@dfns/sdk-browser 0.4.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/index.d.ts +27 -0
  2. package/index.js +154 -0
  3. package/package.json +14 -0
package/index.d.ts ADDED
@@ -0,0 +1,27 @@
1
+ import { AllowCredential, CredentialSigner, CredentialStore, Fido2Assertion, Fido2Attestation, KeyAssertion, KeyAttestation, UserRegistrationChallenge } from '@dfns/sdk';
2
+ export declare const DEFAULT_WAIT_TIMEOUT = 60000;
3
+ export declare class WebAuthn implements CredentialSigner<Fido2Assertion>, CredentialStore<Fido2Attestation> {
4
+ private options;
5
+ constructor(options: {
6
+ rpId: string;
7
+ timeout?: number;
8
+ });
9
+ sign(challenge: string, allowCredentials: {
10
+ key: AllowCredential[];
11
+ webauthn: AllowCredential[];
12
+ }): Promise<Fido2Assertion>;
13
+ create(challenge: UserRegistrationChallenge): Promise<Fido2Attestation>;
14
+ }
15
+ export declare class BrowserKeySigner implements CredentialSigner<KeyAssertion> {
16
+ private options;
17
+ constructor(options: {
18
+ keyPair: CryptoKeyPair;
19
+ credId?: string;
20
+ appOrigin: string;
21
+ });
22
+ create(challenge: UserRegistrationChallenge): Promise<KeyAttestation>;
23
+ sign(challenge: string, allowCredentials: {
24
+ key: AllowCredential[];
25
+ webauthn: AllowCredential[];
26
+ }): Promise<KeyAssertion>;
27
+ }
package/index.js ADDED
@@ -0,0 +1,154 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.BrowserKeySigner = exports.WebAuthn = exports.DEFAULT_WAIT_TIMEOUT = void 0;
4
+ const utils_1 = require("@dfns/sdk/utils");
5
+ const buffer_1 = require("buffer");
6
+ exports.DEFAULT_WAIT_TIMEOUT = 60000;
7
+ class WebAuthn {
8
+ constructor(options) {
9
+ this.options = options;
10
+ }
11
+ async sign(challenge, allowCredentials) {
12
+ const credential = (await navigator.credentials.get({
13
+ publicKey: {
14
+ challenge: buffer_1.Buffer.from(challenge),
15
+ allowCredentials: allowCredentials.webauthn.map(({ id, type, transports }) => ({
16
+ id: (0, utils_1.fromBase64Url)(id),
17
+ type,
18
+ transports: transports ?? [],
19
+ })),
20
+ rpId: this.options.rpId,
21
+ userVerification: 'required',
22
+ timeout: this.options.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
23
+ },
24
+ }));
25
+ if (!credential) {
26
+ throw new Error('Failed to sign with WebAuthn credential');
27
+ }
28
+ const assertion = credential.response;
29
+ return {
30
+ kind: 'Fido2',
31
+ credentialAssertion: {
32
+ credId: credential.id,
33
+ clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.clientDataJSON)),
34
+ authenticatorData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.authenticatorData)),
35
+ signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.signature)),
36
+ userHandle: assertion.userHandle ? (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.userHandle)) : '',
37
+ },
38
+ };
39
+ }
40
+ async create(challenge) {
41
+ const options = {
42
+ publicKey: {
43
+ challenge: buffer_1.Buffer.from(challenge.challenge),
44
+ pubKeyCredParams: challenge.pubKeyCredParams,
45
+ rp: challenge.rp,
46
+ user: {
47
+ displayName: challenge.user.displayName,
48
+ id: buffer_1.Buffer.from(challenge.user.id),
49
+ name: challenge.user.name,
50
+ },
51
+ attestation: challenge.attestation,
52
+ excludeCredentials: challenge.excludeCredentials.map((cred) => ({
53
+ id: (0, utils_1.fromBase64Url)(cred.id),
54
+ type: cred.type,
55
+ })),
56
+ authenticatorSelection: challenge.authenticatorSelection,
57
+ timeout: this.options.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
58
+ },
59
+ };
60
+ const response = await navigator.credentials.create(options);
61
+ if (response === null) {
62
