@ -414,7 +414,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
// Note: We might want to use an external service for this.
// Note: We might want to use an external service for this.
if data . UDID != ch . Value && data . SerialNumber != ch . Value {
if data . UDID != ch . Value && data . SerialNumber != ch . Value {
subproblem := NewSubproblemWithIdentifier (
subproblem := NewSubproblemWithIdentifier (
Error Malformed Type,
Error RejectedIdentifier Type,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
"challenge identifier %q doesn't match any of the attested hardware identifiers %s" , ch . Value , [ ] string { data . UDID , data . SerialNumber } ,
"challenge identifier %q doesn't match any of the attested hardware identifiers %s" , ch . Value , [ ] string { data . UDID , data . SerialNumber } ,
)
)
@ -442,7 +442,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
// Note: We might want to use an external service for this.
// Note: We might want to use an external service for this.
if data . SerialNumber != ch . Value {
if data . SerialNumber != ch . Value {
subproblem := NewSubproblemWithIdentifier (
subproblem := NewSubproblemWithIdentifier (
Error Malformed Type,
Error RejectedIdentifier Type,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
"challenge identifier %q doesn't match the attested hardware identifier %q" , ch . Value , data . SerialNumber ,
"challenge identifier %q doesn't match the attested hardware identifier %q" , ch . Value , data . SerialNumber ,
)
)
@ -472,11 +472,11 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
// still fail if the challenge value isn't equal to the CSR subject.
// still fail if the challenge value isn't equal to the CSR subject.
if len ( data . PermanentIdentifiers ) > 0 && ! slices . Contains ( data . PermanentIdentifiers , ch . Value ) { // TODO(hs): add support for HardwareModuleName
if len ( data . PermanentIdentifiers ) > 0 && ! slices . Contains ( data . PermanentIdentifiers , ch . Value ) { // TODO(hs): add support for HardwareModuleName
subproblem := NewSubproblemWithIdentifier (
subproblem := NewSubproblemWithIdentifier (
Error Malformed Type,
Error RejectedIdentifier Type,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
Identifier { Type : "permanent-identifier" , Value : ch . Value } ,
"challenge identifier %q doesn't match any of the attested hardware identifiers % q ", ch . Value , data . PermanentIdentifiers ,
"challenge identifier %q doesn't match any of the attested hardware identifiers % s ", ch . Value , data . PermanentIdentifiers ,
)
)
return storeError ( ctx , db , ch , true , NewError ( Error RejectedIdentifier Type, "permanent identifier does not match" ) . WithAdditionalErrorDetail ( ) . AddSubproblems ( subproblem ) )
return storeError ( ctx , db , ch , true , NewError ( Error BadAttestationStatement Type, "permanent identifier does not match" ) . WithAdditionalErrorDetail ( ) . AddSubproblems ( subproblem ) )
}
}
// Update attestation key fingerprint to compare against the CSR
// Update attestation key fingerprint to compare against the CSR