@bradford-tech/supabase-integrity-attest 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/esm/assertion.d.ts +4 -0
  2. package/esm/assertion.d.ts.map +1 -0
  3. package/esm/assertion.js +3 -0
  4. package/esm/attestation.d.ts +4 -0
  5. package/esm/attestation.d.ts.map +1 -0
  6. package/esm/attestation.js +3 -0
  7. package/esm/src/assertion.d.ts.map +1 -1
  8. package/esm/src/assertion.js +5 -4
  9. package/esm/tests/assertion-entry.test.d.ts.map +1 -0
  10. package/esm/tests/attestation-entry.test.d.ts.map +1 -0
  11. package/esm/tests/fixtures/generate-assertion.d.ts.map +1 -1
  12. package/package.json +7 -1
package/esm/assertion.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export { verifyAssertion } from "./src/assertion.js";
2
+ export type { AppInfo, AssertionResult } from "./src/assertion.js";
3
+ export { AssertionError, AssertionErrorCode } from "./src/errors.js";
4
+ //# sourceMappingURL=assertion.d.ts.map
package/esm/assertion.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"assertion.d.ts","sourceRoot":"","sources":["../src/assertion.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC"}
package/esm/assertion.js ADDED
@@ -0,0 +1,3 @@
1
+ // assertion.ts — lightweight entry point (no asn1js / @noble/curves)
2
+ export { verifyAssertion } from "./src/assertion.js";
3
+ export { AssertionError, AssertionErrorCode } from "./src/errors.js";
package/esm/attestation.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export { verifyAttestation } from "./src/attestation.js";
2
+ export type { AppInfo, AttestationResult, VerifyAttestationOptions, } from "./src/attestation.js";
3
+ export { AttestationError, AttestationErrorCode } from "./src/errors.js";
4
+ //# sourceMappingURL=attestation.d.ts.map
package/esm/attestation.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../src/attestation.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EACV,OAAO,EACP,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC"}
package/esm/attestation.js ADDED
@@ -0,0 +1,3 @@
1
+ // attestation.ts — full attestation entry point (includes cert chain deps)
2
+ export { verifyAttestation } from "./src/attestation.js";
3
+ export { AttestationError, AttestationErrorCode } from "./src/errors.js";
package/esm/src/assertion.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"assertion.d.ts","sourceRoot":"","sources":["../../src/src/assertion.ts"],"names":[],"mappings":"AAaA,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,UAAU,GAAG,MAAM,EAC9B,UAAU,EAAE,UAAU,GAAG,MAAM,EAC/B,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,eAAe,CAAC,CAqG1B"}
1
+ {"version":3,"file":"assertion.d.ts","sourceRoot":"","sources":["../../src/src/assertion.ts"],"names":[],"mappings":"AAaA,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,UAAU,GAAG,MAAM,EAC9B,UAAU,EAAE,UAAU,GAAG,MAAM,EAC/B,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,eAAe,CAAC,CA2G1B"}
package/esm/src/assertion.js CHANGED
@@ -37,8 +37,9 @@ export async function verifyAssertion(appInfo, assertion, clientData, publicKeyP
37
37
  }
38
38
  // Step 5: Compute clientDataHash
39
39
  const clientDataHash = new Uint8Array(await crypto.subtle.digest("SHA-256", clientDataBytes));
40
- // Step 6: Build message = authenticatorData || clientDataHash
41
- const message = concat(decoded.authenticatorData, clientDataHash);
40
+ // Step 6: Compute nonce = SHA-256(authenticatorData || clientDataHash)
41
+ // Apple signs this nonce as the message to ES256 (not authData || clientDataHash directly)
42
+ const nonce = new Uint8Array(await crypto.subtle.digest("SHA-256", concat(decoded.authenticatorData, clientDataHash)));
42
43
  // Step 7: Convert DER signature to raw r||s
43
44
  let signatureRaw;
44
45
  try {
@@ -55,8 +56,8 @@ export async function verifyAssertion(appInfo, assertion, clientData, publicKeyP
55
56
  catch (e) {
56
57
  throw new AssertionError(AssertionErrorCode.INVALID_FORMAT, `Invalid public key PEM: ${e instanceof Error ? e.message : String(e)}`);
57
58
  }
58
- // Step 9: Verify ECDSA signature
59
- const valid = await crypto.subtle.verify({ name: "ECDSA", hash: "SHA-256" }, publicKey, signatureRaw, message);
59
+ // Step 9: Verify ECDSA signature over nonce
60
+ const valid = await crypto.subtle.verify({ name: "ECDSA", hash: "SHA-256" }, publicKey, signatureRaw, nonce);
60
61
  if (!valid) {
61
62
  throw new AssertionError(AssertionErrorCode.SIGNATURE_INVALID, "ECDSA signature verification failed");
62
63
  }
package/esm/tests/assertion-entry.test.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"assertion-entry.test.d.ts","sourceRoot":"","sources":["../../src/tests/assertion-entry.test.ts"],"names":[],"mappings":""}
package/esm/tests/attestation-entry.test.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"attestation-entry.test.d.ts","sourceRoot":"","sources":["../../src/tests/attestation-entry.test.ts"],"names":[],"mappings":""}
package/esm/tests/fixtures/generate-assertion.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"generate-assertion.d.ts","sourceRoot":"","sources":["../../../src/tests/fixtures/generate-assertion.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,aAAa,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,wBAAwB,CAAC,CAiDnC"}
1
+ {"version":3,"file":"generate-assertion.d.ts","sourceRoot":"","sources":["../../../src/tests/fixtures/generate-assertion.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,aAAa,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,wBAAwB,CAAC,CAuDnC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bradford-tech/supabase-integrity-attest",
3
- "version": "0.2.3",
3
+ "version": "0.3.0",
4
4
  "description": "Verify Apple App Attest attestations and assertions using WebCrypto.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -14,6 +14,12 @@
14
14
  "exports": {
15
15
  ".": {
16
16
  "import": "./esm/mod.js"
17
+ },
18
+ "./assertion": {
19
+ "import": "./esm/assertion.js"
20
+ },
21
+ "./attestation": {
22
+ "import": "./esm/attestation.js"
17
23
  }
18
24
  },
19
25
  "scripts": {