supreme-common/at.asitplus.attestation.supreme/AttestationChallenge

AttestationChallenge

@Serializable
data class AttestationChallenge(source)

Represents a challenge for attestation processes, encapsulating necessary details such as the nonce, validity, and additional constraints or metadata for the attestation proof.

The class provides serialization support for its fields and enforces strict requirements, such as the maximum size of the nonce. It includes both diagnostic and functional properties to support attestation protocols and ensure client compliance with server requirements.

Throws

If the nonce exceeds 128 bytes.

Constructors

Link copied to clipboard
constructor(issuedAt: Instant, validity: Duration, timeZone: TimeZone? = null, nonce: ByteArray, attestationEndpoint: String, proofOID: ObjectIdentifier, genericDeviceNameOID: ObjectIdentifier? = null, keyConstraints: KeyConstraints? = null, additionalPayload: Map<String, Constrained?>? = null, transientData: Any? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
@Serializable(with = ConstrainedMapSerializer::class)
val additionalPayload: Map<String, Constrained?>?

Optional user-defined payload.

Link copied to clipboard
val attestationEndpoint: String

The endpoint to post the CSR containing the attestation proof to.

Link copied to clipboard
@Serializable(with = ObjectIdentifierStringSerializer::class)
val genericDeviceNameOID: ObjectIdentifier?

Whether to include a generic make and model (such as "Google Pixel 8", or "iPhone 16" with the attestation proof). Setting this to an OID other than null will include a device name on a best-effort basis. Defaults to null (i.e., no device name will be included).

Link copied to clipboard
@Serializable(with = InstantLongSerializer::class)
val issuedAt: Instant

The issuing time of the nonce. Useful to detect clock drifts and exit early. This is not considered sensible information, as clocks must be in sync anyhow.

Link copied to clipboard
val keyConstraints: KeyConstraints?

Specifies key constraints for the client

Link copied to clipboard
@Serializable(with = ByteArrayBase64UrlSerializer::class)
val nonce: ByteArray

The nonce chosen by the server. Must be at most 128 bytes long, as this is the largest nonce size supported by Android.

Link copied to clipboard
@Serializable(with = ObjectIdentifierStringSerializer::class)
val proofOID: ObjectIdentifier

The OID to be used for encoding the attestation proof into the signed CSR used to transfer the proof.

Link copied to clipboard
@Serializable(with = TimeZoneSerializer::class)
val timeZone: TimeZone?

The server timezone. Purely diagnostic, since Instant used for issuedAt is UTC by definition. Can be omitted if the server does not want to disclose this information

Link copied to clipboard
@Transient
val transientData: Any?

Optional runtime-only attachment for application state.

Link copied to clipboard
@Serializable(with = DurationWholeSecondsSerializer::class)
val validity: Duration

How long this nonce is considered valid.

Link copied to clipboard
val validUntil: Instant

Lazily-evaluated property

Link copied to clipboard
val version: Int?

Indicates the wire format version; needs to default to null for the default serializer to handle it correctly. The public constructor sets this to CURRENT_VERSION.

Functions

Link copied to clipboard
open operator override fun equals(other: Any?): Boolean
Link copied to clipboard
fun getRdnSerialNumber(): AttributeTypeAndValue

Encapsulates the nonce encoded into a KnownOIDs.serialNumber RDN component for easier parsing

Link copied to clipboard
open override fun hashCode(): Int
Generated by Dokka
© 2026 Copyright