Package org.apereo.cas.configuration.model.support.mfa.webauthn

Class WebAuthnMultifactorAttestationTrustSourceFidoProperties

java.lang.Object

org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorAttestationTrustSourceFidoProperties

All Implemented Interfaces:

Serializable

@RequiresModule(name="cas-server-support-webauthn")
public class WebAuthnMultifactorAttestationTrustSourceFidoProperties
extends Object
implements Serializable

This is WebAuthnMultifactorAttestationTrustSourceFidoProperties.

Since:

7.0.0

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_LEGAL_HEADER	Default legal text header.

Constructor Summary

Constructors

Constructor	Description
WebAuthnMultifactorAttestationTrustSourceFidoProperties()

Method Summary

Modifier and Type	Method	Description
File	getBlobCacheFile()	Cache metadata BLOB in the file cache file.
String	getLegalHeader()	Set legal headers expected in the metadata BLOB.
String	getMetadataBlobUrl()	Download the metadata BLOB from the FIDO website.
File	getTrustRootCacheFile()	Cache the trust root certificate in the file cache file.
String	getTrustRootHash()	Certificate SHA-256 hash required for PKI to verify the downloaded certificate.
String	getTrustRootUrl()	Certificate required for PKI to verify the downloaded blob.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setBlobCacheFile(File blobCacheFile)	Cache metadata BLOB in the file cache file.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setLegalHeader(String legalHeader)	Set legal headers expected in the metadata BLOB.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setMetadataBlobUrl(String metadataBlobUrl)	Download the metadata BLOB from the FIDO website.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setTrustRootCacheFile(File trustRootCacheFile)	Cache the trust root certificate in the file cache file.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setTrustRootHash(String trustRootHash)	Certificate SHA-256 hash required for PKI to verify the downloaded certificate.
WebAuthnMultifactorAttestationTrustSourceFidoProperties	setTrustRootUrl(String trustRootUrl)	Certificate required for PKI to verify the downloaded blob.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_LEGAL_HEADER

public static final String DEFAULT_LEGAL_HEADER

Default legal text header.

See Also:

• Constant Field Values

Constructor Details

WebAuthnMultifactorAttestationTrustSourceFidoProperties

public WebAuthnMultifactorAttestationTrustSourceFidoProperties()

Method Details

getLegalHeader

public String getLegalHeader()

Set legal headers expected in the metadata BLOB. By using the FIDO Metadata Service, you will be subject to its terms of service. This setting serves two purposes:

To remind you and any adopters/reviewers that you need to read those terms of service before using this feature. To help you detect if the legal header changes, so you can take appropriate action.

If the legal header in the downloaded BLOB does not equal any of the expected headers, an exception will be thrown in the finalizing configuration step.

Note that CAS makes no guarantee that a change to the FIDO Metadata Service terms of service will also cause a change to the legal header in the BLOB.

The current legal header is noted by: DEFAULT_LEGAL_HEADER which is the following:

"Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/".

getMetadataBlobUrl

public String getMetadataBlobUrl()

Download the metadata BLOB from the FIDO website. This is the current FIDO Metadata Service BLOB download URL.

getTrustRootUrl

public String getTrustRootUrl()

Certificate required for PKI to verify the downloaded blob. This is the current FIDO Metadata Service trust root certificate. If the cert is downloaded, it is also written to the cache File. The certificate will be downloaded if it does not exist in the cache, or if the cached certificate is not currently valid.

getTrustRootHash

public String getTrustRootHash()

Certificate SHA-256 hash required for PKI to verify the downloaded certificate. Separate hash values with a comma.

getTrustRootCacheFile

public File getTrustRootCacheFile()

Cache the trust root certificate in the file cache file. If cache file exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

Otherwise, the trust root certificate will be downloaded and written to this file.

getBlobCacheFile

public File getBlobCacheFile()

Cache metadata BLOB in the file cache file. If cache file exists, is a normal file, is readable, and is not out of date, then it will be used as the FIDO Metadata Service BLOB.

Otherwise, the metadata BLOB will be downloaded and written to this file.

setLegalHeader

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setLegalHeader(String legalHeader)

Set legal headers expected in the metadata BLOB. By using the FIDO Metadata Service, you will be subject to its terms of service. This setting serves two purposes:

To remind you and any adopters/reviewers that you need to read those terms of service before using this feature. To help you detect if the legal header changes, so you can take appropriate action.

If the legal header in the downloaded BLOB does not equal any of the expected headers, an exception will be thrown in the finalizing configuration step.

Note that CAS makes no guarantee that a change to the FIDO Metadata Service terms of service will also cause a change to the legal header in the BLOB.

The current legal header is noted by: DEFAULT_LEGAL_HEADER which is the following:

"Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/".

Returns:

this.

setMetadataBlobUrl

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setMetadataBlobUrl(String metadataBlobUrl)

Download the metadata BLOB from the FIDO website. This is the current FIDO Metadata Service BLOB download URL.

Returns:

this.

setTrustRootUrl

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setTrustRootUrl(String trustRootUrl)

Certificate required for PKI to verify the downloaded blob. This is the current FIDO Metadata Service trust root certificate. If the cert is downloaded, it is also written to the cache File. The certificate will be downloaded if it does not exist in the cache, or if the cached certificate is not currently valid.

Returns:

this.

setTrustRootHash

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setTrustRootHash(String trustRootHash)

Certificate SHA-256 hash required for PKI to verify the downloaded certificate. Separate hash values with a comma.

Returns:

this.

setTrustRootCacheFile

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setTrustRootCacheFile(File trustRootCacheFile)

Cache the trust root certificate in the file cache file. If cache file exists, is a normal file, is readable, matches one of the SHA-256 hashes configured in and contains a currently valid X.509 certificate, then it will be used as the trust root for the FIDO Metadata Service blob.

Otherwise, the trust root certificate will be downloaded and written to this file.

Returns:

this.

setBlobCacheFile

public WebAuthnMultifactorAttestationTrustSourceFidoProperties setBlobCacheFile(File blobCacheFile)

Cache metadata BLOB in the file cache file. If cache file exists, is a normal file, is readable, and is not out of date, then it will be used as the FIDO Metadata Service BLOB.

Otherwise, the metadata BLOB will be downloaded and written to this file.

Returns:

this.