Service interface implementation

Several service interfaces must be implemented for the OneSpan FIDO2 SDK to function properly.

Some of the interfaces available have a default implementation in the SDK: Table: Available interfaces and implementation information provides an overview of the interfaces available and their implementation details; Table: Service interfaces and methods lists the interface methods, parameters, and descriptions of the service interfaces available.

Table: Available interfaces and implementation information
Interface	Description	Default implementation in SDK
TrustAnchorProvider	Defines methods used to obtain trust anchors for attestation verification.	No default implementation in the SDK. In the sample web application, the MetadataServiceTrustPathProvider provides trust anchors based on metadata.
TPMRiskAnalyticsHandler	Defines a handler that is called for TPM attestation statement verification. It is used to decide whether attestation created by a device with the given data should be allowed based on risk analysis performed by implementations of this interface.	No default implementation in the SDK. In the sample web application, a handler is used that always allows TPM risk analysis to pass.
TPMDeviceAttributesValidator	The implementation of this interface is used to decide if the attestation, created by the TPM device with the given attributes, should be allowed.	No default implementation in the SDK. In the sample web application, a handler is used that always allows any TPM attributes to pass.
AuthenticatorCredentialDataProvider	The implementation of this interface is used by the SDK to look up information about registered credentials.	No default implementation in the SDK. In the sample web application, InMemoryAuthenticatorCredentialDataProvider is used.
SdkConfigProvider	Used to provide configuration to SDK instances.	No default implementation in the SDK. In the sample web application, FidoSdkConfigProvider is used.
AuthenticatorTransportInferenceHandler	Used to infer authenticator transports by attestation statement format.	No default implementation in the SDK. In the sample web application, an implementation is used that always returns an empty list.
ChallengeProvider	Used to generate challenges that can be passed to the SDK methods. This interface is not used directly by the SDK.	In the SDK, the default implementation SecureRandomChallengeProvider is used, which is based on SP800SecureRandom.
TokenBindingHandler	Used to parse authenticator binding that can be passed to the SDK methods. This interface is not used directly by the SDK.	In the SDK, TokenBindingHandlerImpl is used, which implements this interface; you can use this to parse authenticator binding structures.

Table: Service interfaces and methods
Interface	Method	Parameters	Description
TrustAnchorProvider	SetTrustAnchor getTrustAnchors	AAGUIDaaguid - aaguid of the authenticator. AttestationType: attestationType	Obtains a set of trust anchors, based on the AAGUID and attestation type that need to be used, to assess the trustworthiness of the attestation. These parameters return a set of trust anchors.
TrustAnchorProvider	String getEcdaa	AAGUIDaaguid - aaguid of the authenticator.	Returns the ECDAA-Issuer public key identifier, used to assess the trustworthiness of the attestation. Currently, the SDK does not support ECDAA.
TPMRiskAnalyticsHandler	boolean shouldAllow	TPMRiskAnalyticsData tpmRiskAnalyticsData	Returns a Boolean value that is used to decide if the attestation with given parameters should be allowed (it can be based on some risk analysis with input of TPMRiskAnalyticsData data).
TPMDeviceAttributesValidator	boolean shouldAllow	TPMDeviceAttributes tpmDeviceAttributes	Returns a Boolean value which is used to decide if the TPM device with the given attributes should be allowed.
AuthenticatorCredentialDataProvider	boolean exists	byte[] credentialId	Returns a Boolean value that indicates if a credential with the given credential ID already exists.
SdkConfigProvider	boolean isSelfAttestationAcceptable	-	Defines if self-attestation is acceptable during attestation verification.
AuthenticatorTransportInferenceHandler	ListAuthenticatorTransportinferBy	AttestationStatementFormat attestationStatementFormat	Used to infer authenticator transports by the attestation statement format.
ChallengeProvider	byte[] generate	-	Generates a new challenge.
TokenBindingHandler	TokenBindingMessage parseTokenBindingMessage	String base64UrlEncodedTokenBindingMessage	Decodes a given base64url string into a authenticator binding message structure structure.
TokenBindingHandler	TokenBinding extractTokenBinding	String base64UrlEncodedTokenBindingMessage	Extracts authenticator binding from a given base64url- encoded authenticator binding message structure.

Service interface implementation

Resources