AltIdStatusListClient

class AltIdStatusListClient(fetch: suspend (String) -> ByteArray = ::defaultFetch)

Fetches and validates a Token Status List (JWT format) and resolves an attestation's status bits — validation step 12.

Per §5.7 the Status List JWT signature MUST verify against the certificate in its x5c header, and that certificate MUST be a trusted issuer certificate (checked against the same trust list used for IssuerAuth). When trustList is empty the signature is still verified mathematically, but signer trust is not established (mirrors the verifier's offline mode).

Parameters

fetch

fetches the Status List Token bytes for a URL. Injectable for testing/caching.

Constructors

Link copied to clipboard
constructor(fetch: suspend (String) -> ByteArray = ::defaultFetch)

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
suspend fun checkStatus(uri: String, idx: Int, trustList: List<X509Certificate>, currentTimeSeconds: Long, clockSkewSeconds: Long = 60): AltIdAttestationStatus

Fetches the Status List Token at uri, validates it, and returns the status at idx.