search

Yubico / java-webauthn-server

Server-side Web Authentication library for Java https://www.w3.org/TR/webauthn/#rp-operations
Other
457 stars 142 forks source link

Invalid TPM attestation certificate #240

Closed ozzi- closed 1 year ago

ozzi- commented 1 year ago

Hi there

I just checked out aca3c5d07df01d3306102c8e08de603936311cb8 and ran the demo. On my Thinkpad X1 Gen9 as well as a Thinkpad T14 Gen 3 (both have a reasonably new TPM), I receive the following error when trying to register: java.lang.IllegalArgumentException: Invalid TPM attestation certificate: The Subject Alternative Name extension MUST be set as defined in [TPMv2-EK-Profile] section 3.2.9. Missing TPM model. Missing TPM version.

Might this be a bug or do I have two devices with unsuitable hardware? Any hints would be great.

Cheers

ozzi- commented 1 year ago

TPMVersion, TPMModel and TPMManufacturer should be present image

image

ozzi- commented 1 year ago

I did some digging and created a PR which fixes this issue: https://github.com/Yubico/java-webauthn-server/pull/241

emlun commented 1 year ago

The fix from PR #241 is available now in pre-release 2.2.0-RC1. As usual we'll wait about 2 weeks before promoting it to a finished 2.2.0 release. Thanks again!