This PR adds support for the android-safetynet attestation format to the server package. It should close #24.
Details
parseAndroidSafetyNetKey() follows the process outlined in the WebAuthn specs and the SafetyNet docs. validateAndroidSafetyNetKey() and parseAttestationData() basically duplicates the code from the other formats, since it's the same routine for all.
The original implementation in our fork has been tested and will be used in production soon. This PR takes code & ideas from @tnokin's fork to improve upon the original code.
What It Does
This PR adds support for the
android-safetynet
attestation format to theserver
package. It should close #24.Details
parseAndroidSafetyNetKey()
follows the process outlined in the WebAuthn specs and the SafetyNet docs.validateAndroidSafetyNetKey()
andparseAttestationData()
basically duplicates the code from the other formats, since it's the same routine for all.The original implementation in our fork has been tested and will be used in production soon. This PR takes code & ideas from @tnokin's fork to improve upon the original code.
How To Test
You can test against a real-world example:
Running this should result in: