Class IssuerSignedBuilder

java.lang.Object
com.authlete.mdoc.IssuerSignedBuilder
public class IssuerSignedBuilder extends Object
Utility to build an IssuerSigned instance.

An IssuerSigned instanced is used to create a Document instance.

Since:
1.5
See Also:

  • Constructor Details

    • IssuerSignedBuilder

      public IssuerSignedBuilder()

  • Method Details

    • getDocType

      public String getDocType()
      Get the DocType.

      The value is used as the value of the "docType" parameter of the MobileSecurityObject.

      Returns:
      The DocType.

    • setDocType

      public IssuerSignedBuilder setDocType(String docType)
      Set the DocType.

      The value is used as the value of the "docType" parameter of the MobileSecurityObject structure.

      Parameters:
      docType - The DocType.
      Returns:
      return this object.

    • getClaims

      public Map<String,Object> getClaims()
      Get the claims used to create IssuerSignedItems.

      See the description of the setClaims(Map) method for details about the format.

      Returns:
      The claims used to create IssuerSignedItems.

    • setClaims

      public IssuerSignedBuilder setClaims(Map<String,Object> claims)
      Set the claims used to create IssuerSignedItems.

      The keys of the top-level properties in the claims map must be strings representing name spaces, and their values must be JSON objects, each of which contains claims under the corresponding name space.

      The following JSON shows the structure that the claims map should have. 

       {
     "com.example.namespace1" : {
         "claimName1": "claimValue1",
         "claimName2": true,
         "claimName3": 1
     },
     "com.example.namespace2" : {
         "claimName4": [ "element1", "element2" ],
         "claimName5": {
           "subClaimName1": "subClaimValue1"
         }
     }
 }

      Types of claim values can be strings, boolean values, integers, floating-point numbers, arrays (List) and maps (Map), which are natural representations of JSON values.

      However, there may be cases where CBOR-specific data need to be embedded. For example, the "birth_date" claim may require the "full-date" tag (defined in RFC 8943) and the "portrait" claim may require binary data.

      To embed CBOR-specific data, a CBORizer instance with an implementation of the CBORDiagnosticNotationParser interface needs to be set by calling the setCBORizer(CBORizer) method. Such CBORizer will interpret strings written in the CBOR Diagnostic Notation (RFC 8949 Section 8, RFC 8610 Appendix G) with a special prefix (e.g. "cbor:"), and convert them into CBOR-specific data. As a result, input data like below will be accepted and CBOR-specific data will be embedded accordingly. 

       {
     "com.example.namespace3": {
         "birth_date": "cbor:1004(\"1974-05-06\")",
         "portrait": "cbor:h'0102.....'"
     }
 }
      Parameters:
      claims - The claims used to create IssuerSignedItems.
      Returns:
      this object.

    • getValidityInfo

      public ValidityInfo getValidityInfo()
      Get the validity information of the Mobile Security Object.

      The value is used as the value of the "validityInfo" parameter of the MobileSecurityObject structure.

      Returns:
      The validity information of the Mobile Security Object.

    • setValidityInfo

      public IssuerSignedBuilder setValidityInfo(ValidityInfo info)
      Set the validity information of the Mobile Security Object.

      The value is used as the value of the "validityInfo" parameter of the MobileSecurityObject structure.

      Parameters:
      info - The validity information of the Mobile Security Object.
      Returns:
      this object.

    • getDeviceKey

      public COSEKey getDeviceKey()
      Get the device key.

      The value is used as the value of the "deviceKey" parameter of the DeviceKeyInfo structure.

      Returns:
      The device key.

    • setDeviceKey

      public IssuerSignedBuilder setDeviceKey(COSEKey deviceKey)
      Set the device key.

      The value is used as the value of the "deviceKey" parameter of the DeviceKeyInfo structure.

      Parameters:
      deviceKey - The device key.
      Returns:
      this object.

    • getIssuerKey

      public COSEEC2Key getIssuerKey()
      Get the issuer key used to sign the IssuerAuth structure (COSESign1).
      Returns:
      The issuer key.

    • setIssuerKey

      public IssuerSignedBuilder setIssuerKey(COSEEC2Key issuerKey)
      Set the issuer key used to sign the IssuerAuth structure (COSESign1).

      If a signer is not provided through the setIssuerAuthSigner(SigStructureSigner) method, a private key must be set. Conversely, if a signer is provided, a key still needs to be set, but it does not necessarily have to be a private key. In this case, the key set by this method is not used for signing the Issuer Auth structure.

      Parameters:
      issuerKey - The issuer key.
      Returns:
      this object.
      See Also:

    • getIssuerCertChain

      public List<X509Certificate> getIssuerCertChain()
      Get the certificate chain for the issuer key.

      The value is embedded in the unprotected header of the IssuerAuth structure (COSESign1) as the value of the x5chain header parameter.

      Returns:
      The certificate chain for the issuer key.
      See Also:

    • setIssuerCertChain

      public IssuerSignedBuilder setIssuerCertChain(List<X509Certificate> chain)
      Set the certificate chain for the issuer key.

      The value is embedded in the unprotected header of the IssuerAuth structure (COSESign1) as the value of the x5chain header parameter.

      Parameters:
      chain - The certificate chain for the issuer key.
      Returns:
      this object.
      See Also:

    • getCBORizer

      public CBORizer getCBORizer()
      Get the CBORizer to convert given claim values into CBOR items.

      If there are claim values expressed in the CBOR Diagnostic Notation like "cbor:h'0102'" and "cbor:0(\"2013-03-21T20:04:00Z\")", a CBORizer instance with CBORDiagnosticNotationParser needs to be explicitly set. Otherwise, strings expressed in the CBOR Diagnostic Notation are embedded as CBOR text strings without any conversion.

      Returns:
      The CBORizer.

    • setCBORizer

      public IssuerSignedBuilder setCBORizer(CBORizer cborizer)
      Set the CBORizer to convert given claim values into CBOR items.

      If there are claim values expressed in the CBOR Diagnostic Notation like "cbor:h'0102'" and "cbor:0(\"2013-03-21T20:04:00Z\")", a CBORizer instance with CBORDiagnosticNotationParser needs to be explicitly set. Otherwise, strings expressed in the CBOR Diagnostic Notation are embedded as CBOR text strings without any conversion.

      Parameters:
      cborizer - The CBORizer.
      Returns:
      this object.

    • getIssuerAuthSigner

      public SigStructureSigner getIssuerAuthSigner()
      Get the signer to sign the Issuer Auth structure.
      Returns:
      The signer to sign the Issuer Auth structure.
      Since:
      1.20

    • setIssuerAuthSigner

      public IssuerSignedBuilder setIssuerAuthSigner(SigStructureSigner signer)
      Set the signer to sign the Issuer Auth structure.

      If a signer is provided through this method, it will be used to sign the Issuer Auth structure. Conversely, if no signer is provided, a new COSESigner instance will be created with the private key set by the setIssuerKey(COSEEC2Key) method, and the instance will be used to sign the Issuer Auth structure.

      Parameters:
      signer - The signer to sign the Issuer Auth structure.
      Returns:
      this object.
      Since:
      1.20
      See Also:

    • build

      public IssuerSigned build() throws COSEException, CertificateEncodingException
      Build an IssuerSigned instance.
      Returns:
      A new IssuerSigned instance.
      Throws:
      COSEException - Signing with the issuer key failed.
      CertificateEncodingException - The DER representation of an X.509 certificate in the issuer's certificate chain failed to be obtained.