@metamask-previews/passkey-controller 0.0.0-preview-4c0846313

package/dist/webauthn/constants.d.mts

@@ -0,0 +1,68 @@
+/**
+ * COSE Algorithms
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ */
+export declare enum COSEALG {
+    ES256 = -7,
+    EdDSA = -8,
+    ES384 = -35,
+    ES512 = -36,
+    PS256 = -37,
+    PS384 = -38,
+    PS512 = -39,
+    ES256K = -47,
+    RS256 = -257,
+    RS384 = -258,
+    RS512 = -259,
+    RS1 = -65535
+}
+/**
+ * COSE Key Types
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type
+ */
+export declare enum COSEKTY {
+    OKP = 1,
+    EC2 = 2,
+    RSA = 3
+}
+/**
+ * COSE Curves
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
+ */
+export declare enum COSECRV {
+    P256 = 1,
+    P384 = 2,
+    P521 = 3,
+    ED25519 = 6,
+    SECP256K1 = 8
+}
+/**
+ * COSE Key common and type-specific parameter labels.
+ *
+ * EC2 and RSA re-use the same numeric labels (-1, -2, -3) with different
+ * semantics, so this is a plain object instead of an enum to avoid
+ * duplicate-value violations.
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters
+ */
+export declare const COSEKEYS: {
+    /** Key Type (common) */
+    readonly Kty: 1;
+    /** Algorithm (common) */
+    readonly Alg: 3;
+    /** EC2 / OKP: curve identifier */
+    readonly Crv: -1;
+    /** EC2: x-coordinate / OKP: public key */
+    readonly X: -2;
+    /** EC2: y-coordinate */
+    readonly Y: -3;
+    /** RSA: modulus n (shares numeric label with Crv) */
+    readonly N: -1;
+    /** RSA: exponent e (shares numeric label with X) */
+    readonly E: -2;
+};
+//# sourceMappingURL=constants.d.mts.map

package/dist/webauthn/constants.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.mts","sourceRoot":"","sources":["../../src/webauthn/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,oBAAY,OAAO;IACjB,KAAK,KAAK;IACV,KAAK,KAAK;IACV,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,MAAM,MAAM;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,GAAG,SAAS;CACb;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,GAAG,IAAI;IACP,GAAG,IAAI;IACP,GAAG,IAAI;CACR;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,IAAI,IAAI;IACR,IAAI,IAAI;IACR,IAAI,IAAI;IACR,OAAO,IAAI;IACX,SAAS,IAAI;CACd;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,QAAQ;IACnB,wBAAwB;;IAExB,yBAAyB;;IAGzB,kCAAkC;;IAElC,0CAA0C;;IAE1C,wBAAwB;;IAGxB,qDAAqD;;IAErD,oDAAoD;;CAE5C,CAAC"}

package/dist/webauthn/constants.mjs

@@ -0,0 +1,71 @@
+/**
+ * COSE Algorithms
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ */
+export var COSEALG;
+(function (COSEALG) {
+    COSEALG[COSEALG["ES256"] = -7] = "ES256";
+    COSEALG[COSEALG["EdDSA"] = -8] = "EdDSA";
+    COSEALG[COSEALG["ES384"] = -35] = "ES384";
+    COSEALG[COSEALG["ES512"] = -36] = "ES512";
+    COSEALG[COSEALG["PS256"] = -37] = "PS256";
+    COSEALG[COSEALG["PS384"] = -38] = "PS384";
+    COSEALG[COSEALG["PS512"] = -39] = "PS512";
+    COSEALG[COSEALG["ES256K"] = -47] = "ES256K";
+    COSEALG[COSEALG["RS256"] = -257] = "RS256";
+    COSEALG[COSEALG["RS384"] = -258] = "RS384";
+    COSEALG[COSEALG["RS512"] = -259] = "RS512";
+    COSEALG[COSEALG["RS1"] = -65535] = "RS1";
+})(COSEALG || (COSEALG = {}));
+/**
+ * COSE Key Types
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type
+ */
+export var COSEKTY;
+(function (COSEKTY) {
+    COSEKTY[COSEKTY["OKP"] = 1] = "OKP";
+    COSEKTY[COSEKTY["EC2"] = 2] = "EC2";
+    COSEKTY[COSEKTY["RSA"] = 3] = "RSA";
+})(COSEKTY || (COSEKTY = {}));
+/**
+ * COSE Curves
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
+ */
+export var COSECRV;
+(function (COSECRV) {
+    COSECRV[COSECRV["P256"] = 1] = "P256";
+    COSECRV[COSECRV["P384"] = 2] = "P384";
+    COSECRV[COSECRV["P521"] = 3] = "P521";
+    COSECRV[COSECRV["ED25519"] = 6] = "ED25519";
+    COSECRV[COSECRV["SECP256K1"] = 8] = "SECP256K1";
+})(COSECRV || (COSECRV = {}));
+/**
+ * COSE Key common and type-specific parameter labels.
+ *
+ * EC2 and RSA re-use the same numeric labels (-1, -2, -3) with different
+ * semantics, so this is a plain object instead of an enum to avoid
+ * duplicate-value violations.
+ *
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters
+ */
+export const COSEKEYS = {
+    /** Key Type (common) */
+    Kty: 1,
+    /** Algorithm (common) */
+    Alg: 3,
+    /** EC2 / OKP: curve identifier */
+    Crv: -1,
+    /** EC2: x-coordinate / OKP: public key */
+    X: -2,
+    /** EC2: y-coordinate */
+    Y: -3,
+    /** RSA: modulus n (shares numeric label with Crv) */
+    N: -1,
+    /** RSA: exponent e (shares numeric label with X) */
+    E: -2,
+};
+//# sourceMappingURL=constants.mjs.map

