Class DeviceResponseGenerator
- java.lang.Object
-
- com.android.identity.DeviceResponseGenerator
-
public final class DeviceResponseGenerator extends java.lang.ObjectHelper class for buildingDeviceResponseCBOR as specified in ISO/IEC 18013-5 section 8.3 Device Retrieval.
-
-
Constructor Summary
Constructors Constructor Description DeviceResponseGenerator(long statusCode)Creates a newDeviceResponseGenerator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description DeviceResponseGeneratoraddDocument(java.lang.String docType, byte[] encodedDeviceNamespaces, byte[] encodedDeviceSignature, byte[] encodedDeviceMac, java.util.Map<java.lang.String,java.util.List<byte[]>> issuerSignedData, java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.Long>> errors, byte[] encodedIssuerAuth)Adds a new document to the device response.DeviceResponseGeneratoraddDocument(java.lang.String docType, CredentialDataResult credentialDataResult, java.util.Map<java.lang.String,java.util.List<byte[]>> issuerSignedMapping, java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.Long>> errors, byte[] encodedIssuerAuth)LikeaddDocument(String, byte[], byte[], byte[], Map, Map, byte[])but takes aCredentialDataResultinstead and merges the results into the "elementValue" entry of each IssuerSignedItem value.byte[]generate()Builds theDeviceResponseCBOR.
-
-
-
Constructor Detail
-
DeviceResponseGenerator
public DeviceResponseGenerator(long statusCode)
Creates a newDeviceResponseGenerator.- Parameters:
statusCode- the status code to use which must be one ofConstants.DEVICE_RESPONSE_STATUS_OK,Constants.DEVICE_RESPONSE_STATUS_GENERAL_ERROR,Constants.DEVICE_RESPONSE_STATUS_CBOR_DECODING_ERROR, orConstants.DEVICE_RESPONSE_STATUS_CBOR_VALIDATION_ERROR.
-
-
Method Detail
-
addDocument
@NonNull public DeviceResponseGenerator addDocument(@NonNull java.lang.String docType, @NonNull byte[] encodedDeviceNamespaces, @Nullable byte[] encodedDeviceSignature, @Nullable byte[] encodedDeviceMac, @NonNull java.util.Map<java.lang.String,java.util.List<byte[]>> issuerSignedData, @Nullable java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.Long>> errors, @NonNull byte[] encodedIssuerAuth)
Adds a new document to the device response.Issuer-signed data is provided in
issuerSignedDatawhich maps from namespaces into a list of bytes of IssuerSignedItem CBOR as defined in 18013-5 where each contains the digest-id, element name, issuer-generated random value and finally the element value. Each IssuerSignedItem must be encoded so the digest of them in a #6.24 bstr matches with the digests in theMobileSecurityObjectin theissuerAuthparameter.The
encodedIssuerAuthparameter contains the bytes of theIssuerAuthCBOR as defined in ISO/IEC 18013-5 section 9.1.2.4 Signing method and structure for MSO. That is, the payload for thisCOSE_Sign1must be set to theMobileSecurityObjectBytesand the public key used to sign the payload must be included in ax5chainunprotected header element.For device-signed data, the parameters
encodedDeviceNamespaces,encodedDeviceSignature, andencodedDeviceMacare used. Of the latter two, exactly one of them must be non-null. TheDeviceNameSpacesCBOR specified in ISO/IEC 18013-5 section 8.3.2.1 Device retrieval is to be set inencodedDeviceNamespaces, and either a ECDSA signature or a MAC over theDeviceAuthenticationCBOR as defined in section 9.1.3 mdoc authentication should be set inencodedDeviceSignatureorencodedDeviceMacrespectively. Values for all parameters can be obtained from theResultDataclass from either the Framework or this library.If present, the
errorsparameter is a map from namespaces where each value is a map from data elements in said namespace to an error code from ISO/IEC 18013-5:2021 Table 9.- Parameters:
docType- the document type, for exampleorg.iso.18013.5.1.mDL.encodedDeviceNamespaces- bytes of theDeviceNameSpacesCBOR.encodedDeviceSignature- bytes of a COSE_Sign1 for authenticating the device data.encodedDeviceMac- bytes of a COSE_Mac0 for authenticating the device data.issuerSignedData- the map described above.errors- a map with errors as described above.encodedIssuerAuth- the bytes of theCOSE_Sign1described above.- Returns:
- the passed-in
DeviceResponseGenerator.
-
addDocument
@NonNull public DeviceResponseGenerator addDocument(@NonNull java.lang.String docType, @NonNull CredentialDataResult credentialDataResult, @NonNull java.util.Map<java.lang.String,java.util.List<byte[]>> issuerSignedMapping, @Nullable java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.Long>> errors, @NonNull byte[] encodedIssuerAuth)
LikeaddDocument(String, byte[], byte[], byte[], Map, Map, byte[])but takes aCredentialDataResultinstead and merges the results into the "elementValue" entry of each IssuerSignedItem value.Note: The
issuerSignedDataandencodedIssuerAuthare parameters usually obtained viaUtility.decodeStaticAuthData(byte[]).- Parameters:
docType- The type of the document to send.credentialDataResult- The device- and issuer-signed data elements to include.errors- A map with errors as described inaddDocument.issuerSignedMapping- A mapping from namespaces to an array of IssuerSignedItem CBOR for the namespace. The "elementValue" value in each IssuerSignedItem CBOR must be set to the NULL value.encodedIssuerAuth- the bytes ofCOSE_Sign1signed by the issuing authority and where the payload is set toMobileSecurityObjectBytes.- Returns:
- the generator.
-
generate
@NonNull public byte[] generate()
Builds theDeviceResponseCBOR.- Returns:
- the bytes of
DeviceResponseCBOR.
-
-