Enum AttestationType
- java.lang.Object
-
- java.lang.Enum<AttestationType>
-
- com.yubico.webauthn.data.AttestationType
-
- All Implemented Interfaces:
java.io.Serializable
,java.lang.Comparable<AttestationType>
public enum AttestationType extends java.lang.Enum<AttestationType>
Web Authentication supports several attestation types, defining the semantics of attestation statements and their underlying trust models.- See Also:
- §6.4.3. Attestation Types
-
-
Enum Constant Summary
Enum Constants Enum Constant Description ANONYMIZATION_CA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.ATTESTATION_CA
In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK).BASIC
In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model.NONE
In this case, no attestation information is available.SELF_ATTESTATION
In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key.UNKNOWN
In this case, attestation information is present but was not understood by the library.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static AttestationType
valueOf(java.lang.String name)
Returns the enum constant of this type with the specified name.static AttestationType[]
values()
Returns an array containing the constants of this enum type, in the order they are declared.
-
-
-
Enum Constant Detail
-
BASIC
public static final AttestationType BASIC
In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model. Thus, authenticators of the same model often share the same attestation key pair. See §14.4 Attestation Privacy for further information.- See Also:
- Basic Attestation
-
SELF_ATTESTATION
public static final AttestationType SELF_ATTESTATION
In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key. Instead it uses the credential private key to create the attestation signature. Authenticators without meaningful protection measures for an attestation private key typically use this attestation type.- See Also:
- Self Attestation
-
ATTESTATION_CA
public static final AttestationType ATTESTATION_CA
In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA (formerly known as a "Privacy CA"). The authenticator can generate multiple attestation identity key pairs (AIK) and requests an Attestation CA to issue an AIK certificate for each. Using this approach, such an authenticator can limit the exposure of the EK (which is a global correlation handle) to Attestation CA(s). AIKs can be requested for each authenticator-generated public key credential individually, and conveyed to Relying Parties as attestation certificates.Note: This concept typically leads to multiple attestation certificates. The attestation certificate requested most recently is called "active".
Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
- See Also:
- Attestation CA
-
ANONYMIZATION_CA
public static final AttestationType ANONYMIZATION_CA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.Note: Attestation statements conveying attestations of type AttCA or AnonCA use the same data structure as those of type Basic, so the three attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
- See Also:
- Anonymization CA
-
NONE
public static final AttestationType NONE
In this case, no attestation information is available. See also §8.7 None Attestation Statement Format.- See Also:
- §8.7 None Attestation Statement Format
-
UNKNOWN
public static final AttestationType UNKNOWN
In this case, attestation information is present but was not understood by the library.For example, the attestation statement might be using a new attestation statement format not yet supported by the library.
-
-
Method Detail
-
values
public static AttestationType[] values()
Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:for (AttestationType c : AttestationType.values()) System.out.println(c);
- Returns:
- an array containing the constants of this enum type, in the order they are declared
-
valueOf
public static AttestationType valueOf(java.lang.String name)
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
java.lang.IllegalArgumentException
- if this enum type has no constant with the specified namejava.lang.NullPointerException
- if the argument is null
-
-