Package com.yubico.yubikit.fido.ctap

Class CredentialManagement

java.lang.Object

com.yubico.yubikit.fido.ctap.CredentialManagement

public class CredentialManagement
extends Object

Provides Credential management on the CTAP level.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CredentialManagement.CredentialData	A data class representing a stored credential.
static class	CredentialManagement.Metadata	CTAP2 Credential Management Metadata object.
static class	CredentialManagement.RpData	A data class representing an RP for which one or more credentials may be stored.

Constructor Summary

Constructors

Constructor	Description
CredentialManagement(Ctap2Session ctap, PinUvAuthProtocol pinUvAuth, byte[] pinUvToken)	Construct a new CredentialManagement object.

Method Summary

Modifier and Type	Method	Description
void	deleteCredential(Map<String,?> credentialId)	Delete a stored credential.
List<CredentialManagement.CredentialData>	enumerateCredentials(byte[] rpIdHash)	Enumerate credentials stored for a particular RP.
List<CredentialManagement.RpData>	enumerateRps()	Enumerate which RPs this YubiKey has credentials stored for.
CredentialManagement.Metadata	getMetadata()	Read metadata about credential management from the YubiKey.
PinUvAuthProtocol	getPinUvAuth()	Get the underlying Pin/UV Auth protocol in use.
static boolean	isSupported(Ctap2Session.InfoData info)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CredentialManagement

public CredentialManagement(Ctap2Session ctap,
 PinUvAuthProtocol pinUvAuth,
 byte[] pinUvToken)

Construct a new CredentialManagement object.

Parameters:

ctap - an active CTAP2 connection.

pinUvAuth - the PIN/UV Auth protocol to use

pinUvToken - a pinUvToken to be used, which must match the protocol and have the proper permissions

Method Details

isSupported

public static boolean isSupported(Ctap2Session.InfoData info)

getPinUvAuth

public PinUvAuthProtocol getPinUvAuth()

Get the underlying Pin/UV Auth protocol in use.

Returns:

the PinUvAuthProtocol in use

getMetadata

public CredentialManagement.Metadata getMetadata()
                                          throws IOException,
com.yubico.yubikit.core.application.CommandException

Read metadata about credential management from the YubiKey.

Returns:

Metadata from the YubiKey.

Throws:

IOException - A communication error in the transport layer.

com.yubico.yubikit.core.application.CommandException - A communication in the protocol layer.

enumerateRps

public List<CredentialManagement.RpData> enumerateRps()
                                               throws IOException,
com.yubico.yubikit.core.application.CommandException

Enumerate which RPs this YubiKey has credentials stored for.

Returns:

A list of RPs.

Throws:

IOException - A communication error in the transport layer.

com.yubico.yubikit.core.application.CommandException - A communication in the protocol layer.

enumerateCredentials

public List<CredentialManagement.CredentialData> enumerateCredentials(byte[] rpIdHash)
                                                               throws IOException,
com.yubico.yubikit.core.application.CommandException

Enumerate credentials stored for a particular RP.

Parameters:

rpIdHash - The SHA-256 hash of an RP ID to enumerate for.

Returns:

A list of Credentials.

Throws:

IOException - A communication error in the transport layer.

com.yubico.yubikit.core.application.CommandException - A communication in the protocol layer.

deleteCredential

public void deleteCredential(Map<String,?> credentialId)
                      throws IOException,
com.yubico.yubikit.core.application.CommandException

Delete a stored credential.

Parameters:

credentialId - A Map representing a PublicKeyCredentialDescriptor identifying a credential to delete.

Throws:

IOException - A communication error in the transport layer.

com.yubico.yubikit.core.application.CommandException - A communication in the protocol layer.