summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts')
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts28
1 files changed, 15 insertions, 13 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 6f5365a..5705065 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -11,8 +11,7 @@ import toHash from "@helpers/toHash";
import verifySignature from '@helpers/verifySignature';
import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
import getCertificateInfo from '@helpers/getCertificateInfo';
-
-import parseAttestationAuthData from '../parseAttestationAuthData';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
@@ -23,6 +22,20 @@ export default function verifyAttestationAndroidSafetyNet(
base64ClientDataJSON: string,
): VerifiedAttestation {
const { attStmt, authData, fmt } = attestationObject;
+ const authDataStruct = parseAuthenticatorData(authData);
+ const { counter, credentialID, COSEPublicKey, flags } = authDataStruct;
+
+ if (!flags.up) {
+ throw new Error('User was not present for attestation (None)');
+ }
+
+ if (!COSEPublicKey) {
+ throw new Error('No public key was provided by authenticator (SafetyNet)');
+ }
+
+ if (!credentialID) {
+ throw new Error('No credential ID was provided by authenticator (SafetyNet)');
+ }
if (!attStmt.response) {
throw new Error('No response was included in attStmt by authenticator (SafetyNet)');
@@ -107,19 +120,8 @@ export default function verifyAttestationAndroidSafetyNet(
if (toReturn.verified) {
- const authDataStruct = parseAttestationAuthData(authData);
- const { counter, credentialID, COSEPublicKey, flags } = authDataStruct;
-
toReturn.userVerified = flags.uv;
- if (!COSEPublicKey) {
- throw new Error('No public key was provided by authenticator (SafetyNet)');
- }
-
- if (!credentialID) {
- throw new Error('No credential ID was provided by authenticator (SafetyNet)');
- }
-
const publicKey = convertCOSEtoPKCS(COSEPublicKey);
toReturn.authenticatorInfo = {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-28 12:43:29 +0000