Class GetPinUvAuthTokenUsingUvCommand
Gets a new PIN/UV Auth token using
getPinUvAuthTokenUsingUvWithPermissions
.
public class GetPinUvAuthTokenUsingUvCommand : IYubiKeyCommand<GetPinUvAuthTokenResponse>
- Inheritance
-
objectGetPinUvAuthTokenUsingUvCommand
- Implements
Remarks
Note that a YubiKey might not support this command. Sections 6.5.5.7.2,
6.5.5.7.3, and 6.4 in the FIDO2 standard describe the prerequisites for
supporting this command. A program can determine if a YubiKey supports
this command by getting device info (GetInfoCommand and
checking the Options
supported.
Constructors
GetPinUvAuthTokenUsingUvCommand(PinUvAuthProtocolBase, PinUvAuthTokenPermissions, string?)
Constructs a new instance of GetPinUvAuthTokenUsingUvCommand.
public GetPinUvAuthTokenUsingUvCommand(PinUvAuthProtocolBase pinProtocol, PinUvAuthTokenPermissions permissions, string? rpId)
Parameters
pinProtocol
PinUvAuthProtocolBaseAn object defining the PIN protocol the command will use. The Encapsulate(CoseKey) method must have been successfully executed before passing it to this constructor.
permissions
PinUvAuthTokenPermissionsAll the permissions necessary to complete the operations intended.
rpId
stringIf at least one of the permissions chosen requires it or is optional and the feature is intended, supply it here. Otherwise, pass in null.
Remarks
The subcommand in the standard is called
getPinUvAuthTokenUsingUvWithPermissions
. The UsingUv
means the authentication is built into the YubiKey, such as the
YubiKey Bio series (fingerprint). Note that PIN verification is
available on all YubiKeys that support FIDO2, including the YubiKey
Bio Series. WithPermissions
means the token will be associated
with permissions. The caller must specify the permissions as a bit
field, the PinUvAuthTokenPermissions
enum. Note that with some
permissions, the relying party ID (rpId
) is required as well.
For other permissions it is optional or ignored, so the rpId
arg can be null.
The caller must specify which PIN protocol the command will use. This
is done by passing in a subclass of PinUvAuthProtocolBase.
This constructor requires the
Encapsulate(CoseKey) method to have been called
before passing it in. Note that the Encapsulate
method
requires the YubiKey's public key, which is obtained by executing the
GetKeyAgreementCommand.
Exceptions
- ArgumentNullException
The
pinProtocol
arg is null.- InvalidOperationException
The
pinProtocol
is in a state indicatingEncapsulate
has not executed.
Properties
Application
Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public GetPinUvAuthTokenResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- GetPinUvAuthTokenResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.