supreme-client/at.asitplus.attestation.supreme/performAttestationFlow

performAttestationFlow

suspend fun AttestationClient.performAttestationFlow(alias: String, fetchChallengeEndpoint: Url, authPromptMessage: String? = null, authPromptCancelText: String? = null, additionalCsrExtensions: List<X509CertificateExtension> = listOf(), additionalCsrAttributes: List<Pkcs10CertificationRequestAttribute> = listOf()): AttestationResponse(source)

Truly integrated attestation in a single call.

Parameters

additionalCsrExtensions

Certificate extensions to be requested. May be ignored by the issuer.

additionalCsrAttributes

Additional CSR attributes to pack into this CSR.

Throws

Various errors can occur irrespective of attestation: IO, accessing the platform crypto, not authenticating, etc…

This is literally a shorthand for:

val challenge = getChallenge(fetchChallengeEndpoint).getOrThrow()
val csr = challenge.createAttestationProof(alias).getOrThrow()
return attest(csr, challenge.attestationEndpointUrl)
Content copied to clipboard

It is possible to specify authPromptMessage and authPromptCancelText for when key usage (i.e. signing) requires authentication.

Requires the verifier to pack KeyConstraints into the conveyed challenge.

Usually, you'll want to use pass AlternativeNames into additionalCsrExtensions, not a subject name! By default, the RDN used for this CSR will only contain KnownOIDs.serialNumber containing the nonce from the passed nonce. Hence, the values passed to this parameter containing a KnownOIDs.serialNumber will be overwritten.

Generated by Dokka
© 2026 Copyright