diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-06-24 22:23:43 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-06-24 22:23:43 -0700 |
| commit | c63fedc675e5639c3f04201c36ef5c2d28b9dac0 (patch) | |
| tree | 9bc18a8294f2a1a8d2d90c003a81659b9e3edb4c | |
| parent | 3f68076659493ee4da6110524d5c0348e8469aae (diff) | |
Update SafetyNet to use new cert path validator
| -rw-r--r-- | packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts index f1a768f..be526c5 100644 --- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts +++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts @@ -5,6 +5,7 @@ import type { AttestationStatement } from '../../helpers/decodeAttestationObject import toHash from '../../helpers/toHash'; import verifySignature from '../../helpers/verifySignature'; import getCertificateInfo from '../../helpers/getCertificateInfo'; +import validateCertificatePath from '../../helpers/validateCertificatePath'; import convertASN1toPEM from '../../helpers/convertASN1toPEM'; type Options = { @@ -90,8 +91,12 @@ export default function verifyAttestationAndroidSafetyNet(options: Options): boo throw new Error('Certificate common name was not "attest.android.com" (SafetyNet)'); } - // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements" - // validateCertificatePath(fullpathCert); + // Validate certificate path + try { + validateCertificatePath(fullpathCert); + } catch (err) { + throw new Error(`${err} (SafetyNet)`); + } /** * END Verify Header */ |