com.yubico.webauthn.attestation

Class StandardMetadataService

java.lang.Object

com.yubico.webauthn.attestation.StandardMetadataService

All Implemented Interfaces:

com.yubico.webauthn.attestation.MetadataService

public final class StandardMetadataService
extends java.lang.Object
implements com.yubico.webauthn.attestation.MetadataService

Constructor Summary

Constructors

Constructor and Description
StandardMetadataService()
StandardMetadataService(AttestationResolver attestationResolver)

Method Summary

Modifier and Type	Method and Description
static AttestationResolver	createDefaultAttestationResolver()
static AttestationResolver	createDefaultAttestationResolver(TrustResolver trustResolver)
static TrustResolver	createDefaultTrustResolver()
com.yubico.webauthn.attestation.Attestation	getAttestation(@NonNull java.util.List<java.security.cert.X509Certificate> attestationCertificateChain) Attempt to look up attestation for a chain of certificates
com.yubico.webauthn.attestation.Attestation	getCachedAttestation(java.lang.String attestationCertificateFingerprint)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

StandardMetadataService

public StandardMetadataService(AttestationResolver attestationResolver)

StandardMetadataService

public StandardMetadataService()
                        throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

Method Detail

createDefaultTrustResolver

public static TrustResolver createDefaultTrustResolver()
                                                throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

createDefaultAttestationResolver

public static AttestationResolver createDefaultAttestationResolver(TrustResolver trustResolver)
                                                            throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

createDefaultAttestationResolver

public static AttestationResolver createDefaultAttestationResolver()
                                                            throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

getCachedAttestation

public com.yubico.webauthn.attestation.Attestation getCachedAttestation(java.lang.String attestationCertificateFingerprint)

getAttestation

public com.yubico.webauthn.attestation.Attestation getAttestation(@NonNull
                                                                  @NonNull java.util.List<java.security.cert.X509Certificate> attestationCertificateChain)
                                                           throws java.security.cert.CertificateEncodingException

Attempt to look up attestation for a chain of certificates

If there is a signature path from any trusted certificate to the first certificate in attestationCertificateChain, then the first certificate in attestationCertificateChain is matched against the metadata registry to look up metadata for the device.

If the certificate chain is trusted but no metadata exists in the registry, the method returns a trusted attestation populated with information found embedded in the attestation certificate.

If the certificate chain is not trusted, the method returns an untrusted attestation populated with transports information found embedded in the attestation certificate.

If the certificate chain is empty, an untrusted empty attestation is returned.

Specified by:

getAttestation in interface com.yubico.webauthn.attestation.MetadataService

Parameters:

attestationCertificateChain - a certificate chain, where each certificate in the list should be signed by the following certificate.

Returns:

An attestation as described above.

Throws:

java.security.cert.CertificateEncodingException - if computation of the fingerprint fails for any element of attestationCertificateChain that needs to be inspected