npm - @simplewebauthn/server - Versions diffs - 10.0.0 → 11.0.0-alpha3 - Mend

@simplewebauthn/server 10.0.0 → 11.0.0-alpha3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/script/helpers/logging.d.ts CHANGED Viewed

@@ -13,3 +13,4 @@
  * ```
  */
 export declare function getLogger(_name: string): (message: string, ..._rest: unknown[]) => void;
+//# sourceMappingURL=logging.d.ts.map

package/script/helpers/logging.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,CAGvF"}

package/script/helpers/logging.js CHANGED Viewed

@@ -1,8 +1,7 @@
 "use strict";
-// import { debug, Debugger } from '../deps.ts';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getLogger = void 0;
 // const defaultLogger = debug('SimpleWebAuthn');
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLogger = getLogger;
 /**
  * Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
  * consistent naming.
@@ -21,4 +20,3 @@ function getLogger(_name) {
     // This is a noop for now while I search for a better debug logger technique
     return (_message, ..._rest) => { };
 }
-exports.getLogger = getLogger;

package/script/helpers/mapX509SignatureAlgToCOSEAlg.d.ts CHANGED Viewed

@@ -6,3 +6,4 @@ import { COSEALG } from './cose.js';
  * - RSA OIDs: https://oidref.com/1.2.840.113549.1.1
  */
 export declare function mapX509SignatureAlgToCOSEAlg(signatureAlgorithm: string): COSEALG;
+//# sourceMappingURL=mapX509SignatureAlgToCOSEAlg.d.ts.map

package/script/helpers/mapX509SignatureAlgToCOSEAlg.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mapX509SignatureAlgToCOSEAlg.d.ts","sourceRoot":"","sources":["../../src/helpers/mapX509SignatureAlgToCOSEAlg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAC1C,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAwBT"}

package/script/helpers/mapX509SignatureAlgToCOSEAlg.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mapX509SignatureAlgToCOSEAlg = void 0;
+exports.mapX509SignatureAlgToCOSEAlg = mapX509SignatureAlgToCOSEAlg;
 const cose_js_1 = require("./cose.js");
 /**
  * Map X.509 signature algorithm OIDs to COSE algorithm IDs
@@ -36,4 +36,3 @@ function mapX509SignatureAlgToCOSEAlg(signatureAlgorithm) {
     }
     return alg;
 }
-exports.mapX509SignatureAlgToCOSEAlg = mapX509SignatureAlgToCOSEAlg;

package/script/helpers/matchExpectedRPID.d.ts CHANGED Viewed

@@ -5,3 +5,4 @@
  * Raises an `UnexpectedRPIDHash` error if no match is found
  */
 export declare function matchExpectedRPID(rpIDHash: Uint8Array, expectedRPIDs: string[]): Promise<string>;
+//# sourceMappingURL=matchExpectedRPID.d.ts.map

package/script/helpers/matchExpectedRPID.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"matchExpectedRPID.d.ts","sourceRoot":"","sources":["../../src/helpers/matchExpectedRPID.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,UAAU,EACpB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,MAAM,CAAC,CA8BjB"}

package/script/helpers/matchExpectedRPID.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.matchExpectedRPID = void 0;
+exports.matchExpectedRPID = matchExpectedRPID;
 const toHash_js_1 = require("./toHash.js");
 const index_js_1 = require("./iso/index.js");
 /**
@@ -35,7 +35,6 @@ async function matchExpectedRPID(rpIDHash, expectedRPIDs) {
         throw err;
     }
 }
-exports.matchExpectedRPID = matchExpectedRPID;
 class UnexpectedRPIDHash extends Error {
     constructor() {
         const message = 'Unexpected RP ID hash';

package/script/helpers/parseAuthenticatorData.d.ts CHANGED Viewed

@@ -26,3 +26,4 @@ export type ParsedAuthenticatorData = {
 export declare const _parseAuthenticatorDataInternals: {
     stubThis: (value: ParsedAuthenticatorData) => ParsedAuthenticatorData;
 };
+//# sourceMappingURL=parseAuthenticatorData.d.ts.map

package/script/helpers/parseAuthenticatorData.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseAuthenticatorData.d.ts","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4CAA4C,EAE7C,MAAM,oCAAoC,CAAC;AAI5C;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAwHzB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,UAAU,CAAC;IACrB,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE;QACL,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,cAAc,CAAC,EAAE,4CAA4C,CAAC;IAC9D,oBAAoB,CAAC,EAAE,UAAU,CAAC;CACnC,CAAC;AAGF,eAAO,MAAM,gCAAgC;sBACzB,uBAAuB;CAC1C,CAAC"}

package/script/helpers/parseAuthenticatorData.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports._parseAuthenticatorDataInternals = exports.parseAuthenticatorData = void 0;
+exports._parseAuthenticatorDataInternals = void 0;
