Alt Id Status List Client
Fetches and validates a Token Status List (JWT format) and resolves an attestation's status bits — validation step 12.
Per §5.7 the Status List JWT signature MUST verify against the certificate in its x5c header, and that certificate MUST be a trusted issuer certificate (checked against the same trust list used for IssuerAuth). When trustList is empty the signature is still verified mathematically, but signer trust is not established (mirrors the verifier's offline mode).
Parameters
fetch
fetches the Status List Token bytes for a URL. Injectable for testing/caching.
Functions
Link copied to clipboard
suspend fun checkStatus(uri: String, idx: Int, trustList: List<X509Certificate>, currentTimeSeconds: Long, clockSkewSeconds: Long = 60): AltIdAttestationStatus