summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts8
1 files changed, 3 insertions, 5 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index f07849c..3b5e73a 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -25,16 +25,12 @@ export default async function verifyAttestationAndroidSafetyNet(
options: Options,
): Promise<boolean> {
const { attStmt, clientDataHash, authData, aaguid, verifyTimestampMS = true } = options;
- const { response, ver, alg } = attStmt;
+ const { response, ver } = attStmt;
if (!ver) {
throw new Error('No ver value in attestation (SafetyNet)');
}
- if (typeof alg !== 'number') {
- throw new Error(`Attestation Statement alg "${alg}" is not a number (SafetyNet)`);
- }
-
if (!response) {
throw new Error('No response was included in attStmt by authenticator (SafetyNet)');
}
@@ -99,6 +95,8 @@ export default async function verifyAttestationAndroidSafetyNet(
const statement = await MetadataService.getStatement(aaguid);
if (statement) {
try {
+ // Convert from alg in JWT header to a number in the metadata
+ const alg = HEADER.alg === 'RS256' ? -257 : -99999;
verifyAttestationWithMetadata(statement, alg, HEADER.x5c);
} catch (err) {
throw new Error(`${err} (SafetyNet)`);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-21 16:24:08 +0000