All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.yubico.webauthn.data.AuthenticatorSelectionCriteria Maven / Gradle / Ivy

The newest version!
// Copyright (c) 2018, Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
//    list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
//    this list of conditions and the following disclaimer in the documentation
//    and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package com.yubico.webauthn.data;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Optional;
import lombok.Builder;
import lombok.NonNull;
import lombok.Value;

/**
 * This class may be used to specify requirements regarding authenticator attributes.
 *
 * @see §5.4.4.
 *     Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria) 
 */
@Value
@Builder(toBuilder = true)
public class AuthenticatorSelectionCriteria {

  /**
   * If present, eligible authenticators are filtered to only authenticators attached with the
   * specified §5.4.5
   * Authenticator Attachment Enumeration (enum AuthenticatorAttachment).
   */
  private final AuthenticatorAttachment authenticatorAttachment;

  /**
   * Specifies the extent to which the Relying Party desires to create a client-side discoverable
   * credential (passkey). For historical reasons the naming retains the deprecated “resident”
   * terminology.
   *
   * 

When this is set, {@link PublicKeyCredentialCreationOptions#toCredentialsCreateJson()} will * also emit a * requireResidentKey member for backwards compatibility with WebAuthn Level 1. * It will be set to true if this is set to {@link ResidentKeyRequirement#REQUIRED * REQUIRED} and false if this is set to anything else. When this is not set, a * requireResidentKey member will not be emitted. * *

When not set, the default in the browser is {@link ResidentKeyRequirement#DISCOURAGED}. * *

By default, this is not set. * * @see ResidentKeyRequirement * @see §5.4.6. * Resident Key Requirement Enumeration (enum ResidentKeyRequirement) * @see Client-side * discoverable Credential * @see Passkey in passkeys.dev reference */ private final ResidentKeyRequirement residentKey; /** * Describes the Relying Party's requirements regarding user * verification for the navigator.credentials.create() operation. Eligible * authenticators are filtered to only those capable of satisfying this requirement. * *

By default, this is not set. When not set, the default in the browser is {@link * UserVerificationRequirement#PREFERRED}. * * @see UserVerificationRequirement * @see §5.8.6. * User Verification Requirement Enumeration (enum UserVerificationRequirement) * @see User * Verification */ private UserVerificationRequirement userVerification; /** * If present, eligible authenticators are filtered to only authenticators attached with the * specified §5.4.5 * Authenticator Attachment Enumeration (enum AuthenticatorAttachment). */ public Optional getAuthenticatorAttachment() { return Optional.ofNullable(authenticatorAttachment); } /** * Specifies the extent to which the Relying Party desires to create a client-side discoverable * credential (passkey). For historical reasons the naming retains the deprecated “resident” * terminology. * *

When this is set, {@link PublicKeyCredentialCreationOptions#toCredentialsCreateJson()} will * also emit a * requireResidentKey member for backwards compatibility with WebAuthn Level 1. * It will be set to true if this is set to {@link ResidentKeyRequirement#REQUIRED * REQUIRED} and false if this is set to anything else. When this is not set, a * requireResidentKey member will not be emitted. * *

When not set, the default in the browser is {@link ResidentKeyRequirement#DISCOURAGED}. * *

By default, this is not set. * * @see ResidentKeyRequirement * @see §5.4.6. * Resident Key Requirement Enumeration (enum ResidentKeyRequirement) * @see Client-side * discoverable Credential * @see Passkey in passkeys.dev reference */ public Optional getResidentKey() { return Optional.ofNullable(residentKey); } /** * For backwards compatibility with requireResidentKey. * * @see 5.4.4. * Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria) member * requireResidentKey */ @JsonProperty private Boolean isRequireResidentKey() { return getResidentKey().map(rk -> rk == ResidentKeyRequirement.REQUIRED).orElse(null); } /** * Describes the Relying Party's requirements regarding user * verification for the navigator.credentials.create() operation. Eligible * authenticators are filtered to only those capable of satisfying this requirement. * *

By default, this is not set. When not set, the default in the browser is {@link * UserVerificationRequirement#PREFERRED}. * * @see UserVerificationRequirement * @see §5.8.6. * User Verification Requirement Enumeration (enum UserVerificationRequirement) * @see User * Verification */ public Optional getUserVerification() { return Optional.ofNullable(userVerification); } @JsonCreator private AuthenticatorSelectionCriteria( @JsonProperty("authenticatorAttachment") AuthenticatorAttachment authenticatorAttachment, @JsonProperty("requireResidentKey") Boolean requireResidentKey, @JsonProperty("residentKey") ResidentKeyRequirement residentKey, @JsonProperty("userVerification") UserVerificationRequirement userVerification) { this.authenticatorAttachment = authenticatorAttachment; if (residentKey != null) { this.residentKey = residentKey; } else if (requireResidentKey != null) { this.residentKey = requireResidentKey ? ResidentKeyRequirement.REQUIRED : ResidentKeyRequirement.DISCOURAGED; } else { this.residentKey = null; } this.userVerification = userVerification; } /** For use by the builder. */ private AuthenticatorSelectionCriteria( AuthenticatorAttachment authenticatorAttachment, ResidentKeyRequirement residentKey, UserVerificationRequirement userVerification) { this(authenticatorAttachment, null, residentKey, userVerification); } public static class AuthenticatorSelectionCriteriaBuilder { private AuthenticatorAttachment authenticatorAttachment = null; /** * If present, eligible authenticators are filtered to only authenticators attached with the * specified §5.4.5 * Authenticator Attachment Enumeration (enum AuthenticatorAttachment). */ public AuthenticatorSelectionCriteriaBuilder authenticatorAttachment( @NonNull Optional authenticatorAttachment) { return this.authenticatorAttachment(authenticatorAttachment.orElse(null)); } /** * If present, eligible authenticators are filtered to only authenticators attached with the * specified §5.4.5 * Authenticator Attachment Enumeration (enum AuthenticatorAttachment). */ public AuthenticatorSelectionCriteriaBuilder authenticatorAttachment( AuthenticatorAttachment authenticatorAttachment) { this.authenticatorAttachment = authenticatorAttachment; return this; } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy