The certificate provided by FIDO Conformance Tools 1.7.2v and the certificate requested by the test are the same.

[Lee-seungju]

We developed Server using simpleWebAuthn(5.4.2) library. Test by FIDO Conformance Tools 1.7.2

We conducted the test using the metadata provided by the tester. However, in the Server-Server Authenticator Attestation Response-Resp-5 Test server processing 'packed' FULL attack P-3 test, the requested certificate is the same as the one provided.

The process that caused this error is as follows.

1. Come into the packed implementation and extract the x5c and necessary data.
2. The value exists in x5c, and it passes the checks such as OU, CN, O, C, basecConstraintsCA, version, etc.
3. Check that the metadata has the aaguid of the requested data. If there is a value that matches the aaguid, the metadata is stored in the statement.(statement)
4. Check and pass the algorithm of statement and public key.
5. Convert x5c and statement to PEM keys, respectively.
6. Checks if the two keys are the same, which returns an error that the two keys are identical and thus duplicates.

Can you give some suggestions to solve this?

[MasterKale]

@Lee-seungju Thank you for the comprehensive issue submission! I'm happy to report that I may have a fix - I managed to get that specific test to pass locally:

I'll try and get this fix released in a new version sometime this weekend.

[MasterKale]

The fix for this is now available in @simplewebauthn/[email protected].