Package com.yubico.webauthn.attestation
Class CertificateUtil
java.lang.Object
com.yubico.webauthn.attestation.CertificateUtil
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionAttempt to parse the FIDO enterprise attestation serial number extension from the given certificate.
-
Field Details
-
ID_FIDO_GEN_CE_SERNUM
- See Also:
-
-
Method Details
-
parseFidoSernumExtension
Attempt to parse the FIDO enterprise attestation serial number extension from the given certificate.NOTE: This function does NOT verify that the returned serial number is authentic and trustworthy. See:
RelyingParty.RelyingPartyBuilder.attestationTrustSource(AttestationTrustSource)RegistrationResult.isAttestationTrusted()RelyingParty.RelyingPartyBuilder.allowUntrustedAttestation(boolean)
Note that the serial number is an opaque byte array with no defined structure in general. For example, the byte array may or may not represent a big-endian integer depending on the authenticator vendor.
The extension has OID
1.3.6.1.4.1.45724.1.1.2 (id-fido-gen-ce-sernum).- Parameters:
cert- the attestation certificate to parse the serial number from.- Returns:
- The serial number, if present and validly encoded. Empty if the extension is not present in the certificate.
- Throws:
IllegalArgumentException- if the extension is present but not validly encoded.- See Also:
-
RelyingParty.RelyingPartyBuilder.attestationTrustSource(AttestationTrustSource)RegistrationResult.isAttestationTrusted()RelyingParty.RelyingPartyBuilder.allowUntrustedAttestation(boolean)- WebAuthn Level 3 ยง8.2.2. Certificate Requirements for Enterprise Packed Attestation Statements
ByteBuffer.getLong()
-