com.yubico.webauthn.attestation

Class AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder

java.lang.Object

com.yubico.webauthn.attestation.AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder

Enclosing class:

AttestationTrustSource.TrustRootsResult

public static class AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder
extends java.lang.Object

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder.Step1

Method Summary

Modifier and Type	Method and Description
AttestationTrustSource.TrustRootsResult	build()
AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder	certStore(java.security.cert.CertStore certStore) A CertStore of additional CRLs and/or intermediate certificates to use during certificate path validation, if any.
AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder	enableRevocationChecking(boolean enableRevocationChecking) Whether certificate revocation should be checked during certificate path validation.
AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder	policyTreeValidator(java.util.function.Predicate<java.security.cert.PolicyNode> policyTreeValidator) If non-null, the PolicyQualifiersRejected flag will be set to false during certificate path validation.
java.lang.String	toString()
AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder	trustRoots(@NonNull java.util.Set<java.security.cert.X509Certificate> trustRoots) A set of attestation root certificates trusted to certify the relevant attestation statement.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

trustRoots

public AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder trustRoots(@NonNull
                                                                                  @NonNull java.util.Set<java.security.cert.X509Certificate> trustRoots)

A set of attestation root certificates trusted to certify the relevant attestation statement. If the attestation statement is not trusted, or if no trust roots were found, this should be an empty set.

certStore

public AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder certStore(java.security.cert.CertStore certStore)

A CertStore of additional CRLs and/or intermediate certificates to use during certificate path validation, if any. This will not be used if trustRoots is empty.

Any certificates included in this CertStore are NOT considered trusted; they will be trusted only if they chain to any of the trustRoots.

The default is null.

enableRevocationChecking

public AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder enableRevocationChecking(boolean enableRevocationChecking)

Whether certificate revocation should be checked during certificate path validation.

The default is true.

policyTreeValidator

public AttestationTrustSource.TrustRootsResult.TrustRootsResultBuilder policyTreeValidator(java.util.function.Predicate<java.security.cert.PolicyNode> policyTreeValidator)

If non-null, the PolicyQualifiersRejected flag will be set to false during certificate path validation. See PKIXParameters.setPolicyQualifiersRejected(boolean).

The given Predicate will be used to validate the policy tree. The Predicate should return true if the policy tree is acceptable, and false otherwise.

Depending on your "PKIX" JCA provider configuration, this may be required if any certificate in the certificate path contains a certificate policies extension marked critical. If this is not set, then such a certificate will be rejected by the certificate path validator from the default provider.

Consult the Java PKI Programmer's Guide for how to use the PolicyNode argument of the Predicate.

The default is null.

build

public AttestationTrustSource.TrustRootsResult build()

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object