Package com.yubico.fido.metadata

Class FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3

java.lang.Object

com.yubico.fido.metadata.FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3

Enclosing class:

FidoMetadataDownloader.FidoMetadataDownloaderBuilder

public static class FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step3
extends Object

Step 3: Configure how to cache the trust root certificate.

This step offers two mutually exclusive options:

1. Cache the trust root certificate in a File. See useTrustRootCacheFile(File).
2. Cache the trust root certificate using a Supplier to read the cache and a Consumer to write the cache. See useTrustRootCache(Supplier, Consumer).

Method Summary

Modifier and Type	Method	Description
FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4	useTrustRootCache(@NonNull Supplier<Optional<ByteArray>> getCachedTrustRootCert, @NonNull Consumer<ByteArray> writeCachedTrustRootCert)	Cache the trust root certificate using a Supplier to read the cache, and using a Consumer to write the cache.
FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4	useTrustRootCacheFile(@NonNull File cacheFile)	Cache the trust root certificate in the file cacheFile.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

useTrustRootCacheFile

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4 useTrustRootCacheFile(@NonNull
 @NonNull File cacheFile)

Cache the trust root certificate in the file cacheFile.

If cacheFile exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in the previous step, and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

Otherwise, the trust root certificate will be downloaded and written to this file.

useTrustRootCache

public FidoMetadataDownloader.FidoMetadataDownloaderBuilder.Step4 useTrustRootCache(@NonNull
 @NonNull Supplier<Optional<ByteArray>> getCachedTrustRootCert,
 @NonNull
 @NonNull Consumer<ByteArray> writeCachedTrustRootCert)

Cache the trust root certificate using a Supplier to read the cache, and using a Consumer to write the cache.

If getCachedTrustRootCert returns non-empty, the value matches one of the SHA-256 hashes configured in the previous step, and is a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

Otherwise, the trust root certificate will be downloaded and written to writeCachedTrustRootCert.

Parameters:

getCachedTrustRootCert - a Supplier that fetches the cached trust root certificate if it exists. MUST NOT return null. The returned value, if present, MUST be the trust root certificate in X.509 DER format.

writeCachedTrustRootCert - a Consumer that accepts the trust root certificate in X.509 DER format and writes it to the cache. Its argument will never be null .