forked from TrueCloudLab/certificates
iOS 16 beta 2 support
This commit is contained in:
parent
7e1b0bebd9
commit
274f6ccb41
1 changed files with 18 additions and 1 deletions
|
@ -326,6 +326,15 @@ type AttestationObject struct {
|
|||
// TODO(bweeks): move attestation verification to a shared package.
|
||||
// TODO(bweeks): define new error type for failed attestation validation.
|
||||
func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSONWebKey, payload []byte) error {
|
||||
// TODO(bweeks): investigate if the iOS implementation allows for proper
|
||||
// platform detection.
|
||||
{
|
||||
var p ApplePayload
|
||||
if err := json.Unmarshal(payload, &p); err == nil {
|
||||
return appleAttest01Validate(ctx, ch, db, jwk, payload)
|
||||
}
|
||||
}
|
||||
|
||||
var p Payload
|
||||
if err := json.Unmarshal(payload, &p); err != nil {
|
||||
return WrapErrorISE(err, "error unmarshalling JSON")
|
||||
|
@ -432,7 +441,10 @@ func appleAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.
|
|||
return WrapErrorISE(err, "error unmarshalling JSON")
|
||||
}
|
||||
|
||||
fmt.Fprintf(os.Stderr, "p.AttObj: %v\n", p.AttObj)
|
||||
if p.Error != "" {
|
||||
return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType,
|
||||
"payload contained error: %v", p.Error))
|
||||
}
|
||||
|
||||
attObj, err := base64.RawURLEncoding.DecodeString(p.AttObj)
|
||||
if err != nil {
|
||||
|
@ -455,6 +467,11 @@ func appleAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.
|
|||
"x5c not present"))
|
||||
}
|
||||
|
||||
if len(x5c) == 0 {
|
||||
return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType,
|
||||
"x5c is empty"))
|
||||
}
|
||||
|
||||
attCertBytes, valid := x5c[0].([]byte)
|
||||
if !valid {
|
||||
return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType,
|
||||
|
|
Loading…
Reference in a new issue