GetPinUvAuthTokenUsingPinCommand Constructor
GetPinUvAuthTokenUsingPinCommand(PinUvAuthProtocolBase, ReadOnlyMemory<Byte>, PinUvAuthTokenPermissions, String)
Constructs a new instance of GetPinUvAuthTokenUsingPinCommand.
public GetPinUvAuthTokenUsingPinCommand(PinUvAuthProtocolBase pinProtocol, ReadOnlyMemory<byte> currentPin, PinUvAuthTokenPermissions permissions, string rpId)
Parameters
Type | Name | Description |
---|---|---|
PinUvAuthProtocolBase | pinProtocol | An object defining the PIN protocol the command will use. The Encapsulate(CoseKey) method must have been successfully executed before passing it to this constructor. |
System.ReadOnlyMemory<System.Byte> | currentPin | The PIN. This is a byte array with the PIN provided as the UTF-8 encoding of Unicode characters in Normalization Form C. |
PinUvAuthTokenPermissions | permissions | All the permissions necessary to complete the operations intended. |
System.String | rpId | If at least one of the permissions chosen requires it or is optional and the feature is intended, supply it here. Otherwise, pass in null. |
Exceptions
Type | Condition |
---|---|
System.ArgumentNullException | The |
System.ArgumentException | The PIN is an incorrect length. |
System.InvalidOperationException | The |
Remarks
The subcommand in the standard is called
getPinUvAuthTokenUsingPinWithPermissions
. The
WithPermissions
means the token will be associated with
permissions. The caller must specify the permissions as a bit field,
the PinUvAuthTokenPermissions
enum. Note that with some
permissions, the relying party ID (rpId
) is required as well.
For other permissions it is optional or ignored, so the rpId
arg can be null.
The caller must specify which PIN protocol the command will use. This
is done by passing in a subclass of PinUvAuthProtocolBase.
This constructor requires the
Encapsulate(CoseKey) method to have been called
before passing it in. Note that the Encapsulate
method
requires the YubiKey's public key, which is obtained by executing the
GetKeyAgreementCommand.
In order to get the token, the caller must supply the current PIN at
construction. In this class, the PIN is supplied as
ReadOnlyMemory<byte>
. It is possible to pass a
byte[]
, because it will be automatically cast.
This class will encrypt the PIN and will not copy a reference. That means you can overwrite the PIN in your byte array after calling the constructor.