Package com.yubico.fido.metadata
Class FidoMetadataDownloader.FidoMetadataDownloaderBuilder
java.lang.Object
com.yubico.fido.metadata.FidoMetadataDownloader.FidoMetadataDownloaderBuilder
- Enclosing class:
- FidoMetadataDownloader
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Step 1: Set the legal header to expect from the FIDO Metadata Service.static class
Step 2: Configure how to retrieve the FIDO Metadata Service trust root certificate when necessary.static class
Step 3: Configure how to cache the trust root certificate.static class
Step 4: Configure how to fetch the FIDO Metadata Service metadata BLOB.static class
Step 5: Configure how to cache the metadata BLOB. -
Method Summary
Modifier and TypeMethodDescriptionbuild()
Useclock
as the source of the current time for some application-level logic.trustHttpsCerts
(@NonNull X509Certificate... certificates) Use the providedX509Certificate
s as trust roots for HTTPS downloads.useCrls
(@NonNull Collection<CRL> crls) Use the provided CRLs.Use CRLs in the providedCertStore
.
-
Method Details
-
build
-
clock
Useclock
as the source of the current time for some application-level logic.This is primarily intended for testing.
The default is
Clock.systemUTC()
.- Parameters:
clock
- aClock
which the finishedFidoMetadataDownloader
will use to tell the time.
-
useCrls
public FidoMetadataDownloader.FidoMetadataDownloaderBuilder useCrls(@NonNull @NonNull Collection<CRL> crls) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException Use the provided CRLs.CRLs will also be downloaded from distribution points if the
com.sun.security.enableCRLDP
system property is set totrue
(assuming the use of theCertPathValidator
implementation from the SUN provider).- Throws:
InvalidAlgorithmParameterException
- ifCertStore.getInstance(String, CertStoreParameters)
does.NoSuchAlgorithmException
- if a"Collection"
typeCertStore
provider is not available.- See Also:
-
useCrls
Use CRLs in the providedCertStore
.CRLs will also be downloaded from distribution points if the
com.sun.security.enableCRLDP
system property is set totrue
(assuming the use of theCertPathValidator
implementation from the SUN provider).- See Also:
-
trustHttpsCerts
public FidoMetadataDownloader.FidoMetadataDownloaderBuilder trustHttpsCerts(@NonNull @NonNull X509Certificate... certificates) Use the providedX509Certificate
s as trust roots for HTTPS downloads.This is primarily useful when setting
downloadTrustRoot
and/ordownloadBlob
to download from custom servers instead of the defaults.If provided, these will be used for downloading
- the trust root certificate for the BLOB signature chain, and
- the metadata BLOB.
-