multipaz/org.multipaz.mdoc.credential/MdocCredential

MdocCredential

class MdocCredential : SecureAreaBoundCredential

An mdoc credential, according to ISO/IEC 18013-5:2021.

In this type, the key in SecureAreaBoundCredential plays the role of DeviceKey and the issuer-signed data includes the Mobile Security Object which includes the authentication key and is signed by the issuer. This is used for anti-cloning and to return data signed by the device.

The issuerProvidedData for a MdocCredential must be the bytes of IssuerSigned according to ISO/IEC 18013-5:2021:

IssuerSigned = {
  ? "nameSpaces" : IssuerNameSpaces,
  "issuerAuth" : IssuerAuth
}

Constructors

MdocCredential

constructor(document: Document)

Constructs a Credential from serialized data.

Types

Companion

object Companion

Properties

alias

lateinit var alias: String

The alias for the authentication key associated with this credential.

credentialType

open override val credentialType: String

Identifies credential type.

docType

lateinit var docType: String

The docType of the credential as defined in ISO/IEC 18013-5:2021.

document

val document: Document

The Document that the credential belongs to.

domain

lateinit var domain: String

The domain of the credential.

identifier

val identifier: String

isCertified

val isCertified: Boolean

Indicates whether the credential has been certified yet.

issuerProvidedData

val issuerProvidedData: ByteArray

The issuer-provided data associated with the credential.

replacementForIdentifier

@Volatile

var replacementForIdentifier: String?

secureArea

lateinit var secureArea: SecureArea

The secure area for the authentication key associated with this credential.

usageCount

@Volatile

var usageCount: Int

How many times the credential has been used in an identity presentation.

validFrom

val validFrom: Instant

The point in time the issuer-provided data is valid from.

validUntil

val validUntil: Instant

The point in time the issuer-provided data is valid until.

Functions

addSerializedData

open override fun addSerializedData(builder: MapBuilder<CborBuilder>)

Method which can be overridden by Credential subclasses to add any additional information when serializing a credential.

addToDocument

suspend fun addToDocument()

certify

open suspend override fun certify(issuerProvidedAuthenticationData: ByteArray, validFrom: Instant, validUntil: Instant)

Certifies the credential.

deserialize

open suspend override fun deserialize(dataItem: DataItem)

Initialize this object using serialized data.

getAttestation

suspend fun getAttestation(): KeyAttestation

The attestation for the SecureArea key associated with this credential.

getClaims

open override fun getClaims(documentTypeRepository: DocumentTypeRepository?): List<MdocClaim>

Gets the claims in the credential.

increaseUsageCount

suspend fun increaseUsageCount()

Increases usage count of the credential.

isInvalidated

open suspend override fun isInvalidated(): Boolean

Indicates whether the credential has been invalidated.

replacementForDeleted

suspend fun replacementForDeleted()