pyattest_apple_app_attest_statement_verification.py

1import pyattest
2
3# The attestation statement and key identifier received from the client app
4# (Base64 encoded strings typically sent via your app's API)
5attestation_base64 = "..." 
6key_id_base64 = "..."
7
8# The challenge you previously sent to the client to prevent replay attacks
9challenge = b"your_random_challenge_bytes"
10
11# Your App ID (Team ID + Bundle ID, e.g., "DEF123GHIJ.com.example.myapp")
12app_id = "YOUR_TEAM_ID.com.your.bundle.id"
13
14try:
15    # Initialize the attestation object
16    attestation = pyattest.Attestation(
17        attestation=attestation_base64,
18        key_id=key_id_base64,
19        challenge=challenge,
20        app_id=app_id,
21        production=False  # Set to True for production App Store builds
22    )
23
24    # Verify the attestation statement
25    # This checks the signature, certificate chain, and various security flags
26    attestation.verify()
27    
28    # If no exception is raised, the attestation is valid.
29    # You can now retrieve the public key to verify future assertions.
30    public_key = attestation.public_key
31    print("Attestation verified successfully.")
32
33except pyattest.AttestationError as e:
34    print(f"Attestation verification failed: {e}")