supreme-client/at.asitplus.attestation.supreme/createAttestationProof

createAttestationProof

suspend fun AttestationChallenge.createAttestationProof(alias: String, authPromptMessage: String? = null, authPromptCancelText: String? = null, additionalCsrExtensions: List<X509CertificateExtension> = listOf(), additionalCsrAttributes: List<Pkcs10CertificationRequestAttribute> = listOf()): KmmResult<Pkcs10CertificationRequest>(source)

Creates a signed CSR from a received AttestationChallenge according to AttestationChallenge.keyConstraints. Hence, if no constraints are set, this method will always fail!

It is possible to specify authPromptMessage and authPromptCancelText for when key usage (i.e. signing) requires authentication.

Encodes the challenge's nonce into a KnownOIDs.serialNumber subjectName and the attestation statement into a Pkcs10CertificationRequestAttribute with AttestationChallenge.proofOID. Since this operation prepares and directly signs the CSR, it may require user authentication.

Usually, you'll want to use pass AlternativeNames into additionalCsrExtensions, not a subject name! By default, the RDN used for this CSR will only contain KnownOIDs.serialNumber containing the nonce from the passed nonce. Hence, the values passed to this parameter containing a KnownOIDs.serialNumber will be overwritten.

Parameters

additionalCsrExtensions

Certificate extensions to be requested. May be ignored by the issuer.

additionalCsrAttributes

Additional CSR attributes to pack into this CSR.

Generated by Dokka
© 2026 Copyright