You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm looking into the line-fido2-server project (link: line-fido2-server), and have some queries related to the verification of attestation certificates.
In the AttestationServiceImpl class, there's a method called verifyAttestationCertificate() that includes a step to fetch attestation root certificates from a database table called METADATA_YUBICO. However, it seems that this table is always empty, and I couldn't find any implementation in line-fido2-server to populate the METADATA_YUBICO table with the necessary metadata.
In particular, the issue arises when the attestation format is "fido-u2f" and the x509 certificate contains the issuer DN name "yubico". The method verifyAttestationCertificate() calls getLatestMetadata() in MetadataYubicoServiceImpl, but since the METADATA_YUBICO table is empty, no attestation root certificates are retrieved. Consequently, the verifyAttestationCertificate() method throws a METADATA_NOT_FOUND exception, as it cannot find the required metadata.
Should the METADATA_YUBICO table be manually populated with the relevant attestation root certificates for "yubico"?
Any assistance or insight would be greatly appreciated. Thank you!
The text was updated successfully, but these errors were encountered:
Hi. Team -
I'm looking into the line-fido2-server project (link: line-fido2-server), and have some queries related to the verification of attestation certificates.
In the AttestationServiceImpl class, there's a method called verifyAttestationCertificate() that includes a step to fetch attestation root certificates from a database table called METADATA_YUBICO. However, it seems that this table is always empty, and I couldn't find any implementation in line-fido2-server to populate the METADATA_YUBICO table with the necessary metadata.
In particular, the issue arises when the attestation format is "fido-u2f" and the x509 certificate contains the issuer DN name "yubico". The method verifyAttestationCertificate() calls getLatestMetadata() in MetadataYubicoServiceImpl, but since the METADATA_YUBICO table is empty, no attestation root certificates are retrieved. Consequently, the verifyAttestationCertificate() method throws a METADATA_NOT_FOUND exception, as it cannot find the required metadata.
Should the METADATA_YUBICO table be manually populated with the relevant attestation root certificates for "yubico"?
Any assistance or insight would be greatly appreciated. Thank you!
The text was updated successfully, but these errors were encountered: