validateAndroidKeyAttestation
suspend fun validateAndroidKeyAttestation(chain: X509CertChain, challenge: ByteString?, requireGmsAttestation: Boolean, requireVerifiedBootGreen: Boolean, requireKeyMintSecurityLevel: AndroidKeystoreSecurityLevel, requireAppSignatureCertificateDigests: Set<ByteString>, requireAppPackages: Set<String>, validateAt: Instant = Clock.System.now()): ByteString
Checks if Android key attestation is valid according to the given criteria.
// TODO: use revocation list from https://android.googleapis.com/attestation/status
Return
challenge/nonce used during key creation
Parameters
chain
Android key attestation
challenge
challenge/nonce used during key creation (if needs to be checked)
requireGmsAttestation
check that certificate chain is rooted in a known Google key
requireVerifiedBootGreen
check that the device has booted securely
requireKeyMintSecurityLevel
identifies acceptable security level
requireAppSignatureCertificateDigests
identifies trusted app signing keys
requireAppPackages
identifies trusted app package names
validateAt
time instant used to validate certificate validity intervals
Throws
if Android key attestation is not valid