package/dist/webauthn/constants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.mjs","sourceRoot":"","sources":["../../src/webauthn/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAN,IAAY,OAaX;AAbD,WAAY,OAAO;IACjB,wCAAU,CAAA;IACV,wCAAU,CAAA;IACV,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,2CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,wCAAY,CAAA;AACd,CAAC,EAbW,OAAO,KAAP,OAAO,QAalB;AAED;;;;GAIG;AACH,MAAM,CAAN,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,KAAP,OAAO,QAIlB;AAED;;;;GAIG;AACH,MAAM,CAAN,IAAY,OAMX;AAND,WAAY,OAAO;IACjB,qCAAQ,CAAA;IACR,qCAAQ,CAAA;IACR,qCAAQ,CAAA;IACR,2CAAW,CAAA;IACX,+CAAa,CAAA;AACf,CAAC,EANW,OAAO,KAAP,OAAO,QAMlB;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,wBAAwB;IACxB,GAAG,EAAE,CAAC;IACN,yBAAyB;IACzB,GAAG,EAAE,CAAC;IAEN,kCAAkC;IAClC,GAAG,EAAE,CAAC,CAAC;IACP,0CAA0C;IAC1C,CAAC,EAAE,CAAC,CAAC;IACL,wBAAwB;IACxB,CAAC,EAAE,CAAC,CAAC;IAEL,qDAAqD;IACrD,CAAC,EAAE,CAAC,CAAC;IACL,oDAAoD;IACpD,CAAC,EAAE,CAAC,CAAC;CACG,CAAC","sourcesContent":["/**\n * COSE Algorithms\n *\n * @see https://www.iana.org/assignments/cose/cose.xhtml#algorithms\n */\nexport enum COSEALG {\n  ES256 = -7,\n  EdDSA = -8,\n  ES384 = -35,\n  ES512 = -36,\n  PS256 = -37,\n  PS384 = -38,\n  PS512 = -39,\n  ES256K = -47,\n  RS256 = -257,\n  RS384 = -258,\n  RS512 = -259,\n  RS1 = -65535,\n}\n\n/**\n * COSE Key Types\n *\n * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type\n */\nexport enum COSEKTY {\n  OKP = 1,\n  EC2 = 2,\n  RSA = 3,\n}\n\n/**\n * COSE Curves\n *\n * @see https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves\n */\nexport enum COSECRV {\n  P256 = 1,\n  P384 = 2,\n  P521 = 3,\n  ED25519 = 6,\n  SECP256K1 = 8,\n}\n\n/**\n * COSE Key common and type-specific parameter labels.\n *\n * EC2 and RSA re-use the same numeric labels (-1, -2, -3) with different\n * semantics, so this is a plain object instead of an enum to avoid\n * duplicate-value violations.\n *\n * @see https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters\n * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters\n */\nexport const COSEKEYS = {\n  /** Key Type (common) */\n  Kty: 1,\n  /** Algorithm (common) */\n  Alg: 3,\n\n  /** EC2 / OKP: curve identifier */\n  Crv: -1,\n  /** EC2: x-coordinate / OKP: public key */\n  X: -2,\n  /** EC2: y-coordinate */\n  Y: -3,\n\n  /** RSA: modulus n (shares numeric label with Crv) */\n  N: -1,\n  /** RSA: exponent e (shares numeric label with X) */\n  E: -2,\n} as const;\n"]}

package/dist/webauthn/decode-attestation-object.cjs

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeAttestationObject = void 0;
+const tiny_cbor_1 = require("@levischuck/tiny-cbor");
+/**
+ * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,
+ * and `authData` entries.
+ *
+ * @param attestationObject - Raw attestation object bytes.
+ * @returns Decoded AttestationObject map.
+ */
+function decodeAttestationObject(attestationObject) {
+    const copy = new Uint8Array(attestationObject);
+    const [decoded] = (0, tiny_cbor_1.decodePartialCBOR)(copy, 0);
+    return decoded;
+}
+exports.decodeAttestationObject = decodeAttestationObject;
+//# sourceMappingURL=decode-attestation-object.cjs.map

package/dist/webauthn/decode-attestation-object.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-attestation-object.cjs","sourceRoot":"","sources":["../../src/webauthn/decode-attestation-object.ts"],"names":[],"mappings":";;;AAAA,qDAA0D;AAI1D;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,iBAA6B;IAE7B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC/C,MAAM,CAAC,OAAO,CAAC,GAAG,IAAA,6BAAiB,EAAC,IAAI,EAAE,CAAC,CAAgC,CAAC;IAC5E,OAAO,OAAO,CAAC;AACjB,CAAC;AAND,0DAMC","sourcesContent":["import { decodePartialCBOR } from '@levischuck/tiny-cbor';\n\nimport type { AttestationObject } from './types';\n\n/**\n * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,\n * and `authData` entries.\n *\n * @param attestationObject - Raw attestation object bytes.\n * @returns Decoded AttestationObject map.\n */\nexport function decodeAttestationObject(\n  attestationObject: Uint8Array,\n): AttestationObject {\n  const copy = new Uint8Array(attestationObject);\n  const [decoded] = decodePartialCBOR(copy, 0) as [AttestationObject, number];\n  return decoded;\n}\n"]}

package/dist/webauthn/decode-attestation-object.d.cts

@@ -0,0 +1,10 @@
+import type { AttestationObject } from "./types.cjs";
+/**
+ * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,
+ * and `authData` entries.
+ *
+ * @param attestationObject - Raw attestation object bytes.
+ * @returns Decoded AttestationObject map.
+ */
+export declare function decodeAttestationObject(attestationObject: Uint8Array): AttestationObject;
+//# sourceMappingURL=decode-attestation-object.d.cts.map

