Package com.yubico.fido.metadata
Enum AuthenticatorAttestationType
- java.lang.Object
-
- java.lang.Enum<AuthenticatorAttestationType>
-
- com.yubico.fido.metadata.AuthenticatorAttestationType
-
- All Implemented Interfaces:
java.io.Serializable
,java.lang.Comparable<AuthenticatorAttestationType>
public enum AuthenticatorAttestationType extends java.lang.Enum<AuthenticatorAttestationType>
The ATTESTATION constants are 16 bit long integers indicating the specific attestation that authenticator supports.Each constant has a case-sensitive string representation (in quotes), which is used in the authoritative metadata for FIDO authenticators. *
-
-
Enum Constant Summary
Enum Constants Enum Constant Description ATTESTATION_ANONCA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.ATTESTATION_ATTCA
Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll].ATTESTATION_BASIC_FULL
Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g.ATTESTATION_BASIC_SURROGATE
Just syntactically a Basic Attestation.ATTESTATION_ECDAA
Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm].ATTESTATION_NONE
Indicates absence of attestation.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static AuthenticatorAttestationType
valueOf(java.lang.String name)
Returns the enum constant of this type with the specified name.static AuthenticatorAttestationType[]
values()
Returns an array containing the constants of this enum type, in the order they are declared.
-
-
-
Enum Constant Detail
-
ATTESTATION_BASIC_FULL
public static final AuthenticatorAttestationType ATTESTATION_BASIC_FULL
Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g. same model). Authenticators must provide its attestation signature during the registration process for the same reason. The attestation trust anchor is shared with FIDO Servers out of band (as part of the Metadata). This sharing process should be done according to [FIDOMetadataService].
-
ATTESTATION_BASIC_SURROGATE
public static final AuthenticatorAttestationType ATTESTATION_BASIC_SURROGATE
Just syntactically a Basic Attestation. The attestation object self-signed, i.e. it is signed using the UAuth.priv key, i.e. the key corresponding to the UAuth.pub key included in the attestation object. As a consequence it does not provide a cryptographic proof of the security characteristics. But it is the best thing we can do if the authenticator is not able to have an attestation private key.
-
ATTESTATION_ECDAA
public static final AuthenticatorAttestationType ATTESTATION_ECDAA
Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.
-
ATTESTATION_ATTCA
public static final AuthenticatorAttestationType ATTESTATION_ATTCA
Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.
-
ATTESTATION_ANONCA
public static final AuthenticatorAttestationType ATTESTATION_ANONCA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes. The applicable [WebAuthn] attestation formats "fmt" are Google SafetyNet Attestation "android-safetynet", Android Keystore Attestation "android-key", Apple Anonymous Attestation "apple", and Apple Application Attestation "apple-appattest".
-
ATTESTATION_NONE
public static final AuthenticatorAttestationType ATTESTATION_NONE
Indicates absence of attestation.
-
-
Method Detail
-
values
public static AuthenticatorAttestationType[] values()
Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:for (AuthenticatorAttestationType c : AuthenticatorAttestationType.values()) System.out.println(c);
- Returns:
- an array containing the constants of this enum type, in the order they are declared
-
valueOf
public static AuthenticatorAttestationType valueOf(java.lang.String name)
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
java.lang.IllegalArgumentException
- if this enum type has no constant with the specified namejava.lang.NullPointerException
- if the argument is null
-
-