ChallengeValidator
Invoked from AttestationVerifier.verifyAttestation. Useful to match against in-transit attestation processes. Most probably, this will check against a nonce cache and evict any matched nonce from the cache. Implementing this function in a meaningful manner is absolutely crucial, since this is the actual challenge matching, ensuring freshness! Challenge nonces are sensitive replay-protection material: implementations and operators should avoid logging them, avoid exposing them across sessions or callers, and rely on protected transport plus caller-aware controls outside the nonce cache when needed.
BEWARE OF CLOCK DRIFT AND CONFIGURED OFFSETS WRT. VALIDITY DURATION!
See also
for a sane default logic to account for clock drift
Inheritors
Functions
The contract of this function is that it stores challenges regardless of their contents and performs no sanity checks. Reason: Strong cryptographic nonces are assumed, making collisions unrealistic
The contract of this function is that it returns a ChallengeValidationResult.Success iff a valid challenge matching the passend csr from the client is found. In all other cases, it must return a ChallengeValidationResult.Failure: