@simplewebauthn/server 10.0.0 → 11.0.0-alpha3

package/esm/registration/verifications/verifyAttestationPacked.js

@@ -4,6 +4,7 @@ import { validateCertificatePath } from '../../helpers/validateCertificatePath.j
 import { getCertificateInfo } from '../../helpers/getCertificateInfo.js';
 import { verifySignature } from '../../helpers/verifySignature.js';
 import { isoUint8Array } from '../../helpers/iso/index.js';
+import { validateExtFIDOGenCEAAGUID } from '../../helpers/validateExtFIDOGenCEAAGUID.js';
 import { MetadataService } from '../../services/metadataService.js';
 import { verifyAttestationWithMetadata } from '../../metadata/verifyAttestationWithMetadata.js';
 /**
@@ -26,7 +27,7 @@ export async function verifyAttestationPacked(options) {
     const signatureBase = isoUint8Array.concat([authData, clientDataHash]);
     let verified = false;
     if (x5c) {
-        const { subject, basicConstraintsCA, version, notBefore, notAfter } = getCertificateInfo(x5c[0]);
+        const { subject, basicConstraintsCA, version, notBefore, notAfter, parsedCertificate, } = getCertificateInfo(x5c[0]);
         const { OU, CN, O, C } = subject;
         if (OU !== 'Authenticator Attestation') {
             throw new Error('Certificate OU was not "Authenticator Attestation" (Packed|Full)');
@@ -54,8 +55,14 @@ export async function verifyAttestationPacked(options) {
         if (notAfter < now) {
             throw new Error(`Certificate not good after "${notAfter.toString()}" (Packed|Full)`);
         }
-        // TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
-        // that it’s value is set to the same AAGUID as in authData.
+        // Validate attestation statement AAGUID against leaf cert AAGUID
+        try {
+            await validateExtFIDOGenCEAAGUID(parsedCertificate.tbsCertificate.extensions, aaguid);
+        }
+        catch (err) {
+            const _err = err;
+            throw new Error(`${_err.message} (Packed|Full)`);
+        }
         // If available, validate attestation alg and x5c with info in the metadata statement
         const statement = await MetadataService.getStatement(aaguid);
         if (statement) {

package/esm/registration/verifyRegistrationResponse.d.ts

@@ -1,4 +1,4 @@
-import type { Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON } from '../deps.js';
+import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '@simplewebauthn/types';
 import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
 import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
 export type VerifyRegistrationResponseOpts = {
@@ -7,6 +7,7 @@ export type VerifyRegistrationResponseOpts = {
     expectedOrigin: string | string[];
     expectedRPID?: string | string[];
     expectedType?: string | string[];
+    requireUserPresence?: boolean;
     requireUserVerification?: boolean;
     supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
 };
@@ -20,6 +21,7 @@ export type VerifyRegistrationResponseOpts = {
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
  * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
+ * @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
@@ -54,10 +56,8 @@ export type VerifiedRegistrationResponse = {
     verified: boolean;
     registrationInfo?: {
         fmt: AttestationFormat;
-        counter: number;
         aaguid: string;
-        credentialID: Base64URLString;
-        credentialPublicKey: Uint8Array;
+        credential: WebAuthnCredential;
         credentialType: 'public-key';
         attestationObject: Uint8Array;
         userVerified: boolean;
@@ -82,3 +82,4 @@ export type AttestationFormatVerifierOpts = {
     rpIdHash: Uint8Array;
     verifyTimestampMS?: boolean;
 };
+//# sourceMappingURL=verifyRegistrationResponse.d.ts.map

package/esm/registration/verifyRegistrationResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EAErB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoB3G,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,8BAA8B,GACtC,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}

