class WebAuthn::AttestationStatement::AndroidKey

Public Instance Methods

valid?(authenticator_data, client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 10
def valid?(authenticator_data, client_data_hash)
  valid_signature?(authenticator_data, client_data_hash) &&
    matching_public_key?(authenticator_data) &&
    valid_attestation_challenge?(client_data_hash) &&
    all_applications_fields_not_set? &&
    valid_authorization_list_origin? &&
    valid_authorization_list_purpose? &&
    trustworthy?(aaguid: authenticator_data.aaguid) &&
    [attestation_type, attestation_trust_path]
end

Private Instance Methods

all_applications_fields_not_set?() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 35
def all_applications_fields_not_set?
  !tee_enforced.all_applications && !software_enforced.all_applications
end
android_key_attestation() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 63
def android_key_attestation
  @android_key_attestation ||= AndroidKeyAttestation::Statement.new(*certificates)
end
attestation_type() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 55
def attestation_type
  WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC
end
default_root_certificates() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 59
def default_root_certificates
  AndroidKeyAttestation::Statement::GOOGLE_ROOT_CERTIFICATES
end
software_enforced() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 51
def software_enforced
  android_key_attestation.software_enforced
end
tee_enforced() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 47
def tee_enforced
  android_key_attestation.tee_enforced
end
valid_attestation_challenge?(client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 23
def valid_attestation_challenge?(client_data_hash)
  android_key_attestation.verify_challenge(client_data_hash)
rescue AndroidKeyAttestation::ChallengeMismatchError
  false
end
valid_authorization_list_origin?() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 39
def valid_authorization_list_origin?
  tee_enforced.origin == :generated || software_enforced.origin == :generated
end
valid_authorization_list_purpose?() click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 43
def valid_authorization_list_purpose?
  tee_enforced.purpose == [:sign] || software_enforced.purpose == [:sign]
end
valid_certificate_chain?(aaguid: nil, **_) click to toggle source
# File lib/webauthn/attestation_statement/android_key.rb, line 29
def valid_certificate_chain?(aaguid: nil, **_)
  android_key_attestation.verify_certificate_chain(root_certificates: root_certificates(aaguid: aaguid))
rescue AndroidKeyAttestation::CertificateVerificationError
  false
end