openwallet-foundation-labs
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/GetCredentialActivity.kt
+8-10 b/‎appholder/src/main/java/com/android/identity/wallet/GetCredentialActivity.kt
+8-10
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/HolderApp.kt
+6-1 b/‎appholder/src/main/java/com/android/identity/wallet/HolderApp.kt
+6-1
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/authconfirmation/AuthConfirmationFragment.kt
+3-3 b/‎appholder/src/main/java/com/android/identity/wallet/authconfirmation/AuthConfirmationFragment.kt
+3-3
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/support/AndroidKeystoreSecureAreaSupport.kt
+5-5 b/‎appholder/src/main/java/com/android/identity/wallet/support/AndroidKeystoreSecureAreaSupport.kt
+5-5
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/support/SecureAreaSupport.kt
+2-2 b/‎appholder/src/main/java/com/android/identity/wallet/support/SecureAreaSupport.kt
+2-2
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/support/SecureAreaSupportNull.kt
+2-2 b/‎appholder/src/main/java/com/android/identity/wallet/support/SecureAreaSupportNull.kt
+2-2
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/support/SoftwareKeystoreSecureAreaSupport.kt
+2-2 b/‎appholder/src/main/java/com/android/identity/wallet/support/SoftwareKeystoreSecureAreaSupport.kt
+2-2
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/transfer/AddDocumentToResponseResult.kt
+2-2 b/‎appholder/src/main/java/com/android/identity/wallet/transfer/AddDocumentToResponseResult.kt
+2-2
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/transfer/TransferManager.kt
+9-6 b/‎appholder/src/main/java/com/android/identity/wallet/transfer/TransferManager.kt
+9-6
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/util/ProvisioningUtil.kt
+11-3 b/‎appholder/src/main/java/com/android/identity/wallet/util/ProvisioningUtil.kt
+11-3
diff --git a/‎appholder/src/main/java/com/android/identity/wallet/viewmodel/TransferDocumentViewModel.kt
+3-3 b/‎appholder/src/main/java/com/android/identity/wallet/viewmodel/TransferDocumentViewModel.kt
+3-3
diff --git a/‎gradle/libs.versions.toml
+3 b/‎gradle/libs.versions.toml
+3
@@ -12,10 +12,10 @@ import com.android.identity.android.mdoc.util.CredmanUtil
 import com.android.identity.android.mdoc.util.CredmanUtil.Companion.generateClientIdHash
 import com.android.identity.android.mdoc.util.CredmanUtil.Companion.generatePublicKeyHash
 import com.android.identity.android.securearea.AndroidKeystoreKeyUnlockData
-import com.android.identity.document.Credential
 import com.android.identity.document.DocumentRequest
 import com.android.identity.document.NameSpacedData
 import com.android.identity.crypto.Algorithm
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.mdoc.mso.StaticAuthDataParser
 import com.android.identity.mdoc.response.DeviceResponseGenerator
 import com.android.identity.mdoc.response.DocumentGenerator
@@ -30,32 +30,30 @@ import com.android.identity.wallet.util.log
 import com.google.android.gms.identitycredentials.GetCredentialResponse
 import com.google.android.gms.identitycredentials.IntentHelper
 import com.google.android.gms.identitycredentials.IntentHelper.EXTRA_CREDENTIAL_ID
-import com.google.android.gms.identitycredentials.IntentHelper.extractCallingAppInfo
 import com.google.android.gms.identitycredentials.IntentHelper.extractGetCredentialRequest
 import com.google.android.gms.identitycredentials.IntentHelper.setGetCredentialException
 import com.google.android.gms.identitycredentials.IntentHelper.setGetCredentialResponse
 import org.json.JSONObject
-import java.security.PublicKey
 import java.util.StringTokenizer
 
 class GetCredentialActivity : FragmentActivity() {
 
     fun addDeviceNamespaces(documentGenerator : DocumentGenerator,
-                            authKey : Credential,
+                            credential : MdocCredential,
                             unlockData: KeyUnlockData?) {
         documentGenerator.setDeviceNamespacesSignature(
             NameSpacedData.Builder().build(),
-            authKey.secureArea,
-            authKey.alias,
+            credential.secureArea,
+            credential.alias,
             unlockData,
             Algorithm.ES256)
     }
 
-    fun doBiometricAuth(authKey : Credential,
+    fun doBiometricAuth(credential : MdocCredential,
                         forceLskf : Boolean,
                         onBiometricAuthCompleted: (unlockData: KeyUnlockData?) -> Unit) {
         var title = "To share your credential we need to check that it's you."
-        var unlockData = AndroidKeystoreKeyUnlockData(authKey.alias)
+        var unlockData = AndroidKeystoreKeyUnlockData(credential.alias)
         var cryptoObject = unlockData.getCryptoObjectForSigning(Algorithm.ES256)
 
         val promptInfoBuilder = BiometricPrompt.PromptInfo.Builder()
@@ -89,7 +87,7 @@ class GetCredentialActivity : FragmentActivity() {
                         Logger.d("TAG", "onAuthenticationError $errorCode $errString")
                         // TODO: "Use LSKF"...  without this delay, the prompt won't work correctly
                         Handler(Looper.getMainLooper()).postDelayed({
-                            doBiometricAuth(authKey, true, onBiometricAuthCompleted)
+                            doBiometricAuth(credential, true, onBiometricAuthCompleted)
                         }, 100)
                     }
                 }
@@ -130,7 +128,7 @@ class GetCredentialActivity : FragmentActivity() {
         val credential = document.findCredential(
             ProvisioningUtil.CREDENTIAL_DOMAIN,
             Timestamp.now()
-        ) ?: throw IllegalStateException("No credential")
+        ) as MdocCredential? ?: throw IllegalStateException("No credential")
         val staticAuthData = StaticAuthDataParser(credential.issuerProvidedData).parse()
         val mergedIssuerNamespaces = MdocUtil.mergeIssuerNamesSpaces(
             documentRequest, nameSpacedData, staticAuthData
 
@@ -5,12 +5,14 @@ import android.content.Context
 import com.android.identity.android.securearea.AndroidKeystoreSecureArea
 import com.android.identity.android.storage.AndroidStorageEngine
 import com.android.identity.android.util.AndroidLogPrinter
+import com.android.identity.credential.CredentialFactory
 import com.android.identity.document.DocumentStore
 import com.android.identity.documenttype.DocumentTypeRepository
 import com.android.identity.documenttype.knowntypes.DrivingLicense
 import com.android.identity.documenttype.knowntypes.EUPersonalID
 import com.android.identity.documenttype.knowntypes.VaccinationDocument
 import com.android.identity.documenttype.knowntypes.VehicleRegistration
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.SecureAreaRepository
 import com.android.identity.securearea.software.SoftwareSecureArea
 import com.android.identity.storage.GenericStorageEngine
@@ -85,7 +87,10 @@ class HolderApp: Application() {
 
             secureAreaRepository.addImplementation(androidKeystoreSecureArea)
             secureAreaRepository.addImplementation(softwareSecureArea)
-            return DocumentStore(storageEngine, secureAreaRepository)
+
+            var credentialFactory = CredentialFactory()
+            credentialFactory.addCredentialImplementation(MdocCredential::class)
+            return DocumentStore(storageEngine, secureAreaRepository, credentialFactory)
         }
     }
 
 
@@ -120,17 +120,17 @@ class AuthConfirmationFragment : BottomSheetDialogFragment() {
 
                 val secureAreaSupport = SecureAreaSupport.getInstance(
                     requireContext(),
-                    result.authKey.secureArea
+                    result.credential.secureArea
                 )
                 with(secureAreaSupport) {
                     unlockKey(
-                        authKey = result.authKey,
+                        credential = result.credential,
                         onKeyUnlocked = { keyUnlockData ->
                             viewModel.sendResponseForSelection(
                                 onResultReady = {
                                     onSendResponseResult(it)
                                 },
-                                result.authKey,
+                                result.credential,
                                 keyUnlockData
                             )
                         },
 
@@ -21,10 +21,10 @@ import com.android.identity.android.securearea.UserAuthenticationType
 import com.android.identity.android.securearea.userAuthenticationTypeSet
 import com.android.identity.cbor.Cbor
 import com.android.identity.cbor.CborMap
-import com.android.identity.document.Credential
 import com.android.identity.crypto.Algorithm
 import com.android.identity.securearea.CreateKeySettings
 import com.android.identity.crypto.EcCurve
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.KeyPurpose
 import com.android.identity.securearea.KeyUnlockData
 import com.android.identity.util.Timestamp
@@ -51,12 +51,12 @@ class AndroidKeystoreSecureAreaSupport(
     )
 
     override fun Fragment.unlockKey(
-        authKey: Credential,
+        credential: MdocCredential,
         onKeyUnlocked: (unlockData: KeyUnlockData?) -> Unit,
         onUnlockFailure: (wasCancelled: Boolean) -> Unit
     ) {
-        val keyInfo = authKey.secureArea.getKeyInfo(authKey.alias) as AndroidKeystoreKeyInfo
-        val unlockData = AndroidKeystoreKeyUnlockData(authKey.alias)
+        val keyInfo = credential.secureArea.getKeyInfo(credential.alias) as AndroidKeystoreKeyInfo
+        val unlockData = AndroidKeystoreKeyUnlockData(credential.alias)
 
         val allowLskf = keyInfo.userAuthenticationTypes.contains(UserAuthenticationType.LSKF)
         val allowBiometric = keyInfo.userAuthenticationTypes.contains(UserAuthenticationType.BIOMETRIC)
@@ -74,7 +74,7 @@ class AndroidKeystoreSecureAreaSupport(
             .withCancelledCallback {
                 if (allowLskfUnlock) {
                     val runnable = {
-                        unlockKey(authKey, onKeyUnlocked, onUnlockFailure)
+                        unlockKey(credential, onKeyUnlocked, onUnlockFailure)
                     }
                     // Without this delay, the prompt won't reshow
                     Handler(Looper.getMainLooper()).postDelayed(runnable, 100)
 