package/esm/registration/verifyRegistrationResponse.js

@@ -26,11 +26,12 @@ import { verifyAttestationApple } from './verifications/verifyAttestationApple.j
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
  * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
+ * @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
 export async function verifyRegistrationResponse(options) {
-    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserVerification = true, supportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers, } = options;
+    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserPresence = true, requireUserVerification = true, supportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers, } = options;
     const { id, rawId, type: credentialType, response: attestationResponse } = response;
     // Ensure credential specified an ID
     if (!id) {
@@ -109,12 +110,12 @@ export async function verifyRegistrationResponse(options) {
         matchedRPID = await matchExpectedRPID(rpIdHash, expectedRPIDs);
     }
     // Make sure someone was physically present
-    if (!flags.up) {
-        throw new Error('User not present during registration');
+    if (requireUserPresence && !flags.up) {
+        throw new Error('User presence was required, but user was not present');
     }
     // Enforce user verification if specified
     if (requireUserVerification && !flags.uv) {
-        throw new Error('User verification required, but user could not be verified');
+        throw new Error('User verification was required, but user could not be verified');
     }
     if (!credentialID) {
         throw new Error('No credential ID was provided by authenticator');
@@ -189,11 +190,14 @@ export async function verifyRegistrationResponse(options) {
         const { credentialDeviceType, credentialBackedUp } = parseBackupFlags(flags);
         toReturn.registrationInfo = {
             fmt,
-            counter,
             aaguid: convertAAGUIDToString(aaguid),
-            credentialID: isoBase64URL.fromBuffer(credentialID),
-            credentialPublicKey,
             credentialType,
+            credential: {
+                id: isoBase64URL.fromBuffer(credentialID),
+                publicKey: credentialPublicKey,
+                counter,
+                transports: response.response.transports,
+            },
             attestationObject,
             userVerified: flags.uv,
             credentialDeviceType,

package/esm/services/defaultRootCerts/android-key.d.ts

@@ -22,3 +22,4 @@ export declare const Google_Hardware_Attestation_Root_1 = "-----BEGIN CERTIFICAT
  * 1E:F1:A0:4B:8B:A5:8A:B9:45:89:AC:49:8C:89:82:A7:83:F2:4E:A7:30:7E:01:59:A0:C3:A7:3B:37:7D:87:CC
  */
 export declare const Google_Hardware_Attestation_Root_2 = "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAz\nNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud\nIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnu\nXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83U\nh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cno\nL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2ok\nQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vA\nD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAI\nmMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoW\nFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91\noeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09o\njm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUB\nZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCH\nex0SdDrx+tWUDqG8At2JHA==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-key.d.ts.map

package/esm/services/defaultRootCerts/android-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-key.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,u6DA+B9C,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,60DA8B9C,CAAC"}

package/esm/services/defaultRootCerts/android-safetynet.d.ts

@@ -9,3 +9,4 @@
  * EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
  */
 export declare const GlobalSign_Root_CA = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-safetynet.d.ts.map

package/esm/services/defaultRootCerts/android-safetynet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-safetynet.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-safetynet.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,uwCAqB9B,CAAC"}

package/esm/services/defaultRootCerts/apple.d.ts

@@ -9,3 +9,4 @@
  * 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
  */
 export declare const Apple_WebAuthn_Root_CA = "-----BEGIN CERTIFICATE-----\nMIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w\nHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ\nbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx\nNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG\nA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k\nxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/\npcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk\n2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3\njAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B\n1bWeT0vT\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=apple.d.ts.map

package/esm/services/defaultRootCerts/apple.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/apple.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,6xBAclC,CAAC"}

package/esm/services/defaultRootCerts/mds.d.ts

@@ -9,3 +9,4 @@
  * CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
  */
 export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\n MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\n A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\n Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\n MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\n A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\n RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\n gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\n KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\n QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\n XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\n DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\n LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\n RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\n jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\n mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\n Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n WD9f\n -----END CERTIFICATE-----\n ";
+//# sourceMappingURL=mds.d.ts.map

package/esm/services/defaultRootCerts/mds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mds.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,4vCAqBhC,CAAC"}

package/esm/services/metadataService.d.ts

@@ -1,12 +1,20 @@
 import type { MetadataStatement } from '../metadata/mdsTypes.js';
 type VerificationMode = 'permissive' | 'strict';
+interface MetadataService {
+    initialize(opts?: {
+        mdsServers?: string[];
+        statements?: MetadataStatement[];
+        verificationMode?: VerificationMode;
+    }): Promise<void>;
+    getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
+}
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
  *
  * https://fidoalliance.org/metadata/
  */
-export declare class BaseMetadataService {
+export declare class BaseMetadataService implements MetadataService {
     private mdsCache;
     private statementCache;
     private state;
@@ -49,5 +57,12 @@ export declare class BaseMetadataService {
      */
     private setState;
 }
-export declare const MetadataService: BaseMetadataService;
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+export declare const MetadataService: MetadataService;
 export {};
+//# sourceMappingURL=metadataService.d.ts.map

