From c923d3962af1f02ebe6236dc245ccb173b13f782 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Wed, 10 Apr 2019 16:22:23 +0200
Subject: [PATCH] Uncrash android-key attestation as well

---
 .../yubico/webauthn/FinishRegistrationSteps.java    |  1 +
 .../webauthn/RelyingPartyRegistrationSpec.scala     | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
index 5a085f16d..83e8fca3c 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
@@ -490,6 +490,7 @@ public Optional<AttestationTrustResolver> trustResolver() {
                 case ATTESTATION_CA:
                 case BASIC:
                     switch (attestation.getFormat()) {
+                        case "android-key":
                         case "android-safetynet":
                         case "fido-u2f":
                         case "packed":
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
index 76fe01fdb..8740d3b0c 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -1710,7 +1710,18 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
           result.getKeyId.getId should equal (RegistrationTestData.NoneAttestation.Default.response.getId)
         }
 
-        it("accept TPM attestations but reports they're untrusted.") {
+        it("accept android-key attestations but report they're untrusted.") {
+          val result = rp.finishRegistration(FinishRegistrationOptions.builder()
+            .request(request)
+            .response(RegistrationTestData.AndroidKey.BasicAttestation.response)
+            .build()
+          )
+
+          result.isAttestationTrusted should be (false)
+          result.getKeyId.getId should equal (RegistrationTestData.AndroidKey.BasicAttestation.response.getId)
+        }
+
+        it("accept TPM attestations but report they're untrusted.") {
           val result = rp.finishRegistration(FinishRegistrationOptions.builder()
             .request(request)
             .response(RegistrationTestData.Tpm.PrivacyCa.response)