supreme-verifier/at.asitplus.attestation.supreme

Package-level declarations

Types

Link copied to clipboard
class AttestationValidator(warden: <Error class: unknown class>, val attestationProofOID: <Error class: unknown class>, challengeValidator: ChallengeValidator)

Verifies attestation statements and issues certificates on success. Expects a preconfigured Warden instance and an OID to be used in a CSR to convey an attestation statement. Also requires a challengeValidator, checking challenges validity and invalidating it once used.

Link copied to clipboard
typealias CertificateIssuer = suspend (<Error class: unknown class>, <Error class: unknown class>) -> <Error class: unknown class><<Error class: unknown class>>

Gets passed the signed CSR from the mobile client after it was thoroughly checked and verified. At this point, the CSR's signature has been verified, then challenge checked, and the public key attested. Hence, a certificate can be issued and the whole certificate chain (from newly issued certificate up to the CA) shall be returned.

Link copied to clipboard
Link copied to clipboard
typealias ChallengeValidator = suspend (ByteArray) -> ChallengeValidationResult

invoked from AttestationValidator.verifyKeyAttestation. Useful to match against in-transit attestation processes. Most probably, this will check against a nonce cache and evict any matched nonce from the cache. Implementing this function in a meaningful manner is absolutely crucial, since this is the actual challenge matching, ensuring freshness!

Link copied to clipboard
sealed class PreAttestationError