Class Fido2Config

java.lang.Object
com.thalesgroup.gemalto.fido2.client.Fido2Config

public class Fido2Config extends Object
A global configuration class for the FIDO2 SDK.

The SDK is designed with secure defaults. This class provides a limited set of options for applications that need to customize certain security features or behaviors, such as rate limiting, logging, and TLS certificate pinning.

Since:
1.0.0
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    setBaseLockoutDuration(int durationInSecs)
    Sets the base duration for the lockout penalty after too many failed verification attempts.
    static void
    setMaximumRetryCount(int maxRetryCount)
    Sets the maximum number of failed user verification attempts before the authenticator is locked.
    static void
    setSecureLog(com.thalesgroup.gemalto.securelog.SecureLog securelog)
    Sets a pre-configured secure logger instance for the SDK to use.
    static void
    Sets the TLS certificates to be used for certificate pinning when communicating with the Relying Party.
    static com.thalesgroup.gemalto.securelog.SecureLog
    setUpSecureLog(com.thalesgroup.gemalto.securelog.SecureLogConfig config)
    Configures and initializes the secure logger for the SDK.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • Fido2Config

      public Fido2Config()
  • Method Details

    • setMaximumRetryCount

      public static void setMaximumRetryCount(int maxRetryCount)
      Sets the maximum number of failed user verification attempts before the authenticator is locked.

      This value can only be configured once per application runtime. Subsequent calls will be ignored.

      • Default value: 5
      • Minimum value: 1
      • Maximum value: 5
      Values outside the allowed range will be ignored.
      Parameters:
      maxRetryCount - The maximum number of retries.
      Since:
      1.0.0
    • setBaseLockoutDuration

      public static void setBaseLockoutDuration(int durationInSecs)
      Sets the base duration for the lockout penalty after too many failed verification attempts.

      The actual lockout duration increases exponentially with each subsequent lockout. This value can only be configured once per application runtime. Subsequent calls will be ignored.

      • Default value: 30 seconds
      • Minimum value: 30 seconds
      • Maximum value: 1800 seconds (30 minutes)
      Values outside the allowed range will be ignored.
      Parameters:
      durationInSecs - The base lockout duration in seconds.
      Since:
      1.0.0
    • setUpSecureLog

      public static com.thalesgroup.gemalto.securelog.SecureLog setUpSecureLog(@Nullable com.thalesgroup.gemalto.securelog.SecureLogConfig config)
      Configures and initializes the secure logger for the SDK.
      Parameters:
      config - The configuration for the secure logger.
      Returns:
      An instance of SecureLog, or null if the provided config is null.
      Since:
      1.2.0
    • setSecureLog

      public static void setSecureLog(@Nullable com.thalesgroup.gemalto.securelog.SecureLog securelog)
      Sets a pre-configured secure logger instance for the SDK to use.
      Parameters:
      securelog - A previously created SecureLog instance.
      Since:
      1.2.0
    • setTlsCertificates

      public static void setTlsCertificates(@Nullable X509Certificate[] certificates)
      Sets the TLS certificates to be used for certificate pinning when communicating with the Relying Party.

      This enhances security by ensuring the app communicates only with servers that have a trusted certificate. If this is not set, standard system trust validation will be used.

      Parameters:
      certificates - An array of X509Certificate to pin against.
      Since:
      1.9.0