Package com.yubico.webauthn

Class RegisteredCredential.RegisteredCredentialBuilder

java.lang.Object

com.yubico.webauthn.RegisteredCredential.RegisteredCredentialBuilder

Enclosing class:

RegisteredCredential

public static class RegisteredCredential.RegisteredCredentialBuilder
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RegisteredCredential.RegisteredCredentialBuilder.MandatoryStages

Method Summary

Modifier and Type	Method	Description
RegisteredCredential.RegisteredCredentialBuilder	backupEligible(Boolean backupEligible)	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
RegisteredCredential.RegisteredCredentialBuilder	backupState(Boolean backupState)	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
RegisteredCredential	build()
RegisteredCredential.RegisteredCredentialBuilder	credentialId(@NonNull ByteArray credentialId)	The credential ID of the credential.
RegisteredCredential.RegisteredCredentialBuilder	publicKeyCose(@NonNull ByteArray publicKeyCose)	The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152.
RegisteredCredential.RegisteredCredentialBuilder	publicKeyEs256Raw(ByteArray publicKeyEs256Raw)	Specify the credential public key in U2F format.
RegisteredCredential.RegisteredCredentialBuilder	signatureCount(long signatureCount)	The stored signature count of the credential.
String	toString()
RegisteredCredential.RegisteredCredentialBuilder	userHandle(@NonNull ByteArray userHandle)	The user handle of the user the credential is registered to.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

publicKeyCose

public RegisteredCredential.RegisteredCredentialBuilder publicKeyCose(@NonNull
 @NonNull ByteArray publicKeyCose)

The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152. This method overwrites publicKeyEs256Raw(ByteArray).

The return value of RegistrationResult.getPublicKeyCose() is a suitable argument for this method.

This is used to verify the signature in authentication assertions.

Alternatively, the public key can be specified using the publicKeyEs256Raw(ByteArray) method if the key is stored in the U2F format ( ALG_KEY_ECC_X962_RAW as specified in FIDO Registry §3.6.2 Public Key Representation Formats). This is mostly useful for public keys registered via the U2F JavaScript API.

See Also:

• AttestedCredentialData.getCredentialPublicKey()
• RegistrationResult.getPublicKeyCose()

publicKeyEs256Raw

public RegisteredCredential.RegisteredCredentialBuilder publicKeyEs256Raw(ByteArray publicKeyEs256Raw)

Specify the credential public key in U2F format. This method overwrites publicKeyCose(ByteArray).

An alternative to publicKeyCose(ByteArray), this method expects an ES256 public key in ALG_KEY_ECC_X962_RAW format as specified in FIDO Registry §3.6.2 Public Key Representation Formats.

This is primarily intended for public keys registered via the U2F JavaScript API. If your application has only used the navigator.credentials.create() API to register credentials, you should use publicKeyCose(ByteArray) instead.

See Also:

• publicKeyCose(ByteArray)

credentialId

public RegisteredCredential.RegisteredCredentialBuilder credentialId(@NonNull
 @NonNull ByteArray credentialId)

The credential ID of the credential.

Returns:

this.

See Also:

• Credential ID
• RegistrationResult.getKeyId()
• PublicKeyCredentialDescriptor.getId()

userHandle

public RegisteredCredential.RegisteredCredentialBuilder userHandle(@NonNull
 @NonNull ByteArray userHandle)

The user handle of the user the credential is registered to.

Returns:

this.

See Also:

• User Handle
• UserIdentity.getId()

signatureCount

public RegisteredCredential.RegisteredCredentialBuilder signatureCount(long signatureCount)

The stored signature count of the credential.

This is used to validate the signature counter in authentication assertions.

Returns:

this.

See Also:

• §6.1. Authenticator Data
• AuthenticatorData.getSignatureCounter()
• AssertionResult.getSignatureCount()

backupEligible

@Deprecated
public RegisteredCredential.RegisteredCredentialBuilder backupEligible(Boolean backupEligible)

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The state of the BE flag when this credential was registered, if known.

If absent, it is not known whether or not this credential is backup eligible.

If present and true, the credential is backup eligible: it can be backed up in some way, most commonly by syncing the private key to a cloud account.

If present and false, the credential is not backup eligible: it cannot be backed up in any way.

CredentialRepository implementations SHOULD set this to the first known value returned by RegistrationResult.isBackupEligible() or AssertionResult.isBackupEligible(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

Returns:

this.

backupState

@Deprecated
public RegisteredCredential.RegisteredCredentialBuilder backupState(Boolean backupState)

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The last known state of the BS flag for this credential, if known.

If absent, the backup state of the credential is not known.

If present and true, the credential is believed to be currently backed up.

If present and false, the credential is believed to not be currently backed up.

CredentialRepository implementations SHOULD set this to the most recent value returned by AssertionResult.isBackedUp() or RegistrationResult.isBackedUp(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

Returns:

this.

build

public RegisteredCredential build()

toString

public String toString()

Overrides:

toString in class Object