@dfns/sdk-browser 0.4.0-alpha.1 → 0.4.1-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/index.d.ts +2 -27
  2. package/index.js +5 -152
  3. package/package.json +2 -2
  4. package/signers/key.d.ts +10 -0
  5. package/signers/key.js +82 -0
  6. package/signers/webauthn.d.ts +10 -0
  7. package/signers/webauthn.js +78 -0
package/index.d.ts CHANGED
@@ -1,27 +1,2 @@
1
- import { AllowCredential, CredentialSigner, CredentialStore, Fido2Assertion, Fido2Attestation, KeyAssertion, KeyAttestation, UserRegistrationChallenge } from '@dfns/sdk';
2
- export declare const DEFAULT_WAIT_TIMEOUT = 60000;
3
- export declare class WebAuthn implements CredentialSigner<Fido2Assertion>, CredentialStore<Fido2Attestation> {
4
- private options;
5
- constructor(options: {
6
- rpId: string;
7
- timeout?: number;
8
- });
9
- sign(challenge: string, allowCredentials: {
10
- key: AllowCredential[];
11
- webauthn: AllowCredential[];
12
- }): Promise<Fido2Assertion>;
13
- create(challenge: UserRegistrationChallenge): Promise<Fido2Attestation>;
14
- }
15
- export declare class BrowserKeySigner implements CredentialSigner<KeyAssertion> {
16
- private options;
17
- constructor(options: {
18
- keyPair: CryptoKeyPair;
19
- credId?: string;
20
- appOrigin: string;
21
- });
22
- create(challenge: UserRegistrationChallenge): Promise<KeyAttestation>;
23
- sign(challenge: string, allowCredentials: {
24
- key: AllowCredential[];
25
- webauthn: AllowCredential[];
26
- }): Promise<KeyAssertion>;
27
- }
1
+ export { BrowserKeySigner } from './signers/key';
2
+ export { WebAuthnSigner } from './signers/webauthn';
package/index.js CHANGED
@@ -1,154 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.BrowserKeySigner = exports.WebAuthn = exports.DEFAULT_WAIT_TIMEOUT = void 0;
4
- const utils_1 = require("@dfns/sdk/utils");
5
- const buffer_1 = require("buffer");
6
- exports.DEFAULT_WAIT_TIMEOUT = 60000;
7
- class WebAuthn {
8
- constructor(options) {
9
- this.options = options;
10
- }
11
- async sign(challenge, allowCredentials) {
12
- const credential = (await navigator.credentials.get({
13
- publicKey: {
14
- challenge: buffer_1.Buffer.from(challenge),
15
- allowCredentials: allowCredentials.webauthn.map(({ id, type, transports }) => ({
16
- id: (0, utils_1.fromBase64Url)(id),
17
- type,
18
- transports: transports ?? [],
19
- })),
20
- rpId: this.options.rpId,
21
- userVerification: 'required',
22
- timeout: this.options.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
23
- },
24
- }));
25
- if (!credential) {
26
- throw new Error('Failed to sign with WebAuthn credential');
27
- }
28
- const assertion = credential.response;
29
- return {
30
- kind: 'Fido2',
31
- credentialAssertion: {
32
- credId: credential.id,
33
- clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.clientDataJSON)),
34
- authenticatorData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.authenticatorData)),
35
- signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.signature)),
36
- userHandle: assertion.userHandle ? (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.userHandle)) : '',
37
- },
38
- };
39
- }
40
- async create(challenge) {
41
- const options = {
42
- publicKey: {
43
- challenge: buffer_1.Buffer.from(challenge.challenge),
44
- pubKeyCredParams: challenge.pubKeyCredParams,
45
- rp: challenge.rp,
46
- user: {
47
- displayName: challenge.user.displayName,
48
- id: buffer_1.Buffer.from(challenge.user.id),
49
- name: challenge.user.name,
50
- },
51
- attestation: challenge.attestation,
52
- excludeCredentials: challenge.excludeCredentials.map((cred) => ({
53
- id: (0, utils_1.fromBase64Url)(cred.id),
54
- type: cred.type,
55
- })),
56
- authenticatorSelection: challenge.authenticatorSelection,
57
- timeout: this.options.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
58
- },
59
- };
60
