Class WebAuthnMultifactorAttestationTrustSourceFidoProperties
- All Implemented Interfaces:
Serializable
- Since:
- 7.0.0
- See Also:
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionCache metadata BLOB in the file cache file.Set legal headers expected in the metadata BLOB.Download the metadata BLOB from the FIDO website.Cache the trust root certificate in the file cache file.Certificate SHA-256 hash required for PKI to verify the downloaded certificate.Certificate required for PKI to verify the downloaded blob.setBlobCacheFile
(File blobCacheFile) Cache metadata BLOB in the file cache file.setLegalHeader
(String legalHeader) Set legal headers expected in the metadata BLOB.setMetadataBlobUrl
(String metadataBlobUrl) Download the metadata BLOB from the FIDO website.setTrustRootCacheFile
(File trustRootCacheFile) Cache the trust root certificate in the file cache file.setTrustRootHash
(String trustRootHash) Certificate SHA-256 hash required for PKI to verify the downloaded certificate.setTrustRootUrl
(String trustRootUrl) Certificate required for PKI to verify the downloaded blob.
-
Field Details
-
DEFAULT_LEGAL_HEADER
Default legal text header.- See Also:
-
-
Constructor Details
-
WebAuthnMultifactorAttestationTrustSourceFidoProperties
public WebAuthnMultifactorAttestationTrustSourceFidoProperties()
-
-
Method Details
-
getLegalHeader
Set legal headers expected in the metadata BLOB. By using the FIDO Metadata Service, you will be subject to its terms of service. This setting serves two purposes:To remind you and any adopters/reviewers that you need to read those terms of service before using this feature. To help you detect if the legal header changes, so you can take appropriate action.
If the legal header in the downloaded BLOB does not equal any of the expected headers, an exception will be thrown in the finalizing configuration step.
Note that CAS makes no guarantee that a change to the FIDO Metadata Service terms of service will also cause a change to the legal header in the BLOB.
The current legal header is noted by:
DEFAULT_LEGAL_HEADER
which is the following:
"Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/"
. -
getMetadataBlobUrl
Download the metadata BLOB from the FIDO website. This is the current FIDO Metadata Service BLOB download URL. -
getTrustRootUrl
Certificate required for PKI to verify the downloaded blob. This is the current FIDO Metadata Service trust root certificate. If the cert is downloaded, it is also written to the cache File. The certificate will be downloaded if it does not exist in the cache, or if the cached certificate is not currently valid. -
getTrustRootHash
Certificate SHA-256 hash required for PKI to verify the downloaded certificate. Separate hash values with a comma. -
getTrustRootCacheFile
Cache the trust root certificate in the file cache file. If cache file exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.Otherwise, the trust root certificate will be downloaded and written to this file.
-
getBlobCacheFile
Cache metadata BLOB in the file cache file. If cache file exists, is a normal file, is readable, and is not out of date, then it will be used as the FIDO Metadata Service BLOB.Otherwise, the metadata BLOB will be downloaded and written to this file.
-
setLegalHeader
Set legal headers expected in the metadata BLOB. By using the FIDO Metadata Service, you will be subject to its terms of service. This setting serves two purposes:To remind you and any adopters/reviewers that you need to read those terms of service before using this feature. To help you detect if the legal header changes, so you can take appropriate action.
If the legal header in the downloaded BLOB does not equal any of the expected headers, an exception will be thrown in the finalizing configuration step.
Note that CAS makes no guarantee that a change to the FIDO Metadata Service terms of service will also cause a change to the legal header in the BLOB.
The current legal header is noted by:
DEFAULT_LEGAL_HEADER
which is the following:
"Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/"
.- Returns:
this
.
-
setMetadataBlobUrl
public WebAuthnMultifactorAttestationTrustSourceFidoProperties setMetadataBlobUrl(String metadataBlobUrl) Download the metadata BLOB from the FIDO website. This is the current FIDO Metadata Service BLOB download URL.- Returns:
this
.
-
setTrustRootUrl
Certificate required for PKI to verify the downloaded blob. This is the current FIDO Metadata Service trust root certificate. If the cert is downloaded, it is also written to the cache File. The certificate will be downloaded if it does not exist in the cache, or if the cached certificate is not currently valid.- Returns:
this
.
-
setTrustRootHash
public WebAuthnMultifactorAttestationTrustSourceFidoProperties setTrustRootHash(String trustRootHash) Certificate SHA-256 hash required for PKI to verify the downloaded certificate. Separate hash values with a comma.- Returns:
this
.
-
setTrustRootCacheFile
public WebAuthnMultifactorAttestationTrustSourceFidoProperties setTrustRootCacheFile(File trustRootCacheFile) Cache the trust root certificate in the file cache file. If cache file exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.Otherwise, the trust root certificate will be downloaded and written to this file.
- Returns:
this
.
-
setBlobCacheFile
Cache metadata BLOB in the file cache file. If cache file exists, is a normal file, is readable, and is not out of date, then it will be used as the FIDO Metadata Service BLOB.Otherwise, the metadata BLOB will be downloaded and written to this file.
- Returns:
this
.
-