Package com.yubico.yubikit.fido.ctap

Class Ctap2Session.AssertionData

java.lang.Object

com.yubico.yubikit.fido.ctap.Ctap2Session.AssertionData

Enclosing class:

Ctap2Session

public static class Ctap2Session.AssertionData
extends Object

Data class holding the result of getAssertion.

See Also:

• authenticatorGetAssertion response structure.

Method Summary

Modifier and Type	Method	Description
byte[]	getAuthenticatorData()	The AuthenticatorData object.
Map<String,?>	getCredential()	The credential identifier whose private key was used to generate the assertion.
byte[]	getCredentialId(List<PublicKeyCredentialDescriptor> allowCredentials)	Helper function for obtaining credential id for AssertionData with help of allowCredentials.
byte[]	getLargeBlobKey()	The contents of the associated largeBlobKey if present for the asserted credential, and if largeBlobKey was true in the extensions input.
Integer	getNumberOfCredentials()	Total number of account credentials for the RP.
byte[]	getSignature()	The assertion signature produced by the authenticator
Map<String,?>	getUser()	The user structure containing account information.
Boolean	getUserSelected()	Indicates that a credential was selected by the user via interaction directly with the authenticator, and thus the platform does not need to confirm the credential.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getUser

@Nullable
public Map<String,?> getUser()

The user structure containing account information.

Returns:

the user structure for the assertion

getCredential

@Nullable
public Map<String,?> getCredential()

The credential identifier whose private key was used to generate the assertion.

Returns:

the credential descriptor for the assertion

getSignature

public byte[] getSignature()

The assertion signature produced by the authenticator

Returns:

the signature for the assertion

getAuthenticatorData

public byte[] getAuthenticatorData()

The AuthenticatorData object.

Returns:

the AuthenticatorData

See Also:

• authenticator-data

getNumberOfCredentials

@Nullable
public Integer getNumberOfCredentials()

Total number of account credentials for the RP. Optional; defaults to one. This member is required when more than one credential is found for an RP, and the authenticator does not have a display or the UV/UP flags are false.

Omitted when returned for the authenticatorGetNextAssertion method.

Returns:

Total number of account credentials for the RP.

See Also:

• authenticatorGetAssertion response structure.

getUserSelected

@Nullable
public Boolean getUserSelected()

Indicates that a credential was selected by the user via interaction directly with the authenticator, and thus the platform does not need to confirm the credential.

Optional; defaults to false.

MUST NOT be present in response to a request where an allowList was given, where numberOfCredentials is greater than one, nor in response to an authenticatorGetNextAssertion request.

Returns:

True if the credential was selected by the user via interaction directly with the authenticator.

See Also:

• authenticatorGetAssertion response structure.

getLargeBlobKey

@Nullable
public byte[] getLargeBlobKey()

The contents of the associated largeBlobKey if present for the asserted credential, and if largeBlobKey was true in the extensions input.

Returns:

The contents of the associated largeBlobKey.

See Also:

• authenticatorGetAssertion response structure.
• Large Blob Key Extension.

getCredentialId

public byte[] getCredentialId(@Nullable
 List<PublicKeyCredentialDescriptor> allowCredentials)

Helper function for obtaining credential id for AssertionData with help of allowCredentials.

Parameters:

allowCredentials - list of allowed credentials which might help to get correct credential id

Returns:

credentialId for assertion

Throws:

RuntimeException - if credential id could not be computed