Server-ServerAuthenticatorAttestationResponse-Resp-5: P-3 test case is failing due to invalid trust anchors

[ThaminduDilshan]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• FIDO2 Server
• CTAP2.0
• CTAP2.1
• UAF 1.1
• U2F 1.1
• U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• Security Key / FIDO2 / U2F authenticators
• Server
• UAF Client-ASM-Authenticator combo
• UAF Client
• UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.6

What is the OS and the version are you running?

MacOS Ventura

For desktop tools

• OSX
• Windows
• Linux

For UAF mobile tools

• iOS
• Android

Issue description

Following test case keeps failing continually with all the recent releases of the conformance tool due to invalid trust anchors. Failure reason is invalid cert path: Path does not chain with any of the trust anchors.

Server-ServerAuthenticatorAttestationResponse-Resp-5 Test server processing "packed" FULL attestation:
P-3 Send a valid ServerAuthenticatorAttestationResponse with FULL "packed" attestation that contains batch certificate, that is simply self referenced in the metadata, and check that server succeeds

[yackermann]

@ThaminduDilshan If authenticator returns one, and one only certificate, and this certificate is equal to one of the certificates in the attestationRootCertificates, then server shall accept without checking. certificate chain.