1 | package com.yubico.webauthn.extension.uvm; | |
2 | ||
3 | import com.fasterxml.jackson.annotation.JsonCreator; | |
4 | import com.fasterxml.jackson.annotation.JsonValue; | |
5 | import java.security.Key; | |
6 | import java.util.stream.Stream; | |
7 | import lombok.Getter; | |
8 | ||
9 | /** | |
10 | * The KEY_PROTECTION constants are flags in a bit field represented as a 16 bit long integer. They | |
11 | * describe the method an authenticator uses to protect the private key material for FIDO | |
12 | * registrations. Refer to [UAFAuthnrCommands] for more details on the relevance of keys and key | |
13 | * protection. These constants are reported and queried through the UAF Discovery APIs and used to | |
14 | * form authenticator policies in UAF protocol messages. Each constant has a case-sensitive string | |
15 | * representation (in quotes), which is used in the authoritative metadata for FIDO authenticators. | |
16 | * | |
17 | * @see #fromValue(short) | |
18 | * @see #fromName(String) | |
19 | * @see <a | |
20 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
21 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
22 | */ | |
23 | @Getter | |
24 | public enum KeyProtectionType { | |
25 | ||
26 | /** | |
27 | * This flag MUST be set if the authenticator uses software-based key management. Exclusive in | |
28 | * authenticator metadata with {@link #KEY_PROTECTION_HARDWARE}, {@link #KEY_PROTECTION_TEE}, | |
29 | * {@link #KEY_PROTECTION_SECURE_ELEMENT}. | |
30 | * | |
31 | * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them. | |
32 | * | |
33 | * @see <a | |
34 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
35 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
36 | */ | |
37 | KEY_PROTECTION_SOFTWARE((short) 0x0001, "software"), | |
38 | ||
39 | /** | |
40 | * This flag SHOULD be set if the authenticator uses hardware-based key management. Exclusive in | |
41 | * authenticator metadata with {@link #KEY_PROTECTION_SOFTWARE}. | |
42 | * | |
43 | * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them. | |
44 | * | |
45 | * @see <a | |
46 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
47 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
48 | */ | |
49 | KEY_PROTECTION_HARDWARE((short) 0x0002, "hardware"), | |
50 | ||
51 | /** | |
52 | * This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for | |
53 | * key management. In authenticator metadata, this flag should be set in conjunction with {@link | |
54 | * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link | |
55 | * #KEY_PROTECTION_SOFTWARE}, {@link #KEY_PROTECTION_SECURE_ELEMENT}. | |
56 | * | |
57 | * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them. | |
58 | * | |
59 | * @see <a | |
60 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
61 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
62 | */ | |
63 | KEY_PROTECTION_TEE((short) 0x0004, "tee"), | |
64 | ||
65 | /** | |
66 | * This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key | |
67 | * management. In authenticator metadata, this flag should be set in conjunction with {@link | |
68 | * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link | |
69 | * #KEY_PROTECTION_TEE}, {@link #KEY_PROTECTION_SOFTWARE}. | |
70 | * | |
71 | * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them. | |
72 | * | |
73 | * @see <a | |
74 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
75 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
76 | */ | |
77 | KEY_PROTECTION_SECURE_ELEMENT((short) 0x0008, "secure_element"), | |
78 | ||
79 | /** | |
80 | * This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client, | |
81 | * but relies on a server-provided key handle. This flag MUST be set in conjunction with one of | |
82 | * the other KEY_PROTECTION flags to indicate how the local key handle wrapping key and operations | |
83 | * are protected. Servers MAY unset this flag in authenticator policy if they are not prepared to | |
84 | * store and return key handles, for example, if they have a requirement to respond | |
85 | * indistinguishably to authentication attempts against userIDs that do and do not exist. Refer to | |
86 | * [<a | |
87 | * href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">UAFProtocol</a>] | |
88 | * for more details. | |
89 | * | |
90 | * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them. | |
91 | * | |
92 | * @see <a | |
93 | * href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO | |
94 | * Registry of Predefined Values §3.2 Key Protection Types</a> | |
95 | * @see <a | |
96 | * href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">FIDO | |
97 | * UAF Protocol Specification [UAFProtocol]</a> | |
98 | */ | |
99 | KEY_PROTECTION_REMOTE_HANDLE((short) 0x0010, "remote_handle"); | |
100 | ||
101 | private final short value; | |
102 | ||
103 | @JsonValue private final String name; | |
104 | ||
105 | KeyProtectionType(short value, String name) { | |
106 | this.value = value; | |
107 | this.name = name; | |
108 | } | |
109 | ||
110 | /** | |
111 | * @return If <code>value</code> matches any {@link KeyProtectionType} constant, returns that | |
112 | * constant instance. Otherwise throws {@link IllegalArgumentException}. | |
113 | */ | |
114 | public static KeyProtectionType fromValue(short value) { | |
115 |
1
1. fromValue : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromValue → KILLED |
return Stream.of(values()) |
116 |
2
1. lambda$fromValue$0 : negated conditional → KILLED 2. lambda$fromValue$0 : replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$0 → KILLED |
.filter(v -> v.value == value) |
117 | .findAny() | |
118 | .orElseThrow( | |
119 | () -> | |
120 |
1
1. lambda$fromValue$1 : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$1 → KILLED |
new IllegalArgumentException( |
121 | String.format("Unknown %s value: 0x%04x", KeyProtectionType.class, value))); | |
122 | } | |
123 | ||
124 | /** | |
125 | * @return If <code>name</code> matches any {@link Key} constant, returns that constant instance. | |
126 | * Otherwise throws {@link IllegalArgumentException}. | |
127 | */ | |
128 | @JsonCreator | |
129 | public static KeyProtectionType fromName(String name) { | |
130 |
1
1. fromName : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromName → NO_COVERAGE |
return Stream.of(values()) |
131 |
2
1. lambda$fromName$2 : replaced boolean return with false for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE 2. lambda$fromName$2 : replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE |
.filter(v -> v.name.equals(name)) |
132 | .findAny() | |
133 | .orElseThrow( | |
134 | () -> | |
135 |
1
1. lambda$fromName$3 : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$3 → NO_COVERAGE |
new IllegalArgumentException( |
136 | String.format("Unknown %s name: %s", KeyProtectionType.class, name))); | |
137 | } | |
138 | } | |
Mutations | ||
115 |
1.1 |
|
116 |
1.1 2.2 |
|
120 |
1.1 |
|
130 |
1.1 |
|
131 |
1.1 2.2 |
|
135 |
1.1 |