Package com.yubico.webauthn.data

Enum AttestationType

  • All Implemented Interfaces:
    java.io.Serializable, java.lang.Comparable<AttestationType>
    public enum AttestationType
extends java.lang.Enum<AttestationType>
    Web Authentication supports several attestation types, defining the semantics of attestation statements and their underlying trust models.
    See Also:
    §6.4.3. Attestation Types

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description
      ATTESTATION_CA
      In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK).
      BASIC
      In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model.
      ECDAA
      In this case, the Authenticator receives direct anonymous attestation (DAA) credentials from a single DAA-Issuer.
      NONE
      In this case, no attestation information is available.
      SELF_ATTESTATION
      In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key.
      UNKNOWN
      In this case, attestation information is present but was not understood by the library.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static AttestationType valueOf​(java.lang.String name)
      Returns the enum constant of this type with the specified name.
      static AttestationType[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.

      • Methods inherited from class java.lang.Enum

        clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

      • Methods inherited from class java.lang.Object

        getClass, notify, notifyAll, wait, wait, wait

    • Enum Constant Detail

      • BASIC

        public static final AttestationType BASIC
        In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model. Thus, authenticators of the same model often share the same attestation key pair. See §14.4 Attestation Privacy for further information.
        See Also:
        Basic Attestation

      • SELF_ATTESTATION

        public static final AttestationType SELF_ATTESTATION
        In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key. Instead it uses the credential private key to create the attestation signature. Authenticators without meaningful protection measures for an attestation private key typically use this attestation type.
        See Also:
        Self Attestation

      • ATTESTATION_CA

        public static final AttestationType ATTESTATION_CA
        In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA (formerly known as a "Privacy CA"). The authenticator can generate multiple attestation identity key pairs (AIK) and requests an Attestation CA to issue an AIK certificate for each. Using this approach, such an authenticator can limit the exposure of the EK (which is a global correlation handle) to Attestation CA(s). AIKs can be requested for each authenticator-generated public key credential individually, and conveyed to Relying Parties as attestation certificates.

        Note: This concept typically leads to multiple attestation certificates. The attestation certificate requested most recently is called "active".

        Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.

        See Also:
        Attestation CA

      • ECDAA

        public static final AttestationType ECDAA
        In this case, the Authenticator receives direct anonymous attestation (DAA) credentials from a single DAA-Issuer. These DAA credentials are used along with blinding to sign the attested credential data. The concept of blinding avoids the DAA credentials being misused as global correlation handle. WebAuthn supports DAA using elliptic curve cryptography and bilinear pairings, called ECDAA. See the FIDO ECDAA Algorithm for details.
        See Also:
        Elliptic Curve based Direct Anonymous Attestation (ECDAA), FIDO ECDAA Algorithm

    • Method Detail

      • values

        public static AttestationType[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (AttestationType c : AttestationType.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static AttestationType valueOf​(java.lang.String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        java.lang.IllegalArgumentException - if this enum type has no constant with the specified name
        java.lang.NullPointerException - if the argument is null