Package ch.nevis.mobile.sdk.api.devicecapabilities

Interface FidoUafAttestationInformation

All Known Subinterfaces:
FidoUafAttestationInformation.OnlyDefaultMode, FidoUafAttestationInformation.OnlySurrogateBasicSupported, FidoUafAttestationInformation.StrictMode, FidoUafAttestationInformation.StrictStrongBoxMode
public interface FidoUafAttestationInformation
The interface informing about whether the device supports Full Basic attestation. If full basic is required by the backend during registration, and this device does not support it, registration will fail. This information can be used to preemptively inform the user that the device is not supported.

Note that it is guaranteed that the only type of instances that the DeviceCapabilities.fidoUafAttestationInformationGetter() returns are either FidoUafAttestationInformation.OnlySurrogateBasicSupported, FidoUafAttestationInformation.OnlyDefaultMode, FidoUafAttestationInformation.StrictMode or FidoUafAttestationInformation.StrictStrongBoxMode.

See Also:

  • Method Details

    • keymasterSecurityLevel

      @NonNull SecurityLevel keymasterSecurityLevel()
      Returns the SecurityLevel of the environment where the FIDO UAF keys are stored. This provides information about the security of the environment where the keys are stored.
      Returns:
      the security level.

    • keymasterVersion

      int keymasterVersion()
      The keymaster version.
      Returns:
      the keymaster version.

    • isDeviceBootloaderLocked

      boolean isDeviceBootloaderLocked()
      Returns true if the device's bootloader is locked, and false otherwise.
      Returns:
      whether the device's bootloader is locked or not.

    • isVerifiedBootStateValid

      boolean isVerifiedBootStateValid()
      Returns true if the boot state is Verified. Compromised devices (such as some root devices) do not have a valid boot state.
      Returns:
      true if the boot state verification state is valid, and false otherwise.

    • certificateChainValidationResult

      @NonNull CertificateChainValidationResult certificateChainValidationResult()
      Returns the result of the certificate chain validation. In devices supporting full basic attestation (FidoUafAttestationInformation.OnlyDefaultMode, FidoUafAttestationInformation.StrictMode or FidoUafAttestationInformation.StrictStrongBoxMode), when a new key is created the device must generate an associated certificate chain (or certification path) that fulfills the following criteria:
      • The root certificate is a known Google root certificate.
      • The certificate chain is valid: it does not contain a certificate in the CRL, no certificate is expired, the certificates in the chain are signed with the previous one, etc.
      So, when a device supports full basic, this method returns CertificateChainValidationResult.SUCCESS.
      Returns:
      the certificate chain validation result.