diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-05-19 08:46:13 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-05-19 08:46:13 -0700 |
| commit | 1eb2194b3f6bd58f5f91c864237dc7ed323ec967 (patch) | |
| tree | 741c115e2f21aff78899953840279a5cb5ba247f | |
| parent | 1a894a0431a35d7b705d1ced477ba82606c490af (diff) | |
Add types for SafetyNet JWT parts
| -rw-r--r-- | src/attestation/verifications/verifyAndroidSafetyNet.ts | 16 | ||||
| -rw-r--r-- | src/types.ts | 17 |
2 files changed, 28 insertions, 5 deletions
diff --git a/src/attestation/verifications/verifyAndroidSafetyNet.ts b/src/attestation/verifications/verifyAndroidSafetyNet.ts index f57b68e..8e0c6e4 100644 --- a/src/attestation/verifications/verifyAndroidSafetyNet.ts +++ b/src/attestation/verifications/verifyAndroidSafetyNet.ts @@ -1,6 +1,12 @@ import base64url from 'base64url'; -import { AttestationObject, VerifiedAttestation } from "@types"; +import { + AttestationObject, + VerifiedAttestation, + SafetyNetJWTHeader, + SafetyNetJWTPayload, + SafetyNetJWTSignature, +} from "@types"; import toHash from "@helpers/toHash"; import verifySignature from '@helpers/verifySignature'; import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS'; @@ -23,9 +29,9 @@ export default function verifyAttestationAndroidSafetyNet( const jwt = attStmt.response.toString('utf8'); const jwtParts = jwt.split('.'); - const HEADER = JSON.parse(base64url.decode(jwtParts[0])); - const PAYLOAD = JSON.parse(base64url.decode(jwtParts[1])); - const SIGNATURE = jwtParts[2]; + const HEADER: SafetyNetJWTHeader = JSON.parse(base64url.decode(jwtParts[0])); + const PAYLOAD: SafetyNetJWTPayload = JSON.parse(base64url.decode(jwtParts[1])); + const SIGNATURE: SafetyNetJWTSignature = jwtParts[2]; console.debug('HEADER:', HEADER); console.debug('PAYLOAD:', PAYLOAD); @@ -64,7 +70,7 @@ export default function verifyAttestationAndroidSafetyNet( * START Verify Header */ // Generate an array of certs constituting a full certificate chain - const fullpathCert = HEADER.x5c.concat([GlobalSignRootCAR2]).map((cert: string) => { + const fullpathCert = HEADER.x5c.concat([GlobalSignRootCAR2]).map((cert) => { let pem = ''; // Take a string of characters and chop them up into 64-char lines (just like a PEM cert) for (let i = 0; i < cert.length; i += 64) { diff --git a/src/types.ts b/src/types.ts index 3773a8b..59e70c1 100644 --- a/src/types.ts +++ b/src/types.ts @@ -85,3 +85,20 @@ export enum COSEKEYS { }; export type COSEPublicKey = Map<COSEAlgorithmIdentifier, number | Buffer>; + +export type SafetyNetJWTHeader = { + alg: 'string', + x5c: string[], +}; + +export type SafetyNetJWTPayload = { + nonce: string, + timestampMs: number, + apkPackageName: string, + apkDigestSha256: string, + ctsProfileMatch: boolean, + apkCertificateDigestSha256: string[], + basicIntegrity: boolean, +}; + +export type SafetyNetJWTSignature = string; |