Package com.yubico.fido.metadata

Enum Class AuthenticatorAttestationType

java.lang.Object

java.lang.Enum<AuthenticatorAttestationType>

com.yubico.fido.metadata.AuthenticatorAttestationType

All Implemented Interfaces:

Serializable, Comparable<AuthenticatorAttestationType>, Constable

public enum AuthenticatorAttestationType
extends Enum<AuthenticatorAttestationType>

The ATTESTATION constants are 16 bit long integers indicating the specific attestation that authenticator supports.

Each constant has a case-sensitive string representation (in quotes), which is used in the authoritative metadata for FIDO authenticators. *

See Also:

• FIDO Registry of Predefined Values §3.7 Authenticator Attestation Types

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum.EnumDesc<E extends Enum<E>>

Enum Constant Summary

Enum Constants

Enum Constant	Description
ATTESTATION_ANONCA	In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.
ATTESTATION_ATTCA	Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll].
ATTESTATION_BASIC_FULL	Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g.
ATTESTATION_BASIC_SURROGATE	Just syntactically a Basic Attestation.
ATTESTATION_ECDAA	Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm].
ATTESTATION_NONE	Indicates absence of attestation.

Method Summary

Modifier and Type	Method	Description
static AuthenticatorAttestationType	valueOf(String name)	Returns the enum constant of this class with the specified name.
static AuthenticatorAttestationType[]	values()	Returns an array containing the constants of this enum class, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Details

ATTESTATION_BASIC_FULL

public static final AuthenticatorAttestationType ATTESTATION_BASIC_FULL

Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g. same model). Authenticators must provide its attestation signature during the registration process for the same reason. The attestation trust anchor is shared with FIDO Servers out of band (as part of the Metadata). This sharing process should be done according to [FIDOMetadataService].

See Also:

• FIDO Registry of Predefined Values §3.7 Authenticator Attestation Types

ATTESTATION_BASIC_SURROGATE

public static final AuthenticatorAttestationType ATTESTATION_BASIC_SURROGATE

Just syntactically a Basic Attestation. The attestation object self-signed, i.e. it is signed using the UAuth.priv key, i.e. the key corresponding to the UAuth.pub key included in the attestation object. As a consequence it does not provide a cryptographic proof of the security characteristics. But it is the best thing we can do if the authenticator is not able to have an attestation private key.

See Also:

• FIDO Registry of Predefined Values §3.7 Authenticator Attestation Types

ATTESTATION_ECDAA

public static final AuthenticatorAttestationType ATTESTATION_ECDAA

Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.

See Also:

• FIDO Registry of Predefined Values §3.7 Authenticator Attestation Types

ATTESTATION_ATTCA

public static final AuthenticatorAttestationType ATTESTATION_ATTCA

Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.

See Also:

• FIDO Registry of Predefined Values §3.7 Authenticator Attestation Types

ATTESTATION_ANONCA

public static final AuthenticatorAttestationType ATTESTATION_ANONCA

In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes. The applicable [WebAuthn] attestation formats "fmt" are Google SafetyNet Attestation "android-safetynet", Android Keystore Attestation "android-key", Apple Anonymous Attestation "apple", and Apple Application Attestation "apple-appattest".

ATTESTATION_NONE

public static final AuthenticatorAttestationType ATTESTATION_NONE

Indicates absence of attestation.

Method Details

values

public static AuthenticatorAttestationType[] values()

Returns an array containing the constants of this enum class, in the order they are declared.

Returns:

an array containing the constants of this enum class, in the order they are declared

valueOf

public static AuthenticatorAttestationType valueOf(String name)

Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum class has no constant with the specified name

NullPointerException - if the argument is null