PresentationSession.GetCredentialData(String, CredentialDataRequest) Method

Reference

Definition

Namespace:: Android.Security.Identity

Assembly:: Mono.Android.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Retrieves data from a named credential in the current presentation session.

[Android.Runtime.Register("getCredentialData", "(Ljava/lang/String;Landroid/security/identity/CredentialDataRequest;)Landroid/security/identity/CredentialDataResult;", "GetGetCredentialData_Ljava_lang_String_Landroid_security_identity_CredentialDataRequest_Handler", ApiSince=33)]
public abstract Android.Security.Identity.CredentialDataResult? GetCredentialData (string credentialName, Android.Security.Identity.CredentialDataRequest request);

[<Android.Runtime.Register("getCredentialData", "(Ljava/lang/String;Landroid/security/identity/CredentialDataRequest;)Landroid/security/identity/CredentialDataResult;", "GetGetCredentialData_Ljava_lang_String_Landroid_security_identity_CredentialDataRequest_Handler", ApiSince=33)>]
abstract member GetCredentialData : string * Android.Security.Identity.CredentialDataRequest -> Android.Security.Identity.CredentialDataResult

Parameters

credentialName: String

the name of the credential to retrieve.

request: CredentialDataRequest

the data to retrieve from the credential

Returns

CredentialDataResult

If the credential wasn't found, returns null. Otherwise a CredentialDataResult object containing entry data organized by namespace and a cryptographically authenticated representation of the same data, bound to the current session.

Attributes: RegisterAttribute

Remarks

Retrieves data from a named credential in the current presentation session.

If an access control check fails for one of the requested entries or if the entry doesn't exist, the entry is simply not returned. The application can detect this by using the CredentialDataResult.Entries#getStatus(String, String) method on each of the requested entries.

The application should not make any assumptions on whether user authentication is needed. Instead, the application should request the data elements values first and then examine the returned CredentialDataResult.Entries. If CredentialDataResult.Entries#STATUS_USER_AUTHENTICATION_FAILED is returned the application should get a android.hardware.biometrics.BiometricPrompt.CryptoObject which references this object and use it with a android.hardware.biometrics.BiometricPrompt. Upon successful authentication the application may call #getCredentialData(String, CredentialDataRequest) again.

It is permissible to call this method multiple times using the same credential name. If this is done the same auth-key will be used.

If the reader signature is set in the request parameter (via the CredentialDataRequest.Builder#setReaderSignature(byte[]) method) it must contain the bytes of a COSE_Sign1 structure as defined in RFC 8152. For the payload nil shall be used and the detached payload is the ReaderAuthenticationBytes CBOR described below.

ReaderAuthentication = [
                  "ReaderAuthentication",
                  SessionTranscript,
                  ItemsRequestBytes
                ]

                ItemsRequestBytes = #6.24(bstr .cbor ItemsRequest)

                ReaderAuthenticationBytes = #6.24(bstr .cbor ReaderAuthentication)

where ItemsRequestBytes are the bytes of the request message set in the request parameter (via the CredentialDataRequest.Builder#setRequestMessage(byte[]) method).

The public key corresponding to the key used to make the signature, can be found in the x5chain unprotected header element of the COSE_Sign1 structure (as as described in draft-ietf-cose-x509-08). There will be at least one certificate in said element and there may be more (and if so, each certificate must be signed by its successor).

Data elements protected by reader authentication are returned if, and only if, requestMessage is signed by the top-most certificate in the reader's certificate chain, and the data element is configured with an AccessControlProfile configured with an X.509 certificate for a key which appear in the certificate chain.

Note that the request message CBOR is used only for enforcing reader authentication, it's not used for determining which entries this API will return. The application is expected to have parsed the request message and filtered it according to user preference and/or consent.

Java documentation for android.security.identity.PresentationSession.getCredentialData(java.lang.String, android.security.identity.CredentialDataRequest).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

Share via