supreme-common/at.asitplus.attestation.supreme/AttestationChallenge

AttestationChallenge

@Serializable

A generic representation of a challenge sent the server.

Constructors

constructor(issuedAt: Instant, validity: Duration, timeZone: TimeZone? = null, nonce: ByteArray, attestationEndpoint: String, proofOID: ObjectIdentifier, includeGenericDeviceName: Boolean = false, keyConstraints: KeyConstraints? = null)

constructor(issuedAt: Instant, validUntil: Instant, timeZone: TimeZone?, nonce: ByteArray, attestationEndpoint: String, proofOID: ObjectIdentifier, includeGenericDeviceName: Boolean = false, keyConstrains: KeyConstraints? = null)

Convenience constructor to pass two instants instead of instant and duration

Types

Companion

object Companion

Properties

attestationEndpoint

val attestationEndpoint: String

The endpoint to post the CSR containing the attestation proof to

includeGenericDeviceName

val includeGenericDeviceName: Boolean = false

Whether to include a generic make and model (such as "Google Pixel 8", or "iPhone 16" with the attestation proof). On its own this is not the device's nickname and therefore cannot identify a person in its own. Defaults to false.

issuedAt

@Serializable(with = InstantLongSerializer::class)

val issuedAt: Instant

The issuing time of the nonce. Useful to detect clock drifts and exit early. This is not considered sensible information, as clocks must be in sync anyhow.

keyConstraints

val keyConstraints: KeyConstraints? = null

Specified key constraints for the client

nonce

@Serializable(with = ByteArrayBase64UrlSerializer::class)

val nonce: ByteArray

The nonce chosen by the server. Must be at most 128 bytes long, as this is the largest nonce size supported by Android.

proofOID

@Serializable(with = ObjectIdentifierStringSerializer::class)

val proofOID: ObjectIdentifier

The OID to be used for encoding the attestation proof into the signed CSR used to transfer the proof.

timeZone