Class Fido2Config
java.lang.Object
com.thalesgroup.gemalto.fido2.client.Fido2Config
A global configuration class for the FIDO2 SDK.
The SDK is designed with secure defaults. This class provides a limited set of options for applications that need to customize certain security features or behaviors, such as rate limiting, logging, and TLS certificate pinning.
- Since:
- 1.0.0
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidsetBaseLockoutDuration(int durationInSecs) Sets the base duration for the lockout penalty after too many failed verification attempts.static voidsetMaximumRetryCount(int maxRetryCount) Sets the maximum number of failed user verification attempts before the authenticator is locked.static voidsetSecureLog(com.thalesgroup.gemalto.securelog.SecureLog securelog) Sets a pre-configured secure logger instance for the SDK to use.static voidsetTlsCertificates(X509Certificate[] certificates) Sets the TLS certificates to be used for certificate pinning when communicating with the Relying Party.static com.thalesgroup.gemalto.securelog.SecureLogsetUpSecureLog(com.thalesgroup.gemalto.securelog.SecureLogConfig config) Configures and initializes the secure logger for the SDK.
-
Constructor Details
-
Fido2Config
public Fido2Config()
-
-
Method Details
-
setMaximumRetryCount
public static void setMaximumRetryCount(int maxRetryCount) Sets the maximum number of failed user verification attempts before the authenticator is locked.This value can only be configured once per application runtime. Subsequent calls will be ignored.
- Default value: 5
- Minimum value: 1
- Maximum value: 5
- Parameters:
maxRetryCount- The maximum number of retries.- Since:
- 1.0.0
-
setBaseLockoutDuration
public static void setBaseLockoutDuration(int durationInSecs) Sets the base duration for the lockout penalty after too many failed verification attempts.The actual lockout duration increases exponentially with each subsequent lockout. This value can only be configured once per application runtime. Subsequent calls will be ignored.
- Default value: 30 seconds
- Minimum value: 30 seconds
- Maximum value: 1800 seconds (30 minutes)
- Parameters:
durationInSecs- The base lockout duration in seconds.- Since:
- 1.0.0
-
setUpSecureLog
public static com.thalesgroup.gemalto.securelog.SecureLog setUpSecureLog(@Nullable com.thalesgroup.gemalto.securelog.SecureLogConfig config) Configures and initializes the secure logger for the SDK.- Parameters:
config- The configuration for the secure logger.- Returns:
- An instance of
SecureLog, ornullif the provided config isnull. - Since:
- 1.2.0
-
setSecureLog
public static void setSecureLog(@Nullable com.thalesgroup.gemalto.securelog.SecureLog securelog) Sets a pre-configured secure logger instance for the SDK to use.- Parameters:
securelog- A previously createdSecureLoginstance.- Since:
- 1.2.0
-
setTlsCertificates
Sets the TLS certificates to be used for certificate pinning when communicating with the Relying Party.This enhances security by ensuring the app communicates only with servers that have a trusted certificate. If this is not set, standard system trust validation will be used.
- Parameters:
certificates- An array ofX509Certificateto pin against.- Since:
- 1.9.0
-