Package com.yubico.webauthn

Class RegisteredCredential

java.lang.Object

com.yubico.webauthn.RegisteredCredential

All Implemented Interfaces:

CredentialRecord, ToPublicKeyCredentialDescriptor

public final class RegisteredCredential
extends Object
implements CredentialRecord

An abstraction of a credential registered to a particular user.

Instances of this class are not expected to be long-lived, and the library only needs to read them, never write them. You may at your discretion store them directly in your database, or assemble them from other components.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RegisteredCredential.RegisteredCredentialBuilder

Method Summary

Modifier and Type	Method	Description
static RegisteredCredential.RegisteredCredentialBuilder.MandatoryStages	builder()
boolean	equals(Object o)
@NonNull ByteArray	getCredentialId()	The credential ID of the credential.
@NonNull PublicKey	getParsedPublicKey()	The public key of the credential, parsed as a PublicKey object.
@NonNull ByteArray	getPublicKeyCose()	The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152.
long	getSignatureCount()	The stored signature count of the credential.
Optional<Set<AuthenticatorTransport>>	getTransports()	Deprecated. EXPERIMENTAL: This is an experimental feature.
@NonNull ByteArray	getUserHandle()	The user handle of the user the credential is registered to.
int	hashCode()
Optional<Boolean>	isBackedUp()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
Optional<Boolean>	isBackupEligible()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
RegisteredCredential.RegisteredCredentialBuilder	toBuilder()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.yubico.webauthn.CredentialRecord

toPublicKeyCredentialDescriptor

Method Details

getParsedPublicKey

@NonNull
public @NonNull PublicKey getParsedPublicKey()
                                      throws InvalidKeySpecException,
NoSuchAlgorithmException,
IOException

The public key of the credential, parsed as a PublicKey object.

Throws:

InvalidKeySpecException

NoSuchAlgorithmException

IOException

See Also:

• getPublicKeyCose()
• RegistrationResult.getParsedPublicKey()

getTransports

@Deprecated
public Optional<Set<AuthenticatorTransport>> getTransports()

Deprecated.

EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.

Transport hints as to how the client might communicate with the authenticator this credential is bound to.

This SHOULD be set to the value returned by AuthenticatorAttestationResponse.getTransports() when the credential was created. That value SHOULD NOT be modified.

This is only used if the RelyingParty is configured with a CredentialRepositoryV2, in which case this is used to set PublicKeyCredentialDescriptor.getTransports() in excludeCredentials in RelyingParty.startRegistration(StartRegistrationOptions) and allowCredentials in RelyingParty.startAssertion(StartAssertionOptions). This is not used if the RelyingParty is configured with a CredentialRepository.

Specified by:

getTransports in interface CredentialRecord

See Also:

• getTransports() in 5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)
• transports in 5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)
• AuthenticatorAttestationResponse.getTransports()
• PublicKeyCredentialDescriptor.getTransports()

isBackupEligible

@Deprecated
public Optional<Boolean> isBackupEligible()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The state of the BE flag when this credential was registered, if known.

If absent, it is not known whether or not this credential is backup eligible.

If present and true, the credential is backup eligible: it can be backed up in some way, most commonly by syncing the private key to a cloud account.

If present and false, the credential is not backup eligible: it cannot be backed up in any way.

CredentialRepository implementations SHOULD set this to the first known value returned by RegistrationResult.isBackupEligible() or AssertionResult.isBackupEligible(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

Specified by:

isBackupEligible in interface CredentialRecord

isBackedUp

@Deprecated
public Optional<Boolean> isBackedUp()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The last known state of the BS flag for this credential, if known.

If absent, the backup state of the credential is not known.

If present and true, the credential is believed to be currently backed up.

If present and false, the credential is believed to not be currently backed up.

CredentialRepository implementations SHOULD set this to the most recent value returned by AssertionResult.isBackedUp() or RegistrationResult.isBackedUp(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

Specified by:

isBackedUp in interface CredentialRecord

builder

public static RegisteredCredential.RegisteredCredentialBuilder.MandatoryStages builder()

toBuilder

public RegisteredCredential.RegisteredCredentialBuilder toBuilder()

getCredentialId

@NonNull
public @NonNull ByteArray getCredentialId()

The credential ID of the credential.

Specified by:

getCredentialId in interface CredentialRecord

See Also:

• Credential ID
• RegistrationResult.getKeyId()
• PublicKeyCredentialDescriptor.getId()

getUserHandle

@NonNull
public @NonNull ByteArray getUserHandle()

The user handle of the user the credential is registered to.

Specified by:

getUserHandle in interface CredentialRecord

See Also:

• User Handle
• UserIdentity.getId()

getPublicKeyCose

@NonNull
public @NonNull ByteArray getPublicKeyCose()

The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152.

This is used to verify the signature in authentication assertions.

Specified by:

getPublicKeyCose in interface CredentialRecord

See Also:

• AttestedCredentialData.getCredentialPublicKey()
• RegistrationResult.getPublicKeyCose()

getSignatureCount

public long getSignatureCount()

The stored signature count of the credential.

This is used to validate the signature counter in authentication assertions.

Specified by:

getSignatureCount in interface CredentialRecord

See Also:

• §6.1. Authenticator Data
• AuthenticatorData.getSignatureCounter()
• AssertionResult.getSignatureCount()

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object