java.lang.Object
com.webauthn4j.WebAuthnManager
Manager class for WebAuthn operations.
This class provides a unified interface for WebAuthn registration and authentication operations.
It delegates registration operations to
WebAuthnRegistrationManager and authentication
operations to WebAuthnAuthenticationManager.
WebAuthnManager supports parsing and verification of WebAuthn registration and authentication
requests and responses in various formats (JSON string, InputStream, or object).
Factory methods are provided to create instances with a non-strict configuration
that is more lenient in its verification requirements.-
Constructor Summary
ConstructorsConstructorDescriptionWebAuthnManager(@NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier) Constructor for WebAuthnManager with custom verifiers and default object converterWebAuthnManager(@NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull ObjectConverter objectConverter) Constructor for WebAuthnManager with custom verifiers and object converterWebAuthnManager(@NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull List<CustomRegistrationVerifier> customRegistrationVerifiers, @NotNull List<CustomAuthenticationVerifier> customAuthenticationVerifiers) Constructor for WebAuthnManager with custom verifiersWebAuthnManager(@NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull List<CustomRegistrationVerifier> customRegistrationVerifiers, @NotNull List<CustomAuthenticationVerifier> customAuthenticationVerifiers, @NotNull ObjectConverter objectConverter) Constructor for WebAuthnManager with full customization options -
Method Summary
Modifier and TypeMethodDescriptionstatic @NotNull WebAuthnManagerCreatesWebAuthnManagerwith non strict configurationstatic @NotNull WebAuthnManagercreateNonStrictWebAuthnManager(@NotNull ObjectConverter objectConverter) CreatesWebAuthnManagerwith non strict configuration@NotNull AuthenticationDataVerifierGets the authentication data verifier@NotNull RegistrationDataVerifierGets the registration data verifier@NotNull AuthenticationDataparse(@NotNull AuthenticationRequest authenticationRequest) Parses a WebAuthn authentication request@NotNull RegistrationDataparse(@NotNull RegistrationRequest registrationRequest) Parses a WebAuthn registration request@NotNull AuthenticationDataparseAuthenticationResponseJSON(@NotNull InputStream authenticationResponseJSON) Parses a WebAuthn authentication response JSON from an input stream@NotNull AuthenticationDataparseAuthenticationResponseJSON(@NotNull String authenticationResponseJSON) Parses a WebAuthn authentication response JSON string@NotNull RegistrationDataparseRegistrationResponseJSON(@NotNull InputStream registrationResponseJSON) Parses a WebAuthn registration response JSON from an input stream@NotNull RegistrationDataparseRegistrationResponseJSON(@NotNull String registrationResponseJSON) Parses a WebAuthn registration response JSON string@NotNull AuthenticationDatavalidate(@NotNull AuthenticationData authenticationData, @NotNull AuthenticationParameters authenticationParameters) Deprecated.renamed to 'verify`@NotNull AuthenticationDatavalidate(@NotNull AuthenticationRequest authenticationRequest, @NotNull AuthenticationParameters authenticationParameters) Deprecated.renamed to 'verify`@NotNull RegistrationDatavalidate(@NotNull RegistrationData registrationData, @NotNull RegistrationParameters registrationParameters) Deprecated.renamed to 'verify`@NotNull RegistrationDatavalidate(@NotNull RegistrationRequest registrationRequest, @NotNull RegistrationParameters registrationParameters) Deprecated.renamed to 'verify`@NotNull AuthenticationDataverify(@NotNull AuthenticationData authenticationData, @NotNull AuthenticationParameters authenticationParameters) Verifies WebAuthn authentication data@NotNull AuthenticationDataverify(@NotNull AuthenticationRequest authenticationRequest, @NotNull AuthenticationParameters authenticationParameters) Verifies a WebAuthn authentication request@NotNull RegistrationDataverify(@NotNull RegistrationData registrationData, @NotNull RegistrationParameters registrationParameters) Verifies WebAuthn registration data@NotNull RegistrationDataverify(@NotNull RegistrationRequest registrationRequest, @NotNull RegistrationParameters registrationParameters) Verifies a WebAuthn registration request@NotNull AuthenticationDataverifyAuthenticationResponseJSON(@NotNull InputStream authenticationResponseJSON, @NotNull AuthenticationParameters authenticationParameters) Verifies a WebAuthn authentication response JSON from an input stream@NotNull AuthenticationDataverifyAuthenticationResponseJSON(@NotNull String authenticationResponseJSON, @NotNull AuthenticationParameters authenticationParameters) Verifies a WebAuthn authentication response JSON string@NotNull RegistrationDataverifyRegistrationResponseJSON(@NotNull InputStream registrationResponseJSON, @NotNull RegistrationParameters registrationParameters) Verifies a WebAuthn registration response JSON from an input stream@NotNull RegistrationDataverifyRegistrationResponseJSON(@NotNull String registrationResponseJSON, @NotNull RegistrationParameters registrationParameters) Verifies a WebAuthn registration response JSON string
-
Constructor Details
-
WebAuthnManager
