KeyProtectionType.java

package com.yubico.webauthn.extension.uvm;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonValue;
import java.security.Key;
import java.util.stream.Stream;
import lombok.Getter;

/**
 * The KEY_PROTECTION constants are flags in a bit field represented as a 16 bit long integer. They
 * describe the method an authenticator uses to protect the private key material for FIDO
 * registrations. Refer to [UAFAuthnrCommands] for more details on the relevance of keys and key
 * protection. These constants are reported and queried through the UAF Discovery APIs and used to
 * form authenticator policies in UAF protocol messages. Each constant has a case-sensitive string
 * representation (in quotes), which is used in the authoritative metadata for FIDO authenticators.
 *
 * @see #fromValue(short)
 * @see #fromName(String)
 * @see <a
 *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
 *     Registry of Predefined Values §3.2 Key Protection Types</a>
 */
@Getter
public enum KeyProtectionType {

  /**
   * This flag MUST be set if the authenticator uses software-based key management. Exclusive in
   * authenticator metadata with {@link #KEY_PROTECTION_HARDWARE}, {@link #KEY_PROTECTION_TEE},
   * {@link #KEY_PROTECTION_SECURE_ELEMENT}.
   *
   * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
   *
   * @see <a
   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
   *     Registry of Predefined Values §3.2 Key Protection Types</a>
   */
  KEY_PROTECTION_SOFTWARE((short) 0x0001, "software"),

  /**
   * This flag SHOULD be set if the authenticator uses hardware-based key management. Exclusive in
   * authenticator metadata with {@link #KEY_PROTECTION_SOFTWARE}.
   *
   * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
   *
   * @see <a
   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
   *     Registry of Predefined Values §3.2 Key Protection Types</a>
   */
  KEY_PROTECTION_HARDWARE((short) 0x0002, "hardware"),

  /**
   * This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for
   * key management. In authenticator metadata, this flag should be set in conjunction with {@link
   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
   * #KEY_PROTECTION_SOFTWARE}, {@link #KEY_PROTECTION_SECURE_ELEMENT}.
   *
   * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
   *
   * @see <a
   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
   *     Registry of Predefined Values §3.2 Key Protection Types</a>
   */
  KEY_PROTECTION_TEE((short) 0x0004, "tee"),

  /**
   * This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key
   * management. In authenticator metadata, this flag should be set in conjunction with {@link
   * #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
   * #KEY_PROTECTION_TEE}, {@link #KEY_PROTECTION_SOFTWARE}.
   *
   * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
   *
   * @see <a
   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
   *     Registry of Predefined Values §3.2 Key Protection Types</a>
   */
  KEY_PROTECTION_SECURE_ELEMENT((short) 0x0008, "secure_element"),

  /**
   * This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client,
   * but relies on a server-provided key handle. This flag MUST be set in conjunction with one of
   * the other KEY_PROTECTION flags to indicate how the local key handle wrapping key and operations
   * are protected. Servers MAY unset this flag in authenticator policy if they are not prepared to
   * store and return key handles, for example, if they have a requirement to respond
   * indistinguishably to authentication attempts against userIDs that do and do not exist. Refer to
   * [<a
   * href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">UAFProtocol</a>]
   * for more details.
   *
   * <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
   *
   * @see <a
   *     href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
   *     Registry of Predefined Values §3.2 Key Protection Types</a>
   * @see <a
   *     href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">FIDO
   *     UAF Protocol Specification [UAFProtocol]</a>
   */
  KEY_PROTECTION_REMOTE_HANDLE((short) 0x0010, "remote_handle");

  private final short value;

  @JsonValue private final String name;

  KeyProtectionType(short value, String name) {
    this.value = value;
    this.name = name;
  }

  /**
   * @return If <code>value</code> matches any {@link KeyProtectionType} constant, returns that
   *     constant instance. Otherwise throws {@link IllegalArgumentException}.
   */
  public static KeyProtectionType fromValue(short value) {
    return Stream.of(values())
        .filter(v -> v.value == value)
        .findAny()
        .orElseThrow(
            () ->
                new IllegalArgumentException(
                    String.format("Unknown %s value: 0x%04x", KeyProtectionType.class, value)));
  }

