Package com.yubico.webauthn.data

Class AttestationObject

java.lang.Object

com.yubico.webauthn.data.AttestationObject

public final class AttestationObject
extends Object

Authenticators MUST provide some form of attestation. The basic requirement is that the authenticator can produce, for each credential public key, an attestation statement verifiable by the WebAuthn Relying Party. Typically, this attestation statement contains a signature by an attestation private key over the attested credential public key and a challenge, as well as a certificate or similar data providing provenance information for the attestation public key, enabling the Relying Party to make a trust decision. However, if an attestation key pair is not available, then the authenticator MUST perform self attestation of the credential public key with the corresponding credential private key. All this information is returned by authenticators any time a new public key credential is generated, in the overall form of an attestation object. The relationship of the attestation object with authenticator data (containing attested credential data) and the attestation statement is illustrated in figure 5.

See Also:

• §6.4. Attestation

Constructor Summary

Constructors

Constructor	Description
AttestationObject(@NonNull ByteArray bytes)	Decode an AttestationObject object from a raw attestation object byte array.

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
@NonNull com.fasterxml.jackson.databind.node.ObjectNode	getAttestationStatement()	An important component of the attestation object is the attestation statement.
@NonNull AuthenticatorData	getAuthenticatorData()	The authenticator data embedded inside this attestation object.
@NonNull ByteArray	getBytes()	The original raw byte array that this object is decoded from.
@NonNull String	getFormat()	The attestation statement format identifier of this attestation object.
int	hashCode()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

AttestationObject

public AttestationObject(@NonNull
 @NonNull ByteArray bytes)
                  throws IOException

Decode an AttestationObject object from a raw attestation object byte array.

Throws:

IOException - if bytes cannot be parsed as a CBOR map.

Method Details

getBytes

@NonNull
public @NonNull ByteArray getBytes()

The original raw byte array that this object is decoded from.

See Also:

• §6.4. Attestation

getAuthenticatorData

@NonNull
public @NonNull AuthenticatorData getAuthenticatorData()

The authenticator data embedded inside this attestation object. This is one part of the signed data that the signature in the attestation statement (if any) is computed over.

getFormat

@NonNull
public @NonNull String getFormat()

The attestation statement format identifier of this attestation object.

See Also:

• §8. Defined Attestation Statement Formats

  Users of this library should not need to access this value directly.

getAttestationStatement

@NonNull
public @NonNull com.fasterxml.jackson.databind.node.ObjectNode getAttestationStatement()

An important component of the attestation object is the attestation statement. This is a specific type of signed data object, containing statements about a public key credential itself and the authenticator that created it. It contains an attestation signature created using the key of the attesting authority (except for the case of self attestation, when it is created using the credential private key).

Users of this library should not need to access this value directly.

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object