Class FidoMetadataService.FidoMetadataServiceBuilder
- Enclosing class:
- FidoMetadataService
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
-
Method Summary
Modifier and TypeMethodDescriptionbuild()
Set aCertStore
of additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.filter
(@NonNull Predicate<FidoMetadataService.Filters.AuthenticatorToBeFiltered> filter) Set a filter for which metadata entries to allow for a given authenticator during credential registration and metadata lookup.prefilter
(@NonNull Predicate<MetadataBLOBPayloadEntry> prefilter) Set a first-stage filter for which metadata entries to include in the data source.
-
Method Details
-
prefilter
public FidoMetadataService.FidoMetadataServiceBuilder prefilter(@NonNull @NonNull Predicate<MetadataBLOBPayloadEntry> prefilter) Set a first-stage filter for which metadata entries to include in the data source.This prefilter is executed once for each metadata entry during initial construction of a
FidoMetadataService
instance.The default is
Filters.notRevoked()
. Setting a different filter overrides this default; to preserve the "not revoked" condition in addition to the new filter, you must explicitly include the condition in the few filter. For example, by usingFilters.allOf(Predicate...)
.- Parameters:
prefilter
- aPredicate
which returnstrue
for metadata entries to include in the data source.- See Also:
-
filter
public FidoMetadataService.FidoMetadataServiceBuilder filter(@NonNull @NonNull Predicate<FidoMetadataService.Filters.AuthenticatorToBeFiltered> filter) Set a filter for which metadata entries to allow for a given authenticator during credential registration and metadata lookup.This filter is executed during each execution of
FidoMetadataService.findEntries(List, AAGUID)
, its overloads, andFidoMetadataService.findTrustRoots(List, Optional)
.The default is
Filters.noAttestationKeyCompromise()
. Setting a different filter overrides this default; to preserve this condition in addition to the new filter, you must explicitly include the condition in the few filter. For example, by usingFilters.allOf(Predicate...)
.Note: Returning
true
in the filter predicate does not automatically make the authenticator trusted, as its attestation certificate must also correctly chain to a trusted attestation root. Rather, returningtrue
in the filter predicate allows the corresponding metadata entry to be used for further trust assessment for that authenticator, while returningfalse
eliminates the metadata entry (and thus any associated trust roots) for the ongoing query.- Parameters:
filter
- aPredicate
which returnstrue
for metadata entries to allow for the corresponding authenticator during credential registration and metadata lookup.- See Also:
-
certStore
public FidoMetadataService.FidoMetadataServiceBuilder certStore(@NonNull @NonNull CertStore certStore) Set aCertStore
of additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.This setting is most likely useful for tests.
- Parameters:
certStore
- aCertStore
of additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.
-
build
public FidoMetadataService build() throws CertPathValidatorException, InvalidAlgorithmParameterException, com.yubico.webauthn.data.exception.Base64UrlException, DigestException, FidoMetadataDownloaderException, CertificateException, UnexpectedLegalHeader, IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException- Throws:
CertPathValidatorException
InvalidAlgorithmParameterException
com.yubico.webauthn.data.exception.Base64UrlException
DigestException
FidoMetadataDownloaderException
CertificateException
UnexpectedLegalHeader
IOException
NoSuchAlgorithmException
SignatureException
InvalidKeyException
-