  /**
   * @return If <code>name</code> matches any {@link Key} constant, returns that constant instance.
   *     Otherwise throws {@link IllegalArgumentException}.
   */
  @JsonCreator
  public static KeyProtectionType fromName(String name) {
    return Stream.of(values())
        .filter(v -> v.name.equals(name))
        .findAny()
        .orElseThrow(
            () ->
                new IllegalArgumentException(
                    String.format("Unknown %s name: %s", KeyProtectionType.class, name)));
  }
}








Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

com.yubico.webauthn.data.EnumsSpec (8 ms)
com.yubico.webauthn.RelyingPartyV2AssertionSpec (898 ms)
com.yubico.webauthn.RelyingPartyAssertionSpec (1254 ms)
com.yubico.webauthn.RelyingPartyV2RegistrationSpec (8513 ms)
com.yubico.webauthn.RelyingPartyRegistrationSpec (10620 ms)

Report generated by PIT 1.15.0

1		package com.yubico.webauthn.extension.uvm;
2
3		import com.fasterxml.jackson.annotation.JsonCreator;
4		import com.fasterxml.jackson.annotation.JsonValue;
5		import java.security.Key;
6		import java.util.stream.Stream;
7		import lombok.Getter;
8
9		/**
10		* The KEY_PROTECTION constants are flags in a bit field represented as a 16 bit long integer. They
11		* describe the method an authenticator uses to protect the private key material for FIDO
12		* registrations. Refer to [UAFAuthnrCommands] for more details on the relevance of keys and key
13		* protection. These constants are reported and queried through the UAF Discovery APIs and used to
14		* form authenticator policies in UAF protocol messages. Each constant has a case-sensitive string
15		* representation (in quotes), which is used in the authoritative metadata for FIDO authenticators.
16		*
17		* @see #fromValue(short)
18		* @see #fromName(String)
19		* @see <a
20		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
21		* Registry of Predefined Values §3.2 Key Protection Types</a>
22		*/
23		@Getter
24		public enum KeyProtectionType {
25
26		/**
27		* This flag MUST be set if the authenticator uses software-based key management. Exclusive in
28		* authenticator metadata with {@link #KEY_PROTECTION_HARDWARE}, {@link #KEY_PROTECTION_TEE},
29		* {@link #KEY_PROTECTION_SECURE_ELEMENT}.
30		*
31		* <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
32		*
33		* @see <a
34		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
35		* Registry of Predefined Values §3.2 Key Protection Types</a>
36		*/
37		KEY_PROTECTION_SOFTWARE((short) 0x0001, "software"),
38
39		/**
40		* This flag SHOULD be set if the authenticator uses hardware-based key management. Exclusive in
41		* authenticator metadata with {@link #KEY_PROTECTION_SOFTWARE}.
42		*
43		* <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
44		*
45		* @see <a
46		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
47		* Registry of Predefined Values §3.2 Key Protection Types</a>
48		*/
49		KEY_PROTECTION_HARDWARE((short) 0x0002, "hardware"),
50
51		/**
52		* This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for
53		* key management. In authenticator metadata, this flag should be set in conjunction with {@link
54		* #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
55		* #KEY_PROTECTION_SOFTWARE}, {@link #KEY_PROTECTION_SECURE_ELEMENT}.
56		*
57		* <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
58		*
59		* @see <a
60		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
61		* Registry of Predefined Values §3.2 Key Protection Types</a>
62		*/
63		KEY_PROTECTION_TEE((short) 0x0004, "tee"),
64
65		/**
66		* This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key
67		* management. In authenticator metadata, this flag should be set in conjunction with {@link
68		* #KEY_PROTECTION_HARDWARE}. Mutually exclusive in authenticator metadata with {@link
69		* #KEY_PROTECTION_TEE}, {@link #KEY_PROTECTION_SOFTWARE}.
70		*
71		* <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
72		*
73		* @see <a
74		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
75		* Registry of Predefined Values §3.2 Key Protection Types</a>
76		*/
77		KEY_PROTECTION_SECURE_ELEMENT((short) 0x0008, "secure_element"),
78
79		/**
80		* This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client,
