How Does Ssl Hostname Matching Work On Jws?

When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was

Solution 1:

Unfortunately, the documentation is not very descriptive as what you have to do.

The JWS data includes three sections: the header, the payload and the signature. Simplifying things, the header contains the public key certificates used to sign the payload, and the signature is included at the end.

To validate a SafetyNet JWS, you first need to extract the certificates embedded in the header. These certificates have trust chains that can be validated to a public root certificate, so you should verify that these are indeed valid certificates, and that they are issued to attest.android.com.

Then you take out the signature, and verify it against the embedded certificates.

If you check this, then you can trust the payload. But before looking at basicIntegrity and ctsProfileMatch, please ensure that apkPackageName, apkDigestSha256 and apkCertificateDigestSha256 match those of your app, so you know that the response actually comes from your unmodified app.

Optimally, your programming language should include a JWS library and an SSL library that can do this for you, so you don't have to write this yourself. The public sample includes a Java sample for you to peruse.