com.yubico.webauthn.data

Class AuthenticatorData

java.lang.Object

com.yubico.webauthn.data.AuthenticatorData

public final class AuthenticatorData
extends java.lang.Object

The authenticator data structure is a byte array of 37 bytes or more. This class presents the authenticator data decoded as a high-level object.

The authenticator data structure encodes contextual bindings made by the authenticator. These bindings are controlled by the authenticator itself, and derive their trust from the WebAuthn Relying Party's assessment of the security properties of the authenticator. In one extreme case, the authenticator may be embedded in the client, and its bindings may be no more trustworthy than the client data. At the other extreme, the authenticator may be a discrete entity with high-security hardware and software, connected to the client over a secure channel. In both cases, the Relying Party receives the authenticator data in the same format, and uses its knowledge of the authenticator to make trust decisions.

See Also:

§6.1. Authenticator Data

Constructor Summary

Constructors

Constructor and Description
AuthenticatorData(@NonNull ByteArray bytes) Decode an AuthenticatorData object from a raw authenticator data byte array.

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object o)
@NonNull java.util.Optional<AttestedCredentialData>	getAttestedCredentialData() Attested credential data, if present.
@NonNull ByteArray	getBytes() The original raw byte array that this object is decoded from.
java.util.Optional<com.upokecenter.cbor.CBORObject>	getExtensions() Extension-defined authenticator data, if present.
@NonNull AuthenticatorDataFlags	getFlags() The flags bit field.
ByteArray	getRpIdHash() The SHA-256 hash of the RP ID the credential is scoped to.
long	getSignatureCounter() The 32-bit unsigned signature counter.
int	hashCode()
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

AuthenticatorData

public AuthenticatorData(@NonNull
                         @NonNull ByteArray bytes)

Decode an AuthenticatorData object from a raw authenticator data byte array.

Method Detail

getRpIdHash

public ByteArray getRpIdHash()

The SHA-256 hash of the RP ID the credential is scoped to.

getSignatureCounter

public long getSignatureCounter()

The 32-bit unsigned signature counter.

getExtensions

public java.util.Optional<com.upokecenter.cbor.CBORObject> getExtensions()

Extension-defined authenticator data, if present.

This member is present if and only if the AuthenticatorDataFlags.ED flag is set.

Changes to the returned value are not reflected in the AuthenticatorData object.

See Also:

flags

getBytes

@NonNull
public @NonNull ByteArray getBytes()

The original raw byte array that this object is decoded from. This is a byte array of 37 bytes or more.

See Also:

§6.1. Authenticator Data

getFlags

@NonNull
public @NonNull AuthenticatorDataFlags getFlags()

The flags bit field.

getAttestedCredentialData

@NonNull
public @NonNull java.util.Optional<AttestedCredentialData> getAttestedCredentialData()

Attested credential data, if present.

This member is present if and only if the AuthenticatorDataFlags.AT flag is set.

See Also:

flags

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object