public WebAuthnManager(@NotNull @NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull @NotNull List<CustomRegistrationVerifier> customRegistrationVerifiers, @NotNull @NotNull List<CustomAuthenticationVerifier> customAuthenticationVerifiers, @NotNull @NotNull ObjectConverter objectConverter) Constructor for WebAuthnManager with full customization options- Parameters:
attestationStatementVerifiers- list of attestation statement verifierscertPathTrustworthinessVerifier- verifier for certification path trustworthinessselfAttestationTrustworthinessVerifier- verifier for self attestation trustworthinesscustomRegistrationVerifiers- list of custom registration verifierscustomAuthenticationVerifiers- list of custom authentication verifiersobjectConverter- converter for object serialization/deserialization
-
WebAuthnManager
public WebAuthnManager(@NotNull @NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull @NotNull List<CustomRegistrationVerifier> customRegistrationVerifiers, @NotNull @NotNull List<CustomAuthenticationVerifier> customAuthenticationVerifiers) Constructor for WebAuthnManager with custom verifiers- Parameters:
attestationStatementVerifiers- list of attestation statement verifierscertPathTrustworthinessVerifier- verifier for certification path trustworthinessselfAttestationTrustworthinessVerifier- verifier for self attestation trustworthinesscustomRegistrationVerifiers- list of custom registration verifierscustomAuthenticationVerifiers- list of custom authentication verifiers
-
WebAuthnManager
public WebAuthnManager(@NotNull @NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull @NotNull ObjectConverter objectConverter) Constructor for WebAuthnManager with custom verifiers and object converter- Parameters:
attestationStatementVerifiers- list of attestation statement verifierscertPathTrustworthinessVerifier- verifier for certification path trustworthinessselfAttestationTrustworthinessVerifier- verifier for self attestation trustworthinessobjectConverter- converter for object serialization/deserialization
-
WebAuthnManager
public WebAuthnManager(@NotNull @NotNull List<AttestationStatementVerifier> attestationStatementVerifiers, @NotNull @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier) Constructor for WebAuthnManager with custom verifiers and default object converter- Parameters:
attestationStatementVerifiers- list of attestation statement verifierscertPathTrustworthinessVerifier- verifier for certification path trustworthinessselfAttestationTrustworthinessVerifier- verifier for self attestation trustworthiness
-
-
Method Details
-
createNonStrictWebAuthnManager
CreatesWebAuthnManagerwith non strict configuration- Returns:
- configured
WebAuthnManager
-
createNonStrictWebAuthnManager
@NotNull public static @NotNull WebAuthnManager createNonStrictWebAuthnManager(@NotNull @NotNull ObjectConverter objectConverter) CreatesWebAuthnManagerwith non strict configuration- Parameters:
objectConverter- ObjectConverter- Returns:
- configured
WebAuthnManager
-
parseRegistrationResponseJSON
@NotNull public @NotNull RegistrationData parseRegistrationResponseJSON(@NotNull @NotNull String registrationResponseJSON) Parses a WebAuthn registration response JSON string- Parameters:
registrationResponseJSON- the registration response in JSON format- Returns:
- the parsed registration data
-
parseRegistrationResponseJSON
@NotNull public @NotNull RegistrationData parseRegistrationResponseJSON(@NotNull @NotNull InputStream registrationResponseJSON) Parses a WebAuthn registration response JSON from an input stream- Parameters:
registrationResponseJSON- the registration response in JSON format as an input stream- Returns:
- the parsed registration data
-
parse
@NotNull public @NotNull RegistrationData parse(@NotNull @NotNull RegistrationRequest registrationRequest) throws DataConversionException Parses a WebAuthn registration request- Parameters:
registrationRequest- the registration request to parse- Returns:
- the parsed registration data
- Throws:
DataConversionException- if data conversion fails
-
verifyRegistrationResponseJSON
@NotNull public @NotNull RegistrationData verifyRegistrationResponseJSON(@NotNull @NotNull String registrationResponseJSON, @NotNull @NotNull RegistrationParameters registrationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn registration response JSON string- Parameters:
registrationResponseJSON- the registration response in JSON formatregistrationParameters- the parameters for registration verification- Returns:
- the verified registration data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
verifyRegistrationResponseJSON
@NotNull public @NotNull RegistrationData verifyRegistrationResponseJSON(@NotNull @NotNull InputStream registrationResponseJSON, @NotNull @NotNull RegistrationParameters registrationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn registration response JSON from an input stream- Parameters:
registrationResponseJSON- the registration response in JSON format as an input streamregistrationParameters- the parameters for registration verification- Returns:
- the verified registration data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
verify
@NotNull public @NotNull RegistrationData verify(@NotNull @NotNull RegistrationRequest registrationRequest, @NotNull @NotNull RegistrationParameters registrationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn registration request- Parameters:
