addCredential

Add a mobile credential to storage.

This function validates the mobile credential as per ISO/IEC 18013-5:2021:

1. Device Key Validation:

   Ensures the device key cryptographic curve is supported by the SDK.

2. Issuer Data Authentication:

   Executes the issuer's data authentication procedure defined in section 9.3.1 of ISO/IEC 18013-5:2021:

• MSO Header Validation: Validates the certificate found in the MSO (Mobile Security Object) header.

• Signer Certificate Verification: Verifies the Signer Certificate (as specified in Section 9.3.3 and Table B.3 of ISO/IEC 18013-5:2021) against the set of the trusted issuer certificates, currently stored by the SDK.

• IssuerAuth Digital Signature Verification: Verifies the digital signature of the IssuerAuth structure.

• Verify Value Digest: Ensures the integrity and correctness of the value digest.

• ValidityInfo Structure Validation: Ensures all elements in the ValidityInfo structure meet the defined standards.

3. DocType-Specific Validation:

   Performs additional validation steps specific to the credential's docType.

   For mDLs this includes :

• Confirms the mDL signer's certificate maximum validity period is within limits (up to 457 days).

• Ensures the mDL signer certificate has the correct ExtKeyUsage (ISO/IEC 18013-5:2021 B.1.4).

• Confirms the mDL signer certificate set its key usage for digital signatures exclusively.

• Verifies the mDL signer certificate was issued from the correct location.

Furthermore, this function validates the relationship between the device key referenced by the deviceKeyId parameter by:

1. Checking it isn't already bound to another mobile credential stored by the SDK.

2. Checking the device key matches the device key in the provided mobile credential.

Parameters

Throws