package/esm/services/metadataService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;AA+BjC,KAAK,gBAAgB,GAAG,YAAY,GAAG,QAAQ,CAAC;AAIhD,UAAU,eAAe;IACvB,UAAU,CAAC,IAAI,CAAC,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CACnF;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAoC;IACpD,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,gBAAgB,CAA8B;IAEtD;;;;;;;;;;;;OAYG;IACG,UAAU,CACd,IAAI,GAAE;QACJ,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KAChC,GACL,OAAO,CAAC,IAAI,CAAC;IA+DhB;;;;;OAKG;IACG,YAAY,CAChB,MAAM,EAAE,MAAM,GAAG,UAAU,GAC1B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IA6DzC;;OAEG;YACW,YAAY;IAoE1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgCvB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAWjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/esm/services/metadataService.js

@@ -16,8 +16,8 @@ var SERVICE_STATE;
 })(SERVICE_STATE || (SERVICE_STATE = {}));
 const log = getLogger('MetadataService');
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
  *
  * https://fidoalliance.org/metadata/
  */
@@ -269,5 +269,10 @@ export class BaseMetadataService {
         }
     }
 }
-// Export a service singleton
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
 export const MetadataService = new BaseMetadataService();

package/esm/services/settingsService.d.ts

@@ -1,25 +1,28 @@
 import { AttestationFormat } from '../helpers/decodeAttestationObject.js';
 type RootCertIdentifier = AttestationFormat | 'mds';
-declare class BaseSettingsService {
-    private pemCertificates;
-    constructor();
-    /**
-     * Set potential root certificates for attestation formats that use them. Root certs will be tried
-     * one-by-one when validating a certificate path.
-     *
-     * Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
-     * `Buffer` is passed in it will be converted to PEM format.
-     */
+interface SettingsService {
     setRootCertificates(opts: {
         identifier: RootCertIdentifier;
         certificates: (Uint8Array | string)[];
     }): void;
-    /**
-     * Get any registered root certificates for the specified attestation format
-     */
     getRootCertificates(opts: {
         identifier: RootCertIdentifier;
     }): string[];
 }
-export declare const SettingsService: BaseSettingsService;
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
+export declare const SettingsService: SettingsService;
 export {};
+//# sourceMappingURL=settingsService.d.ts.map

package/esm/services/settingsService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAW1E,KAAK,kBAAkB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAEpD,UAAU,eAAe;IACvB,mBAAmB,CAAC,IAAI,EAAE;QACxB,UAAU,EAAE,kBAAkB,CAAC;QAC/B,YAAY,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAC;KACvC,GAAG,IAAI,CAAC;IACT,mBAAmB,CAAC,IAAI,EAAE;QAAE,UAAU,EAAE,kBAAkB,CAAA;KAAE,GAAG,MAAM,EAAE,CAAC;CACzE;AA4CD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/esm/services/settingsService.js

@@ -42,6 +42,20 @@ class BaseSettingsService {
         return this.pemCertificates.get(identifier) ?? [];
     }
 }
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
 export const SettingsService = new BaseSettingsService();
 // Initialize default certificates
 SettingsService.setRootCertificates({

