com.yubico.webauthn.data.AuthenticatorData

public final class AuthenticatorData extends Object

The authenticator data structure is a byte array of 37 bytes or more. This class presents the authenticator data decoded as a high-level object.

The authenticator data structure encodes contextual bindings made by the authenticator. These bindings are controlled by the authenticator itself, and derive their trust from the WebAuthn Relying Party's assessment of the security properties of the authenticator. In one extreme case, the authenticator may be embedded in the client, and its bindings may be no more trustworthy than the client data. At the other extreme, the authenticator may be a discrete entity with high-security hardware and software, connected to the client over a secure channel. In both cases, the Relying Party receives the authenticator data in the same format, and uses its knowledge of the authenticator to make trust decisions.

See Also:

§6.1. Authenticator Data

Constructor Summary

Constructors

Constructor

Description

AuthenticatorData(@NonNull ByteArray bytes)

Decode an AuthenticatorData object from a raw authenticator data byte array.
Method Summary

Modifier and Type

Method

Description

boolean

equals(Object o)

Optional<AttestedCredentialData>

getAttestedCredentialData()

Attested credential data, if present.

@NonNull ByteArray

getBytes()

The original raw byte array that this object is decoded from.

Optional<com.upokecenter.cbor.CBORObject>

getExtensions()

Extension-defined authenticator data, if present.

@NonNull AuthenticatorDataFlags

getFlags()

The flags bit field.

ByteArray

getRpIdHash()

The SHA-256 hash of the RP ID the credential is scoped to.

long

getSignatureCounter()

The 32-bit unsigned signature counter.

int

hashCode()

String

toString()

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details
- AuthenticatorData
  
  public AuthenticatorData(@NonNull @NonNull ByteArray bytes)
  
  Decode an AuthenticatorData object from a raw authenticator data byte array.
Method Details
- getRpIdHash
  
  public ByteArray getRpIdHash()
  
  The SHA-256 hash of the RP ID the credential is scoped to.
- getSignatureCounter
  
  public long getSignatureCounter()
  
  The 32-bit unsigned signature counter.
- getAttestedCredentialData
  
  public Optional<AttestedCredentialData> getAttestedCredentialData()
  
  Attested credential data, if present.
  This member is present if and only if the AuthenticatorDataFlags.AT flag is set.
  See Also:
  
  flags
- getExtensions
  
  public Optional<com.upokecenter.cbor.CBORObject> getExtensions()
  
  Extension-defined authenticator data, if present.
  This member is present if and only if the AuthenticatorDataFlags.ED flag is set.
  Changes to the returned value are not reflected in the AuthenticatorData object.
  See Also:
  
  flags
- getBytes
  
  @NonNull public @NonNull ByteArray getBytes()
  
  The original raw byte array that this object is decoded from. This is a byte array of 37 bytes or more.
  See Also:
  
  §6.1. Authenticator Data
- getFlags
  
  @NonNull public @NonNull AuthenticatorDataFlags getFlags()
  
  The flags bit field.
- equals
  
  public boolean equals(Object o)
  
  Overrides:
  
  equals in class Object
- hashCode
  
  public int hashCode()
  
  Overrides:
  
  hashCode in class Object
- toString
  
  public String toString()
  
  Overrides:
  
  toString in class Object

Class AuthenticatorData

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

AuthenticatorData

Method Details

getRpIdHash

getSignatureCounter

getAttestedCredentialData

getExtensions

getBytes

getFlags

equals

hashCode

toString