package/dist/webauthn/decode-attestation-object.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-attestation-object.d.cts","sourceRoot":"","sources":["../../src/webauthn/decode-attestation-object.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,oBAAgB;AAEjD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,iBAAiB,EAAE,UAAU,GAC5B,iBAAiB,CAInB"}

package/dist/webauthn/decode-attestation-object.d.mts

@@ -0,0 +1,10 @@
+import type { AttestationObject } from "./types.mjs";
+/**
+ * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,
+ * and `authData` entries.
+ *
+ * @param attestationObject - Raw attestation object bytes.
+ * @returns Decoded AttestationObject map.
+ */
+export declare function decodeAttestationObject(attestationObject: Uint8Array): AttestationObject;
+//# sourceMappingURL=decode-attestation-object.d.mts.map

package/dist/webauthn/decode-attestation-object.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-attestation-object.d.mts","sourceRoot":"","sources":["../../src/webauthn/decode-attestation-object.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,oBAAgB;AAEjD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,iBAAiB,EAAE,UAAU,GAC5B,iBAAiB,CAInB"}

package/dist/webauthn/decode-attestation-object.mjs

@@ -0,0 +1,14 @@
+import { decodePartialCBOR } from "@levischuck/tiny-cbor";
+/**
+ * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,
+ * and `authData` entries.
+ *
+ * @param attestationObject - Raw attestation object bytes.
+ * @returns Decoded AttestationObject map.
+ */
+export function decodeAttestationObject(attestationObject) {
+    const copy = new Uint8Array(attestationObject);
+    const [decoded] = decodePartialCBOR(copy, 0);
+    return decoded;
+}
+//# sourceMappingURL=decode-attestation-object.mjs.map

package/dist/webauthn/decode-attestation-object.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-attestation-object.mjs","sourceRoot":"","sources":["../../src/webauthn/decode-attestation-object.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,8BAA8B;AAI1D;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,iBAA6B;IAE7B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC/C,MAAM,CAAC,OAAO,CAAC,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAgC,CAAC;IAC5E,OAAO,OAAO,CAAC;AACjB,CAAC","sourcesContent":["import { decodePartialCBOR } from '@levischuck/tiny-cbor';\n\nimport type { AttestationObject } from './types';\n\n/**\n * CBOR-decode an attestationObject buffer into a Map with `fmt`, `attStmt`,\n * and `authData` entries.\n *\n * @param attestationObject - Raw attestation object bytes.\n * @returns Decoded AttestationObject map.\n */\nexport function decodeAttestationObject(\n  attestationObject: Uint8Array,\n): AttestationObject {\n  const copy = new Uint8Array(attestationObject);\n  const [decoded] = decodePartialCBOR(copy, 0) as [AttestationObject, number];\n  return decoded;\n}\n"]}

package/dist/webauthn/decode-client-data-json.cjs

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeClientDataJSON = void 0;
+const encoding_1 = require("../utils/encoding.cjs");
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON.
+ *
+ * @param data - Base64url-encoded clientDataJSON string.
+ * @returns Parsed ClientDataJSON object.
+ */
+function decodeClientDataJSON(data) {
+    const bytes = (0, encoding_1.base64URLToBytes)(data);
+    const text = new TextDecoder().decode(bytes);
+    return JSON.parse(text);
+}
+exports.decodeClientDataJSON = decodeClientDataJSON;
+//# sourceMappingURL=decode-client-data-json.cjs.map

package/dist/webauthn/decode-client-data-json.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-client-data-json.cjs","sourceRoot":"","sources":["../../src/webauthn/decode-client-data-json.ts"],"names":[],"mappings":";;;AAAA,oDAAqD;AAGrD;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,IAAY;IAC/C,MAAM,KAAK,GAAG,IAAA,2BAAgB,EAAC,IAAI,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;AAC5C,CAAC;AAJD,oDAIC","sourcesContent":["import { base64URLToBytes } from '../utils/encoding';\nimport type { ClientDataJSON } from './types';\n\n/**\n * Decode an authenticator's base64url-encoded clientDataJSON to JSON.\n *\n * @param data - Base64url-encoded clientDataJSON string.\n * @returns Parsed ClientDataJSON object.\n */\nexport function decodeClientDataJSON(data: string): ClientDataJSON {\n  const bytes = base64URLToBytes(data);\n  const text = new TextDecoder().decode(bytes);\n  return JSON.parse(text) as ClientDataJSON;\n}\n"]}

package/dist/webauthn/decode-client-data-json.d.cts

@@ -0,0 +1,9 @@
+import type { ClientDataJSON } from "./types.cjs";
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON.
+ *
+ * @param data - Base64url-encoded clientDataJSON string.
+ * @returns Parsed ClientDataJSON object.
+ */
+export declare function decodeClientDataJSON(data: string): ClientDataJSON;
+//# sourceMappingURL=decode-client-data-json.d.cts.map

package/dist/webauthn/decode-client-data-json.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-client-data-json.d.cts","sourceRoot":"","sources":["../../src/webauthn/decode-client-data-json.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,oBAAgB;AAE9C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAIjE"}

package/dist/webauthn/decode-client-data-json.d.mts

@@ -0,0 +1,9 @@
+import type { ClientDataJSON } from "./types.mjs";
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON.
+ *
+ * @param data - Base64url-encoded clientDataJSON string.
+ * @returns Parsed ClientDataJSON object.
+ */
+export declare function decodeClientDataJSON(data: string): ClientDataJSON;
+//# sourceMappingURL=decode-client-data-json.d.mts.map

package/dist/webauthn/decode-client-data-json.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-client-data-json.d.mts","sourceRoot":"","sources":["../../src/webauthn/decode-client-data-json.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,oBAAgB;AAE9C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CAIjE"}

