supreme-verifier/at.asitplus.attestation.supreme/AttestationVerifier/issueChallenge

issueChallenge

suspend fun issueChallenge(postEndpoint: String, timeZone: <Error class: unknown class>? = null, keyConstraints: <Error class: unknown class>? = defaultKeyConstraints): <Error class: unknown class>(source)

Issues a new attestation challenge, using a nonce generated by nonceGenerator, valid for a duration of nonceValidity, expecting an CSR containing an attestation statement to be HTTP POSTed to postEndpoint. It is possible, to pass a timeZone, but this is purely informational and is not fed into validity checks.

Specify keyConstraints to communicate to the type of key and its properties to the client, for automatic key creation. Defaults to defaultKeyConstraints.

Note that the inverse of Makoto.verificationTimeOffset is added to the nonce validity period to account for clock drift between clients and server. Why the inverse? Because clients check validity against their local clocks, reversing their relative view of the server time offset.

Note that the challengeValidator needs to account for this inverse view! The default InMemoryChallengeCache already does that.