Class AccessControlProfile.Builder
- java.lang.Object
-
- com.android.identity.AccessControlProfile.Builder
-
- Enclosing class:
- AccessControlProfile
public static final class AccessControlProfile.Builder extends java.lang.ObjectA builder forAccessControlProfile.
-
-
Constructor Summary
Constructors Constructor Description Builder(AccessControlProfileId accessControlProfileId)Each access control profile has numeric identifier that must be unique within the context of a Credential and may be used to reference the profile.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AccessControlProfilebuild()Creates a newAccessControlProfilefrom the data supplied to the builder.AccessControlProfile.BuildersetReaderCertificate(java.security.cert.X509Certificate readerCertificate)Sets the reader certificate to use when checking access control.AccessControlProfile.BuildersetUserAuthenticationRequired(boolean userAuthenticationRequired)Set whether user authentication is required.AccessControlProfile.BuildersetUserAuthenticationTimeout(long userAuthenticationTimeoutMillis)Sets the authentication timeout to use.
-
-
-
Constructor Detail
-
Builder
public Builder(@NonNull AccessControlProfileId accessControlProfileId)Each access control profile has numeric identifier that must be unique within the context of a Credential and may be used to reference the profile.By default, the resulting
AccessControlProfilewill require user authentication with a timeout of zero, thus requiring the holder to authenticate for every presentation where data elements using this access control profile is used.- Parameters:
accessControlProfileId- the access control profile identifier.
-
-
Method Detail
-
setUserAuthenticationRequired
@NonNull public AccessControlProfile.Builder setUserAuthenticationRequired(boolean userAuthenticationRequired)
Set whether user authentication is required.This should be used sparingly since disabling user authentication on just a single data element can easily create a Relay Attack if the device on which the credential is stored is compromised.
The default behavior of a
AccessControlProfilecreated from a builder is to require user authentication.- Parameters:
userAuthenticationRequired- Set to true if user authentication is required, false otherwise.- Returns:
- The builder.
-
setUserAuthenticationTimeout
@NonNull public AccessControlProfile.Builder setUserAuthenticationTimeout(long userAuthenticationTimeoutMillis)
Sets the authentication timeout to use.The authentication timeout specifies the amount of time, in milliseconds, for which a user authentication is valid, if user authentication is required (see
setUserAuthenticationRequired(boolean)).If the timeout is zero, then authentication is always required for each reader session.
The default behavior of a
AccessControlProfilecreated from a builder is to use a timeout of 0.- Parameters:
userAuthenticationTimeoutMillis- the authentication timeout, in milliseconds.- Returns:
- The builder.
-
setReaderCertificate
@NonNull public AccessControlProfile.Builder setReaderCertificate(@NonNull java.security.cert.X509Certificate readerCertificate)
Sets the reader certificate to use when checking access control.If set, this is checked against the certificate chain presented by reader. The access check is fulfilled only if the public key from one of the certificates in the chain, matches the public key in the certificate set by this method.
The default behavior of a
AccessControlProfilecreated from a builder is to not use reader authentication.- Parameters:
readerCertificate- the certificate to use for the access control check.- Returns:
- The builder.
-
build
@NonNull public AccessControlProfile build()
Creates a newAccessControlProfilefrom the data supplied to the builder.- Returns:
- The created
AccessControlProfileobject.
-
-