package/package.json

@@ -1,33 +1,43 @@
 {
-  "module": "./esm/index.js",
-  "main": "./script/index.js",
   "name": "@simplewebauthn/server",
-  "version": "10.0.0",
+  "version": "11.0.0-alpha3",
   "description": "SimpleWebAuthn for Servers",
-  "license": "MIT",
+  "keywords": [
+    "typescript",
+    "webauthn",
+    "passkeys",
+    "fido",
+    "node"
+  ],
   "author": "Matthew Miller <matthew@millerti.me>",
+  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/server#readme",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/MasterKale/SimpleWebAuthn.git",
     "directory": "packages/server"
   },
-  "homepage": "https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/server#readme",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/MasterKale/SimpleWebAuthn/issues"
+  },
+  "main": "./script/index.js",
+  "module": "./esm/index.js",
+  "exports": {
+    ".": {
+      "import": "./esm/index.js",
+      "require": "./script/index.js"
+    },
+    "./helpers": {
+      "import": "./esm/helpers/index.js",
+      "require": "./script/helpers/index.js"
+    }
+  },
   "publishConfig": {
     "access": "public"
   },
   "engines": {
     "node": ">=20.0.0"
   },
-  "bugs": {
-    "url": "https://github.com/MasterKale/SimpleWebAuthn/issues"
-  },
-  "keywords": [
-    "typescript",
-    "webauthn",
-    "passkeys",
-    "fido",
-    "node"
-  ],
   "typesVersions": {
     "*": {
       ".": [
@@ -38,16 +48,6 @@
       ]
     }
   },
-  "exports": {
-    ".": {
-      "import": "./esm/index.js",
-      "require": "./script/index.js"
-    },
-    "./helpers": {
-      "import": "./esm/helpers/index.js",
-      "require": "./script/helpers/index.js"
-    }
-  },
   "dependencies": {
     "@hexagon/base64": "^1.1.27",
     "@levischuck/tiny-cbor": "^0.2.2",
@@ -56,15 +56,11 @@
     "@peculiar/asn1-rsa": "^2.3.8",
     "@peculiar/asn1-schema": "^2.3.8",
     "@peculiar/asn1-x509": "^2.3.8",
-    "@simplewebauthn/types": "^10.0.0",
-    "cross-fetch": "^4.0.0"
+    "cross-fetch": "^4.0.0",
+    "@simplewebauthn/types": "^11.0.0-alpha3"
   },
   "devDependencies": {
-    "@types/node": "^18.11.9",
-    "picocolors": "^1.0.0",
-    "@deno/shim-deno-test": "~0.4.0"
+    "@types/node": "^20.9.0"
   },
-  "scripts": {
-    "test": "node test_runner.js"
-  }
+  "_generatedBy": "dnt@dev"
 }

package/script/authentication/generateAuthenticationOptions.d.ts

@@ -1,4 +1,4 @@
-import type { AuthenticationExtensionsClientInputs, AuthenticatorTransportFuture, Base64URLString, PublicKeyCredentialRequestOptionsJSON, UserVerificationRequirement } from '../deps.js';
+import type { AuthenticationExtensionsClientInputs, AuthenticatorTransportFuture, Base64URLString, PublicKeyCredentialRequestOptionsJSON, UserVerificationRequirement } from '@simplewebauthn/types';
 export type GenerateAuthenticationOptionsOpts = {
     rpID: string;
     allowCredentials?: {
@@ -23,3 +23,4 @@ export type GenerateAuthenticationOptionsOpts = {
  * @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during authentication
  */
 export declare function generateAuthenticationOptions(options: GenerateAuthenticationOptionsOpts): Promise<PublicKeyCredentialRequestOptionsJSON>;
+//# sourceMappingURL=generateAuthenticationOptions.d.ts.map

package/script/authentication/generateAuthenticationOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateAuthenticationOptions.d.ts","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,4BAA4B,EAC5B,eAAe,EACf,qCAAqC,EACrC,2BAA2B,EAC5B,MAAM,uBAAuB,CAAC;AAK/B,MAAM,MAAM,iCAAiC,GAAG;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE;QACjB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;IAC/C,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,wBAAsB,6BAA6B,CACjD,OAAO,EAAE,iCAAiC,GACzC,OAAO,CAAC,qCAAqC,CAAC,CAoChD"}

package/script/authentication/generateAuthenticationOptions.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateAuthenticationOptions = void 0;
+exports.generateAuthenticationOptions = generateAuthenticationOptions;
 const index_js_1 = require("../helpers/iso/index.js");
 const generateChallenge_js_1 = require("../helpers/generateChallenge.js");
 /**
@@ -42,4 +42,3 @@ async function generateAuthenticationOptions(options) {
         extensions,
     };
 }
-exports.generateAuthenticationOptions = generateAuthenticationOptions;

package/script/authentication/verifyAuthenticationResponse.d.ts

@@ -1,11 +1,11 @@
-import type { AuthenticationResponseJSON, AuthenticatorDevice, Base64URLString, CredentialDeviceType, UserVerificationRequirement } from '../deps.js';
+import type { AuthenticationResponseJSON, Base64URLString, CredentialDeviceType, UserVerificationRequirement, WebAuthnCredential } from '@simplewebauthn/types';
 import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
 export type VerifyAuthenticationResponseOpts = {
     response: AuthenticationResponseJSON;
     expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
     expectedOrigin: string | string[];
     expectedRPID: string | string[];
-    authenticator: AuthenticatorDevice;
+    credential: WebAuthnCredential;
     expectedType?: string | string[];
     requireUserVerification?: boolean;
     advancedFIDOConfig?: {
@@ -21,7 +21,7 @@ export type VerifyAuthenticationResponseOpts = {
  * @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateAuthenticationOptions()`
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
- * @param authenticator - An internal {@link AuthenticatorDevice} matching the credential's ID
+ * @param credential - An internal {@link WebAuthnCredential} corresponding to `id` in the authentication response
  * @param expectedType **(Optional)** - The response type expected ('webauthn.get')
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param advancedFIDOConfig **(Optional)** - Options for satisfying more stringent FIDO RP feature requirements
@@ -61,3 +61,4 @@ export type VerifiedAuthenticationResponse = {
         authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs;
     };
 };
+//# sourceMappingURL=verifyAuthenticationResponse.d.ts.map

