summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/attestation/verifications/verifyPacked.ts7
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 53d5fa3..884badd 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -94,6 +94,13 @@ export default async function verifyAttestationPacked(options: Options): Promise
// If available, validate attestation alg and x5c with info in the metadata statement
const statement = await MetadataService.getStatement(aaguid);
if (statement) {
+ // The presence of x5c means this is a full attestation. Check to see if attestationTypes
+ // includes packed attestations.
+ // See constants > FIDO_METADATA_ATTESTATION_TYPES for what this number means
+ if (statement.attestationTypes.indexOf(15879) < 0) {
+ throw new Error('Metadata does not indicate support for full attestations (Packed|Full)');
+ }
+
try {
verifyAttestationWithMetadata(statement, alg, x5c);
} catch (err) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-21 14:58:03 +0000