Don't send the appId for a registeredKey unless it differs from the

Juan Lang · Juan Lang · commit 74ee6c1458cd · 2016-01-20T13:04:59.000-08:00
request's default appId. Closes google#74.
diff --git a/u2f-gae-demo/src/com/google/u2f/gaedemo/servlets/BeginEnrollServlet.java b/u2f-gae-demo/src/com/google/u2f/gaedemo/servlets/BeginEnrollServlet.java
@@ -51,8 +51,8 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
       throw new ServletException("couldn't get registration request", e);
     }
 
-	  JsonObject result = new JsonObject();
-    result.addProperty("appId", registrationRequest.getAppId());
+    JsonObject result = new JsonObject();
+    result.addProperty("appId", appId);
     result.addProperty("sessionId", registrationRequest.getSessionId());
     
 	  JsonObject registerRequests = new JsonObject();
@@ -63,10 +63,10 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
 		if(allowReregistration) {
 		  result.add("registeredKeys", new JsonArray());
 		} else {
-		  result.add("registeredKeys", signRequest.getRegisteredKeysAsJson());
+		  result.add("registeredKeys", signRequest.getRegisteredKeysAsJson(appId));
 		}
 
 		resp.setContentType("application/json");
 		resp.getWriter().println(result.toString());
 	}
-}
+}
diff --git a/u2f-gae-demo/src/com/google/u2f/gaedemo/servlets/BeginSignServlet.java b/u2f-gae-demo/src/com/google/u2f/gaedemo/servlets/BeginSignServlet.java
@@ -49,9 +49,9 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
     JsonObject result = new JsonObject();
     result.addProperty("challenge", signRequest.getChallenge());
     result.addProperty("appId", appId);
-    result.add("registeredKeys", signRequest.getRegisteredKeysAsJson());
+    result.add("registeredKeys", signRequest.getRegisteredKeysAsJson(appId));
 
     resp.setContentType("application/json");
     resp.getWriter().println(result.toString());
   }
-}
+}
diff --git a/u2f-ref-code/java/src/com/google/u2f/server/messages/RegisteredKey.java b/u2f-ref-code/java/src/com/google/u2f/server/messages/RegisteredKey.java
@@ -111,9 +111,11 @@ private JsonArray getTransportsAsJson() {
     return transportsArray;
   }
 
-  public JsonObject getJson() {
+  public JsonObject getJson(String defaultAppId) {
     JsonObject result = new JsonObject();
-    result.addProperty("appId", appId);
+    if (appId != null && !appId.equals(defaultAppId)) {
+      result.addProperty("appId", appId);
+    }
     result.addProperty("version", version);
     result.addProperty("keyHandle", keyHandle);
     result.addProperty("sessionId", sessionId);
diff --git a/u2f-ref-code/java/src/com/google/u2f/server/messages/U2fSignRequest.java b/u2f-ref-code/java/src/com/google/u2f/server/messages/U2fSignRequest.java
@@ -29,13 +29,13 @@ public List<RegisteredKey> getRegisteredKeys() {
     return registeredKeys;
   }
 
-  public JsonArray getRegisteredKeysAsJson() {
+  public JsonArray getRegisteredKeysAsJson(String defaultAppId) {
     if (registeredKeys == null) {
       return null;
     }
     JsonArray result = new JsonArray();
     for (RegisteredKey registeredKey : registeredKeys) {
-      result.add(registeredKey.getJson());
+      result.add(registeredKey.getJson(defaultAppId));
     }
     return result;
   }
diff --git a/u2f-ref-code/java/src/com/google/u2f/tools/httpserver/servlets/SignDataServlet.java b/u2f-ref-code/java/src/com/google/u2f/tools/httpserver/servlets/SignDataServlet.java
@@ -32,11 +32,12 @@ public void generateJavascript(Request req, Response resp, PrintStream body) thr
       return;
     }
 
-    U2fSignRequest signRequest = u2fServer.getSignRequest(userName, "http://localhost:8080");
+    String appId = "http://localhost:8080";
+    U2fSignRequest signRequest = u2fServer.getSignRequest(userName, appId);
     JsonObject result = new JsonObject();
     result.addProperty("challenge", signRequest.getChallenge());
-    result.addProperty("appId", "http://localhost:8080");
-    result.add("registeredKeys", signRequest.getRegisteredKeysAsJson());
+    result.addProperty("appId", appId);
+    result.add("registeredKeys", signRequest.getRegisteredKeysAsJson(appId));
 
     body.println("var signData = " + result.toString() + ";");
   }

Original file line number	Diff line number	Diff line change
`@@ -29,13 +29,13 @@ public List<RegisteredKey> getRegisteredKeys() {`
`29`	`29`	`return registeredKeys;`
`30`	`30`	`}`
`31`	`31`
`32`		`- public JsonArray getRegisteredKeysAsJson() {`
	`32`	`+ public JsonArray getRegisteredKeysAsJson(String defaultAppId) {`
`33`	`33`	`if (registeredKeys == null) {`
`34`	`34`	`return null;`
`35`	`35`	`}`
`36`	`36`	`JsonArray result = new JsonArray();`
`37`	`37`	`for (RegisteredKey registeredKey : registeredKeys) {`
`38`		`- result.add(registeredKey.getJson());`
	`38`	`+ result.add(registeredKey.getJson(defaultAppId));`
`39`	`39`	`}`
`40`	`40`	`return result;`
`41`	`41`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,11 +32,12 @@ public void generateJavascript(Request req, Response resp, PrintStream body) thr`
`32`	`32`	`return;`
`33`	`33`	`}`
`34`	`34`
`35`		`- U2fSignRequest signRequest = u2fServer.getSignRequest(userName, "http://localhost:8080");`
	`35`	`+ String appId = "http://localhost:8080";`
	`36`	`+ U2fSignRequest signRequest = u2fServer.getSignRequest(userName, appId);`
`36`	`37`	`JsonObject result = new JsonObject();`
`37`	`38`	`result.addProperty("challenge", signRequest.getChallenge());`
`38`		`- result.addProperty("appId", "http://localhost:8080");`
`39`		`- result.add("registeredKeys", signRequest.getRegisteredKeysAsJson());`
	`39`	`+ result.addProperty("appId", appId);`
	`40`	`+ result.add("registeredKeys", signRequest.getRegisteredKeysAsJson(appId));`
`40`	`41`
`41`	`42`	`body.println("var signData = " + result.toString() + ";");`
`42`	`43`	`}`