Package com.yubico.webauthn.attestation
Class StandardMetadataService
- java.lang.Object
-
- com.yubico.webauthn.attestation.StandardMetadataService
-
- All Implemented Interfaces:
com.yubico.webauthn.attestation.MetadataService
public final class StandardMetadataService extends java.lang.Object implements com.yubico.webauthn.attestation.MetadataService
-
-
Constructor Summary
Constructors Constructor Description StandardMetadataService()StandardMetadataService(AttestationResolver attestationResolver)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static AttestationResolvercreateDefaultAttestationResolver()static AttestationResolvercreateDefaultAttestationResolver(TrustResolver trustResolver)static TrustResolvercreateDefaultTrustResolver()com.yubico.webauthn.attestation.AttestationgetAttestation(@NonNull java.util.List<java.security.cert.X509Certificate> attestationCertificateChain)Attempt to look up attestation for a chain of certificatescom.yubico.webauthn.attestation.AttestationgetCachedAttestation(java.lang.String attestationCertificateFingerprint)
-
-
-
Constructor Detail
-
StandardMetadataService
public StandardMetadataService(AttestationResolver attestationResolver)
-
StandardMetadataService
public StandardMetadataService() throws java.security.cert.CertificateException- Throws:
java.security.cert.CertificateException
-
-
Method Detail
-
createDefaultTrustResolver
public static TrustResolver createDefaultTrustResolver() throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
createDefaultAttestationResolver
public static AttestationResolver createDefaultAttestationResolver(TrustResolver trustResolver) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
createDefaultAttestationResolver
public static AttestationResolver createDefaultAttestationResolver() throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
getCachedAttestation
public com.yubico.webauthn.attestation.Attestation getCachedAttestation(java.lang.String attestationCertificateFingerprint)
-
getAttestation
public com.yubico.webauthn.attestation.Attestation getAttestation(@NonNull @NonNull java.util.List<java.security.cert.X509Certificate> attestationCertificateChain) throws java.security.cert.CertificateEncodingExceptionAttempt to look up attestation for a chain of certificatesIf there is a signature path from any trusted certificate to the first certificate in
attestationCertificateChain, then the first certificate inattestationCertificateChainis matched against the metadata registry to look up metadata for the device.If the certificate chain is trusted but no metadata exists in the registry, the method returns a trusted attestation populated with information found embedded in the attestation certificate.
If the certificate chain is not trusted, the method returns an untrusted attestation populated with
transportsinformation found embedded in the attestation certificate.If the certificate chain is empty, an untrusted empty attestation is returned.
- Specified by:
getAttestationin interfacecom.yubico.webauthn.attestation.MetadataService- Parameters:
attestationCertificateChain- a certificate chain, where each certificate in the list should be signed by the following certificate.- Returns:
- An attestation as described above.
- Throws:
java.security.cert.CertificateEncodingException- if computation of the fingerprint fails for any element ofattestationCertificateChainthat needs to be inspected
-
-