package/dist/webauthn/decode-client-data-json.mjs

@@ -0,0 +1,13 @@
+import { base64URLToBytes } from "../utils/encoding.mjs";
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON.
+ *
+ * @param data - Base64url-encoded clientDataJSON string.
+ * @returns Parsed ClientDataJSON object.
+ */
+export function decodeClientDataJSON(data) {
+    const bytes = base64URLToBytes(data);
+    const text = new TextDecoder().decode(bytes);
+    return JSON.parse(text);
+}
+//# sourceMappingURL=decode-client-data-json.mjs.map

package/dist/webauthn/decode-client-data-json.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-client-data-json.mjs","sourceRoot":"","sources":["../../src/webauthn/decode-client-data-json.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,8BAA0B;AAGrD;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;AAC5C,CAAC","sourcesContent":["import { base64URLToBytes } from '../utils/encoding';\nimport type { ClientDataJSON } from './types';\n\n/**\n * Decode an authenticator's base64url-encoded clientDataJSON to JSON.\n *\n * @param data - Base64url-encoded clientDataJSON string.\n * @returns Parsed ClientDataJSON object.\n */\nexport function decodeClientDataJSON(data: string): ClientDataJSON {\n  const bytes = base64URLToBytes(data);\n  const text = new TextDecoder().decode(bytes);\n  return JSON.parse(text) as ClientDataJSON;\n}\n"]}

package/dist/webauthn/match-expected-rp-id.cjs

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.matchExpectedRPID = void 0;
+const sha2_1 = require("@noble/hashes/sha2");
+const encoding_1 = require("../utils/encoding.cjs");
+/**
+ * Compare two Uint8Arrays for equality in constant time.
+ *
+ * @param first - First array.
+ * @param second - Second array.
+ * @returns Whether the two arrays are equal.
+ */
+function areEqual(first, second) {
+    if (first.length !== second.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < first.length; i++) {
+        // eslint-disable-next-line no-bitwise
+        diff |= first[i] ^ second[i];
+    }
+    return diff === 0;
+}
+/**
+ * Verify that an authenticator data rpIdHash matches one of the expected
+ * RP IDs by SHA-256 hashing each candidate and comparing.
+ *
+ * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).
+ * @param expectedRPIDs - One or more RP ID strings to check against.
+ * @returns The matching RP ID string.
+ * @throws If no expected RP ID matches.
+ */
+function matchExpectedRPID(rpIdHash, expectedRPIDs) {
+    for (const rpID of expectedRPIDs) {
+        const expectedHash = (0, sha2_1.sha256)(new TextEncoder().encode(rpID));
+        if (areEqual(rpIdHash, expectedHash)) {
+            return rpID;
+        }
+    }
+    throw new Error(`Unexpected RP ID hash: received ${(0, encoding_1.bytesToHex)(rpIdHash)}`);
+}
+exports.matchExpectedRPID = matchExpectedRPID;
+//# sourceMappingURL=match-expected-rp-id.cjs.map

package/dist/webauthn/match-expected-rp-id.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"match-expected-rp-id.cjs","sourceRoot":"","sources":["../../src/webauthn/match-expected-rp-id.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAE5C,oDAA+C;AAE/C;;;;;;GAMG;AACH,SAAS,QAAQ,CAAC,KAAiB,EAAE,MAAkB;IACrD,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,sCAAsC;QACtC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAC/B,QAAoB,EACpB,aAAuB;IAEvB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,IAAA,aAAM,EAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5D,IAAI,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAA,qBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC7E,CAAC;AAXD,8CAWC","sourcesContent":["import { sha256 } from '@noble/hashes/sha2';\n\nimport { bytesToHex } from '../utils/encoding';\n\n/**\n * Compare two Uint8Arrays for equality in constant time.\n *\n * @param first - First array.\n * @param second - Second array.\n * @returns Whether the two arrays are equal.\n */\nfunction areEqual(first: Uint8Array, second: Uint8Array): boolean {\n  if (first.length !== second.length) {\n    return false;\n  }\n  let diff = 0;\n  for (let i = 0; i < first.length; i++) {\n    // eslint-disable-next-line no-bitwise\n    diff |= first[i] ^ second[i];\n  }\n  return diff === 0;\n}\n\n/**\n * Verify that an authenticator data rpIdHash matches one of the expected\n * RP IDs by SHA-256 hashing each candidate and comparing.\n *\n * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).\n * @param expectedRPIDs - One or more RP ID strings to check against.\n * @returns The matching RP ID string.\n * @throws If no expected RP ID matches.\n */\nexport function matchExpectedRPID(\n  rpIdHash: Uint8Array,\n  expectedRPIDs: string[],\n): string {\n  for (const rpID of expectedRPIDs) {\n    const expectedHash = sha256(new TextEncoder().encode(rpID));\n    if (areEqual(rpIdHash, expectedHash)) {\n      return rpID;\n    }\n  }\n  throw new Error(`Unexpected RP ID hash: received ${bytesToHex(rpIdHash)}`);\n}\n"]}

package/dist/webauthn/match-expected-rp-id.d.cts

@@ -0,0 +1,11 @@
+/**
+ * Verify that an authenticator data rpIdHash matches one of the expected
+ * RP IDs by SHA-256 hashing each candidate and comparing.
+ *
+ * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).
+ * @param expectedRPIDs - One or more RP ID strings to check against.
+ * @returns The matching RP ID string.
+ * @throws If no expected RP ID matches.
+ */
+export declare function matchExpectedRPID(rpIdHash: Uint8Array, expectedRPIDs: string[]): string;
+//# sourceMappingURL=match-expected-rp-id.d.cts.map

package/dist/webauthn/match-expected-rp-id.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"match-expected-rp-id.d.cts","sourceRoot":"","sources":["../../src/webauthn/match-expected-rp-id.ts"],"names":[],"mappings":"AAuBA;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,UAAU,EACpB,aAAa,EAAE,MAAM,EAAE,GACtB,MAAM,CAQR"}

package/dist/webauthn/match-expected-rp-id.d.mts

@@ -0,0 +1,11 @@
+/**
+ * Verify that an authenticator data rpIdHash matches one of the expected
+ * RP IDs by SHA-256 hashing each candidate and comparing.
+ *
+ * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).
+ * @param expectedRPIDs - One or more RP ID strings to check against.
+ * @returns The matching RP ID string.
+ * @throws If no expected RP ID matches.
+ */
+export declare function matchExpectedRPID(rpIdHash: Uint8Array, expectedRPIDs: string[]): string;
+//# sourceMappingURL=match-expected-rp-id.d.mts.map

package/dist/webauthn/match-expected-rp-id.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"match-expected-rp-id.d.mts","sourceRoot":"","sources":["../../src/webauthn/match-expected-rp-id.ts"],"names":[],"mappings":"AAuBA;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,UAAU,EACpB,aAAa,EAAE,MAAM,EAAE,GACtB,MAAM,CAQR"}

package/dist/webauthn/match-expected-rp-id.mjs

@@ -0,0 +1,39 @@
+import { sha256 } from "@noble/hashes/sha2";
+import { bytesToHex } from "../utils/encoding.mjs";
+/**
+ * Compare two Uint8Arrays for equality in constant time.
+ *
+ * @param first - First array.
+ * @param second - Second array.
+ * @returns Whether the two arrays are equal.
+ */
+function areEqual(first, second) {
+    if (first.length !== second.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < first.length; i++) {
+        // eslint-disable-next-line no-bitwise
+        diff |= first[i] ^ second[i];
+    }
+    return diff === 0;
+}
+/**
+ * Verify that an authenticator data rpIdHash matches one of the expected
+ * RP IDs by SHA-256 hashing each candidate and comparing.
+ *
+ * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).
+ * @param expectedRPIDs - One or more RP ID strings to check against.
+ * @returns The matching RP ID string.
+ * @throws If no expected RP ID matches.
+ */
+export function matchExpectedRPID(rpIdHash, expectedRPIDs) {
+    for (const rpID of expectedRPIDs) {
+        const expectedHash = sha256(new TextEncoder().encode(rpID));
+        if (areEqual(rpIdHash, expectedHash)) {
+            return rpID;
+        }
+    }
+    throw new Error(`Unexpected RP ID hash: received ${bytesToHex(rpIdHash)}`);
+}
+//# sourceMappingURL=match-expected-rp-id.mjs.map

package/dist/webauthn/match-expected-rp-id.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"match-expected-rp-id.mjs","sourceRoot":"","sources":["../../src/webauthn/match-expected-rp-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,2BAA2B;AAE5C,OAAO,EAAE,UAAU,EAAE,8BAA0B;AAE/C;;;;;;GAMG;AACH,SAAS,QAAQ,CAAC,KAAiB,EAAE,MAAkB;IACrD,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,sCAAsC;QACtC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAoB,EACpB,aAAuB;IAEvB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5D,IAAI,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,mCAAmC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC7E,CAAC","sourcesContent":["import { sha256 } from '@noble/hashes/sha2';\n\nimport { bytesToHex } from '../utils/encoding';\n\n/**\n * Compare two Uint8Arrays for equality in constant time.\n *\n * @param first - First array.\n * @param second - Second array.\n * @returns Whether the two arrays are equal.\n */\nfunction areEqual(first: Uint8Array, second: Uint8Array): boolean {\n  if (first.length !== second.length) {\n    return false;\n  }\n  let diff = 0;\n  for (let i = 0; i < first.length; i++) {\n    // eslint-disable-next-line no-bitwise\n    diff |= first[i] ^ second[i];\n  }\n  return diff === 0;\n}\n\n/**\n * Verify that an authenticator data rpIdHash matches one of the expected\n * RP IDs by SHA-256 hashing each candidate and comparing.\n *\n * @param rpIdHash - The rpIdHash from authenticatorData (32 bytes).\n * @param expectedRPIDs - One or more RP ID strings to check against.\n * @returns The matching RP ID string.\n * @throws If no expected RP ID matches.\n */\nexport function matchExpectedRPID(\n  rpIdHash: Uint8Array,\n  expectedRPIDs: string[],\n): string {\n  for (const rpID of expectedRPIDs) {\n    const expectedHash = sha256(new TextEncoder().encode(rpID));\n    if (areEqual(rpIdHash, expectedHash)) {\n      return rpID;\n    }\n  }\n  throw new Error(`Unexpected RP ID hash: received ${bytesToHex(rpIdHash)}`);\n}\n"]}

