-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Removing thumbprint check from PKeyAuth challenge (#2045)
### Summary In the PKeyAuth protocol, the non-interactive flow can send a [thumbprint-based certificate challenge](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pkap/31066cbf-2462-4cb6-b0b9-68af2f21a5d0). This thumbprint is meant to serve as a hint to the client side to cross-check the thumbprint of the current device certificate. While we have logic for this check, it currently isn't being used due to [this line always returning true](https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/478f706bf412b3bcc754ec90152568cb23826670/common4j/src/main/com/microsoft/identity/common/java/challengehandlers/PKeyAuthChallenge.java#L148) (go into the isValidIssuer method to see why). Additionally, the thumbprint is (supposedly, based on me asking some folks) hashed with SHA-1, and we're currently working to remove most of our use of SHA-1. [The iOS team has already removed their thumbprint verification logic](AzureAD/microsoft-authentication-library-for-objc#871), so we're going to do the same. This PR removes the logic related to the PKeyAuth thumbprint. No additions are being made. ### Related PRs - Broker: AzureAD/ad-accounts-for-android#2290 - MSAL: AzureAD/microsoft-authentication-library-for-android#1828 - ADAL: AzureAD/azure-activedirectory-library-for-android#1733
- Loading branch information
1 parent
1e0b106
commit 67efeab
Showing
5 changed files
with
2 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters