search

Yubico / java-webauthn-server

Server-side Web Authentication library for Java https://www.w3.org/TR/webauthn/#rp-operations
Other
482 stars 145 forks source link

FIDO metadata failure: Unknown COSE algorithm identifier: -37 #387

Closed mmoayyed closed 1 week ago

mmoayyed commented 1 week ago

It appears that the latest FIDO metadata feed has added a new algorithm that cannot be recognized by this library here. Relevant stack trace:

Caused by:
com.fasterxml.jackson.databind.exc.ValueInstantiationException: 
Cannot construct instance of `com.yubico.webauthn.data.COSEAlgorithmIdentifier`, problem: Unknown COSE algorithm identifier: -37
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 220483] 
(through reference chain: com.yubico.fido.metadata.MetadataBLOBPayload$MetadataBLOBPayloadBuilder["entries"]->java.util.HashSet[23]->
com.yubico.fido.metadata.MetadataBLOBPayloadEntry$MetadataBLOBPayloadEntryBuilder["metadataStatement"]->
com.yubico.fido.metadata.MetadataStatement$MetadataStatementBuilder["authenticatorGetInfo"]->
com.yubico.fido.metadata.AuthenticatorGetInfo$AuthenticatorGetInfoBuilder["algorithms"]->java.util.ArrayList[1]->
com.yubico.webauthn.data.PublicKeyCredentialParameters["alg"])
emlun commented 1 week ago

Fixed in pre-release 2.5.4-RC1. We'll promote that to a stable release within the next few days or so if no issues with it come up. Thanks for the report (though this was also detected by the weekly integration test)!

mmoayyed commented 1 week ago

Thank you very much for the quick fix.

emlun commented 1 day ago

The RC has now been promoted to stable release 2.5.4. Thanks again!