package/dist/webauthn/parse-authenticator-data.cjs

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseAuthenticatorData = void 0;
+const tiny_cbor_1 = require("@levischuck/tiny-cbor");
+/* eslint-disable no-bitwise */
+/**
+ * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.
+ *
+ * @param authData - Raw authenticator data bytes.
+ * @returns Parsed authenticator data with flags, rpIdHash, counter, and
+ *   optional attested credential data.
+ */
+function parseAuthenticatorData(authData) {
+    if (authData.byteLength < 37) {
+        throw new Error(`authenticatorData is ${authData.byteLength} bytes, expected at least 37`);
+    }
+    let pointer = 0;
+    const rpIdHash = authData.slice(pointer, pointer + 32);
+    pointer += 32;
+    const flagsByte = authData[pointer];
+    const flags = {
+        up: Boolean(flagsByte & (1 << 0)),
+        uv: Boolean(flagsByte & (1 << 2)),
+        be: Boolean(flagsByte & (1 << 3)),
+        bs: Boolean(flagsByte & (1 << 4)),
+        at: Boolean(flagsByte & (1 << 6)),
+        ed: Boolean(flagsByte & (1 << 7)),
+        flagsByte,
+    };
+    pointer += 1;
+    const counterView = new DataView(authData.buffer, authData.byteOffset + pointer, 4);
+    const counter = counterView.getUint32(0, false);
+    pointer += 4;
+    const result = {
+        rpIdHash,
+        flags,
+        counter,
+    };
+    if (flags.at) {
+        const aaguid = authData.slice(pointer, pointer + 16);
+        pointer += 16;
+        const credIDLenView = new DataView(authData.buffer, authData.byteOffset + pointer, 2);
+        const credIDLen = credIDLenView.getUint16(0, false);
+        pointer += 2;
+        const credentialID = authData.slice(pointer, pointer + credIDLen);
+        pointer += credIDLen;
+        const pubKeyBytes = authData.slice(pointer);
+        const [, nextOffset] = (0, tiny_cbor_1.decodePartialCBOR)(new Uint8Array(pubKeyBytes), 0);
+        const credentialPublicKey = authData.slice(pointer, pointer + nextOffset);
+        pointer += nextOffset;
+        result.aaguid = aaguid;
+        result.credentialID = credentialID;
+        result.credentialPublicKey = credentialPublicKey;
+    }
+    if (flags.ed) {
+        const remaining = authData.slice(pointer);
+        const [decoded, consumed] = (0, tiny_cbor_1.decodePartialCBOR)(new Uint8Array(remaining), 0);
+        result.extensionsData = decoded;
+        result.extensionsDataBuffer = remaining.slice(0, consumed);
+        pointer += consumed;
+    }
+    if (authData.byteLength > pointer) {
+        throw new Error('Leftover bytes detected while parsing authenticator data');
+    }
+    return result;
+}
+exports.parseAuthenticatorData = parseAuthenticatorData;
+/* eslint-enable no-bitwise */
+//# sourceMappingURL=parse-authenticator-data.cjs.map

package/dist/webauthn/parse-authenticator-data.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-authenticator-data.cjs","sourceRoot":"","sources":["../../src/webauthn/parse-authenticator-data.ts"],"names":[],"mappings":";;;AAAA,qDAA0D;AAI1D,+BAA+B;AAE/B;;;;;;GAMG;AACH,SAAgB,sBAAsB,CACpC,QAAoB;IAEpB,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,wBAAwB,QAAQ,CAAC,UAAU,8BAA8B,CAC1E,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;IACvD,OAAO,IAAI,EAAE,CAAC;IAEd,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,KAAK,GAA2B;QACpC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,SAAS;KACV,CAAC;IACF,OAAO,IAAI,CAAC,CAAC;IAEb,MAAM,WAAW,GAAG,IAAI,QAAQ,CAC9B,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,GAAG,OAAO,EAC7B,CAAC,CACF,CAAC;IACF,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAChD,OAAO,IAAI,CAAC,CAAC;IAEb,MAAM,MAAM,GAA4B;QACtC,QAAQ;QACR,KAAK;QACL,OAAO;KACR,CAAC;IAEF,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;QACrD,OAAO,IAAI,EAAE,CAAC;QAEd,MAAM,aAAa,GAAG,IAAI,QAAQ,CAChC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,GAAG,OAAO,EAC7B,CAAC,CACF,CAAC;QACF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,CAAC;QAEb,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,CAAC,CAAC;QAClE,OAAO,IAAI,SAAS,CAAC;QAErB,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,UAAU,CAAC,GAAG,IAAA,6BAAiB,EACtC,IAAI,UAAU,CAAC,WAAW,CAAC,EAC3B,CAAC,CACmB,CAAC;QACvB,MAAM,mBAAmB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,UAAU,CAAC,CAAC;QAC1E,OAAO,IAAI,UAAU,CAAC;QAEtB,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;QACvB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;QACnC,MAAM,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IACnD,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,IAAA,6BAAiB,EAC3C,IAAI,UAAU,CAAC,SAAS,CAAC,EACzB,CAAC,CACgC,CAAC;QACpC,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;QAChC,MAAM,CAAC,oBAAoB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3D,OAAO,IAAI,QAAQ,CAAC;IACtB,CAAC;IAED,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AApFD,wDAoFC;AAED,8BAA8B","sourcesContent":["import { decodePartialCBOR } from '@levischuck/tiny-cbor';\n\nimport type { ParsedAuthenticatorData, AuthenticatorDataFlags } from './types';\n\n/* eslint-disable no-bitwise */\n\n/**\n * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.\n *\n * @param authData - Raw authenticator data bytes.\n * @returns Parsed authenticator data with flags, rpIdHash, counter, and\n *   optional attested credential data.\n */\nexport function parseAuthenticatorData(\n  authData: Uint8Array,\n): ParsedAuthenticatorData {\n  if (authData.byteLength < 37) {\n    throw new Error(\n      `authenticatorData is ${authData.byteLength} bytes, expected at least 37`,\n    );\n  }\n\n  let pointer = 0;\n\n  const rpIdHash = authData.slice(pointer, pointer + 32);\n  pointer += 32;\n\n  const flagsByte = authData[pointer];\n  const flags: AuthenticatorDataFlags = {\n    up: Boolean(flagsByte & (1 << 0)),\n    uv: Boolean(flagsByte & (1 << 2)),\n    be: Boolean(flagsByte & (1 << 3)),\n    bs: Boolean(flagsByte & (1 << 4)),\n    at: Boolean(flagsByte & (1 << 6)),\n    ed: Boolean(flagsByte & (1 << 7)),\n    flagsByte,\n  };\n  pointer += 1;\n\n  const counterView = new DataView(\n    authData.buffer,\n    authData.byteOffset + pointer,\n    4,\n  );\n  const counter = counterView.getUint32(0, false);\n  pointer += 4;\n\n  const result: ParsedAuthenticatorData = {\n    rpIdHash,\n    flags,\n    counter,\n  };\n\n  if (flags.at) {\n    const aaguid = authData.slice(pointer, pointer + 16);\n    pointer += 16;\n\n    const credIDLenView = new DataView(\n      authData.buffer,\n      authData.byteOffset + pointer,\n      2,\n    );\n    const credIDLen = credIDLenView.getUint16(0, false);\n    pointer += 2;\n\n    const credentialID = authData.slice(pointer, pointer + credIDLen);\n    pointer += credIDLen;\n\n    const pubKeyBytes = authData.slice(pointer);\n    const [, nextOffset] = decodePartialCBOR(\n      new Uint8Array(pubKeyBytes),\n      0,\n    ) as [unknown, number];\n    const credentialPublicKey = authData.slice(pointer, pointer + nextOffset);\n    pointer += nextOffset;\n\n    result.aaguid = aaguid;\n    result.credentialID = credentialID;\n    result.credentialPublicKey = credentialPublicKey;\n  }\n\n  if (flags.ed) {\n    const remaining = authData.slice(pointer);\n    const [decoded, consumed] = decodePartialCBOR(\n      new Uint8Array(remaining),\n      0,\n    ) as [Map<string, unknown>, number];\n    result.extensionsData = decoded;\n    result.extensionsDataBuffer = remaining.slice(0, consumed);\n    pointer += consumed;\n  }\n\n  if (authData.byteLength > pointer) {\n    throw new Error('Leftover bytes detected while parsing authenticator data');\n  }\n\n  return result;\n}\n\n/* eslint-enable no-bitwise */\n"]}

