Class FidoMetadataService.FidoMetadataServiceBuilder
- Enclosing class:
- FidoMetadataService
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class -
Method Summary
Modifier and TypeMethodDescriptionbuild()Set aCertStoreof additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.filter(@NonNull Predicate<FidoMetadataService.Filters.AuthenticatorToBeFiltered> filter) Set a filter for which metadata entries to allow for a given authenticator during credential registration and metadata lookup.prefilter(@NonNull Predicate<MetadataBLOBPayloadEntry> prefilter) Set a first-stage filter for which metadata entries to include in the data source.
-
Method Details
-
prefilter
public FidoMetadataService.FidoMetadataServiceBuilder prefilter(@NonNull @NonNull Predicate<MetadataBLOBPayloadEntry> prefilter) Set a first-stage filter for which metadata entries to include in the data source.This prefilter is executed once for each metadata entry during initial construction of a
FidoMetadataServiceinstance.The default is
Filters.notRevoked(). Setting a different filter overrides this default; to preserve the "not revoked" condition in addition to the new filter, you must explicitly include the condition in the few filter. For example, by usingFilters.allOf(Predicate...).- Parameters:
prefilter- aPredicatewhich returnstruefor metadata entries to include in the data source.- See Also:
-
filter
public FidoMetadataService.FidoMetadataServiceBuilder filter(@NonNull @NonNull Predicate<FidoMetadataService.Filters.AuthenticatorToBeFiltered> filter) Set a filter for which metadata entries to allow for a given authenticator during credential registration and metadata lookup.This filter is executed during each execution of
FidoMetadataService.findEntries(List, AAGUID), its overloads, andFidoMetadataService.findTrustRoots(List, Optional).The default is
Filters.noAttestationKeyCompromise(). Setting a different filter overrides this default; to preserve this condition in addition to the new filter, you must explicitly include the condition in the few filter. For example, by usingFilters.allOf(Predicate...).Note: Returning
truein the filter predicate does not automatically make the authenticator trusted, as its attestation certificate must also correctly chain to a trusted attestation root. Rather, returningtruein the filter predicate allows the corresponding metadata entry to be used for further trust assessment for that authenticator, while returningfalseeliminates the metadata entry (and thus any associated trust roots) for the ongoing query.- Parameters:
filter- aPredicatewhich returnstruefor metadata entries to allow for the corresponding authenticator during credential registration and metadata lookup.- See Also:
-
certStore
public FidoMetadataService.FidoMetadataServiceBuilder certStore(@NonNull @NonNull CertStore certStore) Set aCertStoreof additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.This setting is most likely useful for tests.
- Parameters:
certStore- aCertStoreof additional CRLs and/or intermediate certificates to use while validating attestation certificate paths.
-
build
-