@dfns/sdk-keysigner 0.3.4 → 0.4.0-alpha.1

package/index.d.ts

@@ -1,4 +1,4 @@
-import { CredentialSigner, KeyAssertion, UserRegistrationChallenge, KeyAttestation } from '@dfns/sdk';
+import { CredentialSigner, KeyAssertion, AllowCredential } from '@dfns/sdk';
 export declare class AsymmetricKeySigner implements CredentialSigner<KeyAssertion> {
     private options;
     constructor(options: {
@@ -8,16 +8,8 @@ export declare class AsymmetricKeySigner implements CredentialSigner<KeyAssertio
         crossOrigin?: boolean;
         algorithm?: string;
     });
-    sign(challenge: string): Promise<KeyAssertion>;
-}
-export declare class BrowserKeySigner implements CredentialSigner<KeyAssertion> {
-    private options;
-    constructor(options: {
-        keyPair: CryptoKeyPair;
-        credId?: string;
-        appOrigin: string;
-        crossOrigin?: boolean;
-    });
-    create(challenge: UserRegistrationChallenge): Promise<KeyAttestation>;
-    sign(challenge: string): Promise<KeyAssertion>;
+    sign(challenge: string, allowCredentials: {
+        key: AllowCredential[];
+        webauthn: AllowCredential[];
+    }): Promise<KeyAssertion>;
 }

package/index.js

@@ -23,14 +23,22 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BrowserKeySigner = exports.AsymmetricKeySigner = void 0;
+exports.AsymmetricKeySigner = void 0;
 const crypto = __importStar(require("crypto"));
 const utils_1 = require("@dfns/sdk/utils");
 class AsymmetricKeySigner {
     constructor(options) {
         this.options = options;
     }
-    async sign(challenge) {
+    async sign(challenge, allowCredentials) {
+        const credId = this.options.credId;
+        if (credId === undefined || credId === '') {
+            throw new Error('credId is needed to sign');
+        }
+        const allowedCredId = allowCredentials.key.map(cred => cred.id);
+        if (!allowedCredId.includes(credId)) {
+            throw new Error(`CredId ${credId} does not exist for this account: ${allowedCredId}`);
+        }
         const clientData = Buffer.from(JSON.stringify({
             type: 'key.get',
             challenge,
@@ -48,79 +56,3 @@ class AsymmetricKeySigner {
     }
 }
 exports.AsymmetricKeySigner = AsymmetricKeySigner;
-class BrowserKeySigner {
-    constructor(options) {
-        this.options = options;
-    }
-    async create(challenge) {
-        let credId = this.options.credId;
-        if (credId === undefined || credId === '') {
-            credId = (0, utils_1.toBase64Url)(Buffer.from((0, utils_1.generateRandom)(32)));
-            this.options.credId = credId;
-        }
-        const publicKeyPem = await (0, utils_1.exportPublicKeyInPemFormatBrowser)(this.options.keyPair);
-        const clientData = JSON.stringify({
-            type: 'key.create',
-            challenge: challenge.challenge,
-            origin: this.options.appOrigin,
-            crossOrigin: this.options.crossOrigin ?? false,
-        });
-        const clientDataHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(clientData));
-        const clientDataHashHex = (0, utils_1.toHex)(clientDataHash);
-        const credInfoFingerprint = JSON.stringify({
-            clientDataHash: clientDataHashHex,
-            publicKey: publicKeyPem,
-        });
-        let rawSignature;
-        const algorithm = this.options.keyPair.privateKey.algorithm.name;
-        if (algorithm == 'ECDSA') {
-            rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(credInfoFingerprint));
-        }
-        else {
-            throw new Error(`${algorithm} is not supported`);
-        }
-        const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
-        const attestationData = JSON.stringify({
-            publicKey: publicKeyPem,
-            signature: (0, utils_1.toHex)(signature)
-        });
-        return {
-            credentialKind: 'Key',
-            credentialInfo: {
-                credId: credId,
-                clientData: (0, utils_1.toBase64Url)(clientData),
-                attestationData: (0, utils_1.toBase64Url)(attestationData),
-            },
-        };
-    }
-    async sign(challenge) {
-        const credId = this.options.credId;
-        if (credId === undefined || credId === '') {
-            throw new Error('credId is needed to sign');
-        }
-        const clientData = JSON.stringify({
-            type: 'key.get',
-            challenge,
-            origin: this.options.appOrigin,
-            crossOrigin: this.options.crossOrigin ?? false,
-        });
-        let rawSignature;
-        const algorithm = this.options.keyPair.privateKey.algorithm.name;
-        if (algorithm == 'ECDSA') {
-            rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(clientData));
-        }
-        else {
-            throw new Error(`${algorithm} is not supported`);
-        }
-        const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
-        return {
-            kind: 'Key',
-            credentialAssertion: {
-                credId: this.options.credId ?? '',
-                clientData: (0, utils_1.toBase64Url)(clientData),
-                signature: (0, utils_1.toBase64Url)(Buffer.from(signature)),
-            },
-        };
-    }
-}
-exports.BrowserKeySigner = BrowserKeySigner;

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@dfns/sdk-keysigner",
-  "version": "0.3.4",
+  "version": "0.4.0-alpha.1",
   "dependencies": {
     "buffer": "6.0.3",
     "cross-fetch": "3.1.6",
     "uuid": "9.0.0"
   },
   "peerDependencies": {
-    "@dfns/sdk": "0.3.4"
+    "@dfns/sdk": "0.4.0-alpha.1"
   },
   "main": "./index.js",
   "type": "commonjs"