getCredential

@Blocking
fun getCredential(id: String, skipStatusCheck: Boolean = false): MobileCredential

Retrieve a specific mobile credential from the storage.

The verification result is returned based on the following sequence of verification steps, as per ISO/IEC 18013-5:2021:

  1. Device Key Validation:

    Ensures the device key cryptographic curve is supported by the SDK.

  2. Issuer Data Authentication:

    Executes the issuer's data authentication procedure defined in section 9.3.1 of ISO/IEC 18013-5:2021:

    • MSO Header Validation: Validates the certificate found in the MSO (Mobile Security Object) header.

    • Signer Certificate Verification: Verifies the Signer Certificate (as specified in Section 9.3.3 and Table B.3 of ISO/IEC 18013-5:2021).

    • IssuerAuth Digital Signature Verification: Verifies the digital signature of the IssuerAuth structure.

    • Verify Value Digest: Ensures the integrity and correctness of the value digest.

    • ValidityInfo Structure Validation: Ensures all elements in the ValidityInfo structure meet the defined standards.

  3. DocType-Specific Validation:

    Performs additional validation steps specific to the credential's docType.

    for mDLs this includes :

    • Confirms the mDL signer's certificate maximum validity period is within limits (up to 457 days).

    • Ensures the mDL signer certificate has the correct ExtKeyUsage (ISO/IEC 18013-5:2021 B.1.4).

    • Confirms the mDL signer certificate set its key usage for digital signatures exclusively.

    • Verifies the mDL signer certificate was issued from the correct location.

  4. Revocation Status Check: Confirms the credential has not been revoked.

Return

Stored mobile credential corresponding to the provided id as an instance of MobileCredential, which includes both PII information and the verification result.

Parameters

id

Unique id of mobile credential to be retrieved.

skipStatusCheck

Defines whether a revocation status check should be skipped. Defaults to false, indicating a status check will be performed. Network requests may be performed if set to false.

Throws

If the SDK API is called before the SDK is initialised.

If there is an error in generating the metadata from the metadata record.

If the TrustedIssuerCertificate is not found.