Uncrash android-key attestation as well

Yubico · Apr 10, 2019 · c923d39 · c923d39
1 parent 229507f
commit c923d39
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
@@ -490,6 +490,7 @@ public Optional<AttestationTrustResolver> trustResolver() {
                 case ATTESTATION_CA:
                 case BASIC:
                     switch (attestation.getFormat()) {
+                        case "android-key":
                         case "android-safetynet":
                         case "fido-u2f":
                         case "packed":

diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -1710,7 +1710,18 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
           result.getKeyId.getId should equal (RegistrationTestData.NoneAttestation.Default.response.getId)
         }
 
-        it("accept TPM attestations but reports they're untrusted.") {
+        it("accept android-key attestations but report they're untrusted.") {
+          val result = rp.finishRegistration(FinishRegistrationOptions.builder()
+            .request(request)
+            .response(RegistrationTestData.AndroidKey.BasicAttestation.response)
+            .build()
+          )
+
+          result.isAttestationTrusted should be (false)
+          result.getKeyId.getId should equal (RegistrationTestData.AndroidKey.BasicAttestation.response.getId)
+        }
+
+        it("accept TPM attestations but report they're untrusted.") {
           val result = rp.finishRegistration(FinishRegistrationOptions.builder()
             .request(request)
             .response(RegistrationTestData.Tpm.PrivacyCa.response)