diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-06-09 10:03:27 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-06-09 10:03:27 -0700 |
| commit | 8202d447f9be8081a3f10a96796ec49663e5f8cb (patch) | |
| tree | eee41525f2fa950f301f8604d6e17278328c7001 /packages/server/src | |
| parent | f0cec0225f1b40d3832deb93b420fda71bbe39ee (diff) | |
Add another test for SafetyNet verification
Diffstat (limited to 'packages/server/src')
| -rw-r--r-- | packages/server/src/attestation/verifications/verifyAndroidSafetyNet.test.ts | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.test.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.test.ts index 2527b59..001eb35 100644 --- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.test.ts +++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.test.ts @@ -7,21 +7,44 @@ import decodeAttestationObject, { } from '../../helpers/decodeAttestationObject'; import toHash from '../../helpers/toHash'; -test('should verify Android SafetyNet attestation', () => { +let authData: Buffer; +let attStmt: AttestationStatement; +let clientDataHash: Buffer; + +beforeEach(() => { const { attestationObject, clientDataJSON } = attestationAndroidSafetyNet.response; const decodedAttestationObject = decodeAttestationObject(attestationObject); - const { authData, attStmt } = decodedAttestationObject; + authData = decodedAttestationObject.authData; + attStmt = decodedAttestationObject.attStmt; + clientDataHash = toHash(base64url.toBuffer(clientDataJSON)); +}); + +/** + * We need to use the `verifyTimestampMS` escape hatch until I can figure out how to generate a + * signature after modifying the payload with a `timestampMs` we can dynamically set + */ +test('should verify Android SafetyNet attestation', () => { const verified = verifyAndroidSafetyNet({ attStmt, authData, - clientDataHash: toHash(base64url.toBuffer(clientDataJSON)), + clientDataHash, verifyTimestampMS: false, }); expect(verified).toEqual(true); }); +test('should throw error when timestamp is not within one minute of now', () => { + expect(() => { + verifyAndroidSafetyNet({ + attStmt, + authData, + clientDataHash, + }); + }).toThrow(/has expired/i); +}); + const attestationAndroidSafetyNet = { id: 'AQy9gSmVYQXGuzd492rA2qEqwN7SYE_xOCjduU4QVagRwnX30mbfW75Lu4TwXHe-gc1O2PnJF7JVJA9dyJm83Xs', rawId: 'AQy9gSmVYQXGuzd492rA2qEqwN7SYE_xOCjduU4QVagRwnX30mbfW75Lu4TwXHe-gc1O2PnJF7JVJA9dyJm83Xs', |