PackedAttestationStatementVerifier throws on unknown COSEAlgorithmIdentifier: -37

> are you sure this is fixed? huawai nova Y70 (standard huawai phone browser / no google services), gives an error, all other devices and browsers work.
> 
> versions:
> implementation 'com.yubico:webauthn-server-core:2.5.4-RC1'
> implementation 'com.yubico:webauthn-server-core:2.5.4'
> not working...
> 
> Here is the error:
> 
> ```
> Caused by: com.yubico.webauthn.exception.RegistrationFailedException: java.lang.IllegalArgumentException: Unsupported COSE algorithm identifier: -37
> 2025-04-11T10:58:07.788358535Z 	at com.yubico.webauthn.RelyingParty.finishRegistration(RelyingParty.java:507)
> 2025-04-11T10:58:07.788519824Z 	at io.r_one.erid_webauthn.service.CredentialRegistrationService.finishRegistration(CredentialRegistrationService.java:161)
> 2025-04-11T10:58:07.788807404Z 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Unknown Source)
> 2025-04-11T10:58:07.788984443Z 	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
> 2025-04-11T10:58:07.789109858Z 	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:355)
> 2025-04-11T10:58:07.789277272Z 	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
> 2025-04-11T10:58:07.789395979Z 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> 2025-04-11T10:58:07.789506228Z 	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:768)
> 2025-04-11T10:58:07.789607434Z 	... 136 common frames omitted
> 2025-04-11T10:58:07.789792057Z Caused by: java.lang.IllegalArgumentException: Unsupported COSE algorithm identifier: -37
> 2025-04-11T10:58:07.789964138Z 	at com.yubico.webauthn.PackedAttestationStatementVerifier.lambda$verifyX5cSignature$2(PackedAttestationStatementVerifier.java:199)
> 2025-04-11T10:58:07.790071178Z 	at java.base/java.util.Optional.orElseThrow(Unknown Source)
> 2025-04-11T10:58:07.790253176Z 	at com.yubico.webauthn.PackedAttestationStatementVerifier.lambda$verifyX5cSignature$3(PackedAttestationStatementVerifier.java:197)
> 2025-04-11T10:58:07.790409507Z 	at java.base/java.util.Optional.map(Unknown Source)
> 2025-04-11T10:58:07.790550963Z 	at com.yubico.webauthn.PackedAttestationStatementVerifier.verifyX5cSignature(PackedAttestationStatementVerifier.java:167)
> 2025-04-11T10:58:07.790764169Z 	at com.yubico.webauthn.PackedAttestationStatementVerifier.verifyAttestationSignature(PackedAttestationStatementVerifier.java:80)
> 2025-04-11T10:58:07.791014998Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step19.lambda$validate$0(FinishRegistrationSteps.java:398)
> 2025-04-11T10:58:07.791229370Z 	at java.base/java.util.Optional.ifPresent(Unknown Source)
> 2025-04-11T10:58:07.791376660Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step19.validate(FinishRegistrationSteps.java:395)
> 2025-04-11T10:58:07.791543199Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.next(FinishRegistrationSteps.java:112)
> 2025-04-11T10:58:07.791698947Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.791822612Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792015985Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792234440Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792418479Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792572185Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792702267Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792829432Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.792988680Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.793184677Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.793438423Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.793790169Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.793919958Z 	at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:120)
> 2025-04-11T10:58:07.794117706Z 	at com.yubico.webauthn.FinishRegistrationSteps.run(FinishRegistrationSteps.java:99)
> 2025-04-11T10:58:07.794292120Z 	at com.yubico.webauthn.RelyingParty.finishRegistration(RelyingParty.java:505)
> 2025-04-11T10:58:07.794480534Z 	... 143 common frames omitted
> ``` 

 _Originally posted by @Lamardinho in [#390](https://github.com/Yubico/java-webauthn-server/issues/390#issuecomment-2796598957)_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PackedAttestationStatementVerifier throws on unknown COSEAlgorithmIdentifier: -37 #414

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

PackedAttestationStatementVerifier throws on unknown COSEAlgorithmIdentifier: -37 #414

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions