com.yubico.webauthn.data.UserIdentity Maven / Gradle / Ivy
Show all versions of webauthn-server-core Show documentation
// Copyright (c) 2018, Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
// list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok.Builder;
import lombok.Getter;
import lombok.NonNull;
import lombok.Value;
/**
* Describes a user account, with which public key credentials can be associated.
*
* @see §5.4.3.
* User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)
*
*/
@Value
@Builder(toBuilder = true)
public class UserIdentity implements PublicKeyCredentialEntity {
/**
* A human-palatable identifier for a user account. It is intended only for display, i.e., aiding
* the user in determining the difference between user accounts with similar {@link
* #displayName}s.
*
* For example: "alexm", "[email protected]" or "+14255551234".
*/
@NonNull
@Getter(onMethod = @__({@Override}))
private final String name;
/**
* A human-palatable name for the user account, intended only for display. For example, "Alex P.
* Müller" or "田中 倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict
* the choice more than necessary.
*
*
* - Relying Parties SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for
* the Nickname Profile of the PRECIS FreeformClass [RFC8264], when setting {@link
* #displayName}'s value, or displaying the value to the user.
*
- Clients SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for the
* Nickname Profile of the PRECIS FreeformClass [RFC8264], on {@link #displayName}'s value
* prior to displaying the value to the user or including the value as a parameter of the
*
authenticatorMakeCredential operation.
*
*
* When clients, client platforms, or authenticators display a {@link #displayName}'s value,
* they should always use UI elements to provide a clear boundary around the displayed value, and
* not allow overflow into other elements.
*
*
Authenticators MUST accept and store a 64-byte minimum length for a {@link #displayName}
* member's value. Authenticators MAY truncate a {@link #displayName} member's value to a length
* equal to or greater than 64 bytes.
*
* @see RFC 8264
* @see RFC 8266
*/
@NonNull private final String displayName;
/**
* The user handle
* for the account, specified by the Relying Party.
*
*
A user handle is an opaque byte sequence with a maximum size of 64 bytes. User handles are
* not meant to be displayed to users. The user handle SHOULD NOT contain personally identifying
* information about the user, such as a username or e-mail address; see §14.9 User
* Handle Contents for details.
*
*
To ensure secure operation, authentication and authorization decisions MUST be made on the
* basis of this {@link #id} member, not the {@link #displayName} nor {@link #name} members. See
* Section 6.1 of RFC 8266.
*
*
An authenticator will never contain more than one credential for a given Relying Party under
* the same user handle.
*/
@NonNull private final ByteArray id;
@JsonCreator
private UserIdentity(
@NonNull @JsonProperty("name") String name,
@NonNull @JsonProperty("displayName") String displayName,
@NonNull @JsonProperty("id") ByteArray id) {
this.name = name;
this.displayName = displayName;
this.id = id;
}
public static UserIdentityBuilder.MandatoryStages builder() {
return new UserIdentityBuilder.MandatoryStages();
}
public static class UserIdentityBuilder {
public static class MandatoryStages {
private final UserIdentityBuilder builder = new UserIdentityBuilder();
/**
* {@link UserIdentityBuilder#name(String) name} is a required parameter.
*
* @see UserIdentityBuilder#name(String)
*/
public Step2 name(String name) {
builder.name(name);
return new Step2();
}
public class Step2 {
/**
* {@link UserIdentityBuilder#displayName(String) displayName} is a required parameter.
*
* @see UserIdentityBuilder#displayName(String)
*/
public Step3 displayName(String displayName) {
builder.displayName(displayName);
return new Step3();
}
}
public class Step3 {
/**
* {@link UserIdentityBuilder#id(ByteArray) id} is a required parameter.
*
* @see UserIdentityBuilder#id(ByteArray)
*/
public UserIdentityBuilder id(ByteArray id) {
return builder.id(id);
}
}
}
}
}