| 1 | package com.yubico.fido.metadata; | |
| 2 | ||
| 3 | import com.fasterxml.jackson.annotation.JsonAlias; | |
| 4 | import com.fasterxml.jackson.annotation.JsonCreator; | |
| 5 | import com.fasterxml.jackson.annotation.JsonInclude; | |
| 6 | import com.fasterxml.jackson.annotation.JsonProperty; | |
| 7 | import lombok.Builder; | |
| 8 | import lombok.Value; | |
| 9 | ||
| 10 | /** | |
| 11 | * A fixed-keys map of CTAP2 option names to Boolean values representing whether an authenticator | |
| 12 | * supports the respective option. | |
| 13 | * | |
| 14 | * @see <a | |
| 15 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 16 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 17 | */ | |
| 18 | @Value | |
| 19 | @Builder | |
| 20 | public class SupportedCtapOptions { | |
| 21 | ||
| 22 | /** | |
| 23 | * @see <a | |
| 24 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 25 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 26 | */ | |
| 27 | boolean plat; | |
| 28 | ||
| 29 | /** | |
| 30 | * @see <a | |
| 31 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 32 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 33 | */ | |
| 34 | boolean rk; | |
| 35 | ||
| 36 | /** | |
| 37 | * If set to <code>true</code> the device is capable of accepting PIN. | |
| 38 | * | |
| 39 | * @see <a | |
| 40 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 41 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 42 | */ | |
| 43 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 44 | boolean clientPin; | |
| 45 | ||
| 46 | /** | |
| 47 | * @see <a | |
| 48 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 49 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 50 | */ | |
| 51 | boolean up; | |
| 52 | ||
| 53 | /** | |
| 54 | * If set to <code>true</code> the device is capable of built-in user verification. | |
| 55 | * | |
| 56 | * @see <a | |
| 57 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 58 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 59 | */ | |
| 60 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 61 | boolean uv; | |
| 62 | ||
| 63 | /** | |
| 64 | * @see <a | |
| 65 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 66 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 67 | */ | |
| 68 | boolean pinUvAuthToken; | |
| 69 | ||
| 70 | /** | |
| 71 | * @see <a | |
| 72 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 73 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 74 | */ | |
| 75 | boolean noMcGaPermissionsWithClientPin; | |
| 76 | ||
| 77 | /** | |
| 78 | * @see <a | |
| 79 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 80 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 81 | */ | |
| 82 | boolean largeBlobs; | |
| 83 | ||
| 84 | /** | |
| 85 | * If set to <code>true</code> the authenticator is enterprise attestation capable. | |
| 86 | * | |
| 87 | * @see <a | |
| 88 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 89 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 90 | */ | |
| 91 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 92 | boolean ep; | |
| 93 | ||
| 94 | /** | |
| 95 | * If set to <code>true</code> the authenticator supports the authenticatorBioEnrollment commands. | |
| 96 | * | |
| 97 | * @see <a | |
| 98 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 99 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 100 | */ | |
| 101 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 102 | boolean bioEnroll; | |
| 103 | ||
| 104 | /** | |
| 105 | * If set to <code>true</code> the authenticator supports the Prototype authenticatorBioEnrollment | |
| 106 | * (0x40) commands. | |
| 107 | * | |
| 108 | * @see <a | |
| 109 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 110 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 111 | */ | |
| 112 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 113 | boolean userVerificationMgmtPreview; | |
| 114 | ||
| 115 | /** | |
| 116 | * @see <a | |
| 117 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 118 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 119 | */ | |
| 120 | boolean uvBioEnroll; | |
| 121 | ||
| 122 | /** | |
| 123 | * @see <a | |
| 124 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 125 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 126 | */ | |
| 127 | boolean authnrCfg; | |
| 128 | ||
| 129 | /** | |
| 130 | * @see <a | |
| 131 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 132 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 133 | */ | |
| 134 | boolean uvAcfg; | |
| 135 | ||
| 136 | /** | |
| 137 | * @see <a | |
