summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts9
1 files changed, 7 insertions, 2 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index f1a768f..be526c5 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -5,6 +5,7 @@ import type { AttestationStatement } from '../../helpers/decodeAttestationObject
import toHash from '../../helpers/toHash';
import verifySignature from '../../helpers/verifySignature';
import getCertificateInfo from '../../helpers/getCertificateInfo';
+import validateCertificatePath from '../../helpers/validateCertificatePath';
import convertASN1toPEM from '../../helpers/convertASN1toPEM';
type Options = {
@@ -90,8 +91,12 @@ export default function verifyAttestationAndroidSafetyNet(options: Options): boo
throw new Error('Certificate common name was not "attest.android.com" (SafetyNet)');
}
- // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements"
- // validateCertificatePath(fullpathCert);
+ // Validate certificate path
+ try {
+ validateCertificatePath(fullpathCert);
+ } catch (err) {
+ throw new Error(`${err} (SafetyNet)`);
+ }
/**
* END Verify Header
*/
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-23 20:55:14 +0000