From b5176b4d3fdd97301be0d194ab48ab3c6fa558fb Mon Sep 17 00:00:00 2001
From: Carmen Hanish <cyhanish@google.com>
Date: Tue, 20 Jan 2026 05:26:25 -0800
Subject: [PATCH] Refactor getting serial numbers into its own method.

PiperOrigin-RevId: 858541617
---
 renovate.json                                          | 6 ------
 src/main/kotlin/Verifier.kt                            | 6 +-----
 src/main/kotlin/provider/KeyAttestationCertPath.kt     | 9 +++++++++
 src/test/kotlin/provider/KeyAttestationCertPathTest.kt | 7 +++++++
 4 files changed, 17 insertions(+), 11 deletions(-)
 delete mode 100644 renovate.json

diff --git a/renovate.json b/renovate.json
deleted file mode 100644
index abf4b05..0000000
--- a/renovate.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "local>android/.github:renovate-config"
-  ]
-}
diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt
index b7a81ba..34f6f8b 100644
--- a/src/main/kotlin/Verifier.kt
+++ b/src/main/kotlin/Verifier.kt
@@ -225,11 +225,7 @@ open class Verifier(
     log: VerifyRequestLog? = null,
   ): VerificationResult {
     log?.logInputChain(certPath.certificatesWithAnchor.map { it.getEncoded().toByteString() })
-    log?.logCertSerialNumbers(
-      certPath.certificatesWithAnchor.subList(1, certPath.certificatesWithAnchor.size).map {
-        it.serialNumber.toString(16)
-      }
-    )
+    log?.logCertSerialNumbers(certPath.serialNumbers())
     val certPathValidator = CertPathValidator.getInstance("KeyAttestation")
     val certPathParameters =
       PKIXParameters(trustAnchorsSource()).apply {
diff --git a/src/main/kotlin/provider/KeyAttestationCertPath.kt b/src/main/kotlin/provider/KeyAttestationCertPath.kt
index a4a7573..c26d1ed 100644
--- a/src/main/kotlin/provider/KeyAttestationCertPath.kt
+++ b/src/main/kotlin/provider/KeyAttestationCertPath.kt
@@ -63,6 +63,15 @@ class KeyAttestationCertPath(certs: List<X509Certificate>) : CertPath("X.509") {
 
   override fun getCertificates(): List<X509Certificate> = certificatesWithAnchor.dropLast(1)
 
+  /**
+   * Returns the serial numbers of the certificates in the certificate chain.
+   *
+   * The format is unpadded hex strings.
+   *
+   * @return the serial numbers of the certificates in the certificate chain.
+   */
+  fun serialNumbers() = certificatesWithAnchor.map { it.serialNumber.toString(16) }
+
   fun provisioningMethod() =
     when {
       isFactoryProvisioned() -> ProvisioningMethod.FACTORY_PROVISIONED
diff --git a/src/test/kotlin/provider/KeyAttestationCertPathTest.kt b/src/test/kotlin/provider/KeyAttestationCertPathTest.kt
index e46a433..09e8836 100644
--- a/src/test/kotlin/provider/KeyAttestationCertPathTest.kt
+++ b/src/test/kotlin/provider/KeyAttestationCertPathTest.kt
@@ -94,6 +94,13 @@ class KeyAttestationCertPathTest {
       .isEqualTo(CertLists.validFactoryProvisioned.first())
   }
 
+  @Test
+  fun getSerialNumbers_returnsExpectedSerialNumbers() {
+    assertThat(KeyAttestationCertPath(CertLists.validFactoryProvisioned).serialNumbers())
+      .containsExactly("1", "cafbad", "1234567890", "ca11cafe")
+      .inOrder()
+  }
+
   @Test
   fun provisioningMethod_returnsExpectedType(@TestParameter testCase: ProvisioningMethodTestCase) {
     val certPath = readCertPath("${testCase.path}.pem")