank you for your contribution! Sorry we haven't responded until now. I'll get back to this as soon as I can. |
Member
|
Looks good, thank you for contributing! |
emlun
added a commit
that referenced
this pull request
Jan 15, 2018
Breaking changes:
- Overhauled exception hierarchy
- New exception class: `U2fCeremonyException`
- New exception class:
`U2fRegistrationException extends U2fCeremonyException`
- New exception class:
`U2fAuthenticationException extends U2fCeremonyException`
- The following exception classes now extend
`U2fAuthenticationException`:
- `DeviceCompromisedException`
- `InvalidDeviceCounterException`
- `NoEligableDevicesException`
- `NoEligibleDevicesException`
- `U2fBadConfigurationException` is now a checked exception
- `U2fBadInputException` is now a checked exception, and is no longer
thrown directly by the methods of `U2F`.
- Methods of `U2F` now catch this exception and wrap it in a
`U2fRegistrationException` or ``U2fAuthenticationException`.
- `DeviceRegistration.getAttestationCertificate()` now returns `null`
instead of throwing `NoSuchFieldException`
- `static ClientData.getString(JsonNode, String)` now throws
`U2fBadInputException` instead of `NullPointerException`, or if the
returned field is not a `String` value
- Some `AssertionError`s and `IllegalArgumentException`s are now
`U2fBadInputException`s instead
Improvements:
- `BouncyCastleCrypto` now throws more descriptive exceptions
Bug fixes:
- Improved error handling in client data input validation
- Thanks to Nicholas Wilson for the contribution, see
#25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bugfixes for several nasty errors handling client input data.
Worst of all, clients can even cause AssertionError to be thrown simply by sending data that's too short.
The tests do not even cover basic cases of malformed client data. The lack of error handling throughout the library is worrying; I've fixed all the errors I could find but it's quite possible there are more.
Also made a persistence constructor public (like all the other objects' constructors) so that it can be used directly if not using JSON for persistence.