问题
When using Google SafetyNet for Android the documentation suggest that you
Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to
attest.android.com
Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host.
Does SSL signing cater for validation without previously knowing the public key of the domain? i.e. Can I validate everything from incoming JWS message? I don't see how this is possible, is it?
回答1:
Unfortunately, the documentation is not very descriptive as what you have to do.
The JWS data includes three sections: the header, the payload and the signature. Simplifying things, the header contains the public key certificates used to sign the payload, and the signature is included at the end.
To validate a SafetyNet JWS, you first need to extract the certificates embedded in the header. These certificates have trust chains that can be validated to a public root certificate, so you should verify that these are indeed valid certificates, and that they are issued to attest.android.com
.
Then you take out the signature, and verify it against the embedded certificates.
If you check this, then you can trust the payload. But before looking at basicIntegrity
and ctsProfileMatch
, please ensure that apkPackageName
, apkDigestSha256
and apkCertificateDigestSha256
match those of your app, so you know that the response actually comes from your unmodified app.
Optimally, your programming language should include a JWS library and an SSL library that can do this for you, so you don't have to write this yourself. The public sample includes a Java sample for you to peruse.
来源:https://stackoverflow.com/questions/44262107/how-does-ssl-hostname-matching-work-on-jws