Is your feature request related to a problem? Please describe.
jans-fido2 does not actually support the android-safetynet attestation format. The only trace of it is an unused
Google sample class (google/safetynet/AttestationStatement.java) that nothing references — there is no
android-safetynet entry in the AttestationFormat enum, no processor, and no registration in the attestation processor
factory. As a result an android-safetynet attestation is effectively unhandled.
At the same time the format is being retired:
- Google's SafetyNet Attestation API is deprecated and being discontinued in favour of the Play Integrity API.
- Newer versions of the FIDO Conformance Test Tool have removed android-safetynet from the tested formats.
Because implementing a deprecated format is potentially throwaway work, whether we do anything here is a product decision
that needs to be made before any code is written.
Describe the solution you'd like
A decision on the path forward, driven by one question:
- Does the FIDO Conformance Test Tool version we are targeting still include android-safetynet test cases?
(Confirming the target tool version determines whether the format is in scope at all.)
- If the target version does not test it (or we accept its deprecation): formally drop android-safetynet — remove the
dead sample class and document that the format is unsupported — rather than carry a half-present, deprecated format.
- If the target version does require it: implement a full processor — validate the SafetyNet JWS response, verify its
certificate chain to the Google attestation root, confirm nonce == hash(authenticatorData ‖ clientDataHash), and
check the integrity verdict — accepting the dependency on a deprecated Google API.
Describe alternatives you've considered
- Implement it proactively now — rejected for the moment: likely throwaway if the target tool version has dropped it,
and it ties us to a deprecated Google API.
- Leave the dead sample class as-is — rejected: it makes the format look partially supported, would fail conformance
if the tool still tests it, and is confusing to maintainers.
Additional context
Part of the FIDO2 conformance effort (#9640). This is the one remaining conformance item that is a decision rather
than a coding task; it is best settled once the exact conformance-tool version is confirmed, since that determines
whether android-safetynet is in scope. Once decided, the follow-up is either a small "remove + document" change or a
new attestation processor.
Is your feature request related to a problem? Please describe.
jans-fido2 does not actually support the android-safetynet attestation format. The only trace of it is an unused
Google sample class (google/safetynet/AttestationStatement.java) that nothing references — there is no
android-safetynet entry in the AttestationFormat enum, no processor, and no registration in the attestation processor
factory. As a result an android-safetynet attestation is effectively unhandled.
At the same time the format is being retired:
Because implementing a deprecated format is potentially throwaway work, whether we do anything here is a product decision
that needs to be made before any code is written.
Describe the solution you'd like
A decision on the path forward, driven by one question:
(Confirming the target tool version determines whether the format is in scope at all.)
dead sample class and document that the format is unsupported — rather than carry a half-present, deprecated format.
certificate chain to the Google attestation root, confirm nonce == hash(authenticatorData ‖ clientDataHash), and
check the integrity verdict — accepting the dependency on a deprecated Google API.
Describe alternatives you've considered
and it ties us to a deprecated Google API.
if the tool still tests it, and is confusing to maintainers.
Additional context
Part of the FIDO2 conformance effort (#9640). This is the one remaining conformance item that is a decision rather
than a coding task; it is best settled once the exact conformance-tool version is confirmed, since that determines
whether android-safetynet is in scope. Once decided, the follow-up is either a small "remove + document" change or a
new attestation processor.