+exports.parseAuthenticatorData = parseAuthenticatorData;
 const decodeAuthenticatorExtensions_js_1 = require("./decodeAuthenticatorExtensions.js");
 const index_js_1 = require("./iso/index.js");
 /**
@@ -18,12 +19,12 @@ function parseAuthenticatorData(authData) {
     // Bit positions can be referenced here:
     // https://www.w3.org/TR/webauthn-2/#flags
     const flags = {
-        up: !!(flagsInt & (1 << 0)),
-        uv: !!(flagsInt & (1 << 2)),
-        be: !!(flagsInt & (1 << 3)),
-        bs: !!(flagsInt & (1 << 4)),
-        at: !!(flagsInt & (1 << 6)),
-        ed: !!(flagsInt & (1 << 7)),
+        up: !!(flagsInt & (1 << 0)), // User Presence
+        uv: !!(flagsInt & (1 << 2)), // User Verified
+        be: !!(flagsInt & (1 << 3)), // Backup Eligibility
+        bs: !!(flagsInt & (1 << 4)), // Backup State
+        at: !!(flagsInt & (1 << 6)), // Attested Credential Data Present
+        ed: !!(flagsInt & (1 << 7)), // Extension Data Present
         flagsInt,
     };
     const counterBuf = authData.slice(pointer, pointer + 4);
@@ -100,7 +101,6 @@ function parseAuthenticatorData(authData) {
         extensionsDataBuffer,
     });
 }
-exports.parseAuthenticatorData = parseAuthenticatorData;
 // Make it possible to stub the return value during testing
 exports._parseAuthenticatorDataInternals = {
     stubThis: (value) => value,

package/script/helpers/parseBackupFlags.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { CredentialDeviceType } from '../deps.js';
+import type { CredentialDeviceType } from '@simplewebauthn/types';
 /**
  * Make sense of Bits 3 and 4 in authenticator indicating:
  *
@@ -17,3 +17,4 @@ export declare function parseBackupFlags({ be, bs }: {
 export declare class InvalidBackupFlags extends Error {
     constructor(message: string);
 }
+//# sourceMappingURL=parseBackupFlags.d.ts.map

package/script/helpers/parseBackupFlags.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseBackupFlags.d.ts","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAElE;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,GAAG;IAC1E,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,kBAAkB,EAAE,OAAO,CAAC;CAC7B,CAeA;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B"}

package/script/helpers/parseBackupFlags.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidBackupFlags = exports.parseBackupFlags = void 0;
+exports.InvalidBackupFlags = void 0;
+exports.parseBackupFlags = parseBackupFlags;
 /**
  * Make sense of Bits 3 and 4 in authenticator indicating:
  *
@@ -20,7 +21,6 @@ function parseBackupFlags({ be, bs }) {
     }
     return { credentialDeviceType, credentialBackedUp };
 }
-exports.parseBackupFlags = parseBackupFlags;
 class InvalidBackupFlags extends Error {
     constructor(message) {
         super(message);

package/script/helpers/toHash.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ import { COSEALG } from './cose.js';
  * SHA-256.
  */
 export declare function toHash(data: Uint8Array | string, algorithm?: COSEALG): Promise<Uint8Array>;
+//# sourceMappingURL=toHash.d.ts.map

package/script/helpers/toHash.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"toHash.d.ts","sourceRoot":"","sources":["../../src/helpers/toHash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;GAGG;AACH,wBAAgB,MAAM,CACpB,IAAI,EAAE,UAAU,GAAG,MAAM,EACzB,SAAS,GAAE,OAAY,GACtB,OAAO,CAAC,UAAU,CAAC,CAQrB"}

package/script/helpers/toHash.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.toHash = void 0;
+exports.toHash = toHash;
 const index_js_1 = require("./iso/index.js");
 /**
  * Returns hash digest of the given data, using the given algorithm when provided. Defaults to using
@@ -13,4 +13,3 @@ function toHash(data, algorithm = -7) {
     const digest = index_js_1.isoCrypto.digest(data, algorithm);
     return digest;
 }
-exports.toHash = toHash;

package/script/helpers/validateCertificatePath.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@
  * @param rootCertificates Possible root certificates to complete the path
  */
 export declare function validateCertificatePath(certificates: string[], rootCertificates?: string[]): Promise<boolean>;
+//# sourceMappingURL=validateCertificatePath.d.ts.map

package/script/helpers/validateCertificatePath.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validateCertificatePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,YAAY,EAAE,MAAM,EAAE,EACtB,gBAAgB,GAAE,MAAM,EAAO,GAC9B,OAAO,CAAC,OAAO,CAAC,CAuClB"}

package/script/helpers/validateCertificatePath.js CHANGED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateCertificatePath = void 0;