- const response = await navigator.credentials.create(options);
61
- if (response === null) {
62
- throw Error(`Failed to create and sign with WebAuthn credential`);
63
- }
64
- const credential = response;
65
- const attestation = credential.response;
66
- return {
67
- credentialKind: 'Fido2',
68
- credentialInfo: {
69
- credId: credential.id,
70
- attestationData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.attestationObject)),
71
- clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.clientDataJSON)),
72
- },
73
- };
74
- }
75
- }
76
- exports.WebAuthn = WebAuthn;
77
- class BrowserKeySigner {
78
- constructor(options) {
79
- this.options = options;
80
- }
81
- async create(challenge) {
82
- let credId = this.options.credId;
83
- if (credId === undefined || credId === '') {
84
- credId = (0, utils_1.toBase64Url)(buffer_1.Buffer.from((0, utils_1.generateRandom)(32)));
85
- this.options.credId = credId;
86
- }
87
- const publicKeyPem = await (0, utils_1.exportPublicKeyInPemFormatBrowser)(this.options.keyPair);
88
- const clientData = JSON.stringify({
89
- type: 'key.create',
90
- challenge: challenge.challenge,
91
- origin: this.options.appOrigin,
92
- });
93
- const clientDataHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(clientData));
94
- const clientDataHashHex = (0, utils_1.toHex)(clientDataHash);
95
- const credInfoFingerprint = JSON.stringify({
96
- clientDataHash: clientDataHashHex,
97
- publicKey: publicKeyPem,
98
- });
99
- let rawSignature;
100
- const algorithm = this.options.keyPair.privateKey.algorithm.name;
101
- if (algorithm == 'ECDSA') {
102
- rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(credInfoFingerprint));
103
- }
104
- else {
105
- throw new Error(`${algorithm} is not supported`);
106
- }
107
- const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
108
- const attestationData = JSON.stringify({
109
- publicKey: publicKeyPem,
110
- signature: (0, utils_1.toHex)(signature)
111
- });
112
- return {
113
- credentialKind: 'Key',
114
- credentialInfo: {
115
- credId: credId,
116
- clientData: (0, utils_1.toBase64Url)(clientData),
117
- attestationData: (0, utils_1.toBase64Url)(attestationData),
118
- },
119
- };
120
- }
121
- async sign(challenge, allowCredentials) {
122
- const credId = this.options.credId;
123
- if (credId === undefined || credId === '') {
124
- throw new Error('credId is needed to sign');
125
- }
126
- const allowedCredId = allowCredentials.key.map(cred => cred.id);
127
- if (!allowedCredId.includes(credId)) {
128
- throw new Error(`CredId ${credId} does not exist for this account: ${allowedCredId}`);
129
- }
130
- const clientData = JSON.stringify({
131
- type: 'key.get',
132
- challenge,
133
- origin: this.options.appOrigin,
134
- });
135
- let rawSignature;
136
- const algorithm = this.options.keyPair.privateKey.algorithm.name;
137
- if (algorithm == 'ECDSA') {
138
- rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(clientData));
139
- }
140
- else {
141
- throw new Error(`${algorithm} is not supported`);
142
- }
143
- const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
144
- return {
145
- kind: 'Key',
146
- credentialAssertion: {
147
- credId: this.options.credId ?? '',
148
- clientData: (0, utils_1.toBase64Url)(clientData),
149
- signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(signature)),
150
- },
151
- };
152
- }
153
- }
154
- exports.BrowserKeySigner = BrowserKeySigner;
3
+ exports.WebAuthnSigner = exports.BrowserKeySigner = void 0;
4
+ var key_1 = require("./signers/key");
5
+ Object.defineProperty(exports, "BrowserKeySigner", { enumerable: true, get: function () { return key_1.BrowserKeySigner; } });
6
+ var webauthn_1 = require("./signers/webauthn");
7
+ Object.defineProperty(exports, "WebAuthnSigner", { enumerable: true, get: function () { return webauthn_1.WebAuthnSigner; } });
