Class AttestationTrustSource.TrustRootsResult
- java.lang.Object
-
- com.yubico.webauthn.attestation.AttestationTrustSource.TrustRootsResult
-
- Enclosing interface:
- AttestationTrustSource
public static final class AttestationTrustSource.TrustRootsResult extends java.lang.Object
A result of looking up attestation trust roots for a particular attestation statement.This primarily consists of a set of trust root certificates - see
trustRoots(Set)
- but may also:- include a
CertStore
of additional CRLs and/or intermediate certificates to use during certificate path validation - seecertStore(CertStore)
; - disable certificate revocation checking for the relevant attestation statement - see
enableRevocationChecking(boolean)
; and/or - define a policy tree validator for the PKIX policy tree result - see
policyTreeValidator(Predicate)
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder.Step1
builder()
boolean
equals(java.lang.Object o)
java.util.Optional<java.security.cert.CertStore>
getCertStore()
ACertStore
of additional CRLs and/or intermediate certificates to use during certificate path validation, if any.java.util.Optional<java.util.function.Predicate<java.security.cert.PolicyNode>>
getPolicyTreeValidator()
If non-null, the PolicyQualifiersRejected flag will be set to false during certificate path validation.@NonNull java.util.Set<java.security.cert.X509Certificate>
getTrustRoots()
A set of attestation root certificates trusted to certify the relevant attestation statement.int
hashCode()
boolean
isEnableRevocationChecking()
Whether certificate revocation should be checked during certificate path validation.AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder
toBuilder()
java.lang.String
toString()
-
-
-
Method Detail
-
getCertStore
public java.util.Optional<java.security.cert.CertStore> getCertStore()
ACertStore
of additional CRLs and/or intermediate certificates to use during certificate path validation, if any. This will not be used iftrustRoots
is empty.Any certificates included in this
CertStore
are NOT considered trusted; they will be trusted only if they chain to any of thetrustRoots
.The default is
null
.
-
getPolicyTreeValidator
public java.util.Optional<java.util.function.Predicate<java.security.cert.PolicyNode>> getPolicyTreeValidator()
If non-null, the PolicyQualifiersRejected flag will be set to false during certificate path validation. SeePKIXParameters.setPolicyQualifiersRejected(boolean)
.The given
Predicate
will be used to validate the policy tree. ThePredicate
should returntrue
if the policy tree is acceptable, andfalse
otherwise.Depending on your
"PKIX"
JCA provider configuration, this may be required if any certificate in the certificate path contains a certificate policies extension marked critical. If this is not set, then such a certificate will be rejected by the certificate path validator from the default provider.Consult the Java PKI Programmer's Guide for how to use the
PolicyNode
argument of thePredicate
.The default is
null
.
-
builder
public static AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder.Step1 builder()
-
getTrustRoots
@NonNull public @NonNull java.util.Set<java.security.cert.X509Certificate> getTrustRoots()
A set of attestation root certificates trusted to certify the relevant attestation statement. If the attestation statement is not trusted, or if no trust roots were found, this should be an empty set.
-
isEnableRevocationChecking
public boolean isEnableRevocationChecking()
Whether certificate revocation should be checked during certificate path validation.
-
toBuilder
public AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder toBuilder()
-
equals
public boolean equals(java.lang.Object o)
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
-