Fix errors
This commit is contained in:
parent
d5cd38b459
commit
d3edf03125
|
@ -63,15 +63,15 @@ function verifyCertificateChain(certificates: string[]) {
|
||||||
|
|
||||||
const CACert = i + 1 >= certificates.length ? Cert : certificates[i + 1];
|
const CACert = i + 1 >= certificates.length ? Cert : certificates[i + 1];
|
||||||
|
|
||||||
const certStruct = jsrsasign.ASN1HEX.getTLVbyList(certificate.hex, 0, [0]);
|
const certStruct = jsrsasign.ASN1HEX.getTLVbyList(certificate.hex!, 0, [0]);
|
||||||
const algorithm = certificate.getSignatureAlgorithmField();
|
const algorithm = certificate.getSignatureAlgorithmField();
|
||||||
const signatureHex = certificate.getSignatureValueHex();
|
const signatureHex = certificate.getSignatureValueHex();
|
||||||
|
|
||||||
// Verify against CA
|
// Verify against CA
|
||||||
const Signature = new jsrsasign.crypto.Signature({alg: algorithm});
|
const Signature = new jsrsasign.KJUR.crypto.Signature({alg: algorithm});
|
||||||
Signature.init(CACert);
|
Signature.init(CACert);
|
||||||
Signature.updateHex(certStruct);
|
Signature.updateHex(certStruct);
|
||||||
valid = valid && Signature.verify(signatureHex); // true if CA signed the certificate
|
valid = valid && !!Signature.verify(signatureHex); // true if CA signed the certificate
|
||||||
}
|
}
|
||||||
|
|
||||||
return valid;
|
return valid;
|
||||||
|
@ -260,7 +260,7 @@ export const procedures = {
|
||||||
}
|
}
|
||||||
|
|
||||||
const certificateChain = header.x5c
|
const certificateChain = header.x5c
|
||||||
.map(key => PEMString(key))
|
.map((key: any) => PEMString(key))
|
||||||
.concat([GSR2]);
|
.concat([GSR2]);
|
||||||
|
|
||||||
if (getCertSubject(certificateChain[0]).CN != 'attest.android.com') {
|
if (getCertSubject(certificateChain[0]).CN != 'attest.android.com') {
|
||||||
|
|
|
@ -14,7 +14,7 @@ import config from '../../../../../config';
|
||||||
import { procedures, hash } from '../../../2fa';
|
import { procedures, hash } from '../../../2fa';
|
||||||
import { publishMainStream } from '../../../../../services/stream';
|
import { publishMainStream } from '../../../../../services/stream';
|
||||||
|
|
||||||
const cborDecodeFirst = promisify(cbor.decodeFirst);
|
const cborDecodeFirst = promisify(cbor.decodeFirst) as any;
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
requireCredential: true,
|
requireCredential: true,
|
||||||
|
@ -90,11 +90,11 @@ export default define(meta, async (ps, user) => {
|
||||||
throw new Error('alg mismatch');
|
throw new Error('alg mismatch');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!procedures[attestation.fmt]) {
|
if (!(procedures as any)[attestation.fmt]) {
|
||||||
throw new Error('unsupported fmt');
|
throw new Error('unsupported fmt');
|
||||||
}
|
}
|
||||||
|
|
||||||
const verificationData = procedures[attestation.fmt].verify({
|
const verificationData = (procedures as any)[attestation.fmt].verify({
|
||||||
attStmt: attestation.attStmt,
|
attStmt: attestation.attStmt,
|
||||||
authenticatorData: authData,
|
authenticatorData: authData,
|
||||||
clientDataHash: clientDataJSONHash,
|
clientDataHash: clientDataJSONHash,
|
||||||
|
|
Loading…
Reference in New Issue