verify
Verifies the integrity of the returned documents, according to ISO/IEC 18013-5.
The following checks are performed for each MdocDocument instance in documents.
For MdocDocument.issuerAuth the signature is checked against the leaf certificate in the associated X.509 chain.
The document type in the MSO matches the docType in the response.
The MSO is validity period includes the passed-in atTime.
The data returned in MdocDocument.issuerNamespaces is checked against digests in the MSO.
The device-authentication structures (ECDSA or MAC) are checked.
For each transaction data in the list, verifies that transaction hash is present in the response and matches the hash of the source transaction data
The following checks are expected to be done by the application:
Determining whether the issuer's document signing certificate is trusted. An application can use org.multipaz.trustmanagement.TrustManagerInterface to do this.
Checking whether the MSO is revoked, or any of the keys involved are revoked.
Checking the integrity of any Zero-Knowledge Proofs for documents returned in zkDocuments. An application can use org.multipaz.mdoc.zkp.ZkSystem to do this.
Checking or decrypting any encrypted documents returned in encryptedDocuments. Use EncryptedDocuments.decrypt to do this.
Return
list of per-document transaction responses; each response is a map; a key in this map is a transaction identifier, and the value is a map with an entry for each item in the transaction response data, including "transaction_data_hash".
Parameters
the session transcript to use.
the ephemeral reader key or null if not using session encryption.
list of transactions for each document in this DeviceResponse
the point in time for validating the whether returned documents are valid.
Throws
if validation fails.