github
/
python-fido2
mirror of https://github.com/Yubico/python-fido2
1
Fork 0
Code Releases Activity

AttestationVerifier.ca_lookup now returns single certificate.

This commit is contained in:
Dain Nilsson 2022-03-02 13:08:13 +01:00
parent 7c46413675
commit 15d3107c5e
No known key found for this signature in database
GPG Key ID: F04367096FBA95E8
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/verify_attestation.py
View File

@ -77,7 +77,7 @@ class YubicoAttestationVerifier(AttestationVerifier):
"""
def ca_lookup(self, result, auth_data):
return [YUBICO_CA]
return YUBICO_CA
uv = "discouraged"

6
fido2/server.py
View File

@ -115,7 +115,7 @@ def _default_attestations():
class AttestationVerifier(abc.ABC):
"""Base class for verifying attestation.
Override the ca_lookup method to provide a trusted root certificate (or chain) used
Override the ca_lookup method to provide a trusted root certificate used
to verify the trust path from the attestation.
"""
@ -152,12 +152,12 @@ class AttestationVerifier(abc.ABC):
# Lookup CA to use for trust path verification
ca = self.ca_lookup(result, attestation_object.auth_data)
if ca is None:
if not ca:
raise UntrustedAttestation("No root found for Authenticator")
# Validate the trust chain
try:
verify_x509_chain(result.trust_path + ca)
verify_x509_chain(result.trust_path + [ca])
except InvalidSignature as e:
raise UntrustedAttestation(e)