-const deps_js_1 = require("../deps.js");
+exports.validateCertificatePath = validateCertificatePath;
+const asn1_schema_1 = require("@peculiar/asn1-schema");
 const isCertRevoked_js_1 = require("./isCertRevoked.js");
 const verifySignature_js_1 = require("./verifySignature.js");
 const mapX509SignatureAlgToCOSEAlg_js_1 = require("./mapX509SignatureAlgToCOSEAlg.js");
@@ -51,7 +51,6 @@ async function validateCertificatePath(certificates, rootCertificates = []) {
     }
     return true;
 }
-exports.validateCertificatePath = validateCertificatePath;
 async function _validatePath(certificates) {
     if (new Set(certificates).size !== certificates.length) {
         throw new Error('Invalid certificate path: found duplicate certificates');
@@ -94,7 +93,7 @@ async function _validatePath(certificates) {
             throw new InvalidSubjectAndIssuer();
         }
         // Verify the subject certificate's signature with the issuer cert's public key
-        const data = deps_js_1.AsnSerializer.serialize(x509Subject.tbsCertificate);
+        const data = asn1_schema_1.AsnSerializer.serialize(x509Subject.tbsCertificate);
         const signature = x509Subject.signatureValue;
         const signatureAlgorithm = (0, mapX509SignatureAlgToCOSEAlg_js_1.mapX509SignatureAlgToCOSEAlg)(x509Subject.signatureAlgorithm.algorithm);
         const issuerCertBytes = (0, convertPEMToBytes_js_1.convertPEMToBytes)(issuerPem);

package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Extensions } from '@peculiar/asn1-x509';
+/**
+ * Look for the id-fido-gen-ce-aaguid certificate extension. If it's present then check it against
+ * the attestation statement AAGUID.
+ */
+export declare function validateExtFIDOGenCEAAGUID(certExtensions: Extensions | undefined, aaguid: Uint8Array): boolean;
+//# sourceMappingURL=validateExtFIDOGenCEAAGUID.d.ts.map

package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validateExtFIDOGenCEAAGUID.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExtFIDOGenCEAAGUID.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAWjD;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,UAAU,GAAG,SAAS,EACtC,MAAM,EAAE,UAAU,GACjB,OAAO,CA6BT"}

package/script/helpers/validateExtFIDOGenCEAAGUID.js ADDED Viewed

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateExtFIDOGenCEAAGUID = validateExtFIDOGenCEAAGUID;
+const asn1_schema_1 = require("@peculiar/asn1-schema");
+const index_js_1 = require("./iso/index.js");
+/**
+ * Attestation Certificate Extension OID: `id-fido-gen-ce-aaguid`
+ *
+ * Sourced from https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html#verifying-an-attestation-statement
+ */
+const id_fido_gen_ce_aaguid = '1.3.6.1.4.1.45724.1.1.4';
+/**
+ * Look for the id-fido-gen-ce-aaguid certificate extension. If it's present then check it against
+ * the attestation statement AAGUID.
+ */
+function validateExtFIDOGenCEAAGUID(certExtensions, aaguid) {
+    // The certificate had no extensions so there's nothing to validate
+    if (!certExtensions) {
+        return true;
+    }
+    const extFIDOGenCEAAGUID = certExtensions.find((ext) => ext.extnID === id_fido_gen_ce_aaguid);
+    // The extension isn't present so there's nothing to validate
+    if (!extFIDOGenCEAAGUID) {
+        return true;
+    }
+    // Parse the extension value
+    const parsedExtFIDOGenCEAAGUID = asn1_schema_1.AsnParser.parse(extFIDOGenCEAAGUID.extnValue, asn1_schema_1.OctetString);
+    const extValue = new Uint8Array(parsedExtFIDOGenCEAAGUID.buffer);
+    // Compare the two values
+    const aaguidAndExtAreEqual = index_js_1.isoUint8Array.areEqual(aaguid, extValue);
+    if (!aaguidAndExtAreEqual) {
+        const _debugExtHex = index_js_1.isoUint8Array.toHex(extValue);
+        const _debugAAGUIDHex = index_js_1.isoUint8Array.toHex(aaguid);
+        throw new Error(`Certificate extension id-fido-gen-ce-aaguid (${id_fido_gen_ce_aaguid}) value of "${_debugExtHex}" was present but not equal to attestation statement AAGUID value of "${_debugAAGUIDHex}"`);
+    }
+    return true;
+}

package/script/helpers/verifySignature.d.ts CHANGED Viewed

@@ -12,3 +12,4 @@ export declare function verifySignature(opts: {
 export declare const _verifySignatureInternals: {
     stubThis: (value: Promise<boolean>) => Promise<boolean>;
 };
+//# sourceMappingURL=verifySignature.d.ts.map

