Enum Class AttestationType

java.lang.Object
java.lang.Enum<AttestationType>
com.yubico.webauthn.data.AttestationType
All Implemented Interfaces:
Serializable, Comparable<AttestationType>, Constable

public enum AttestationType extends Enum<AttestationType>
Web Authentication supports several attestation types, defining the semantics of attestation statements and their underlying trust models.
See Also:
  • Nested Class Summary

    Nested classes/interfaces inherited from class java.lang.Enum

    Enum.EnumDesc<E extends Enum<E>>
  • Enum Constant Summary

    Enum Constants
    Enum Constant
    Description
    In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.
    In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK).
    In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model.
    In this case, no attestation information is available.
    In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key.
    In this case, attestation information is present but was not understood by the library.
  • Method Summary

    Modifier and Type
    Method
    Description
    Returns the enum constant of this class with the specified name.
    Returns an array containing the constants of this enum class, in the order they are declared.

    Methods inherited from class java.lang.Object

    getClass, notify, notifyAll, wait, wait, wait
  • Enum Constant Details

    • BASIC

      public static final AttestationType BASIC
      In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model. Thus, authenticators of the same model often share the same attestation key pair. See §14.4 Attestation Privacy for further information.
      See Also:
    • SELF_ATTESTATION

      public static final AttestationType SELF_ATTESTATION
      In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key. Instead it uses the credential private key to create the attestation signature. Authenticators without meaningful protection measures for an attestation private key typically use this attestation type.
      See Also:
    • ATTESTATION_CA

      public static final AttestationType ATTESTATION_CA
      In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA (formerly known as a "Privacy CA"). The authenticator can generate multiple attestation identity key pairs (AIK) and requests an Attestation CA to issue an AIK certificate for each. Using this approach, such an authenticator can limit the exposure of the EK (which is a global correlation handle) to Attestation CA(s). AIKs can be requested for each authenticator-generated public key credential individually, and conveyed to Relying Parties as attestation certificates.

      Note: This concept typically leads to multiple attestation certificates. The attestation certificate requested most recently is called "active".

      Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.

      See Also:
    • ANONYMIZATION_CA

      public static final AttestationType ANONYMIZATION_CA
      In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.

      Note: Attestation statements conveying attestations of type AttCA or AnonCA use the same data structure as those of type Basic, so the three attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.

      Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.

      See Also:
    • NONE

      public static final AttestationType NONE
      In this case, no attestation information is available. See also §8.7 None Attestation Statement Format.
      See Also:
    • UNKNOWN

      public static final AttestationType UNKNOWN
      In this case, attestation information is present but was not understood by the library.

      For example, the attestation statement might be using a new attestation statement format not yet supported by the library.

      See Also:
  • Method Details

    • values

      public static AttestationType[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared
    • valueOf

      public static AttestationType valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null