package/script/authentication/verifyAuthenticationResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyAuthenticationResponse.d.ts","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,eAAe,EACf,oBAAoB,EACpB,2BAA2B,EAC3B,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAO/B,OAAO,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAI3G,MAAM,MAAM,gCAAgC,GAAG;IAC7C,QAAQ,EAAE,0BAA0B,CAAC;IACrC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,UAAU,EAAE,kBAAkB,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,kBAAkB,CAAC,EAAE;QACnB,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;KAChD,CAAC;CACH,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,gCAAgC,GACxC,OAAO,CAAC,8BAA8B,CAAC,CAmNzC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,EAAE;QAClB,YAAY,EAAE,eAAe,CAAC;QAC9B,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC"}

package/script/authentication/verifyAuthenticationResponse.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyAuthenticationResponse = void 0;
+exports.verifyAuthenticationResponse = verifyAuthenticationResponse;
 const decodeClientDataJSON_js_1 = require("../helpers/decodeClientDataJSON.js");
 const toHash_js_1 = require("../helpers/toHash.js");
 const verifySignature_js_1 = require("../helpers/verifySignature.js");
@@ -17,14 +17,14 @@ const index_js_1 = require("../helpers/iso/index.js");
  * @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateAuthenticationOptions()`
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
- * @param authenticator - An internal {@link AuthenticatorDevice} matching the credential's ID
+ * @param credential - An internal {@link WebAuthnCredential} corresponding to `id` in the authentication response
  * @param expectedType **(Optional)** - The response type expected ('webauthn.get')
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param advancedFIDOConfig **(Optional)** - Options for satisfying more stringent FIDO RP feature requirements
  * @param advancedFIDOConfig.userVerification **(Optional)** - Enable alternative rules for evaluating the User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional unless this value is `"required"`
  */
 async function verifyAuthenticationResponse(options) {
-    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, authenticator, requireUserVerification = true, advancedFIDOConfig, } = options;
+    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, credential, requireUserVerification = true, advancedFIDOConfig, } = options;
     const { id, rawId, type: credentialType, response: assertionResponse } = response;
     // Ensure credential specified an ID
     if (!id) {
@@ -144,24 +144,24 @@ async function verifyAuthenticationResponse(options) {
     const clientDataHash = await (0, toHash_js_1.toHash)(index_js_1.isoBase64URL.toBuffer(assertionResponse.clientDataJSON));
     const signatureBase = index_js_1.isoUint8Array.concat([authDataBuffer, clientDataHash]);
     const signature = index_js_1.isoBase64URL.toBuffer(assertionResponse.signature);
-    if ((counter > 0 || authenticator.counter > 0) &&
-        counter <= authenticator.counter) {
+    if ((counter > 0 || credential.counter > 0) &&
+        counter <= credential.counter) {
         // Error out when the counter in the DB is greater than or equal to the counter in the
         // dataStruct. It's related to how the authenticator maintains the number of times its been
         // used for this client. If this happens, then someone's somehow increased the counter
         // on the device without going through this site
-        throw new Error(`Response counter value ${counter} was lower than expected ${authenticator.counter}`);
+        throw new Error(`Response counter value ${counter} was lower than expected ${credential.counter}`);
     }
     const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_js_1.parseBackupFlags)(flags);
     const toReturn = {
         verified: await (0, verifySignature_js_1.verifySignature)({
             signature,
             data: signatureBase,
-            credentialPublicKey: authenticator.credentialPublicKey,
+            credentialPublicKey: credential.publicKey,
         }),
         authenticationInfo: {
             newCounter: counter,
-            credentialID: authenticator.credentialID,
+            credentialID: credential.id,
             userVerified: flags.uv,
             credentialDeviceType,
             credentialBackedUp,
@@ -172,4 +172,3 @@ async function verifyAuthenticationResponse(options) {
     };
     return toReturn;
 }
-exports.verifyAuthenticationResponse = verifyAuthenticationResponse;

