roboto/com.android.keyattestation.verifier.provider/KeyAttestationCertPathValidator

KeyAttestationCertPathValidator

class KeyAttestationCertPathValidator : CertPathValidatorSpi

A CertPathValidatorSpi for verifying Android Key Attestation certificate chains.

Older Android devices produce Key Attestation certificate chains that do not fully conform to RFC 5280 and thus cannot be validating using sun.security.provider.certpath.PKIXCertPathValidator. This provider implements a more permissive CertPathValidatorSpi implementation that is able to validate these chains.

See go/how-to-validate-key-attestations for details for how to verify Android Key Attestation certificate chains.

Constructors

KeyAttestationCertPathValidator

constructor()

Functions

engineGetRevocationChecker

open fun engineGetRevocationChecker(): CertPathChecker

engineValidate

open override fun engineValidate(certPath: CertPath?, params: CertPathParameters?): CertPathValidatorResult