Class PlatformCredentialDataResult
- java.lang.Object
-
- com.android.identity.CredentialDataResult
-
- com.android.identity.PlatformCredentialDataResult
-
@RequiresApi(33) public class PlatformCredentialDataResult extends CredentialDataResult
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class com.android.identity.CredentialDataResult
CredentialDataResult.Entries
-
-
Constructor Summary
Constructors Constructor Description PlatformCredentialDataResult(android.security.identity.CredentialDataResult platformResult)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description byte[]getDeviceMac()Returns a message authentication code over theDeviceAuthenticationBytesCBOR specified inCredentialDataResult.getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential.byte[]getDeviceNameSpaces()Returns a CBOR structure containing the retrieved device-signed data.byte[]getDeviceSignature()Returns a digital signature over theDeviceAuthenticationBytesCBOR specified inCredentialDataResult.getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential.CredentialDataResult.EntriesgetDeviceSignedEntries()Gets the device-signed entries that was returned.CredentialDataResult.EntriesgetIssuerSignedEntries()Gets the issuer-signed entries that was returned.byte[]getStaticAuthenticationData()Returns the static authentication data associated with the dynamic authentication key used to MAC the data returned byCredentialDataResult.getDeviceNameSpaces().
-
-
-
Method Detail
-
getDeviceNameSpaces
@NonNull public byte[] getDeviceNameSpaces()
Description copied from class:CredentialDataResultReturns a CBOR structure containing the retrieved device-signed data.This structure - along with the session transcript - may be cryptographically authenticated to prove to the reader that the data is from a trusted credential and
CredentialDataResult.getDeviceMac()can be used to get a MAC.The CBOR structure which is cryptographically authenticated is the
DeviceAuthenticationBytesstructure (See section 9.1.3.4 of ISO/IEC 18013-5:2021 for details) according to the following CDDL schema:DeviceAuthentication = [ "DeviceAuthentication", SessionTranscript, DocType, DeviceNameSpacesBytes ] DocType = tstr SessionTranscript = any DeviceNameSpacesBytes = #6.24(bstr .cbor DeviceNameSpaces) DeviceAuthenticationBytes = #6.24(bstr .cbor DeviceAuthentication)where
DeviceNameSpaces = { * NameSpace => DeviceSignedItems } DeviceSignedItems = { + DataItemName => DataItemValue } NameSpace = tstr DataItemName = tstr DataItemValue = anyThe returned data is the binary encoding of the
DeviceNameSpacesstructure as defined above.- Specified by:
getDeviceNameSpacesin classCredentialDataResult- Returns:
- The bytes of the
DeviceNameSpacesCBOR structure.
-
getDeviceMac
@Nullable public byte[] getDeviceMac()
Description copied from class:CredentialDataResultReturns a message authentication code over theDeviceAuthenticationBytesCBOR specified inCredentialDataResult.getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential.The MAC proves to the reader that the data is from a trusted credential. This code is produced by using the key agreement and key derivation function from the ciphersuite with the authentication private key and the reader ephemeral public key to compute a shared message authentication code (MAC) key, then using the MAC function from the ciphersuite to compute a MAC of the authenticated data. See section 9.1.3.5 of ISO/IEC 18013-5:2021 for details of this operation.
If the session transcript or reader ephemeral key wasn't set on the
PresentationSessionused to obtain this data no message authencation code will be produced and this method will returnnull.At most one of
CredentialDataResult.getDeviceMac()orCredentialDataResult.getDeviceSignature()is implemented.- Specified by:
getDeviceMacin classCredentialDataResult- Returns:
- A COSE_Mac0 structure with the message authentication code as described above
or
nullif the conditions specified above are not met.
-
getDeviceSignature
@Nullable public byte[] getDeviceSignature()
Description copied from class:CredentialDataResultReturns a digital signature over theDeviceAuthenticationBytesCBOR specified inCredentialDataResult.getDeviceNameSpaces(), to prove to the reader that the data is from a trusted credential. The signature will be made with one of the provisioned dynamic authentication keys.At most one of
CredentialDataResult.getDeviceMac()orCredentialDataResult.getDeviceSignature()is implemented.- Specified by:
getDeviceSignaturein classCredentialDataResult- Returns:
nullif not implemented, otherwise a COSE_Sign1 structure with the payload set to the data returned byCredentialDataResult.getDeviceNameSpaces().
-
getStaticAuthenticationData
@NonNull public byte[] getStaticAuthenticationData()
Description copied from class:CredentialDataResultReturns the static authentication data associated with the dynamic authentication key used to MAC the data returned byCredentialDataResult.getDeviceNameSpaces().- Specified by:
getStaticAuthenticationDatain classCredentialDataResult- Returns:
- The static authentication data associated with dynamic authentication key used to MAC the data.
-
getDeviceSignedEntries
@NonNull public CredentialDataResult.Entries getDeviceSignedEntries()
Description copied from class:CredentialDataResultGets the device-signed entries that was returned.- Specified by:
getDeviceSignedEntriesin classCredentialDataResult- Returns:
- an object to examine the entries returned.
-
getIssuerSignedEntries
@NonNull public CredentialDataResult.Entries getIssuerSignedEntries()
Description copied from class:CredentialDataResultGets the issuer-signed entries that was returned.- Specified by:
getIssuerSignedEntriesin classCredentialDataResult- Returns:
- an object to examine the entries returned.
-
-