supreme-verifier/at.asitplus.attestation.supreme/ChallengeValidator

ChallengeValidator

interface ChallengeValidator(source)

Invoked from AttestationVerifier.verifyAttestation. Useful to match against in-transit attestation processes. Most probably, this will check against a nonce cache and evict any matched nonce from the cache. Implementing this function in a meaningful manner is absolutely crucial, since this is the actual challenge matching, ensuring freshness!

BEWARE OF CLOCK DRIFT AND CONFIGURED OFFSETS WRT. VALIDITY DURATION!

See also

for a sane default logic to account for clock drift

Inheritors

Functions

Link copied to clipboard
abstract suspend fun store(challenge: AttestationChallenge)

The contract of this function is that it stores challenges regardless of their contents and performs no sanity checks. Reason: Strong cryptographic nonces are assumed, making collisions unrealistic

Link copied to clipboard
abstract suspend fun validate(csr: Pkcs10CertificationRequest): ChallengeValidationResult

The contract of this function is that it returns a ChallengeValidationResult.Success iff a valid challenge matching the passend csr from the client is found. In all other cases, it must return a ChallengeValidationResult.Failure:

Generated by Dokka
© 2026 Copyright