I have been trying to decode the octet string as per steps mentioned in
https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server?language=objc
Here is what I have tried:
X509Certificate cert1 = getParentCertificate(new String(decodedCredCert));
System.out.println(cert1);
cert1.checkValidity(); // verify against apple app attest root ca
byte[] ext = cert1.getExtensionValue("1.2.840.113635.100.8.2");
ASN1InputStream bIn = new ASN1InputStream(ext);
ASN1Primitive obj = bIn.readObject();
ASN1OctetString string = (ASN1OctetString) obj;
byte[] octs = string.getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
String octetString = ASN1Dump.dumpAsString(dIn.readObject());
I got the output as: "[[1]#8333585e692916d8cbcdce3c6aa2bd71617d54fed758957cfd6b50a2093fd506]"
For Ios AppAttestation, follow as below to get the extension value and it's corresponding octet string. As mentioned in that page,
Obtain the value of the credCert extension with OID 1.2.840.113635.100.8.2, which is a DER-encoded ASN.1 sequence. Decode the sequence and extract the single octet string that it contains.
Here is the sample code:
byte[] oidValue = credCert.getExtensionValue(ooid);
DEROctetString envelope = (DEROctetString) new ASN1InputStream(oidValue).readObject();
DLSequence sequence = (DLSequence) new ASN1InputStream(envelope.getOctetStream()).readObject();
DLTaggedObject taggedObject = (DLTaggedObject) sequence.getObjectAt(0);
DEROctetString taggedObjectOctet = (DEROctetString) taggedObject.getObject();
log.debug("Octet String : {}", taggedObjectOctet.getOctets());