@@ -4,8 +4,8 @@ import android.content.Context
 import androidx.compose.runtime.Composable
 import androidx.fragment.app.Fragment
 import com.android.identity.android.securearea.AndroidKeystoreSecureArea
-import com.android.identity.document.Credential
 import com.android.identity.document.Document
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.CreateKeySettings
 import com.android.identity.securearea.KeyUnlockData
 import com.android.identity.securearea.SecureArea
@@ -35,7 +35,7 @@ interface SecureAreaSupport {
      * there is a provided way to navigate using the [findNavController] function.
      */
     fun Fragment.unlockKey(
-        authKey: Credential,
+        credential: MdocCredential,
         onKeyUnlocked: (unlockData: KeyUnlockData?) -> Unit,
         onUnlockFailure: (wasCancelled: Boolean) -> Unit
     )
 
@@ -11,7 +11,7 @@ import androidx.compose.runtime.remember
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.unit.dp
 import androidx.fragment.app.Fragment
-import com.android.identity.document.Credential
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.CreateKeySettings
 import com.android.identity.securearea.KeyUnlockData
 import com.android.identity.util.Timestamp
@@ -40,7 +40,7 @@ class SecureAreaSupportNull : SecureAreaSupport {
     }
 
     override fun Fragment.unlockKey(
-        authKey: Credential,
+        credential: MdocCredential,
         onKeyUnlocked: (unlockData: KeyUnlockData?) -> Unit,
         onUnlockFailure: (wasCancelled: Boolean) -> Unit
     ) {
 
@@ -20,13 +20,13 @@ import androidx.lifecycle.repeatOnLifecycle
 import androidx.navigation.fragment.findNavController
 import co.nstant.`in`.cbor.CborBuilder
 import com.android.identity.cbor.Cbor
-import com.android.identity.document.Credential
 import com.android.identity.crypto.Algorithm
 import com.android.identity.crypto.CertificateChain
 import com.android.identity.crypto.Crypto
 import com.android.identity.securearea.CreateKeySettings
 import com.android.identity.crypto.EcCurve
 import com.android.identity.crypto.EcPrivateKey
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.KeyPurpose
 import com.android.identity.securearea.KeyUnlockData
 import com.android.identity.securearea.software.SoftwareCreateKeySettings
@@ -56,7 +56,7 @@ class SoftwareKeystoreSecureAreaSupport : SecureAreaSupport {
     private val screenState = SoftwareKeystoreSecureAreaSupportState()
 
     override fun Fragment.unlockKey(
-        authKey: Credential,
+        credential: MdocCredential,
         onKeyUnlocked: (unlockData: KeyUnlockData?) -> Unit,
         onUnlockFailure: (wasCancelled: Boolean) -> Unit
     ) {
 
@@ -1,6 +1,6 @@
 package com.android.identity.wallet.transfer
 
-import com.android.identity.document.Credential
+import com.android.identity.mdoc.credential.MdocCredential
 
 sealed class AddDocumentToResponseResult {
 
@@ -9,6 +9,6 @@ sealed class AddDocumentToResponseResult {
     ) : AddDocumentToResponseResult()
 
     data class DocumentLocked(
-        val authKey: Credential
+        val credential: MdocCredential
     ) : AddDocumentToResponseResult()
 }
@@ -9,7 +9,6 @@ import android.view.View
 import android.widget.ImageView
 import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
-import com.android.identity.document.Credential
 import com.android.identity.document.DocumentRequest
 import com.android.identity.document.NameSpacedData
 import com.android.identity.mdoc.mso.StaticAuthDataParser
@@ -19,6 +18,7 @@ import com.android.identity.mdoc.response.DeviceResponseGenerator
 import com.android.identity.mdoc.response.DocumentGenerator
 import com.android.identity.mdoc.util.MdocUtil
 import com.android.identity.crypto.Algorithm
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.securearea.KeyLockedException
 import com.android.identity.securearea.KeyPurpose
 import com.android.identity.securearea.KeyUnlockData
@@ -163,7 +163,7 @@ class TransferManager private constructor(private val context: Context) {
         docType: String,
         issuerSignedEntriesToRequest: MutableMap<String, Collection<String>>,
         deviceResponseGenerator: DeviceResponseGenerator,
-        authKey: Credential?,
+        credential: MdocCredential?,
         authKeyUnlockData: KeyUnlockData?,
     ) = suspendCancellableCoroutine { continuation ->
         var result: AddDocumentToResponseResult
@@ -181,11 +181,14 @@ class TransferManager private constructor(private val context: Context) {
 
         val request = DocumentRequest(dataElements)
 