package/package.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "@dfns/sdk-browser",
3
- "version": "0.4.0-alpha.1",
3
+ "version": "0.4.1-alpha.1",
4
4
  "dependencies": {
5
5
  "buffer": "6.0.3",
6
6
  "cross-fetch": "3.1.6",
7
7
  "uuid": "9.0.0"
8
8
  },
9
9
  "peerDependencies": {
10
- "@dfns/sdk": "0.4.0-alpha.1"
10
+ "@dfns/sdk": "0.4.1-alpha.1"
11
11
  },
12
12
  "main": "./index.js",
13
13
  "type": "commonjs"
package/signers/key.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import { CredentialSigner, CredentialStore, KeyAssertion, KeyAttestation, UserActionChallenge, UserRegistrationChallenge } from '@dfns/sdk';
2
+ export declare class BrowserKeySigner implements CredentialSigner<KeyAssertion>, CredentialStore<KeyAttestation> {
3
+ private options;
4
+ constructor(options: {
5
+ credId?: string;
6
+ keyPair: CryptoKeyPair;
7
+ });
8
+ create(challenge: UserRegistrationChallenge): Promise<KeyAttestation>;
9
+ sign(challenge: UserActionChallenge): Promise<KeyAssertion>;
10
+ }
package/signers/key.js ADDED
@@ -0,0 +1,82 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.BrowserKeySigner = void 0;
4
+ const sdk_1 = require("@dfns/sdk");
5
+ const utils_1 = require("@dfns/sdk/utils");
6
+ const buffer_1 = require("buffer");
7
+ class BrowserKeySigner {
8
+ constructor(options) {
9
+ this.options = options;
10
+ }
11
+ async create(challenge) {
12
+ let credId = this.options.credId;
13
+ if (credId === undefined || credId === '') {
14
+ credId = (0, utils_1.toBase64Url)(buffer_1.Buffer.from((0, utils_1.generateRandom)(32)));
15
+ this.options.credId = credId;
16
+ }
17
+ const publicKeyPem = await (0, utils_1.exportPublicKeyInPemFormatBrowser)(this.options.keyPair);
18
+ const clientData = JSON.stringify({
19
+ type: 'key.create',
20
+ challenge: challenge.challenge,
21
+ });
22
+ const clientDataHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(clientData));
23
+ const clientDataHashHex = (0, utils_1.toHex)(clientDataHash);
24
+ const credInfoFingerprint = JSON.stringify({
25
+ clientDataHash: clientDataHashHex,
26
+ publicKey: publicKeyPem,
27
+ });
28
+ let rawSignature;
29
+ const algorithm = this.options.keyPair.privateKey.algorithm.name;
30
+ if (algorithm == 'ECDSA') {
31
+ rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(credInfoFingerprint));
32
+ }
33
+ else {
34
+ throw new sdk_1.DfnsError(-1, `${algorithm} is not supported`);
35
+ }
36
+ const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
37
+ const attestationData = JSON.stringify({
38
+ publicKey: publicKeyPem,
39
+ signature: (0, utils_1.toHex)(signature),
40
+ });
41
+ return {
42
+ credentialKind: 'Key',
43
+ credentialInfo: {
44
+ credId,
45
+ clientData: (0, utils_1.toBase64Url)(clientData),
46
+ attestationData: (0, utils_1.toBase64Url)(attestationData),
47
+ },
48
+ };
49
+ }
50
+ async sign(challenge) {
51
+ const credId = this.options.credId;
52
+ if (credId === undefined || credId === '') {
53
+ throw new sdk_1.DfnsError(-1, 'credId is needed to sign');
54
+ }
55
+ const allowedCredId = challenge.allowCredentials.key.map((cred) => cred.id);
56
+ if (!allowedCredId.includes(credId)) {
57
+ throw new sdk_1.DfnsError(-1, `${credId} does not match allowed credentials: ${allowedCredId}`);
58
+ }
59
+ const clientData = JSON.stringify({
60
+ type: 'key.get',
61
+ challenge: challenge.challenge,
62
+ });
63
+ let rawSignature;
64
+ const algorithm = this.options.keyPair.privateKey.algorithm.name;
65
+ if (algorithm == 'ECDSA') {
66
+ rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(clientData));
67
+ }
68
+ else {
69
+ throw new sdk_1.DfnsError(-1, `${algorithm} is not supported`);
70
+ }
71
+ const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
72
+ return {
73
+ kind: 'Key',
74
+ credentialAssertion: {
75
+ credId: this.options.credId ?? '',
