roboto/at.asitplus.attestation.android

Package-level declarations

Types

abstract class AndroidAttestationChecker(attestationConfiguration: AndroidAttestationConfiguration, verifyChallenge: (expected: ByteArray, actual: ByteArray) -> Boolean)

AndroidAttestationConfiguration

@Serializable

data class AndroidAttestationConfiguration @JvmOverloads constructor(val applications: List<AndroidAttestationConfiguration.AppData>, val androidVersion: Int? = null, patchLevel: PatchLevel? = null, val requireStrongBox: Boolean = false, val allowBootloaderUnlock: Boolean = false, val requireRollbackResistance: Boolean = false, val ignoreLeafValidity: Boolean = false, val hardwareAttestationTrustAnchors: Set<@Serializable(with = PubKeyBasePemSerializer::class) PublicKey> = linkedSetOf(*DEFAULT_HARDWARE_TRUST_ANCHORS), val softwareAttestationTrustAnchors: Set<@Serializable(with = PubKeyBasePemSerializer::class) PublicKey> = linkedSetOf(*DEFAULT_SOFTWARE_TRUST_ANCHORS), val verificationSecondsOffset: Long = 0, val attestationStatementValiditySeconds: Long? = 5 * 60, val disableHardwareAttestation: Boolean = false, val enableNougatAttestation: Boolean = false, val enableSoftwareAttestation: Boolean = false, val requireRemoteKeyProvisioning: Boolean = false, val httpProxy: String? = null)

Main Android attestation configuration class serving as ground truth for all key and app attestation verifications.

AndroidDebugAttestationStatement

@Serializable

class AndroidDebugAttestationStatement(val kind: AndroidDebugAttestationStatement.Type, val configuration: AndroidAttestationConfiguration, val verificationTime: Date, val challenge: ByteArray, val attestationStatement: List<@Serializable(with = CertPemSerializer::class) X509Certificate>)

CertPemSerializer

object CertPemSerializer : TransformingSerializerTemplate<X509Certificate, String>

DateTimeSerializer

object DateTimeSerializer : KSerializer<Date>

EternalX509Certificate

class EternalX509Certificate(delegate: X509Certificate) : X509Certificate

HardwareAttestationChecker

class HardwareAttestationChecker @JvmOverloads constructor(attestationConfiguration: AndroidAttestationConfiguration, verifyChallenge: (expected: ByteArray, actual: ByteArray) -> Boolean = { expected, actual -> expected contentEquals actual }) : AndroidAttestationChecker

NougatHybridAttestationChecker

class NougatHybridAttestationChecker @JvmOverloads constructor(attestationConfiguration: AndroidAttestationConfiguration, verifyChallenge: (expected: ByteArray, actual: ByteArray) -> Boolean = { expected, actual -> expected contentEquals actual }) : AndroidAttestationChecker

PatchLevel

@Serializable

data class PatchLevel @JvmOverloads constructor(val year: Int, val month: Int, val maxFuturePatchLevelMonths: Int? = 1)

Represents a Patch level configuration property. Patch levels are defined as year and month.

PubKeyBasePemSerializer

object PubKeyBasePemSerializer : TransformingSerializerTemplate<PublicKey, String>

SoftwareAttestationChecker

class SoftwareAttestationChecker @JvmOverloads constructor(attestationConfiguration: AndroidAttestationConfiguration, verifyChallenge: (expected: ByteArray, actual: ByteArray) -> Boolean = { expected, actual -> expected contentEquals actual }) : AndroidAttestationChecker

Properties

DEFAULT_HARDWARE_TRUST_ANCHORS

val DEFAULT_HARDWARE_TRUST_ANCHORS: Array<PublicKey>

Default trust anchors used to verify hardware attestation

DEFAULT_SOFTWARE_TRUST_ANCHORS

val DEFAULT_SOFTWARE_TRUST_ANCHORS: Array<PublicKey>

Default trust anchors used to verify software attestation

OID_RKP

const val OID_RKP: String

The object identifier containing the remote key provisioning extension.

Functions

contentEqualsIfArray

infix fun Any?.contentEqualsIfArray(other: Any?): Boolean

contentHashCodeIfArray

inline fun Any.contentHashCodeIfArray(): Int

getNumberOfRemotelyProvisionedCertificates

fun List<X509Certificate>.getNumberOfRemotelyProvisionedCertificates(): Int?

TRIES to parse the number of remotely provisioned attestation certificates. Note that this method returning null does not necessarily mean that a remotely provisioned certificate is not present. It could very well be that the extension is present but botched. (Looking at you, Samsung!).

getRkpData

fun List<X509Certificate>.getRkpData(): Map?

Returns the parsed, but generic contents of the [Remote Key Provisioning

isRemoteKeyProvisioned

fun List<X509Certificate>.isRemoteKeyProvisioned(): Boolean

Indicates whether the attestation certificate in this certificate chain is remotely provisioned.

setup

fun HttpClientConfig<*>.setup(proxyUrl: String?): <Error class: unknown class>