package/script/helpers/convertAAGUIDToString.d.ts

@@ -2,3 +2,4 @@
  * Convert the aaguid buffer in authData into a UUID string
  */
 export declare function convertAAGUIDToString(aaguid: Uint8Array): string;
+//# sourceMappingURL=convertAAGUIDToString.d.ts.map

package/script/helpers/convertAAGUIDToString.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"convertAAGUIDToString.d.ts","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAchE"}

package/script/helpers/convertAAGUIDToString.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertAAGUIDToString = void 0;
+exports.convertAAGUIDToString = convertAAGUIDToString;
 const index_js_1 = require("./iso/index.js");
 /**
  * Convert the aaguid buffer in authData into a UUID string
@@ -9,13 +9,12 @@ function convertAAGUIDToString(aaguid) {
     // Raw Hex: adce000235bcc60a648b0b25f1f05503
     const hex = index_js_1.isoUint8Array.toHex(aaguid);
     const segments = [
-        hex.slice(0, 8),
-        hex.slice(8, 12),
-        hex.slice(12, 16),
-        hex.slice(16, 20),
+        hex.slice(0, 8), // 8
+        hex.slice(8, 12), // 4
+        hex.slice(12, 16), // 4
+        hex.slice(16, 20), // 4
         hex.slice(20, 32), // 8
     ];
     // Formatted: adce0002-35bc-c60a-648b-0b25f1f05503
     return segments.join('-');
 }
-exports.convertAAGUIDToString = convertAAGUIDToString;

package/script/helpers/convertCOSEtoPKCS.d.ts

@@ -2,3 +2,4 @@
  * Takes COSE-encoded public key and converts it to PKCS key
  */
 export declare function convertCOSEtoPKCS(cosePublicKey: Uint8Array): Uint8Array;
+//# sourceMappingURL=convertCOSEtoPKCS.d.ts.map

package/script/helpers/convertCOSEtoPKCS.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"convertCOSEtoPKCS.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,UAAU,GAAG,UAAU,CAmBvE"}

package/script/helpers/convertCOSEtoPKCS.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertCOSEtoPKCS = void 0;
+exports.convertCOSEtoPKCS = convertCOSEtoPKCS;
 const index_js_1 = require("./iso/index.js");
 const cose_js_1 = require("./cose.js");
 /**
@@ -22,4 +22,3 @@ function convertCOSEtoPKCS(cosePublicKey) {
     }
     return index_js_1.isoUint8Array.concat([tag, x]);
 }
-exports.convertCOSEtoPKCS = convertCOSEtoPKCS;

package/script/helpers/convertCertBufferToPEM.d.ts

@@ -1,5 +1,6 @@
-import type { Base64URLString } from '../deps.js';
+import type { Base64URLString } from '@simplewebauthn/types';
 /**
  * Convert buffer to an OpenSSL-compatible PEM text format.
  */
 export declare function convertCertBufferToPEM(certBuffer: Uint8Array | Base64URLString): string;
+//# sourceMappingURL=convertCertBufferToPEM.d.ts.map

package/script/helpers/convertCertBufferToPEM.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"convertCertBufferToPEM.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAI7D;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,UAAU,GAAG,eAAe,GACvC,MAAM,CA4BR"}

package/script/helpers/convertCertBufferToPEM.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertCertBufferToPEM = void 0;
+exports.convertCertBufferToPEM = convertCertBufferToPEM;
 const index_js_1 = require("./iso/index.js");
 /**
  * Convert buffer to an OpenSSL-compatible PEM text format.
@@ -32,4 +32,3 @@ function convertCertBufferToPEM(certBuffer) {
     PEMKey = `-----BEGIN CERTIFICATE-----\n${PEMKey}-----END CERTIFICATE-----\n`;
     return PEMKey;
 }
-exports.convertCertBufferToPEM = convertCertBufferToPEM;

package/script/helpers/convertPEMToBytes.d.ts

@@ -2,3 +2,4 @@
  * Take a certificate in PEM format and convert it to bytes
  */
 export declare function convertPEMToBytes(pem: string): Uint8Array;
+//# sourceMappingURL=convertPEMToBytes.d.ts.map