npm - @dfns/sdk-keysigner - Versions diffs - 0.3.4 → 0.4.0 - Mend

@dfns/sdk-keysigner 0.3.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.d.ts CHANGED Viewed

@@ -1,23 +1,10 @@
-import { CredentialSigner, KeyAssertion, UserRegistrationChallenge, KeyAttestation } from '@dfns/sdk';
+import { CredentialSigner, KeyAssertion, UserActionChallenge } from '@dfns/sdk';
 export declare class AsymmetricKeySigner implements CredentialSigner<KeyAssertion> {
     private options;
     constructor(options: {
-        privateKey: string;
         credId: string;
-        appOrigin: string;
-        crossOrigin?: boolean;
+        privateKey: string;
         algorithm?: string;
     });
-    sign(challenge: string): Promise<KeyAssertion>;
-}
-export declare class BrowserKeySigner implements CredentialSigner<KeyAssertion> {
-    private options;
-    constructor(options: {
-        keyPair: CryptoKeyPair;
-        credId?: string;
-        appOrigin: string;
-        crossOrigin?: boolean;
-    });
-    create(challenge: UserRegistrationChallenge): Promise<KeyAttestation>;
-    sign(challenge: string): Promise<KeyAssertion>;
+    sign(challenge: UserActionChallenge): Promise<KeyAssertion>;
 }

package/index.js CHANGED Viewed

@@ -23,104 +23,32 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BrowserKeySigner = exports.AsymmetricKeySigner = void 0;
-const crypto = __importStar(require("crypto"));
+exports.AsymmetricKeySigner = void 0;
+const crypto = __importStar(require("node:crypto"));
+const sdk_1 = require("@dfns/sdk");
 const utils_1 = require("@dfns/sdk/utils");
 class AsymmetricKeySigner {
     constructor(options) {
         this.options = options;
     }
     async sign(challenge) {
+        const { credId, privateKey, algorithm } = this.options;
+        const allowedCredId = challenge.allowCredentials.key.map((cred) => cred.id);
+        if (!allowedCredId.includes(credId)) {
+            throw new sdk_1.DfnsError(-1, `${credId} does not match allowed credentials: ${allowedCredId}`);
+        }
         const clientData = Buffer.from(JSON.stringify({
             type: 'key.get',
-            challenge,
-            origin: this.options.appOrigin,
-            crossOrigin: this.options.crossOrigin ?? false,
+            challenge: challenge.challenge,
         }));
         return {
             kind: 'Key',
             credentialAssertion: {
-                credId: this.options.credId,
+                credId,
                 clientData: (0, utils_1.toBase64Url)(clientData),
-                signature: (0, utils_1.toBase64Url)(crypto.sign(this.options.algorithm || undefined, clientData, this.options.privateKey)),
+                signature: (0, utils_1.toBase64Url)(crypto.sign(algorithm || undefined, clientData, privateKey)),
             },
         };
     }
 }
 exports.AsymmetricKeySigner = AsymmetricKeySigner;
-class BrowserKeySigner {
-    constructor(options) {
-        this.options = options;
-    }
-    async create(challenge) {
-        let credId = this.options.credId;
-        if (credId === undefined || credId === '') {
-            credId = (0, utils_1.toBase64Url)(Buffer.from((0, utils_1.generateRandom)(32)));
-            this.options.credId = credId;
-        }
-        const publicKeyPem = await (0, utils_1.exportPublicKeyInPemFormatBrowser)(this.options.keyPair);
-        const clientData = JSON.stringify({
-            type: 'key.create',
-            challenge: challenge.challenge,
-            origin: this.options.appOrigin,
-            crossOrigin: this.options.crossOrigin ?? false,
-        });
-        const clientDataHash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(clientData));
-        const clientDataHashHex = (0, utils_1.toHex)(clientDataHash);
-        const credInfoFingerprint = JSON.stringify({
-            clientDataHash: clientDataHashHex,
-            publicKey: publicKeyPem,
-        });
-        let rawSignature;
-        const algorithm = this.options.keyPair.privateKey.algorithm.name;
-        if (algorithm == 'ECDSA') {
-            rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(credInfoFingerprint));
-        }
-        else {
-            throw new Error(`${algorithm} is not supported`);
-        }
-        const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
-        const attestationData = JSON.stringify({
-            publicKey: publicKeyPem,
-            signature: (0, utils_1.toHex)(signature)
-        });
-        return {
-            credentialKind: 'Key',
-            credentialInfo: {
-                credId: credId,
-                clientData: (0, utils_1.toBase64Url)(clientData),
-                attestationData: (0, utils_1.toBase64Url)(attestationData),
-            },
-        };
-    }
-    async sign(challenge) {
-        const credId = this.options.credId;
-        if (credId === undefined || credId === '') {
-            throw new Error('credId is needed to sign');
-        }
-        const clientData = JSON.stringify({
-            type: 'key.get',
-            challenge,
-            origin: this.options.appOrigin,
-            crossOrigin: this.options.crossOrigin ?? false,
-        });
-        let rawSignature;
-        const algorithm = this.options.keyPair.privateKey.algorithm.name;
-        if (algorithm == 'ECDSA') {
-            rawSignature = await crypto.subtle.sign({ name: 'ECDSA', hash: { name: 'SHA-256' } }, this.options.keyPair.privateKey, new TextEncoder().encode(clientData));
-        }
-        else {
-            throw new Error(`${algorithm} is not supported`);
-        }
-        const signature = (0, utils_1.rawSignatureToAns1)(new Uint8Array(rawSignature));
-        return {
-            kind: 'Key',
-            credentialAssertion: {
-                credId: this.options.credId ?? '',
-                clientData: (0, utils_1.toBase64Url)(clientData),
-                signature: (0, utils_1.toBase64Url)(Buffer.from(signature)),
-            },
-        };
-    }
-}
-exports.BrowserKeySigner = BrowserKeySigner;

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "@dfns/sdk-keysigner",
-  "version": "0.3.4",
+  "version": "0.4.0",
   "dependencies": {
     "buffer": "6.0.3",
     "cross-fetch": "3.1.6",
     "uuid": "9.0.0"
   },
   "peerDependencies": {
-    "@dfns/sdk": "0.3.4"
+    "@dfns/sdk": "0.4.0"
   },
   "main": "./index.js",
   "type": "commonjs"