76
+ clientData: (0, utils_1.toBase64Url)(clientData),
77
+ signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(signature)),
78
+ },
79
+ };
80
+ }
81
+ }
82
+ exports.BrowserKeySigner = BrowserKeySigner;
package/signers/webauthn.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import { CredentialSigner, CredentialStore, Fido2Assertion, Fido2Attestation, UserActionChallenge, UserRegistrationChallenge } from '@dfns/sdk';
2
+ export declare const DEFAULT_WAIT_TIMEOUT = 60000;
3
+ export declare class WebAuthnSigner implements CredentialSigner<Fido2Assertion>, CredentialStore<Fido2Attestation> {
4
+ private options?;
5
+ constructor(options?: {
6
+ timeout?: number | undefined;
7
+ } | undefined);
8
+ sign(challenge: UserActionChallenge): Promise<Fido2Assertion>;
9
+ create(challenge: UserRegistrationChallenge): Promise<Fido2Attestation>;
10
+ }
package/signers/webauthn.js ADDED
@@ -0,0 +1,78 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.WebAuthnSigner = exports.DEFAULT_WAIT_TIMEOUT = void 0;
4
+ const sdk_1 = require("@dfns/sdk");
5
+ const utils_1 = require("@dfns/sdk/utils");
6
+ const buffer_1 = require("buffer");
7
+ exports.DEFAULT_WAIT_TIMEOUT = 60000;
8
+ class WebAuthnSigner {
9
+ constructor(options) {
10
+ this.options = options;
11
+ }
12
+ async sign(challenge) {
13
+ const response = await navigator.credentials.get({
14
+ publicKey: {
15
+ challenge: buffer_1.Buffer.from(challenge.challenge),
16
+ allowCredentials: challenge.allowCredentials.webauthn.map(({ id, type, transports }) => ({
17
+ id: (0, utils_1.fromBase64Url)(id),
18
+ type,
19
+ transports: transports ?? [],
20
+ })),
21
+ rpId: challenge.rp.id,
22
+ userVerification: challenge.userVerification,
23
+ timeout: this.options?.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
24
+ },
25
+ });
26
+ if (response === null) {
27
+ throw new sdk_1.DfnsError(-1, 'Failed to sign with WebAuthn credential');
28
+ }
29
+ const credential = response;
30
+ const assertion = credential.response;
31
+ return {
32
+ kind: 'Fido2',
33
+ credentialAssertion: {
34
+ credId: credential.id,
35
+ clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.clientDataJSON)),
36
+ authenticatorData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.authenticatorData)),
37
+ signature: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.signature)),
38
+ userHandle: assertion.userHandle ? (0, utils_1.toBase64Url)(buffer_1.Buffer.from(assertion.userHandle)) : '',
39
+ },
40
+ };
41
+ }
42
+ async create(challenge) {
43
+ const options = {
44
+ publicKey: {
45
+ challenge: buffer_1.Buffer.from(challenge.challenge),
46
+ pubKeyCredParams: challenge.pubKeyCredParams,
47
+ rp: challenge.rp,
48
+ user: {
49
+ displayName: challenge.user.displayName,
50
+ id: buffer_1.Buffer.from(challenge.user.id),
51
+ name: challenge.user.name,
52
+ },
53
+ attestation: challenge.attestation,
54
+ excludeCredentials: challenge.excludeCredentials.map((cred) => ({
55
+ id: (0, utils_1.fromBase64Url)(cred.id),
56
+ type: cred.type,
57
+ })),
58
+ authenticatorSelection: challenge.authenticatorSelection,
59
+ timeout: this.options?.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
60
+ },
61
+ };
62
+ const response = await navigator.credentials.create(options);
63
+ if (response === null) {
64
+ throw new sdk_1.DfnsError(-1, `Failed to create and sign with WebAuthn credential`);
65
+ }
66
+ const credential = response;
67
+ const attestation = credential.response;
68
+ return {
69
+ credentialKind: 'Fido2',
70
+ credentialInfo: {
71
+ credId: credential.id,
72
+ attestationData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.attestationObject)),
73
+ clientData: (0, utils_1.toBase64Url)(buffer_1.Buffer.from(attestation.clientDataJSON)),
74
+ },
75
+ };
76
+ }
77
+ }
78
+ exports.WebAuthnSigner = WebAuthnSigner;