summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidKey.ts15
1 files changed, 9 insertions, 6 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidKey.ts b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
index 0198ee7..2b91a30 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidKey.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
@@ -9,7 +9,8 @@ import {
JASN1,
} from '../../helpers/asn1Utils';
import convertCOSEtoPKCS, { COSEALGHASH } from '../../helpers/convertCOSEtoPKCS';
-import validateCertificatePath from '../../helpers/validateCertificatePath';
+import MetadataService from '../../metadata/metadataService';
+import verifyAttestationWithMetadata from 'metadata/verifyAttestationWithMetadata';
type Options = {
authData: Buffer;
@@ -87,11 +88,13 @@ export default async function verifyAttestationAndroidKey(options: Options): Pro
// throw new Error('Root certificate was not expected certificate (AndroidKey)');
// }
- // Verify certificate path
- try {
- validateCertificatePath(x5c.map(convertASN1toPEM));
- } catch (err) {
- throw new Error(`${err} (AndroidKey)`);
+ const statement = await MetadataService.getStatement(aaguid);
+ if (statement) {
+ try {
+ verifyAttestationWithMetadata(statement, alg, x5c);
+ } catch (err) {
+ throw new Error(`${err.message} (AndroidKey)`);
+ }
}
const signatureBase = Buffer.concat([authData, clientDataHash]);
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 22:25:36 +0000