multipaz/org.multipaz.mdoc.mso/MobileSecurityObjectGenerator

MobileSecurityObjectGenerator

class MobileSecurityObjectGenerator(digestAlgorithm: Algorithm, docType: String, deviceKey: EcPublicKey)

Helper class for building MobileSecurityObject CBOR as specified ISO/IEC 18013-5:2021 section 9.1.2 Issuer data authentication

Parameters

digestAlgorithm

The digest algorithm identifier. Must be one of {Algorithm.SHA256, Algorithm.SHA-384, Algorithm.SHA-512}.

docType

The document type.

deviceKey

The public part of the key pair used for mdoc authentication.

Throws

IllegalArgumentException

if the digestAlgorithm is not one of {Algorithm.SHA256, Algorithm.SHA-384, Algorithm.SHA-512}.

Constructors

MobileSecurityObjectGenerator

constructor(digestAlgorithm: Algorithm, docType: String, deviceKey: EcPublicKey)

Types

Companion

object Companion

Functions

addDigestIdsForNamespace

fun addDigestIdsForNamespace(nameSpace: String, digestIDs: Map<Long, ByteArray>): MobileSecurityObjectGenerator

Populates the ValueDigests mapping. This must be called at least once before generating since ValueDigests must be non-empty.

addValueDigests

fun addValueDigests(issuerNamespaces: IssuerNamespaces)

generate

fun generate(): ByteArray

Builds the MobileSecurityObject CBOR.

setDeviceKeyAuthorizedDataElements

fun setDeviceKeyAuthorizedDataElements(authorizedDataElements: Map<String, List<String>>): MobileSecurityObjectGenerator

Populates the AuthorizedDataElements portion of the keyAuthorizations within DeviceKeyInfo. This gives authorizations to data elements included in the authorizedDataElements mapping. If a namespace is included here, then it should not be included in .setDeviceKeyAuthorizedNameSpaces

setDeviceKeyAuthorizedNameSpaces

fun setDeviceKeyAuthorizedNameSpaces(authorizedNameSpaces: List<String>): MobileSecurityObjectGenerator

Populates the AuthorizedNameSpaces portion of the keyAuthorizations within DeviceKeyInfo. This gives authorizations to full namespaces included in the authorizedNameSpaces array. If authorization is given for a full namespace, that namespace shall not be included in .setDeviceKeyAuthorizedDataElements.

setDeviceKeyInfo

fun setDeviceKeyInfo(keyInfo: Map<Long, ByteArray>): MobileSecurityObjectGenerator

Provides extra info for the mdoc authentication public key as part of the KeyInfo portion of the DeviceKeyInfo.

setValidityInfo

fun setValidityInfo(signed: Instant, validFrom: Instant, validUntil: Instant, expectedUpdate: Instant?): MobileSecurityObjectGenerator

Sets the ValidityInfo structure which contains information related to the validity of the MSO and its signature. This must be called before generating since this a required component of the MobileSecurityObject.