verifyAttestation
Verifies the received CSR:
Validates nonce contained in the csr against the challengeValidator
extracts the attestation statement from the csr
calls upon makoto for key and app attestation based on the extracted attestation statement
verifies the csr signature against the contained public key
Iff all verifications succeed, certificateIssuer is invoked and the resulting certificate chain is returned as an AttestationResponse.Success.
onPreAttestationError allows side-effect-free investigating/logging/handling high-level errors and preparing error details for the client This comprises
errors in signing a binding certificate,
issues trying to extract the challenge from the CSR
challenge validation errors
onChallengeValidated allows side-effect-free investigating/logging/handling of validated challenges. Includes the CSR from the client.
onAttestationError allows side-effect-free investigating attestation statement verification errors. Gives you not only the Attestation error, but also a ready-made WardenDebugAttestationStatement. Those are essentially attestation statements received from the client that do not comply with the configured attestation policy (package identifier, bootloader lock state, …). In case the CSR signature is invalid, this callback is also invoked.
onAttestationSuccess allows side-effect-free operations on successful attestation statement verification. Logging and/or collecting numbers for statistical analysis comes to mind.
additionalVerifications allows to tighten attestation constraints even more. If any custom checks fail, it should return an AttestationResponse.Failure, on success it should return null. The reason for this design is to allow additional checks to define their own semantics for specific failure reasons. It should not throw (but should an exception bubble up, it will be mapped to an internal error). Don't make your checks throw, unless you want internal errors to hit the end-users.
Should any verification step fail, an AttestationResponse.Failure is returned.
Any exception thrown by the observation callback lambdas is ignored (treated as if the callback were a NOOP). additionalVerifications is policy logic, not an observation callback, so exceptions from it cause an internal failure to be sent as response.