supreme-common/at.asitplus.attestation.supreme/AttestationChallenge/AttestationChallenge

AttestationChallenge

constructor(issuedAt: Instant, validity: Duration, timeZone: TimeZone? = null, nonce: ByteArray, attestationEndpoint: String, proofOID: ObjectIdentifier, genericDeviceNameOID: ObjectIdentifier? = null, keyConstraints: KeyConstraints? = null, additionalPayload: Map<String, Constrained?>? = null, transientData: Any? = null)(source)

Parameters

issuedAt

The issuing time of the nonce. Useful to detect clock drifts and exit early. This is not considered sensible information, as clocks must be in sync anyhow.

validity

How long this nonce is considered valid.

timeZone

The server timezone. Purely diagnostic, since the Instant used for issuedAt is UTC by definition. Can be omitted if the server does not want to disclose this information

nonce

The nonce chosen by the server. Must be at most 128 bytes long, as this is the largest nonce size supported by Android.

attestationEndpoint

The endpoint to post the CSR containing the attestation proof to.

proofOID

The OID to be used for encoding the attestation proof into the signed CSR used to transfer the proof.

genericDeviceNameOID

Whether to include a generic make and model (such as "Google Pixel 8", or "iPhone 16" with the attestation proof). Setting this to an OID other than null will include a device name on a best-effort basis. Defaults to null (i.e., no device name will be included).

keyConstraints

Specifies key constraints for the client.

additionalPayload

Optional user-defined payload. See additionalPayload for serialization requirements.

transientData

Optional runtime-only attachment. Not serialized and excluded from equality/hashing.

Throws

in case the nonce is larger than 128 bytes

Generated by Dokka
© 2026 Copyright