diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-05-19 01:57:04 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-05-19 01:57:12 -0700 |
| commit | 374ad0a0236ef7f98654a5c03f20e52f96c5831f (patch) | |
| tree | d09788da10a7a953fcd3da9f99bb98336dbd43b0 | |
| parent | e4804fa981f738df1efb2e4cf3b735d3ce43399f (diff) | |
Stub out validateCertificatePath for later
| -rw-r--r-- | src/attestation/verifications/verifyAndroidSafetyNet.ts | 2 | ||||
| -rw-r--r-- | src/helpers/validateCertificatePath.ts | 55 |
2 files changed, 56 insertions, 1 deletions
diff --git a/src/attestation/verifications/verifyAndroidSafetyNet.ts b/src/attestation/verifications/verifyAndroidSafetyNet.ts index 534b934..b052967 100644 --- a/src/attestation/verifications/verifyAndroidSafetyNet.ts +++ b/src/attestation/verifications/verifyAndroidSafetyNet.ts @@ -90,7 +90,7 @@ export default function verifyAttestationAndroidSafetyNet( } // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements" - // WebauthnService.validateCertificatePath(fullpathCert); + // validateCertificatePath(fullpathCert); /** * END Verify Header */ diff --git a/src/helpers/validateCertificatePath.ts b/src/helpers/validateCertificatePath.ts new file mode 100644 index 0000000..685ddd8 --- /dev/null +++ b/src/helpers/validateCertificatePath.ts @@ -0,0 +1,55 @@ +export default function validateCertificatePath(certificates: any[]) { + console.log('certificates', certificates); + return false; + // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements" + // console.debug('validating certificate path'); + + // const uniqueCerts = new Set(certificates); + + // if (uniqueCerts.size !== certificates.length) { + // throw new Error('Certificate path could not be verified due to duplicate certificates'); + // } + + // certificates.forEach((subjectPEM, index) => { + // const subjectCert = new jsrsasign.X509(); + // subjectCert.readCertPEM(subjectPEM); + + // let issuerPEM; + // if (index + 1 >= certificates.length) { + // console.debug('using subjectPEM as issuerPEM'); + // issuerPEM = subjectPEM; + // } else { + // console.debug('using next cert as issuerPEM'); + // issuerPEM = certificates[index + 1]; + // } + + // const issuerCert = new jsrsasign.X509(); + // issuerCert.readCertPEM(issuerPEM); + + // const subjectCertString = subjectCert.getSubjectString(); + // const issuerCertString = issuerCert.getSubjectString(); + // if (subjectCertString !== issuerCertString) { + // console.error('subject strings didn\'t match'); + // console.debug('subjectCertString:', subjectCertString); + // console.debug('issuerCertString:', issuerCertString); + // throw new Error('Certificate issuers didn\'t match'); + // } + + // const subjectCertStruct = jsrsasign.ASN1HEX.getTLVbyList(subjectCert.hex, 0, [0]); + // const algorithm = subjectCert.getSignatureAlgorithmField(); + // const signatureHex = subjectCert.getSignatureValueHex(); + + // const Signature = new jsrsasign.crypto.Signature({ alg: algorithm }); + // Signature.init(issuerPEM); + // Signature.updateHex(subjectCertStruct); + + // const sigVerified = Signature.verify(signatureHex); + // if (!sigVerified) { + // console.error('failed to validate certificate path'); + // console.debug('sigVerified:', sigVerified); + // throw new Error('Certificate path could not be validated'); + // } + // }); + + // return true; +} |