81		* but relies on a server-provided key handle. This flag MUST be set in conjunction with one of
82		* the other KEY_PROTECTION flags to indicate how the local key handle wrapping key and operations
83		* are protected. Servers MAY unset this flag in authenticator policy if they are not prepared to
84		* store and return key handles, for example, if they have a requirement to respond
85		* indistinguishably to authentication attempts against userIDs that do and do not exist. Refer to
86		* [<a
87		* href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">UAFProtocol</a>]
88		* for more details.
89		*
90		* <p>NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.
91		*
92		* @see <a
93		* href="https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types">FIDO
94		* Registry of Predefined Values §3.2 Key Protection Types</a>
95		* @see <a
96		* href="https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-uaf-protocol-v1.2-rd-20171128.html">FIDO
97		* UAF Protocol Specification [UAFProtocol]</a>
98		*/
99		KEY_PROTECTION_REMOTE_HANDLE((short) 0x0010, "remote_handle");
100
101		private final short value;
102
103		@JsonValue private final String name;
104
105		KeyProtectionType(short value, String name) {
106		this.value = value;
107		this.name = name;
108		}
109
110		/**
111		* @return If <code>value</code> matches any {@link KeyProtectionType} constant, returns that
112		* constant instance. Otherwise throws {@link IllegalArgumentException}.
113		*/
114		public static KeyProtectionType fromValue(short value) {
115	1 1. fromValue : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromValue → KILLED	return Stream.of(values())
116	2 1. lambda$fromValue$0 : negated conditional → KILLED 2. lambda$fromValue$0 : replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$0 → KILLED	.filter(v -> v.value == value)
117		.findAny()
118		.orElseThrow(
119		() ->
120	1 1. lambda$fromValue$1 : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$1 → KILLED	new IllegalArgumentException(
121		String.format("Unknown %s value: 0x%04x", KeyProtectionType.class, value)));
122		}
123
124		/**
125		* @return If <code>name</code> matches any {@link Key} constant, returns that constant instance.
126		* Otherwise throws {@link IllegalArgumentException}.
127		*/
128		@JsonCreator
129		public static KeyProtectionType fromName(String name) {
130	1 1. fromName : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromName → NO_COVERAGE	return Stream.of(values())
131	2 1. lambda$fromName$2 : replaced boolean return with false for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE 2. lambda$fromName$2 : replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE	.filter(v -> v.name.equals(name))
132		.findAny()
133		.orElseThrow(
134		() ->
135	1 1. lambda$fromName$3 : replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$3 → NO_COVERAGE	new IllegalArgumentException(
136		String.format("Unknown %s name: %s", KeyProtectionType.class, name)));
137		}
138		}
		Mutations
115		1.1 Location : fromValue Killed by : com.yubico.webauthn.data.EnumsSpec replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromValue → KILLED
116		1.1 Location : lambda$fromValue$0 Killed by : com.yubico.webauthn.data.EnumsSpec negated conditional → KILLED 2.2 Location : lambda$fromValue$0 Killed by : com.yubico.webauthn.data.EnumsSpec replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$0 → KILLED
120		1.1 Location : lambda$fromValue$1 Killed by : com.yubico.webauthn.data.EnumsSpec replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromValue$1 → KILLED
130		1.1 Location : fromName Killed by : none replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::fromName → NO_COVERAGE
131		1.1 Location : lambda$fromName$2 Killed by : none replaced boolean return with false for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE 2.2 Location : lambda$fromName$2 Killed by : none replaced boolean return with true for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$2 → NO_COVERAGE
135		1.1 Location : lambda$fromName$3 Killed by : none replaced return value with null for com/yubico/webauthn/extension/uvm/KeyProtectionType::lambda$fromName$3 → NO_COVERAGE

KeyProtectionType.java

Mutations

Active mutators

Tests examined