supreme-common/at.asitplus.attestation.android/androidAttestationExtension

androidAttestationExtension

val X509Certificate.androidAttestationExtension: AttestationKeyDescription?(source)

Tries to parse an AttestationKeyDescription certificate extension, if present. Never throws.

val List<X509Certificate>.androidAttestationExtension: AttestationKeyDescription?(source)
val X509Certificate.androidAttestationExtension: AttestationKeyDescription?(source)

Tries to parse an AttestationKeyDescription certificate extension, if present. Never throws.

val CertificateChain.androidAttestationExtension: AttestationKeyDescription?(source)

As per Google's parser: Parse the attestation record that is closest to the root. This prevents an adversary from attesting an attestation record of their choice with an otherwise trusted chain using the following attack:

  1. having the TEE attest a key under the adversary's control,

  2. using that key to sign a new leaf certificate with an attestation extension that has their chosen attestation record, then

  3. appending that certificate to the original certificate chain.

Return

the AttestationKeyDescription closest to the root or null if non is present

Generated by Dokka
© 2026 Copyright