Enum webauthn_rs::prelude::AttestationMetadata

pub enum AttestationMetadata {
    None,
    Packed {
        aaguid: Uuid,
    },
    Tpm {
        aaguid: Uuid,
        firmware_version: u64,
    },
    AndroidKey {
        is_km_tee: bool,
        is_attest_tee: bool,
    },
    AndroidSafetyNet {
        apk_package_name: String,
        apk_certificate_digest_sha256: Vec<Base64UrlSafeData>,
        cts_profile_match: bool,
        basic_integrity: bool,
        evaluation_type: Option<String>,
    },
}

The processed Attestation that the Authenticator is providing in it’s AttestedCredentialData. This metadata may allow identification of the device and it’s specific properties.

Variants

None

no metadata available for this device.

Packed

Fields

aaguid: Uuid

This is the unique id of the class/type of device. Often this id can imply the properties of the device.

This is commonly found on Fido Authenticators.

Tpm

Fields

aaguid: Uuid

This is the unique id of the class/type of device. Often this id can imply the properties of the device.

firmware_version: u64

The firmware version of the device at registration. It can NOT be determined if this updates later, which may require you to re-register the device if you need to enforce a version update.

This is found on TPM authenticators.

AndroidKey

Fields

is_km_tee: bool

is the key master running in a Trusted Execution Environment

is_attest_tee: bool

did the attestation come from a Trusted Execution Environment

various attestation flags set by the device (attested by OS)

AndroidSafetyNet

Fields

apk_package_name: String

the name of apk that originated this key operation

apk_certificate_digest_sha256: Vec<Base64UrlSafeData>

cert chain for this apk

cts_profile_match: bool

A stricter verdict of device integrity. If the value of ctsProfileMatch is true, then the profile of the device running your app matches the profile of a device that has passed Android compatibility testing and has been approved as a Google-certified Android device.

basic_integrity: bool

A more lenient verdict of device integrity. If only the value of basicIntegrity is true, then the device running your app likely wasn’t tampered with. However, the device hasn’t necessarily passed Android compatibility testing.

evaluation_type: Option<String>

Types of measurements that contributed to the current API response

various attestation flags set by the device (attested via safety-net) https://developer.android.com/training/safetynet/attestation#use-response-server

Trait Implementations

impl Clone for AttestationMetadata

fn clone(&self) -> AttestationMetadata

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AttestationMetadata

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AttestationMetadata

fn deserialize<__D>( __deserializer: __D ) -> Result<AttestationMetadata, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for AttestationMetadata

fn serialize<__S>( &self, __serializer: __S ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.