class AndroidKeyAttestation::Statement
def attestation_certificate
def attestation_certificate @certificates.first end
def initialize(*certificates)
def initialize(*certificates) @certificates = certificates end
def key_description
def key_description @key_description ||= begin extension_data = attestation_certificate.extensions.detect { |ext| ext.oid == EXTENSION_DATA_OID } raise AndroidKeyAttestation::ExtensionMissingError unless extension_data raw_key_description = OpenSSL::ASN1.decode(extension_data).value.last KeyDescription.new(OpenSSL::ASN1.decode(raw_key_description.value).value) end end
def verify_certificate_chain(root_certificates: GOOGLE_ROOT_CERTIFICATES, time: Time.now)
def verify_certificate_chain(root_certificates: GOOGLE_ROOT_CERTIFICATES, time: Time.now) store = OpenSSL::X509::Store.new root_certificates.each { |cert| store.add_cert(cert) } store.time = time store.verify(attestation_certificate, @certificates[1..-1]) || raise(CertificateVerificationError, store.error_string) end
def verify_challenge(challenge)
def verify_challenge(challenge) attestation_challenge = key_description.attestation_challenge attestation_challenge.bytesize == challenge.bytesize && OpenSSL.fixed_length_secure_compare(attestation_challenge, challenge) || raise(ChallengeMismatchError) end