Class GetPinTokenCommand

Namespace

Yubico.YubiKey.Fido2.Commands

Assembly

Yubico.YubiKey.dll

Gets a new PIN token.

public class GetPinTokenCommand : IYubiKeyCommand<GetPinUvAuthTokenResponse>

Inheritance

object

GetPinTokenCommand

Implements

IYubiKeyCommand<GetPinUvAuthTokenResponse>

Constructors

GetPinTokenCommand(PinUvAuthProtocolBase, ReadOnlyMemory<byte>)

Constructs a new instance of GetPinTokenCommand.

public GetPinTokenCommand(PinUvAuthProtocolBase pinProtocol, ReadOnlyMemory<byte> currentPin)

Parameters

pinProtocol PinUvAuthProtocolBase

An object defining the PIN protocol the command will use. The Encapsulate(CoseKey) method must have been successfully executed before passing it to this constructor.

currentPin ReadOnlyMemory<byte>

The PIN. This is a byte array with the PIN provided as the UTF-8 encoding of Unicode characters in Normalization Form C.

Remarks

The caller must specify which PIN protocol the command will use. This is done by passing in a subclass of PinUvAuthProtocolBase. This constructor requires the Encapsulate(CoseKey) method to have been called before passing it in. Note that the Encapsulate method requires the YubiKey's public key, which is obtained by executing the GetKeyAgreementCommand.

In order to get the PIN token, the caller must supply the new PIN at construction. In this class, the PIN is supplied as ReadOnlyMemory<byte>. It is possible to pass a byte[], because it will be automatically cast.

This class will encrypt the PIN and will not copy a reference. That means you can overwrite the PIN in your byte array after calling the constructor.

Exceptions

ArgumentNullException

The pinProtocol arg is null.

ArgumentException

The PIN is an incorrect length.

InvalidOperationException

The pinProtocol is in a state indicating Encapsulate has not executed.

Properties

Application

Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public GetPinUvAuthTokenResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

GetPinUvAuthTokenResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.