Class FidoMetadataDownloader.FidoMetadataDownloaderBuilder
- Enclosing class:
- FidoMetadataDownloader
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classStep 1: Set the legal header to expect from the FIDO Metadata Service.static classStep 2: Configure how to retrieve the FIDO Metadata Service trust root certificate when necessary.static classStep 3: Configure how to cache the trust root certificate.static classStep 4: Configure how to fetch the FIDO Metadata Service metadata BLOB.static classStep 5: Configure how to cache the metadata BLOB. -
Method Summary
Modifier and TypeMethodDescriptionbuild()Useclockas the source of the current time for some application-level logic.trustHttpsCerts(@NonNull X509Certificate... certificates) Use the providedX509Certificates as trust roots for HTTPS downloads.useCrls(@NonNull Collection<CRL> crls) Use the provided CRLs.Use CRLs in the providedCertStore.verifyDownloadsOnly(boolean verifyDownloadsOnly) If set totrue, the BLOB signature will not be verified when loading the BLOB from cache or when explicitly set viaFidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4.useBlob(String).
-
Method Details
-
build
-
clock
Useclockas the source of the current time for some application-level logic.This is primarily intended for testing.
The default is
Clock.systemUTC().- Parameters:
clock- aClockwhich the finishedFidoMetadataDownloaderwill use to tell the time.
-
useCrls
public FidoMetadataDownloader.FidoMetadataDownloaderBuilder useCrls(@NonNull @NonNull Collection<CRL> crls) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException Use the provided CRLs.CRLs will also be downloaded from distribution points for any certificates with a CRLDistributionPoints extension, if the extension can be successfully interpreted. A warning message will be logged CRLDistributionPoints parsing fails.
- Throws:
InvalidAlgorithmParameterException- ifCertStore.getInstance(String, CertStoreParameters)does.NoSuchAlgorithmException- if a"Collection"typeCertStoreprovider is not available.- See Also:
-
useCrls
Use CRLs in the providedCertStore.CRLs will also be downloaded from distribution points for any certificates with a CRLDistributionPoints extension, if the extension can be successfully interpreted. A warning message will be logged CRLDistributionPoints parsing fails.
- See Also:
-
trustHttpsCerts
public FidoMetadataDownloader.FidoMetadataDownloaderBuilder trustHttpsCerts(@NonNull @NonNull X509Certificate... certificates) Use the providedX509Certificates as trust roots for HTTPS downloads.This is primarily useful when setting
downloadTrustRootand/ordownloadBlobto download from custom servers instead of the defaults.If provided, these will be used for downloading
- the trust root certificate for the BLOB signature chain, and
- the metadata BLOB.
-
verifyDownloadsOnly
public FidoMetadataDownloader.FidoMetadataDownloaderBuilder verifyDownloadsOnly(boolean verifyDownloadsOnly) If set totrue, the BLOB signature will not be verified when loading the BLOB from cache or when explicitly set viaFidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4.useBlob(String). This means that if a BLOB was successfully verified once and written to cache, that cached value will be implicitly trusted when loaded in the future.If set to
false, the BLOB signature will always be verified no matter where the BLOB came from. This means that a cached BLOB may become invalid if the BLOB certificate expires, even if the BLOB was successfully verified at the time it was downloaded.The default setting is
false.- Parameters:
verifyDownloadsOnly-trueif the BLOB signature should be ignored when loading the BLOB from cache or when explicitly set viaFidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4.useBlob(String).
-