Class FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3

java.lang.Object
com.yubico.fido.metadata.FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3
Enclosing class:
FidoMetadataDownloader.FidoMetadataDownloaderBuilder

public static class FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3 extends Object
Step 3: Configure how to cache the trust root certificate.

This step offers two mutually exclusive options:

  1. Cache the trust root certificate in a File. See useTrustRootCacheFile(File).
  2. Cache the trust root certificate using a Supplier to read the cache and a Consumer to write the cache. See useTrustRootCache(Supplier, Consumer).
  • Method Details

    • useTrustRootCacheFile

      public FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4 useTrustRootCacheFile(@NonNull @NonNull File cacheFile)
      Cache the trust root certificate in the file cacheFile.

      If cacheFile exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in the previous step, and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

      Otherwise, the trust root certificate will be downloaded and written to this file.

    • useTrustRootCache

      public FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4 useTrustRootCache(@NonNull @NonNull Supplier<Optional<ByteArray>> getCachedTrustRootCert, @NonNull @NonNull Consumer<ByteArray> writeCachedTrustRootCert)
      Cache the trust root certificate using a Supplier to read the cache, and using a Consumer to write the cache.

      If getCachedTrustRootCert returns non-empty, the value matches one of the SHA-256 hashes configured in the previous step, and is a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

      Otherwise, the trust root certificate will be downloaded and written to writeCachedTrustRootCert.

      Parameters:
      getCachedTrustRootCert - a Supplier that fetches the cached trust root certificate if it exists. MUST NOT return null. The returned value, if present, MUST be the trust root certificate in X.509 DER format.
      writeCachedTrustRootCert - a Consumer that accepts the trust root certificate in X.509 DER format and writes it to the cache. Its argument will never be null .