apottere/index.ts

## index.ts
import cbor from 'cbor';
import jsrsasign from 'jsrsasign';
import { parseAuthenticatorData } from '@simplewebauthn/server/helpers';
import { ParsedAuthenticatorData } from '@simplewebauthn/server/dist/helpers';


// ...
// const inputKeyId = get keyId from the app - this is a base64 of the sha256sum of the public key in uncompressed point format
// const attestation = get attestation from the app
const validateAttestation = async (inputKeyId: string, challenge: string, attestation: string): Promise<boolean> => {
    const keyId = Buffer.from(inputKeyId, 'base64').toString('hex');
    const attestationObject = (await cbor.decodeAll(Buffer.from(attestation, 'base64')))[0];
    const authData = parseAuthenticatorData(attestationObject.authData) as ParsedAuthenticatorData;

    const credCertBuffer: Buffer | undefined = attestationObject.attStmt.x5c[0];
    if (credCertBuffer === undefined) {
        console.error(`Invalid attestation credential cert: ${credCertBuffer}`);
        return false;
    }

    const credCert = new jsrsasign.X509();
    credCert.readCertHex(credCertBuffer.toString('hex'));

    const credCertPubKeyPoints = (credCert.getPublicKey() as jsrsasign.KJUR.crypto.ECDSA).getPublicKeyXYHex();
    const credCertPubKey = Buffer.concat([
        Buffer.from([0x04]),
        Buffer.from(credCertPubKeyPoints.x, 'hex'),
        Buffer.from(credCertPubKeyPoints.y, 'hex'),
    ]).toString('hex');
    const credCertPubKeyHash = sha256(credCertPubKey, 'hex').toString('hex');
    if (credCertPubKeyHash !== keyId) {
        console.error(`Invalid attestation credential cert public key hash: ${credCertPubKeyHash} !== ${keyId}`);
        return false;
    }

    // ...

    return true;
}
	import cbor from 'cbor';
	import jsrsasign from 'jsrsasign';
	import { parseAuthenticatorData } from '@simplewebauthn/server/helpers';
	import { ParsedAuthenticatorData } from '@simplewebauthn/server/dist/helpers';


	// ...
	// const inputKeyId = get keyId from the app - this is a base64 of the sha256sum of the public key in uncompressed point format
	// const attestation = get attestation from the app
	const validateAttestation = async (inputKeyId: string, challenge: string, attestation: string): Promise<boolean> => {
	const keyId = Buffer.from(inputKeyId, 'base64').toString('hex');
	const attestationObject = (await cbor.decodeAll(Buffer.from(attestation, 'base64')))[0];
	const authData = parseAuthenticatorData(attestationObject.authData) as ParsedAuthenticatorData;

	const credCertBuffer: Buffer \| undefined = attestationObject.attStmt.x5c[0];
	if (credCertBuffer === undefined) {
	console.error(`Invalid attestation credential cert: ${credCertBuffer}`);
	return false;
	}

	const credCert = new jsrsasign.X509();
	credCert.readCertHex(credCertBuffer.toString('hex'));

	const credCertPubKeyPoints = (credCert.getPublicKey() as jsrsasign.KJUR.crypto.ECDSA).getPublicKeyXYHex();
	const credCertPubKey = Buffer.concat([
	Buffer.from([0x04]),
	Buffer.from(credCertPubKeyPoints.x, 'hex'),
	Buffer.from(credCertPubKeyPoints.y, 'hex'),
	]).toString('hex');
	const credCertPubKeyHash = sha256(credCertPubKey, 'hex').toString('hex');
	if (credCertPubKeyHash !== keyId) {
	console.error(`Invalid attestation credential cert public key hash: ${credCertPubKeyHash} !== ${keyId}`);
	return false;
	}

	// ...

	return true;
	}