@dfns/sdk-keysigner 0.3.3 → 0.4.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +5 -14
- package/index.js +10 -62
- package/package.json +2 -2
package/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { CredentialSigner, KeyAssertion } from '@dfns/sdk';
|
|
1
|
+
import { CredentialSigner, KeyAssertion, AllowCredential } from '@dfns/sdk';
|
|
2
2
|
export declare class AsymmetricKeySigner implements CredentialSigner<KeyAssertion> {
|
|
3
3
|
private options;
|
|
4
4
|
constructor(options: {
|
|
@@ -8,17 +8,8 @@ export declare class AsymmetricKeySigner implements CredentialSigner<KeyAssertio
|
|
|
8
8
|
crossOrigin?: boolean;
|
|
9
9
|
algorithm?: string;
|
|
10
10
|
});
|
|
11
|
-
sign(challenge: string
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
constructor(options: {
|
|
16
|
-
privateKey: CryptoKey;
|
|
17
|
-
credId: string;
|
|
18
|
-
appOrigin: string;
|
|
19
|
-
crossOrigin?: boolean;
|
|
20
|
-
});
|
|
21
|
-
minimizeBigInt: (value: Uint8Array) => Uint8Array;
|
|
22
|
-
rawSignatureToAns1: (rawSignature: Uint8Array) => Uint8Array;
|
|
23
|
-
sign(challenge: string): Promise<KeyAssertion>;
|
|
11
|
+
sign(challenge: string, allowCredentials: {
|
|
12
|
+
key: AllowCredential[];
|
|
13
|
+
webauthn: AllowCredential[];
|
|
14
|
+
}): Promise<KeyAssertion>;
|
|
24
15
|
}
|
package/index.js
CHANGED
|
@@ -23,14 +23,22 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.
|
|
26
|
+
exports.AsymmetricKeySigner = void 0;
|
|
27
27
|
const crypto = __importStar(require("crypto"));
|
|
28
28
|
const utils_1 = require("@dfns/sdk/utils");
|
|
29
29
|
class AsymmetricKeySigner {
|
|
30
30
|
constructor(options) {
|
|
31
31
|
this.options = options;
|
|
32
32
|
}
|
|
33
|
-
async sign(challenge) {
|
|
33
|
+
async sign(challenge, allowCredentials) {
|
|
34
|
+
const credId = this.options.credId;
|
|
35
|
+
if (credId === undefined || credId === '') {
|
|
36
|
+
throw new Error('credId is needed to sign');
|
|
37
|
+
}
|
|
38
|
+
const allowedCredId = allowCredentials.key.map(cred => cred.id);
|
|
39
|
+
if (!allowedCredId.includes(credId)) {
|
|
40
|
+
throw new Error(`CredId ${credId} does not exist for this account: ${allowedCredId}`);
|
|
41
|
+
}
|
|
34
42
|
const clientData = Buffer.from(JSON.stringify({
|
|
35
43
|
type: 'key.get',
|
|
36
44
|
challenge,
|
|
@@ -48,63 +56,3 @@ class AsymmetricKeySigner {
|
|
|
48
56
|
}
|
|
49
57
|
}
|
|
50
58
|
exports.AsymmetricKeySigner = AsymmetricKeySigner;
|
|
51
|
-
class BrowserKeySigner {
|
|
52
|
-
constructor(options) {
|
|
53
|
-
this.options = options;
|
|
54
|
-
this.minimizeBigInt = (value) => {
|
|
55
|
-
const minValue = [0, ...value];
|
|
56
|
-
for (let i = 0; i < minValue.length; ++i) {
|
|
57
|
-
if (minValue[i] === 0) {
|
|
58
|
-
continue;
|
|
59
|
-
}
|
|
60
|
-
if (minValue[i] > 0x7f) {
|
|
61
|
-
return new Uint8Array(minValue.slice(i - 1));
|
|
62
|
-
}
|
|
63
|
-
return new Uint8Array(minValue.slice(i));
|
|
64
|
-
}
|
|
65
|
-
return new Uint8Array([0]);
|
|
66
|
-
};
|
|
67
|
-
this.rawSignatureToAns1 = (rawSignature) => {
|
|
68
|
-
const r = rawSignature.slice(0, 32);
|
|
69
|
-
const s = rawSignature.slice(32);
|
|
70
|
-
const minR = this.minimizeBigInt(r);
|
|
71
|
-
const minS = this.minimizeBigInt(s);
|
|
72
|
-
return new Uint8Array([
|
|
73
|
-
0x30,
|
|
74
|
-
minR.length + minS.length + 4,
|
|
75
|
-
0x02,
|
|
76
|
-
minR.length,
|
|
77
|
-
...minR,
|
|
78
|
-
0x02,
|
|
79
|
-
minS.length,
|
|
80
|
-
...minS
|
|
81
|
-
]);
|
|
82
|
-
};
|
|
83
|
-
}
|
|
84
|
-
async sign(challenge) {
|
|
85
|
-
const clientData = JSON.stringify({
|
|
86
|
-
type: 'key.get',
|
|
87
|
-
challenge,
|
|
88
|
-
origin: this.options.appOrigin,
|
|
89
|
-
crossOrigin: this.options.crossOrigin ?? false,
|
|
90
|
-
});
|
|
91
|
-
let rawSignature;
|
|
92
|
-
const algorithm = this.options.privateKey.algorithm.name;
|
|
93
|
-
if (algorithm == 'ECDSA') {
|
|
94
|
-
rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.privateKey, new TextEncoder().encode(clientData));
|
|
95
|
-
}
|
|
96
|
-
else {
|
|
97
|
-
throw new Error(`${algorithm} is not supported`);
|
|
98
|
-
}
|
|
99
|
-
const signature = this.rawSignatureToAns1(new Uint8Array(rawSignature));
|
|
100
|
-
return {
|
|
101
|
-
kind: 'Key',
|
|
102
|
-
credentialAssertion: {
|
|
103
|
-
credId: this.options.credId,
|
|
104
|
-
clientData: (0, utils_1.toBase64Url)(clientData),
|
|
105
|
-
signature: (0, utils_1.toBase64Url)(Buffer.from(signature)),
|
|
106
|
-
},
|
|
107
|
-
};
|
|
108
|
-
}
|
|
109
|
-
}
|
|
110
|
-
exports.BrowserKeySigner = BrowserKeySigner;
|
package/package.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dfns/sdk-keysigner",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0-alpha.1",
|
|
4
4
|
"dependencies": {
|
|
5
5
|
"buffer": "6.0.3",
|
|
6
6
|
"cross-fetch": "3.1.6",
|
|
7
7
|
"uuid": "9.0.0"
|
|
8
8
|
},
|
|
9
9
|
"peerDependencies": {
|
|
10
|
-
"@dfns/sdk": "0.
|
|
10
|
+
"@dfns/sdk": "0.4.0-alpha.1"
|
|
11
11
|
},
|
|
12
12
|
"main": "./index.js",
|
|
13
13
|
"type": "commonjs"
|