supreme-verifier/at.asitplus.attestation.supreme/AttestationValidator/verifyKeyAttestation

verifyKeyAttestation

suspend fun verifyKeyAttestation(csr: <Error class: unknown class>, onPreAttestationError: PreAttestationError.() -> String? = { null }, onAttestationError: <Error class: unknown class>.(<Error class: unknown class>) -> String? = { null }, onAttestationSuccess: <Error class: unknown class>.(<Error class: unknown class>) -> Unit = { }, certificateIssuer: CertificateIssuer): <Error class: unknown class>(source)

verifies the received CSR:

Validates nonce contained in the csr against the challengeValidator
extracts the attestation statement from the csr
calls upon warden for key attestation based on the extracted attestation statement
verifies the csr signature against the contained public key

Iff all verifications succeed, certificateIssuer is invoked and the resulting certificate chain is returned as an AttestationResponse.Success.

onPreAttestationError allows side-effect-free investigating/logging/handling high-level errors and preparing error details for the client This comprises

errors in signing a binding certificate,
issues trying to extract the challenge from the CSR
challenge validation errors

onAttestationError allows side-effect-free investigating attestation statement verification errors. Gives you not only the Attestation error, but also a ready-made WardenDebugAttestationStatement. Those are essentially attestation statements received from the client that do not comply with the configured attestation policy (package identifier, bootloader lock state, …). In case the CSR signature is invalid, this callback is also invoked.

onAttestationSuccess allows side-effect-free operations on successful attestation statement verification. Logging and/or collecting numbers for statistical analysis comes to mind.

Should any verification step fail, an AttestationResponse.Failure is returned.