registrationRequest- the registration request to verifyregistrationParameters- the parameters for registration verification- Returns:
- the verified registration data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
validate
@Deprecated @NotNull public @NotNull RegistrationData validate(@NotNull @NotNull RegistrationRequest registrationRequest, @NotNull @NotNull RegistrationParameters registrationParameters) throws DataConversionException, VerificationException Deprecated.renamed to 'verify` -
verify
@NotNull public @NotNull RegistrationData verify(@NotNull @NotNull RegistrationData registrationData, @NotNull @NotNull RegistrationParameters registrationParameters) throws VerificationException Verifies WebAuthn registration data- Parameters:
registrationData- the registration data to verifyregistrationParameters- the parameters for registration verification- Returns:
- the verified registration data
- Throws:
VerificationException- if verification fails
-
validate
@Deprecated @NotNull public @NotNull RegistrationData validate(@NotNull @NotNull RegistrationData registrationData, @NotNull @NotNull RegistrationParameters registrationParameters) throws VerificationException Deprecated.renamed to 'verify`- Throws:
VerificationException
-
parseAuthenticationResponseJSON
@NotNull public @NotNull AuthenticationData parseAuthenticationResponseJSON(@NotNull @NotNull String authenticationResponseJSON) throws DataConversionException Parses a WebAuthn authentication response JSON string- Parameters:
authenticationResponseJSON- the authentication response in JSON format- Returns:
- the parsed authentication data
- Throws:
DataConversionException- if data conversion fails
-
parseAuthenticationResponseJSON
@NotNull public @NotNull AuthenticationData parseAuthenticationResponseJSON(@NotNull @NotNull InputStream authenticationResponseJSON) throws DataConversionException Parses a WebAuthn authentication response JSON from an input stream- Parameters:
authenticationResponseJSON- the authentication response in JSON format as an input stream- Returns:
- the parsed authentication data
- Throws:
DataConversionException- if data conversion fails
-
parse
@NotNull public @NotNull AuthenticationData parse(@NotNull @NotNull AuthenticationRequest authenticationRequest) throws DataConversionException Parses a WebAuthn authentication request- Parameters:
authenticationRequest- the authentication request to parse- Returns:
- the parsed authentication data
- Throws:
DataConversionException- if data conversion fails
-
verifyAuthenticationResponseJSON
@NotNull public @NotNull AuthenticationData verifyAuthenticationResponseJSON(@NotNull @NotNull String authenticationResponseJSON, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn authentication response JSON string- Parameters:
authenticationResponseJSON- the authentication response in JSON formatauthenticationParameters- the parameters for authentication verification- Returns:
- the verified authentication data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
verifyAuthenticationResponseJSON
@NotNull public @NotNull AuthenticationData verifyAuthenticationResponseJSON(@NotNull @NotNull InputStream authenticationResponseJSON, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn authentication response JSON from an input stream- Parameters:
authenticationResponseJSON- the authentication response in JSON format as an input streamauthenticationParameters- the parameters for authentication verification- Returns:
- the verified authentication data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
verify
@NotNull public @NotNull AuthenticationData verify(@NotNull @NotNull AuthenticationRequest authenticationRequest, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws DataConversionException, VerificationException Verifies a WebAuthn authentication request- Parameters:
authenticationRequest- the authentication request to verifyauthenticationParameters- the parameters for authentication verification- Returns:
- the verified authentication data
- Throws:
DataConversionException- if data conversion failsVerificationException- if verification fails
-
validate
@Deprecated @NotNull public @NotNull AuthenticationData validate(@NotNull @NotNull AuthenticationRequest authenticationRequest, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws DataConversionException, VerificationException Deprecated.renamed to 'verify` -
verify
@NotNull public @NotNull AuthenticationData verify(@NotNull @NotNull AuthenticationData authenticationData, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws VerificationException Verifies WebAuthn authentication data- Parameters:
authenticationData- the authentication data to verifyauthenticationParameters- the parameters for authentication verification- Returns:
- the verified authentication data
- Throws:
VerificationException- if verification fails
-
validate
@Deprecated @NotNull public @NotNull AuthenticationData validate(@NotNull @NotNull AuthenticationData authenticationData, @NotNull @NotNull AuthenticationParameters authenticationParameters) throws VerificationException Deprecated.renamed to 'verify`- Throws:
VerificationException
-
getRegistrationDataVerifier
Gets the registration data verifier- Returns:
- the registration data verifier
-
getAuthenticationDataVerifier
Gets the authentication data verifier- Returns:
- the authentication data verifier
-