+ throw Error(`Failed to create and sign with WebAuthn credential`);
63
+ }
64
+ const credential = response;
65
+ const attestation = credential.response;
66
+ return {
67
+ credentialKind: 'Fido2',
68
+ credentialInfo: {
69
+ credId: credential.id,
70
+ attestationData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.attestationObject)),
71
+ clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.clientDataJSON)),
72
+ },
73
+ };
74
+ }
75
+ }
76
+ exports.WebAuthn = WebAuthn;
77
+ class BrowserKeySigner {
78
+ constructor(options) {
79
+ this.options = options;
80
+ }
81
+ async create(challenge) {
82
+ let credId = this.options.credId;
83
+ if (credId === undefined || credId === '') {
84
+ credId = (0, utils_1.toBase64Url)(buffer_1.Buffer.from((0, utils_1.generateRandom)(32)));
85
+ this.options.credId = credId;
86
+ }
87
+ const publicKeyPem = await (0, utils_1.exportPublicKeyInPemFormatBrowser)(this.options.keyPair);
88
+ const clientData = JSON.stringify({
89
+ type: 'key.create',
90
+ challenge: challenge.challenge,
91
+ origin: this.options.appOrigin,
92
+ });
93
+ const clientDataHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(clientData));
94
+ const clientDataHashHex = (0, utils_1.toHex)(clientDataHash);
95
+ const credInfoFingerprint = JSON.stringify({
96
+ clientDataHash: clientDataHashHex,
97
+ publicKey: publicKeyPem,
98
+ });
99
+ let rawSignature;
100
+ const algorithm = this.options.keyPair.privateKey.algorithm.name;
101
+ if (algorithm == 'ECDSA') {
102
+ rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(credInfoFingerprint));
103
+ }
104
+ else {
105
+ throw new Error(`${algorithm} is not supported`);
106
+ }
107
+ const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
108
+ const attestationData = JSON.stringify({
109
+ publicKey: publicKeyPem,
110
+ signature: (0, utils_1.toHex)(signature)
111
+ });
112
+ return {
113
+ credentialKind: 'Key',
114
+ credentialInfo: {
115
+ credId: credId,
116
+ clientData: (0, utils_1.toBase64Url)(clientData),
117
+ attestationData: (0, utils_1.toBase64Url)(attestationData),
118
+ },
119
+ };
120
+ }
121
+ async sign(challenge, allowCredentials) {
122
+ const credId = this.options.credId;
123
+ if (credId === undefined || credId === '') {
124
+ throw new Error('credId is needed to sign');
125
+ }
126
+ const allowedCredId = allowCredentials.key.map(cred => cred.id);
127
+ if (!allowedCredId.includes(credId)) {
128
+ throw new Error(`CredId ${credId} does not exist for this account: ${allowedCredId}`);
129
+ }
130
+ const clientData = JSON.stringify({
131
+ type: 'key.get',
132
+ challenge,
133
+ origin: this.options.appOrigin,
134
+ });
135
+ let rawSignature;
136
+ const algorithm = this.options.keyPair.privateKey.algorithm.name;
137
+ if (algorithm == 'ECDSA') {
138
+ rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(clientData));
139
+ }
140
+ else {
141
+ throw new Error(`${algorithm} is not supported`);
142
+ }
143
+ const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
144
+ return {
145
+ kind: 'Key',
146
+ credentialAssertion: {
147
+ credId: this.options.credId ?? '',
148
+ clientData: (0, utils_1.toBase64Url)(clientData),
149
+ signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(signature)),
150
+ },
151
+ };
152
+ }
153
+ }
154
+ exports.BrowserKeySigner = BrowserKeySigner;
package/package.json ADDED
@@ -0,0 +1,14 @@
1
+ {
2
+ "name": "@dfns/sdk-browser",
3
+ "version": "0.4.0-alpha.1",
4
+ "dependencies": {
5
+ "buffer": "6.0.3",
6
+ "cross-fetch": "3.1.6",
7
+ "uuid": "9.0.0"
8
+ },
9
+ "peerDependencies": {
10
+ "@dfns/sdk": "0.4.0-alpha.1"
11
+ },
12
+ "main": "./index.js",
13
+ "type": "commonjs"
14
+ }