Closed ozzi- closed 1 year ago
Thanks a lot! That indeed looks like an oversight in the code, perhaps a prototype first step that we forgot to revisit and finish.
Would you mind sharing an example attestationObject
that reveals the defect, so we can add it to the test cases? I've reproduced the issue with a generated attestation, but real examples from actual authenticators are much more valuable for interoperability tests. But I understand if you're not comfortable with that, seeing as you've redacted parts of your screenshots.
Either way, I'll try to get the fix released pretty soon - we can probably have an RC build out this week. After that we usually wait about 2 weeks before promoting it to an official release.
Would you like to be credited by name or GitHub username in the release notes? (or would you prefer not at all?)
Hi @emlun Im glad to help! I sent you the attestationObject to your email (listed on your GH profile). Concerning the credits, that would be nice.
Looking forward for the RC Cheers
This PR fixes the erroneous reporting of "Missing TPM model" & "Missing TPM version". Tested on two Lenovo Thinkpads X1 Gen9 - TPMModel=ST33HTPHAHD8 and T14 Gen3 (TPMModel=NPCT75x).
Here a debugger screenshot that tries to show the problem, your code tried to read the OIDs only from the first RDN
Initial issue created by me: https://github.com/Yubico/java-webauthn-server/issues/240