Package com.yubico.fido.metadata
Enum Class AuthenticatorAttestationType
- All Implemented Interfaces:
Serializable
,Comparable<AuthenticatorAttestationType>
,Constable
The ATTESTATION constants are 16 bit long integers indicating the specific attestation that
authenticator supports.
Each constant has a case-sensitive string representation (in quotes), which is used in the authoritative metadata for FIDO authenticators. *
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
-
Enum Constant Summary
Enum ConstantDescriptionIn this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll].Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g.Just syntactically a Basic Attestation.Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm].Indicates absence of attestation. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthenticatorAttestationType
Returns the enum constant of this class with the specified name.static AuthenticatorAttestationType[]
values()
Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
ATTESTATION_BASIC_FULL
Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g. same model). Authenticators must provide its attestation signature during the registration process for the same reason. The attestation trust anchor is shared with FIDO Servers out of band (as part of the Metadata). This sharing process should be done according to [FIDOMetadataService]. -
ATTESTATION_BASIC_SURROGATE
Just syntactically a Basic Attestation. The attestation object self-signed, i.e. it is signed using the UAuth.priv key, i.e. the key corresponding to the UAuth.pub key included in the attestation object. As a consequence it does not provide a cryptographic proof of the security characteristics. But it is the best thing we can do if the authenticator is not able to have an attestation private key. -
ATTESTATION_ECDAA
Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm]. Support for this attestation type is optional at this time. It might be required by FIDO Certification. -
ATTESTATION_ATTCA
Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll]. Support for this attestation type is optional at this time. It might be required by FIDO Certification. -
ATTESTATION_ANONCA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes. The applicable [WebAuthn] attestation formats "fmt" are Google SafetyNet Attestation "android-safetynet", Android Keystore Attestation "android-key", Apple Anonymous Attestation "apple", and Apple Application Attestation "apple-appattest". -
ATTESTATION_NONE
Indicates absence of attestation.
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum class has no constant with the specified nameNullPointerException
- if the argument is null
-