Update SafetyNet to use new cert path validator

author: Matthew Miller <matthew@millerti.me> 2020-06-24 22:23:43 -0700
committer: Matthew Miller <matthew@millerti.me> 2020-06-24 22:23:43 -0700
commit: c63fedc675e5639c3f04201c36ef5c2d28b9dac0 (patch)
tree: 9bc18a8294f2a1a8d2d90c003a81659b9e3edb4c /packages/server/src
parent: 3f68076659493ee4da6110524d5c0348e8469aae (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index f1a768f..be526c5 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -5,6 +5,7 @@ import type { AttestationStatement } from '../../helpers/decodeAttestationObject
 import toHash from '../../helpers/toHash';
 import verifySignature from '../../helpers/verifySignature';
 import getCertificateInfo from '../../helpers/getCertificateInfo';
+import validateCertificatePath from '../../helpers/validateCertificatePath';
 import convertASN1toPEM from '../../helpers/convertASN1toPEM';
 
 type Options = {
@@ -90,8 +91,12 @@ export default function verifyAttestationAndroidSafetyNet(options: Options): boo
     throw new Error('Certificate common name was not "attest.android.com" (SafetyNet)');
   }
 
-  // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements"
-  // validateCertificatePath(fullpathCert);
+  // Validate certificate path
+  try {
+    validateCertificatePath(fullpathCert);
+  } catch (err) {
+    throw new Error(`${err} (SafetyNet)`);
+  }
   /**
    * END Verify Header
    */
author	Matthew Miller <matthew@millerti.me>	2020-06-24 22:23:43 -0700
committer	Matthew Miller <matthew@millerti.me>	2020-06-24 22:23:43 -0700
commit	c63fedc675e5639c3f04201c36ef5c2d28b9dac0 (patch)
tree	9bc18a8294f2a1a8d2d90c003a81659b9e3edb4c /packages/server/src
parent	3f68076659493ee4da6110524d5c0348e8469aae (diff)