package/dist/webauthn/parse-authenticator-data.d.cts

@@ -0,0 +1,10 @@
+import type { ParsedAuthenticatorData } from "./types.cjs";
+/**
+ * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.
+ *
+ * @param authData - Raw authenticator data bytes.
+ * @returns Parsed authenticator data with flags, rpIdHash, counter, and
+ *   optional attested credential data.
+ */
+export declare function parseAuthenticatorData(authData: Uint8Array): ParsedAuthenticatorData;
+//# sourceMappingURL=parse-authenticator-data.d.cts.map

package/dist/webauthn/parse-authenticator-data.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-authenticator-data.d.cts","sourceRoot":"","sources":["../../src/webauthn/parse-authenticator-data.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,uBAAuB,EAA0B,oBAAgB;AAI/E;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAkFzB"}

package/dist/webauthn/parse-authenticator-data.d.mts

@@ -0,0 +1,10 @@
+import type { ParsedAuthenticatorData } from "./types.mjs";
+/**
+ * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.
+ *
+ * @param authData - Raw authenticator data bytes.
+ * @returns Parsed authenticator data with flags, rpIdHash, counter, and
+ *   optional attested credential data.
+ */
+export declare function parseAuthenticatorData(authData: Uint8Array): ParsedAuthenticatorData;
+//# sourceMappingURL=parse-authenticator-data.d.mts.map

package/dist/webauthn/parse-authenticator-data.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-authenticator-data.d.mts","sourceRoot":"","sources":["../../src/webauthn/parse-authenticator-data.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,uBAAuB,EAA0B,oBAAgB;AAI/E;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAkFzB"}

package/dist/webauthn/parse-authenticator-data.mjs

@@ -0,0 +1,65 @@
+import { decodePartialCBOR } from "@levischuck/tiny-cbor";
+/* eslint-disable no-bitwise */
+/**
+ * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.
+ *
+ * @param authData - Raw authenticator data bytes.
+ * @returns Parsed authenticator data with flags, rpIdHash, counter, and
+ *   optional attested credential data.
+ */
+export function parseAuthenticatorData(authData) {
+    if (authData.byteLength < 37) {
+        throw new Error(`authenticatorData is ${authData.byteLength} bytes, expected at least 37`);
+    }
+    let pointer = 0;
+    const rpIdHash = authData.slice(pointer, pointer + 32);
+    pointer += 32;
+    const flagsByte = authData[pointer];
+    const flags = {
+        up: Boolean(flagsByte & (1 << 0)),
+        uv: Boolean(flagsByte & (1 << 2)),
+        be: Boolean(flagsByte & (1 << 3)),
+        bs: Boolean(flagsByte & (1 << 4)),
+        at: Boolean(flagsByte & (1 << 6)),
+        ed: Boolean(flagsByte & (1 << 7)),
+        flagsByte,
+    };
+    pointer += 1;
+    const counterView = new DataView(authData.buffer, authData.byteOffset + pointer, 4);
+    const counter = counterView.getUint32(0, false);
+    pointer += 4;
+    const result = {
+        rpIdHash,
+        flags,
+        counter,
+    };
+    if (flags.at) {
+        const aaguid = authData.slice(pointer, pointer + 16);
+        pointer += 16;
+        const credIDLenView = new DataView(authData.buffer, authData.byteOffset + pointer, 2);
+        const credIDLen = credIDLenView.getUint16(0, false);
+        pointer += 2;
+        const credentialID = authData.slice(pointer, pointer + credIDLen);
+        pointer += credIDLen;
+        const pubKeyBytes = authData.slice(pointer);
+        const [, nextOffset] = decodePartialCBOR(new Uint8Array(pubKeyBytes), 0);
+        const credentialPublicKey = authData.slice(pointer, pointer + nextOffset);
+        pointer += nextOffset;
+        result.aaguid = aaguid;
+        result.credentialID = credentialID;
+        result.credentialPublicKey = credentialPublicKey;
+    }
+    if (flags.ed) {
+        const remaining = authData.slice(pointer);
+        const [decoded, consumed] = decodePartialCBOR(new Uint8Array(remaining), 0);
+        result.extensionsData = decoded;
+        result.extensionsDataBuffer = remaining.slice(0, consumed);
+        pointer += consumed;
+    }
+    if (authData.byteLength > pointer) {
+        throw new Error('Leftover bytes detected while parsing authenticator data');
+    }
+    return result;
+}
+/* eslint-enable no-bitwise */
+//# sourceMappingURL=parse-authenticator-data.mjs.map

