Require a version be set in Android SafetyNet resp

2 files changed, 8 insertions, 2 deletions

diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 9e0c080..efd9c6f 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -17,13 +17,18 @@ type Options = {
  */
 export default function verifyAttestationAndroidSafetyNet(options: Options): boolean {
   const { attStmt, clientDataHash, authData } = options;
+  const { response, ver } = attStmt;
 
-  if (!attStmt.response) {
+  if (!ver) {
+    throw new Error('No ver value in attestation (SafetyNet)');
+  }
+
+  if (!response) {
     throw new Error('No response was included in attStmt by authenticator (SafetyNet)');
   }
 
   // Prepare to verify a JWT
-  const jwt = attStmt.response.toString('utf8');
+  const jwt = response.toString('utf8');
   const jwtParts = jwt.split('.');
 
   const HEADER: SafetyNetJWTHeader = JSON.parse(base64url.decode(jwtParts[0]));
diff --git a/packages/server/src/helpers/decodeAttestationObject.ts b/packages/server/src/helpers/decodeAttestationObject.ts
index 4e53ccf..34b069b 100644
--- a/packages/server/src/helpers/decodeAttestationObject.ts
+++ b/packages/server/src/helpers/decodeAttestationObject.ts
@@ -32,4 +32,5 @@ export type AttestationStatement = {
   x5c?: Buffer[];
   response?: Buffer;
   alg?: number;
+  ver?: string;
 };