Comments (4)
davidz25
commented on July 17, 2024
1
If you decode the base64 and run it through cbor.me [1] it looks just fine, here's a manually pretty-printed snippet of the payload of the COSE_Sign1:
[
"ProofOfProvisioning",
"testDoc",
[{"id": 1}],
{"namespace.test": [
{"name": "id1", "value": "test1", "accessControlProfiles": [1]},
{"name": "id2", "value": "test2", "accessControlProfiles": [1]},
[snip]
So let's look at the ProofOfProvisioning CDDL as defined in WritableIdentityCredential.personalize() ... that is, the third element of the array should be [ * AccessControlProfile ] where
AccessControlProfile = {
"id": uint,
? "readerCertificate" : bstr,
? (
"userAuthenticationRequired" : bool,
"timeoutMillis" : uint,
)
}
Compare that with your data and you will see that the third element of the array is [{"id": 1}] ... which indeed is a single AccessControlProfile with neither a reader certificate nor any user-authentication (consistent with your code above). So it seems to work just fine.
[1] : here's the cbor.me link
from identity-credential.
davidz25
commented on July 17, 2024
Please update the blob returned by personalize() so I can inspect it.
The access control profiles are definitely included in the ProofOfProvisioning CBOR, check out the unit tests here and here.
(Also, this seems to be an issue you are having with the Identity Credential API and not the apps... so this bug tracker isn't the best place but for now let's ignore that.)
from identity-credential.
roffel
commented on July 17, 2024
hi @davidz25 ,
Thank you for the fast answer. I was in doubt if this was an issue for the Google issue tracker or for GitHub. But I am happy that you are willing to help.
I insert the personalization data that has been receive from the personalizationbuilderauth directly into the personalize method. Underneath a Gson dump of this object:
{
"mNamespaces": {
"namespace.test": {
"mEntries": {
"id1": {
"mAccessControlProfileIds": [
{
"mId": 1
}
],
"mValue": [
101,
116,
101,
115,
116,
49
]
},
"id2": {
"mAccessControlProfileIds": [
{
"mId": 1
}
],
"mValue": [
101,
116,
101,
115,
116,
50
]
},
"id3": {
"mAccessControlProfileIds": [
{
"mId": 1
}
],
"mValue": [
101,
116,
101,
115,
116,
51
]
},
"id4": {
"mAccessControlProfileIds": [
{
"mId": 1
}
],
"mValue": [
101,
116,
101,
115,
116,
52
]
},
"id5": {
"mAccessControlProfileIds": [
{
"mId": 1
}
],
"mValue": [
101,
116,
101,
115,
116,
53
]
}
},
"mNamespace": "namespace.test"
}
},
"mProfiles": [
{
"mAccessControlProfileId": {
"mId": 1
},
"mUserAuthenticationRequired": false,
"mUserAuthenticationTimeout": 0
}
]
}
I receive the following byte array, which, according to the docs, is a CoseSign1 structure. I have encoded it as base64 and included below.
hEOhASagWQEbhXNQcm9vZk9mUHJvdmlzaW9uaW5nZ3Rlc3REb2OBoWJpZAGhbm5hbWVzcGFjZS50
ZXN0haNkbmFtZWNpZDFldmFsdWVldGVzdDF1YWNjZXNzQ29udHJvbFByb2ZpbGVzgQGjZG5hbWVj
aWQyZXZhbHVlZXRlc3QydWFjY2Vzc0NvbnRyb2xQcm9maWxlc4EBo2RuYW1lY2lkM2V2YWx1ZWV0
ZXN0M3VhY2Nlc3NDb250cm9sUHJvZmlsZXOBAaNkbmFtZWNpZDRldmFsdWVldGVzdDR1YWNjZXNz
Q29udHJvbFByb2ZpbGVzgQGjZG5hbWVjaWQ1ZXZhbHVlZXRlc3Q1dWFjY2Vzc0NvbnRyb2xQcm9m
aWxlc4EB9FhAkfctZhj0vRWk47zhA9AZUStXvmEEtGjVleXowIWXW5QdAeCQ_VAKoqH5jgN9dj0z
2Cwtg-3ZmB3nbyc2__2KnQ
When I use the build in method CoseSign1.Builder().decode(proofOfProvisioningCbor).build() I get the CoseSign1 object back. The payload of this CoseSign1 object is a byte array. I get the following result (as a bytearray, but I encoded it as base64):
hXNQcm9vZk9mUHJvdmlzaW9uaW5nZ3Rlc3REb2OBoWJpZAGhbm5hbWVzcGFjZS50ZXN0haNkbmFt
ZWNpZDFldmFsdWVldGVzdDF1YWNjZXNzQ29udHJvbFByb2ZpbGVzgQGjZG5hbWVjaWQyZXZhbHVl
ZXRlc3QydWFjY2Vzc0NvbnRyb2xQcm9maWxlc4EBo2RuYW1lY2lkM2V2YWx1ZWV0ZXN0M3VhY2Nl
c3NDb250cm9sUHJvZmlsZXOBAaNkbmFtZWNpZDRldmFsdWVldGVzdDR1YWNjZXNzQ29udHJvbFBy
b2ZpbGVzgQGjZG5hbWVjaWQ1ZXZhbHVlZXRlc3Q1dWFjY2Vzc0NvbnRyb2xQcm9maWxlc4EB9A
Decoded (via https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)) it looks like:
.sProofOfProvisioninggtestDoc.¡bid.¡nnamespace.test.£dnamecid1evalueetest1uaccessControlProfiles..£dnamecid2evalueetest2uaccessControlProfiles..£dnamecid3evalueetest3uaccessControlProfiles..£dnamecid4evalueetest4uaccessControlProfiles..£dnamecid5evalueetest5uaccessControlProfiles..ô
The ACP's seem to be gone. I probably make a (thinking?) mistake but I am kind off stuck to be honest. Because our IssuerAuthority can't seem to validate this data because the ACP's are null in the cose structure they receive.
Kind regards,
from identity-credential.
roffel
commented on July 17, 2024
Thanks! I'll give it a shot on Monday. Have a nice weekend!
from identity-credential.
Related Issues (20)
- Not having enrolled fingerprint abruptly ends presentation
- Appverifier crashes when appholder does not auto-close with NFC data transfer
- Delete all credentials in wallet when Screenlock has been removed. HOT 1
- wallet: streamline permission workflow
- Implement passport/card scanning using CAN (card access number)
- Expose all the info from the passport
- Cbor annotation processor imports
- Pre-Consent Mechanism
- Kotlin toXxx extensions should be functions not properties
- Annotation processing for flow-based interfaces
- identity-android/ Tests Won't Build
- Simple server-based issuance
- why there is a breaking change by updating the library with new identity-mdoc, storage related and key creation changes?
- FlowProcessor doesn't work with enums
- Migrate to from Timestamp to kotlinx.datetime.Instant, everywhere except identity-android-legacy HOT 1
- Basic wallet server infrastructure
- Build errors when making the identity-credential project
- Allow http connections to localhost for development
- Local dev performance issues
- Port issuing evidence collection flow to the server
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identity-credential.