| 138 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 139 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 140 | */ | |
| 141 | boolean credMgmt; | |
| 142 | ||
| 143 | /** | |
| 144 | * @see <a | |
| 145 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 146 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 147 | */ | |
| 148 | boolean perCredMgmtRO; | |
| 149 | ||
| 150 | /** | |
| 151 | * @see <a | |
| 152 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 153 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 154 | */ | |
| 155 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 156 | boolean credentialMgmtPreview; | |
| 157 | ||
| 158 | /** | |
| 159 | * @see <a | |
| 160 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 161 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 162 | */ | |
| 163 | boolean setMinPINLength; | |
| 164 | ||
| 165 | /** | |
| 166 | * @see <a | |
| 167 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 168 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 169 | */ | |
| 170 | boolean makeCredUvNotRqd; | |
| 171 | ||
| 172 | /** | |
| 173 | * If set to <code>true</code> the authenticator supports the Always Require User Verification | |
| 174 | * feature. | |
| 175 | * | |
| 176 | * @see <a | |
| 177 | * href="https://fidoalliance.org/specs/fido-v2.2-ps-20250228/fido-client-to-authenticator-protocol-v2.2-ps-20250228.html#authenticatorGetInfo">Client | |
| 178 | * to Authenticator Protocol (CTAP) §6.4. authenticatorGetInfo (0x04)</a> | |
| 179 | */ | |
| 180 | @JsonInclude(JsonInclude.Include.NON_DEFAULT) | |
| 181 | boolean alwaysUv; | |
| 182 | ||
| 183 | @JsonCreator | |
| 184 | private SupportedCtapOptions( | |
| 185 | @JsonProperty("plat") Boolean plat, | |
| 186 | @JsonProperty("rk") Boolean rk, | |
| 187 | @JsonProperty("clientPin") Boolean clientPin, | |
| 188 | @JsonProperty("up") Boolean up, | |
| 189 | @JsonProperty("uv") Boolean uv, | |
| 190 | @JsonAlias("uvToken") @JsonProperty("pinUvAuthToken") Boolean pinUvAuthToken, | |
| 191 | @JsonProperty("noMcGaPermissionsWithClientPin") Boolean noMcGaPermissionsWithClientPin, | |
| 192 | @JsonProperty("largeBlobs") Boolean largeBlobs, | |
| 193 | @JsonProperty("ep") Boolean ep, | |
| 194 | @JsonProperty("bioEnroll") Boolean bioEnroll, | |
| 195 | @JsonProperty("userVerificationMgmtPreview") Boolean userVerificationMgmtPreview, | |
| 196 | @JsonProperty("uvBioEnroll") Boolean uvBioEnroll, | |
| 197 | @JsonAlias("config") @JsonProperty("authnrCfg") Boolean authnrCfg, | |
| 198 | @JsonProperty("uvAcfg") Boolean uvAcfg, | |
| 199 | @JsonProperty("credMgmt") Boolean credMgmt, | |
| 200 | @JsonProperty("perCredMgmtRO") Boolean perCredMgmtRO, | |
| 201 | @JsonProperty("credentialMgmtPreview") Boolean credentialMgmtPreview, | |
| 202 | @JsonProperty("setMinPINLength") Boolean setMinPINLength, | |
| 203 | @JsonProperty("makeCredUvNotRqd") Boolean makeCredUvNotRqd, | |
| 204 | @JsonProperty("alwaysUv") Boolean alwaysUv) { | |
| 205 | this.plat = Boolean.TRUE.equals(plat); | |
| 206 | this.rk = Boolean.TRUE.equals(rk); | |
| 207 |
1
1. <init> : negated conditional → KILLED |
this.clientPin = clientPin != null; |
| 208 | this.up = Boolean.TRUE.equals(up); | |
| 209 |
1
1. <init> : negated conditional → KILLED |
this.uv = uv != null; |
| 210 | this.pinUvAuthToken = Boolean.TRUE.equals(pinUvAuthToken); | |
| 211 | this.noMcGaPermissionsWithClientPin = Boolean.TRUE.equals(noMcGaPermissionsWithClientPin); | |
| 212 | this.largeBlobs = Boolean.TRUE.equals(largeBlobs); | |
| 213 |
1
1. <init> : negated conditional → KILLED |
this.ep = ep != null; |
| 214 |
1
1. <init> : negated conditional → KILLED |
this.bioEnroll = bioEnroll != null; |
| 215 |
1
1. <init> : negated conditional → KILLED |
this.userVerificationMgmtPreview = userVerificationMgmtPreview != null; |
| 216 | this.uvBioEnroll = Boolean.TRUE.equals(uvBioEnroll); | |
| 217 | this.authnrCfg = Boolean.TRUE.equals(authnrCfg); | |
| 218 | this.uvAcfg = Boolean.TRUE.equals(uvAcfg); | |
| 219 | this.credMgmt = Boolean.TRUE.equals(credMgmt); | |
| 220 | this.perCredMgmtRO = Boolean.TRUE.equals(perCredMgmtRO); | |
| 221 | this.credentialMgmtPreview = Boolean.TRUE.equals(credentialMgmtPreview); | |
| 222 | this.setMinPINLength = Boolean.TRUE.equals(setMinPINLength); | |
| 223 | this.makeCredUvNotRqd = Boolean.TRUE.equals(makeCredUvNotRqd); | |
| 224 |
1
1. <init> : negated conditional → KILLED |
this.alwaysUv = alwaysUv != null; |
| 225 | } | |
| 226 | } | |
Mutations | ||
| 207 |
1.1 |
|
| 209 |
1.1 |
|
| 213 |
1.1 |
|
| 214 |
1.1 |
|
| 215 |
1.1 |
|
| 224 |
1.1 |