Package com.android.identity

Class CredentialDataResult

  • Direct Known Subclasses:
    PlatformCredentialDataResult
    public abstract class CredentialDataResult
extends java.lang.Object
    An object that contains the result of retrieving data from a credential. This is used to return data requested in a PresentationSession.

    • Constructor Detail

      • CredentialDataResult

        public CredentialDataResult()

    • Method Detail

      • getDeviceNameSpaces

        @NonNull
public abstract byte[] getDeviceNameSpaces()
        Returns a CBOR structure containing the retrieved device-signed data.

        This structure - along with the session transcript - may be cryptographically authenticated to prove to the reader that the data is from a trusted credential and getDeviceMac() can be used to get a MAC.

        The CBOR structure which is cryptographically authenticated is the DeviceAuthenticationBytes structure (See section 9.1.3.4 of ISO/IEC 18013-5:2021 for details) according to the following CDDL schema: 

           DeviceAuthentication = [
     "DeviceAuthentication",
     SessionTranscript,
     DocType,
     DeviceNameSpacesBytes
   ]

   DocType = tstr
   SessionTranscript = any
   DeviceNameSpacesBytes = #6.24(bstr .cbor DeviceNameSpaces)
   DeviceAuthenticationBytes = #6.24(bstr .cbor DeviceAuthentication)

        where 

           DeviceNameSpaces = {
     * NameSpace => DeviceSignedItems
   }

   DeviceSignedItems = {
     + DataItemName => DataItemValue
   }

   NameSpace = tstr
   DataItemName = tstr
   DataItemValue = any

        The returned data is the binary encoding of the DeviceNameSpaces structure as defined above.

        Returns:
        The bytes of the DeviceNameSpaces CBOR structure.

      • getDeviceMac

        @Nullable
public abstract byte[] getDeviceMac()
        Returns a message authentication code over the DeviceAuthenticationBytes CBOR specified in getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential.

        The MAC proves to the reader that the data is from a trusted credential. This code is produced by using the key agreement and key derivation function from the ciphersuite with the authentication private key and the reader ephemeral public key to compute a shared message authentication code (MAC) key, then using the MAC function from the ciphersuite to compute a MAC of the authenticated data. See section 9.1.3.5 of ISO/IEC 18013-5:2021 for details of this operation.

        If the session transcript or reader ephemeral key wasn't set on the PresentationSession used to obtain this data no message authencation code will be produced and this method will return null.

        At most one of getDeviceMac() or getDeviceSignature() is implemented.

        Returns:
        A COSE_Mac0 structure with the message authentication code as described above or null if the conditions specified above are not met.

      • getDeviceSignature

        @Nullable
public abstract byte[] getDeviceSignature()
        Returns a digital signature over the DeviceAuthenticationBytes CBOR specified in getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential. The signature will be made with one of the provisioned dynamic authentication keys.

        At most one of getDeviceMac() or getDeviceSignature() is implemented.

        Returns:
        null if not implemented, otherwise a COSE_Sign1 structure with the payload set to the data returned by getDeviceNameSpaces().

      • getStaticAuthenticationData

        @NonNull
public abstract byte[] getStaticAuthenticationData()
        Returns the static authentication data associated with the dynamic authentication key used to MAC the data returned by getDeviceNameSpaces().
        Returns:
        The static authentication data associated with dynamic authentication key used to MAC the data.

      • getDeviceSignedEntries

        @NonNull
public abstract CredentialDataResult.Entries getDeviceSignedEntries()
        Gets the device-signed entries that was returned.
        Returns:
        an object to examine the entries returned.

      • getIssuerSignedEntries

        @NonNull
public abstract CredentialDataResult.Entries getIssuerSignedEntries()
        Gets the issuer-signed entries that was returned.
        Returns:
        an object to examine the entries returned.