package/dist/webauthn/parse-authenticator-data.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-authenticator-data.mjs","sourceRoot":"","sources":["../../src/webauthn/parse-authenticator-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,8BAA8B;AAI1D,+BAA+B;AAE/B;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAoB;IAEpB,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,wBAAwB,QAAQ,CAAC,UAAU,8BAA8B,CAC1E,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;IACvD,OAAO,IAAI,EAAE,CAAC;IAEd,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,KAAK,GAA2B;QACpC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,EAAE,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACjC,SAAS;KACV,CAAC;IACF,OAAO,IAAI,CAAC,CAAC;IAEb,MAAM,WAAW,GAAG,IAAI,QAAQ,CAC9B,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,GAAG,OAAO,EAC7B,CAAC,CACF,CAAC;IACF,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAChD,OAAO,IAAI,CAAC,CAAC;IAEb,MAAM,MAAM,GAA4B;QACtC,QAAQ;QACR,KAAK;QACL,OAAO;KACR,CAAC;IAEF,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,EAAE,CAAC,CAAC;QACrD,OAAO,IAAI,EAAE,CAAC;QAEd,MAAM,aAAa,GAAG,IAAI,QAAQ,CAChC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,GAAG,OAAO,EAC7B,CAAC,CACF,CAAC;QACF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,CAAC;QAEb,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,SAAS,CAAC,CAAC;QAClE,OAAO,IAAI,SAAS,CAAC;QAErB,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,UAAU,CAAC,GAAG,iBAAiB,CACtC,IAAI,UAAU,CAAC,WAAW,CAAC,EAC3B,CAAC,CACmB,CAAC;QACvB,MAAM,mBAAmB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,UAAU,CAAC,CAAC;QAC1E,OAAO,IAAI,UAAU,CAAC;QAEtB,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;QACvB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;QACnC,MAAM,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IACnD,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,iBAAiB,CAC3C,IAAI,UAAU,CAAC,SAAS,CAAC,EACzB,CAAC,CACgC,CAAC;QACpC,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;QAChC,MAAM,CAAC,oBAAoB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3D,OAAO,IAAI,QAAQ,CAAC;IACtB,CAAC;IAED,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8BAA8B","sourcesContent":["import { decodePartialCBOR } from '@levischuck/tiny-cbor';\n\nimport type { ParsedAuthenticatorData, AuthenticatorDataFlags } from './types';\n\n/* eslint-disable no-bitwise */\n\n/**\n * Parse an authenticator data buffer per §6.1 of the WebAuthn spec.\n *\n * @param authData - Raw authenticator data bytes.\n * @returns Parsed authenticator data with flags, rpIdHash, counter, and\n *   optional attested credential data.\n */\nexport function parseAuthenticatorData(\n  authData: Uint8Array,\n): ParsedAuthenticatorData {\n  if (authData.byteLength < 37) {\n    throw new Error(\n      `authenticatorData is ${authData.byteLength} bytes, expected at least 37`,\n    );\n  }\n\n  let pointer = 0;\n\n  const rpIdHash = authData.slice(pointer, pointer + 32);\n  pointer += 32;\n\n  const flagsByte = authData[pointer];\n  const flags: AuthenticatorDataFlags = {\n    up: Boolean(flagsByte & (1 << 0)),\n    uv: Boolean(flagsByte & (1 << 2)),\n    be: Boolean(flagsByte & (1 << 3)),\n    bs: Boolean(flagsByte & (1 << 4)),\n    at: Boolean(flagsByte & (1 << 6)),\n    ed: Boolean(flagsByte & (1 << 7)),\n    flagsByte,\n  };\n  pointer += 1;\n\n  const counterView = new DataView(\n    authData.buffer,\n    authData.byteOffset + pointer,\n    4,\n  );\n  const counter = counterView.getUint32(0, false);\n  pointer += 4;\n\n  const result: ParsedAuthenticatorData = {\n    rpIdHash,\n    flags,\n    counter,\n  };\n\n  if (flags.at) {\n    const aaguid = authData.slice(pointer, pointer + 16);\n    pointer += 16;\n\n    const credIDLenView = new DataView(\n      authData.buffer,\n      authData.byteOffset + pointer,\n      2,\n    );\n    const credIDLen = credIDLenView.getUint16(0, false);\n    pointer += 2;\n\n    const credentialID = authData.slice(pointer, pointer + credIDLen);\n    pointer += credIDLen;\n\n    const pubKeyBytes = authData.slice(pointer);\n    const [, nextOffset] = decodePartialCBOR(\n      new Uint8Array(pubKeyBytes),\n      0,\n    ) as [unknown, number];\n    const credentialPublicKey = authData.slice(pointer, pointer + nextOffset);\n    pointer += nextOffset;\n\n    result.aaguid = aaguid;\n    result.credentialID = credentialID;\n    result.credentialPublicKey = credentialPublicKey;\n  }\n\n  if (flags.ed) {\n    const remaining = authData.slice(pointer);\n    const [decoded, consumed] = decodePartialCBOR(\n      new Uint8Array(remaining),\n      0,\n    ) as [Map<string, unknown>, number];\n    result.extensionsData = decoded;\n    result.extensionsDataBuffer = remaining.slice(0, consumed);\n    pointer += consumed;\n  }\n\n  if (authData.byteLength > pointer) {\n    throw new Error('Leftover bytes detected while parsing authenticator data');\n  }\n\n  return result;\n}\n\n/* eslint-enable no-bitwise */\n"]}

package/dist/webauthn/types.cjs

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.cjs.map