1

I have been trying to decode the octet string as per steps mentioned in https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server?language=objc
Here is what I have tried:

        X509Certificate cert1 = getParentCertificate(new String(decodedCredCert));
        System.out.println(cert1);
        cert1.checkValidity(); // verify against apple app attest root ca
        byte[] ext = cert1.getExtensionValue("1.2.840.113635.100.8.2");
        ASN1InputStream bIn = new ASN1InputStream(ext);
        ASN1Primitive obj = bIn.readObject();
        ASN1OctetString string = (ASN1OctetString) obj;
        byte[] octs = string.getOctets();
        ASN1InputStream dIn = new ASN1InputStream(octs);
        String octetString = ASN1Dump.dumpAsString(dIn.readObject());

I got the output as: "[[1]#8333585e692916d8cbcdce3c6aa2bd71617d54fed758957cfd6b50a2093fd506]"

4

2 回答 2

2

对于 Ios AppAttestation,请按照以下方式获取扩展值及其对应的八位字节字符串。如该页面所述,

获取 OID 为 1.2.840.113635.100.8.2 的 credCert 扩展的值,这是一个 DER 编码的 ASN.1 序列。解码序列并提取它包含的单个八位字节字符串。

这是示例代码:

byte[] oidValue = credCert.getExtensionValue(ooid);
DEROctetString envelope = (DEROctetString) new ASN1InputStream(oidValue).readObject();
DLSequence sequence = (DLSequence) new ASN1InputStream(envelope.getOctetStream()).readObject();
DLTaggedObject taggedObject = (DLTaggedObject) sequence.getObjectAt(0);
DEROctetString taggedObjectOctet = (DEROctetString) taggedObject.getObject();
log.debug("Octet String : {}", taggedObjectOctet.getOctets());
于 2022-02-22T11:51:43.303 回答
1

“八位组字符串”只是现代语言称为“字节数组”的规范短语。您已经提取了 的值octs,并且应该将该值与您应该与之比较的任何 nonce 进行比较。

于 2022-02-16T16:46:21.707 回答