-        val credentialToUse: Credential
-        if (authKey != null) {
-            credentialToUse = authKey
+        val credentialToUse: MdocCredential
+        if (credential != null) {
+            credentialToUse = credential
         } else {
-            credentialToUse = document.findCredential(ProvisioningUtil.CREDENTIAL_DOMAIN, Timestamp.now())
+            credentialToUse = document.findCredential(
+                ProvisioningUtil.CREDENTIAL_DOMAIN,
+                Timestamp.now()
+            ) as MdocCredential?
                 ?: throw IllegalStateException("No credential available")
         }
 
 
@@ -22,6 +22,7 @@ import com.android.identity.crypto.Certificate
 import com.android.identity.crypto.CertificateChain
 import com.android.identity.crypto.EcCurve
 import com.android.identity.crypto.toEcPrivateKey
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.mdoc.mso.MobileSecurityObjectGenerator
 import com.android.identity.mdoc.mso.StaticAuthDataGenerator
 import com.android.identity.mdoc.util.MdocUtil
@@ -119,9 +120,14 @@ class ProvisioningUtil private constructor(
 
         val pendingCredsCount = DocumentUtil.managedCredentialHelper(
             document,
-            secureArea,
-            settings,
             CREDENTIAL_DOMAIN,
+            {toBeReplaced -> MdocCredential(
+                toBeReplaced,
+                CREDENTIAL_DOMAIN,
+                secureArea,
+                settings,
+                docType
+            )},
             now,
             numCreds.toInt(),
             maxUsagesPerCred.toInt(),
@@ -132,7 +138,8 @@ class ProvisioningUtil private constructor(
             return
         }
 
-        for (pendingCred in document.pendingCredentials) {
+        for (pendingCred in document.pendingCredentials.filter { it.domain == CREDENTIAL_DOMAIN }) {
+            pendingCred as MdocCredential
             val msoGenerator = MobileSecurityObjectGenerator(
                 "SHA-256",
                 docType,
@@ -288,6 +295,7 @@ class ProvisioningUtil private constructor(
                     ?: throw IllegalStateException("No Secure Area with id ${authKeySecureAreaIdentifier} for document ${it.name}")
 
                 val credentials = certifiedCredentials.map { key ->
+                    key as MdocCredential
                     val info = authKeySecureArea.getKeyInfo(key.alias)
                     DocumentInformation.KeyData(
                         counter = key.credentialCounter.toInt(),
 
@@ -8,7 +8,7 @@ import androidx.lifecycle.AndroidViewModel
 import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.viewModelScope
-import com.android.identity.document.Credential
+import com.android.identity.mdoc.credential.MdocCredential
 import com.android.identity.mdoc.request.DeviceRequestParser
 import com.android.identity.mdoc.response.DeviceResponseGenerator
 import com.android.identity.securearea.KeyUnlockData
@@ -102,7 +102,7 @@ class TransferDocumentViewModel(val app: Application) : AndroidViewModel(app) {
 
     fun sendResponseForSelection(
         onResultReady: (result: AddDocumentToResponseResult) -> Unit,
-        authKey: Credential? = null,
+        credential: MdocCredential? = null,
         authKeyUnlockData: KeyUnlockData? = null
     ) {
         val elementsToSend = signedElements.collect()
@@ -117,7 +117,7 @@ class TransferDocumentViewModel(val app: Application) : AndroidViewModel(app) {
                             signedDocument.documentType,
                             issuerSignedEntries,
                             responseGenerator,
-                            authKey,
+                            credential,
                             authKeyUnlockData,
                         )
                     }
 
@@ -1,5 +1,6 @@
 [versions]
     compile-sdk = "34"
+    kotlin-reflect = "1.9.23"
     min-sdk = "26"
     kotlin = "1.8.20"
     gradle-plugin = "7.4.0"
@@ -67,6 +68,8 @@
     androidx-navigation-ktx = { module = "androidx.navigation:navigation-fragment-ktx", version.ref = "navigation" }
     androidx-navigation-ui-ktx = { module = "androidx.navigation:navigation-ui-ktx", version.ref = "navigation" }
 
+    kotlin-reflect = { module = "org.jetbrains.kotlin:kotlin-reflect", version.ref = "kotlin-reflect" }
+
     kotlinx-coroutines-core = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-core", version.ref="kotlinx-coroutines" }
     kotlinx-coroutines-android = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref="kotlinx-coroutines" }
     kotlinx-coroutines-guava = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-guava", version.ref="kotlinx-coroutines" }