Package com.yubico.webauthn.data

Class Extensions.CredentialProtection

java.lang.Object

com.yubico.webauthn.data.Extensions.CredentialProtection

Enclosing class:

Extensions

public static class Extensions.CredentialProtection
extends Object

Definitions for the Credential Protection (credProtect) extension.

Since:

2.7.0

See Also:

• CTAP2 §12.1. Credential Protection (credProtect)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	Extensions.CredentialProtection.CredentialProtectionInput	Extension inputs for the Credential Protection (credProtect) extension.
static enum	Extensions.CredentialProtection.CredentialProtectionPolicy	Policy values for the Credential Protection (credProtect) extension.

Constructor Summary

Constructors

Constructor	Description
CredentialProtection()

Method Summary

Modifier and Type	Method	Description
static void	validateExtensionOutput(PublicKeyCredentialCreationOptions request, PublicKeyCredential<AuthenticatorAttestationResponse,ClientRegistrationExtensionOutputs> response)	Validate that the given response satisfies the credProtect extension policy set in the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CredentialProtection

public CredentialProtection()

Method Details

validateExtensionOutput

public static void validateExtensionOutput(PublicKeyCredentialCreationOptions request,
 PublicKeyCredential<AuthenticatorAttestationResponse,ClientRegistrationExtensionOutputs> response)

Validate that the given response satisfies the credProtect extension policy set in the request.

If the credProtect extension is not set in the request, this has no effect.

If the credProtect extension is set in the request with enforceCredentialProtectionPolicy set to false or credentialProtectionPolicy set to Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL, this has no effect.

If the credProtect extension is set in the request with enforceCredentialProtectionPolicy set to true and credentialProtectionPolicy is not set to Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL, then this throws an IllegalArgumentException if the credProtect authenticator extension output does not equal the credentialProtectionPolicy set in the request.

This function is called automatically in RelyingParty.finishRegistration(FinishRegistrationOptions); you should not need to call it yourself.

Parameters:

request - the arguments to start the registration ceremony.

response - the response from the registration ceremony.

Throws:

IllegalArgumentException - if the credProtect extension is set in the request with enforceCredentialProtectionPolicy set to true and credentialProtectionPolicy not set to Extensions.CredentialProtection.CredentialProtectionPolicy.UV_OPTIONAL, and the credProtect authenticator extension output does not equal the credentialProtectionPolicy set in the request.

Since:

2.7.0

See Also:

• CTAP2 §12.1. Credential Protection (credProtect)