Set subject for app attest key

PKCS7 does not maintain the order of certificates in a certification path. Set unique subject to reduce sorting issues.
vvb2060 · Nov 15, 2023 · bb82068 · bb82068
1 parent 7220e2c
commit bb82068
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt b/app/src/main/java/io/github/vvb2060/keyattestation/home/HomeViewModel.kt
@@ -44,6 +44,7 @@ import java.security.cert.CertificateParsingException
 import java.security.cert.X509Certificate
 import java.security.spec.ECGenParameterSpec
 import java.util.Date
+import javax.security.auth.x500.X500Principal
 
 class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : ViewModel() {
 
@@ -111,6 +112,9 @@ class HomeViewModel(pm: PackageManager, private val sp: SharedPreferences) : Vie
             if (attestKeyAlias != null && !attestKey) {
                 builder.setAttestKeyAlias(attestKeyAlias)
             }
+            if (attestKey) {
+                builder.setCertificateSubject(X500Principal("CN=App Attest Key"))
+            }
         }
         val keyPairGenerator = KeyPairGenerator.getInstance(
                 KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore")