Package com.yubico.fido.metadata

Class FidoMetadataDownloader.FidoMetadataDownloaderBuilder

java.lang.Object

com.yubico.fido.metadata.FidoMetadataDownloader.FidoMetadataDownloaderBuilder

Enclosing class:

FidoMetadataDownloader

public static class FidoMetadataDownloader.FidoMetadataDownloaderBuilder
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step1	Step 1: Set the legal header to expect from the FIDO Metadata Service.
static class	FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step2	Step 2: Configure how to retrieve the FIDO Metadata Service trust root certificate when necessary.
static class	FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3	Step 3: Configure how to cache the trust root certificate.
static class	FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4	Step 4: Configure how to fetch the FIDO Metadata Service metadata BLOB.
static class	FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step5	Step 5: Configure how to cache the metadata BLOB.

Method Summary

Modifier and Type	Method	Description
FidoMetadataDownloader	build()
FidoMetadataDownloader.FidoMetadataDownloaderBuilder	clock(@NonNull Clock clock)	Use clock as the source of the current time for some application-level logic.
FidoMetadataDownloader.FidoMetadataDownloaderBuilder	trustHttpsCerts(@NonNull X509Certificate... certificates)	Use the provided X509Certificates as trust roots for HTTPS downloads.
FidoMetadataDownloader.FidoMetadataDownloaderBuilder	useCrls(@NonNull Collection<CRL> crls)	Use the provided CRLs.
FidoMetadataDownloader.FidoMetadataDownloaderBuilder	useCrls(CertStore certStore)	Use CRLs in the provided CertStore.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

build

public FidoMetadataDownloader build()

clock

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder clock(@NonNull
 @NonNull Clock clock)

Use clock as the source of the current time for some application-level logic.

This is primarily intended for testing.

The default is Clock.systemUTC().

Parameters:

clock - a Clock which the finished FidoMetadataDownloader will use to tell the time.

useCrls

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder useCrls(@NonNull
 @NonNull Collection<CRL> crls)
                                                             throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException

Use the provided CRLs.

CRLs will also be downloaded from distribution points if the com.sun.security.enableCRLDP system property is set to true (assuming the use of the CertPathValidator implementation from the SUN provider).

Throws:

InvalidAlgorithmParameterException - if CertStore.getInstance(String, CertStoreParameters) does.

NoSuchAlgorithmException - if a "Collection" type CertStore provider is not available.

See Also:

• useCrls(CertStore)

useCrls

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder useCrls(CertStore certStore)

Use CRLs in the provided CertStore.

CRLs will also be downloaded from distribution points if the com.sun.security.enableCRLDP system property is set to true (assuming the use of the CertPathValidator implementation from the SUN provider).

See Also:

• useCrls(Collection)

trustHttpsCerts

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder trustHttpsCerts(@NonNull
 @NonNull X509Certificate... certificates)

Use the provided X509Certificates as trust roots for HTTPS downloads.

This is primarily useful when setting downloadTrustRoot and/or downloadBlob to download from custom servers instead of the defaults.

If provided, these will be used for downloading

• the trust root certificate for the BLOB signature chain, and
• the metadata BLOB.

If not set, the system default certificate store will be used.