Package com.yubico.webauthn.data

Class Extensions.CredentialProtection.CredentialProtectionInput

java.lang.Object

com.yubico.webauthn.data.Extensions.CredentialProtection.CredentialProtectionInput

Enclosing class:

Extensions.CredentialProtection

public static final class Extensions.CredentialProtection.CredentialProtectionInput
extends Object

Extension inputs for the Credential Protection (credProtect) extension.

Instances may be created using the prefer(CredentialProtectionPolicy) and require(CredentialProtectionPolicy) factory functions.

Since:

2.7.0

See Also:

• CTAP2 §12.1. Credential Protection (credProtect)

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
Extensions.CredentialProtection.CredentialProtectionPolicy	getCredentialProtectionPolicy()	The requested credential protection policy.
int	hashCode()
boolean	isEnforceCredentialProtectionPolicy()	If this is true and credentialProtectionPolicy is not Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL, RelyingParty.finishRegistration(FinishRegistrationOptions) will validate that the policy set in getCredentialProtectionPolicy() was satisfied and the browser is requested to fail the registration if the policy cannot be satisfied.
static Extensions.CredentialProtection.CredentialProtectionInput	prefer(@NonNull Extensions.CredentialProtection.CredentialProtectionPolicy policy)	Create a Credential Protection (credProtect) extension input that requests the given policy when possible.
static Extensions.CredentialProtection.CredentialProtectionInput	require(@NonNull Extensions.CredentialProtection.CredentialProtectionPolicy policy)	Create a Credential Protection (credProtect) extension input that requires the given policy.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

prefer

public static Extensions.CredentialProtection.CredentialProtectionInput prefer(@NonNull
 @NonNull Extensions.CredentialProtection.CredentialProtectionPolicy policy)

Create a Credential Protection (credProtect) extension input that requests the given policy when possible.

If the policy cannot be satisfied, the browser is requested to continue the registration anyway. To determine what policy was applied, use AuthenticatorRegistrationExtensionOutputs.getCredProtect() to inspect the extension output. RelyingParty.finishRegistration(FinishRegistrationOptions) will not validate what policy was applied.

Use require(CredentialProtectionPolicy) instead to forbid the registration from proceeding if the extension is not supported or the policy cannot be satisfied.

Parameters:

policy - the policy to request.

Returns:

a credProtect extension input that requests the given policy when possible. The browser is requested to continue the registration even if this policy cannot be satisfied.

Since:

2.7.0

See Also:

• require(CredentialProtectionPolicy)
• CTAP2 §12.1. Credential Protection (credProtect)

require

public static Extensions.CredentialProtection.CredentialProtectionInput require(@NonNull
 @NonNull Extensions.CredentialProtection.CredentialProtectionPolicy policy)

Create a Credential Protection (credProtect) extension input that requires the given policy.

If the policy is not Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL and cannot be satisfied, the browser is requested to abort the registration instead of proceeding. RelyingParty.finishRegistration(FinishRegistrationOptions) will validate that the policy returned in the authenticator extension output equals this input policy, and throw an exception otherwise. You can also use AuthenticatorRegistrationExtensionOutputs.getCredProtect() to inspect the extension output yourself.

Note that if the browser or authenticator does not support the extension, the registration will fail. Use prefer(CredentialProtectionPolicy) instead to allow the registration to proceed if the extension is not supported or the policy cannot be satisfied.

Parameters:

policy - the policy to require.

Returns:

a credProtect extension input that requires the given policy. The browser is requested to abort the registration if this policy cannot be satisfied.

Since:

2.7.0

See Also:

• CTAP2 §12.1. Credential Protection (credProtect)

getCredentialProtectionPolicy

public Extensions.CredentialProtection.CredentialProtectionPolicy getCredentialProtectionPolicy()

The requested credential protection policy. This policy may or may not be satisfied; see isEnforceCredentialProtectionPolicy().

Since:

2.7.0

See Also:

• Extensions.CredentialProtection.CredentialProtectionPolicy
• isEnforceCredentialProtectionPolicy()
• CTAP2 §12.1. Credential Protection (credProtect)

isEnforceCredentialProtectionPolicy

public boolean isEnforceCredentialProtectionPolicy()

If this is true and credentialProtectionPolicy is not Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL, RelyingParty.finishRegistration(FinishRegistrationOptions) will validate that the policy set in getCredentialProtectionPolicy() was satisfied and the browser is requested to fail the registration if the policy cannot be satisfied.

prefer(CredentialProtectionPolicy) sets this to false. require(CredentialProtectionPolicy) sets this to true.

Since:

2.7.0

See Also:

• Extensions.CredentialProtection.CredentialProtectionPolicy
• getCredentialProtectionPolicy()
• CTAP2 §12.1. Credential Protection (credProtect)

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object