devicecheck-appattest icon indicating copy to clipboard operation
devicecheck-appattest copied to clipboard

Published 20 hours ago verified publisher icon veehaitch

Metadata

Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.

Results 3 devicecheck-appattest issues
Sort by recently updated
recently updated
newest added

Misleading Error Message on Misconfigured Stage

As per https://github.com/veehaitch/devicecheck-appattest/blob/main/src/main/kotlin/ch/veehait/devicecheck/appattest/attestation/AttestationValidator.kt#L268, the error message indicates, that a misconfiguration of development or production stage is not an issue, when in fact mixing up the stages can trigger this exception.

JesusMcCloud avatar JesusMcCloud

Minor issue with exception message on creation time check

2 comment

https://github.com/veehaitch/devicecheck-appattest/blob/cb26211f63c1e2e7949deafe2efdf352daca27fa/src/main/kotlin/ch/veehait/devicecheck/appattest/receipt/ReceiptValidator.kt#L172 ``` // 5. Verify that the receipt’s creation time, given in field 12, is no more than five minutes old. // This helps to thwart replay attacks. if (notAfter.isAfter(receiptPayload.creationTime.value))...

seik0ixtem avatar seik0ixtem

bug
good first issue

ReceiptValidator: rename `notAfter` to `notBefore`

1 comment

So far, the functions `validateReceiptAsync` and `validateReceipt` had been accepting an argument `notAfter` which denoted a timestamp. If a receipt contains a timestamp which is before this deadline, it is...

veehaitch avatar veehaitch

Metadata

60
Stars
8
Forks
Watchers

Owner

verified publisher icon veehaitch

Metadata

Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.

Back