ResultData
public
abstract
class
ResultData
extends Object
java.lang.Object | |
↳ | android.security.identity.ResultData |
This class was deprecated
in API level 33.
Use PresentationSession
instead.
An object that contains the result of retrieving data from a credential. This is used to return
data requested from a IdentityCredential
.
Summary
Constants | |
---|---|
int |
STATUS_NOT_IN_REQUEST_MESSAGE
The entry wasn't in the request message. |
int |
STATUS_NOT_REQUESTED
The entry was not requested. |
int |
STATUS_NO_ACCESS_CONTROL_PROFILES
The entry was not retrieved because it was configured without any access control profile. |
int |
STATUS_NO_SUCH_ENTRY
The entry does not exist. |
int |
STATUS_OK
Value was successfully retrieved. |
int |
STATUS_READER_AUTHENTICATION_FAILED
The entry was not retrieved because reader authentication failed. |
int |
STATUS_USER_AUTHENTICATION_FAILED
The entry was not retrieved because user authentication failed. |
Public methods | |
---|---|
abstract
byte[]
|
getAuthenticatedData()
Returns a CBOR structure containing the retrieved data. |
abstract
byte[]
|
getEntry(String namespaceName, String name)
Gets the raw CBOR data for the value of an entry. |
abstract
Collection<String>
|
getEntryNames(String namespaceName)
Get the names of all entries. |
abstract
byte[]
|
getMessageAuthenticationCode()
Returns a message authentication code over the |
abstract
Collection<String>
|
getNamespaces()
Gets the names of namespaces with retrieved entries. |
abstract
Collection<String>
|
getRetrievedEntryNames(String namespaceName)
Get the names of all entries that was successfully retrieved. |
abstract
byte[]
|
getStaticAuthenticationData()
Returns the static authentication data associated with the dynamic authentication
key used to sign or MAC the data returned by |
abstract
int
|
getStatus(String namespaceName, String name)
Gets the status of an entry. |
Inherited methods | |
---|---|
Constants
STATUS_NOT_IN_REQUEST_MESSAGE
public static final int STATUS_NOT_IN_REQUEST_MESSAGE
The entry wasn't in the request message.
Constant Value: 3 (0x00000003)
STATUS_NOT_REQUESTED
public static final int STATUS_NOT_REQUESTED
The entry was not requested.
Constant Value: 2 (0x00000002)
STATUS_NO_ACCESS_CONTROL_PROFILES
public static final int STATUS_NO_ACCESS_CONTROL_PROFILES
The entry was not retrieved because it was configured without any access control profile.
Constant Value: 6 (0x00000006)
STATUS_NO_SUCH_ENTRY
public static final int STATUS_NO_SUCH_ENTRY
The entry does not exist.
Constant Value: 1 (0x00000001)
STATUS_OK
public static final int STATUS_OK
Value was successfully retrieved.
Constant Value: 0 (0x00000000)
STATUS_READER_AUTHENTICATION_FAILED
public static final int STATUS_READER_AUTHENTICATION_FAILED
The entry was not retrieved because reader authentication failed.
Constant Value: 5 (0x00000005)
STATUS_USER_AUTHENTICATION_FAILED
public static final int STATUS_USER_AUTHENTICATION_FAILED
The entry was not retrieved because user authentication failed.
Constant Value: 4 (0x00000004)
Public methods
getAuthenticatedData
public abstract byte[] getAuthenticatedData ()
Returns a CBOR structure containing the retrieved data.
This structure - along with the session transcript - may be cryptographically
authenticated to prove to the reader that the data is from a trusted credential and
getMessageAuthenticationCode()
can be used to get a MAC.
The CBOR structure which is cryptographically authenticated is the
DeviceAuthenticationBytes
structure according to the following
CDDL schema:
DeviceAuthentication = [ "DeviceAuthentication", SessionTranscript, DocType, DeviceNameSpacesBytes ] DocType = tstr SessionTranscript = any DeviceNameSpacesBytes = #6.24(bstr .cbor DeviceNameSpaces) DeviceAuthenticationBytes = #6.24(bstr .cbor DeviceAuthentication)
where
DeviceNameSpaces = { * NameSpace => DeviceSignedItems } DeviceSignedItems = { + DataItemName => DataItemValue } NameSpace = tstr DataItemName = tstr DataItemValue = any
The returned data is the binary encoding of the DeviceNameSpaces
structure
as defined above.
Returns | |
---|---|
byte[] |
The bytes of the DeviceNameSpaces CBOR structure.
This value cannot be null . |
getEntry
public abstract byte[] getEntry (String namespaceName, String name)
Gets the raw CBOR data for the value of an entry.
This should only be called on an entry for which the getStatus(java.lang.String, java.lang.String)
method returns STATUS_OK
.
Parameters | |
---|---|
namespaceName |
String : the namespace name of the entry.
This value cannot be null . |
name |
String : the name of the entry to get the value for.
This value cannot be null . |
Returns | |
---|---|
byte[] |
the raw CBOR data or null if no entry with the given name exists. |
getEntryNames
public abstract Collection<String> getEntryNames (String namespaceName)
Get the names of all entries.
This includes the name of entries that wasn't successfully retrieved.
Parameters | |
---|---|
namespaceName |
String : the namespace name to get entries for.
This value cannot be null . |
Returns | |
---|---|
Collection<String> |
A collection of names or null if there are no entries for the given
namespace. |
getMessageAuthenticationCode
public abstract byte[] getMessageAuthenticationCode ()
Returns a message authentication code over the DeviceAuthenticationBytes
CBOR
specified in getAuthenticatedData()
, to prove to the reader that the data
is from a trusted credential.
The MAC proves to the reader that the data is from a trusted credential. This code is produced by using the key agreement and key derivation function from the ciphersuite with the authentication private key and the reader ephemeral public key to compute a shared message authentication code (MAC) key, then using the MAC function from the ciphersuite to compute a MAC of the authenticated data. See section 9.2.3.5 of ISO/IEC 18013-5 for details of this operation.
If the sessionTranscript
parameter passed to
IdentityCredential.getEntries(byte[], Map, byte[], byte[])
was null
or the reader ephmeral public key was never set using
IdentityCredential.setReaderEphemeralPublicKey(PublicKey)
, no message
authencation code will be produced and this method will return null
.
Returns | |
---|---|
byte[] |
A COSE_Mac0 structure with the message authentication code as described above
or null if the conditions specified above are not met. |
getNamespaces
public abstract Collection<String> getNamespaces ()
Gets the names of namespaces with retrieved entries.
Returns | |
---|---|
Collection<String> |
collection of name of namespaces containing retrieved entries. May be empty if no
data was retrieved.
This value cannot be null . |
getRetrievedEntryNames
public abstract Collection<String> getRetrievedEntryNames (String namespaceName)
Get the names of all entries that was successfully retrieved.
This only return entries for which getStatus(java.lang.String, java.lang.String)
will return
STATUS_OK
.
Parameters | |
---|---|
namespaceName |
String : the namespace name to get entries for.
This value cannot be null . |
Returns | |
---|---|
Collection<String> |
A collection of names or null if there are no entries for the given
namespace. |
getStaticAuthenticationData
public abstract byte[] getStaticAuthenticationData ()
Returns the static authentication data associated with the dynamic authentication
key used to sign or MAC the data returned by getAuthenticatedData()
.
Returns | |
---|---|
byte[] |
The static authentication data associated with dynamic authentication key used to
MAC the data.
This value cannot be null . |
getStatus
public abstract int getStatus (String namespaceName, String name)
Gets the status of an entry.
This returns STATUS_OK
if the value was retrieved, STATUS_NO_SUCH_ENTRY
if the given entry wasn't retrieved, STATUS_NOT_REQUESTED
if it wasn't requested,
STATUS_NOT_IN_REQUEST_MESSAGE
if the request message was set but the entry wasn't
present in the request message, STATUS_USER_AUTHENTICATION_FAILED
if the value
wasn't retrieved because the necessary user authentication wasn't performed,
STATUS_READER_AUTHENTICATION_FAILED
if the supplied reader certificate chain didn't
match the set of certificates the entry was provisioned with, or
STATUS_NO_ACCESS_CONTROL_PROFILES
if the entry was configured without any access
control profiles.
Parameters | |
---|---|
namespaceName |
String : the namespace name of the entry.
This value cannot be null . |
name |
String : the name of the entry to get the value for.
This value cannot be null . |
Returns | |
---|---|
int |
the status indicating whether the value was retrieved and if not, why.
Value is STATUS_OK , STATUS_NO_SUCH_ENTRY , STATUS_NOT_REQUESTED , STATUS_NOT_IN_REQUEST_MESSAGE , STATUS_USER_AUTHENTICATION_FAILED , STATUS_READER_AUTHENTICATION_FAILED , or STATUS_NO_ACCESS_CONTROL_PROFILES |