Document

This class represents a document created in DocumentStore.

Document can be created using DocumentStore.createDocument. Once a Document is created it persists in the storage and can be looked up using DocumentStore.lookupDocument even after the application restarts. Document can be deleted using DocumentStore.deleteDocument method.

Documents in this store are identified by an identifier Document.identifier which is automatically assigned and is unique per document in a DocumentStore.

Arbitrary data can be stored in documents using the AbstractDocumentMetadata returned by metadata. Applications that use this library should supply their AbstractDocumentMetadata factory using DocumentStore.Builder.setDocumentMetadataFactory if there is a need to store custom data alongside the document itself.

Each document may have a number of Credentials associated with it. These credentials are intended to be used in ways specified by the underlying document format but the general idea is that they are created on the device and then sent to the issuer for certification. The issuer then returns some format-specific data related to the credential.

Using Mobile Driving License and MDOCs according to ISO/IEC 18013-5:2021 as an example, the credential plays the role of DeviceKey and the issuer-signed data includes the Mobile Security Object which includes the credential and is signed by the issuer. This is used for anti-cloning and to return data signed by the device. The way it works in this API is that the application can create one of SecureAreaBoundCredential subclasses, typically using a companion create method. With this in hand, the application can use SecureAreaBoundCredential.getAttestation and send the attestation to the issuer for certification. The issuer will then craft document-format specific data (for ISO/IEC 18013-5:2021 it will be a signed MSO which references the public part of the newly created credential) and send it back to the app. The application can then call Credential.certify which would add any issuer provided authentication data to the credential and make it ready for use in presentation. To retrieve all credentials which still require certification, use getPendingCredentials, and to retrieve all certified credentials, use getCertifiedCredentials.

At document presentation time the application first receives the request from a remote reader using a specific document presentation protocol, such as ISO/IEC 18013-5:2021. The details of the document-specific request includes enough information (for example, the DocType if using ISO/IEC 18013-5:2021) for the application to locate a suitable Document from a DocumentStore. See DocumentRequest for more information about how to generate the response for the remote reader given a Document instance.

There is nothing mDL/MDOC specific about this type, it can be used for any kind of document regardless of format, presentation, or issuance protocol used.

Parameters