package/script/helpers/verifySignature.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifySignature.d.ts","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAiB,MAAM,WAAW,CAAC;AAKnD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,CAAC,CAmCnB;AAGD,eAAO,MAAM,yBAAyB;sBAClB,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/script/helpers/verifySignature.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports._verifySignatureInternals = exports.verifySignature = void 0;
+exports._verifySignatureInternals = void 0;
+exports.verifySignature = verifySignature;
 const index_js_1 = require("./iso/index.js");
 const decodeCredentialPublicKey_js_1 = require("./decodeCredentialPublicKey.js");
 const convertX509PublicKeyToCOSE_js_1 = require("./convertX509PublicKeyToCOSE.js");
@@ -29,7 +30,6 @@ function verifySignature(opts) {
         shaHashOverride: hashAlgorithm,
     }));
 }
-exports.verifySignature = verifySignature;
 // Make it possible to stub the return value during testing
 exports._verifySignatureInternals = {
     stubThis: (value) => value,

package/script/index.d.ts CHANGED Viewed

@@ -15,3 +15,4 @@ import type { MetadataStatement } from './metadata/mdsTypes.js';
 import type { VerifiedRegistrationResponse, VerifyRegistrationResponseOpts } from './registration/verifyRegistrationResponse.js';
 import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse.js';
 export type { GenerateAuthenticationOptionsOpts, GenerateRegistrationOptionsOpts, MetadataStatement, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, VerifyAuthenticationResponseOpts, VerifyRegistrationResponseOpts, };
+//# sourceMappingURL=index.d.ts.map

package/script/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+CAA+C,CAAC;AAC5F,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,4BAA4B,EAC5B,0BAA0B,GAC3B,CAAC;AAEF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AACrG,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mDAAmD,CAAC;AAC3G,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EACV,4BAA4B,EAC5B,8BAA8B,EAC/B,MAAM,8CAA8C,CAAC;AACtD,OAAO,KAAK,EACV,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,kDAAkD,CAAC;AAE1D,YAAY,EACV,iCAAiC,EACjC,+BAA+B,EAC/B,iBAAiB,EACjB,8BAA8B,EAC9B,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,GAC/B,CAAC"}

package/script/metadata/mdsTypes.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Base64URLString } from '../deps.js';
+import type { Base64URLString } from '@simplewebauthn/types';
 /**
  * Metadata Service structures
  * https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
@@ -214,3 +214,4 @@ export type AuthenticatorGetInfo = {
     }[];
 };
 export {};
+//# sourceMappingURL=mdsTypes.d.ts.map

package/script/metadata/mdsTypes.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}

package/script/metadata/parseJWT.d.ts CHANGED Viewed

@@ -2,3 +2,4 @@
  * Process a JWT into Javascript-friendly data structures
  */
 export declare function parseJWT<T1, T2>(jwt: string): [T1, T2, string];
+//# sourceMappingURL=parseJWT.d.ts.map

package/script/metadata/parseJWT.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"parseJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/parseJWT.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CAO9D"}

package/script/metadata/parseJWT.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseJWT = void 0;
+exports.parseJWT = parseJWT;
 const index_js_1 = require("../helpers/iso/index.js");
 /**
  * Process a JWT into Javascript-friendly data structures
@@ -13,4 +13,3 @@ function parseJWT(jwt) {
         parts[2],
     ];
 }
-exports.parseJWT = parseJWT;

package/script/metadata/verifyAttestationWithMetadata.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Base64URLString } from '../deps.js';
+import type { Base64URLString } from '@simplewebauthn/types';
 import type { AlgSign, MetadataStatement } from './mdsTypes.js';
 import { COSEALG, COSECRV, COSEKTY } from '../helpers/cose.js';
 /**
@@ -27,3 +27,4 @@ export declare const algSignToCOSEInfoMap: {
     [key in AlgSign]: COSEInfo;
 };
 export {};
+//# sourceMappingURL=verifyAttestationWithMetadata.d.ts.map

package/script/metadata/verifyAttestationWithMetadata.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAY,OAAO,EAAsB,MAAM,oBAAoB,CAAC;AAE7F;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}

package/script/metadata/verifyAttestationWithMetadata.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.algSignToCOSEInfoMap = exports.verifyAttestationWithMetadata = void 0;
+exports.algSignToCOSEInfoMap = void 0;
+exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
 const convertCertBufferToPEM_js_1 = require("../helpers/convertCertBufferToPEM.js");
 const validateCertificatePath_js_1 = require("../helpers/validateCertificatePath.js");
 const decodeCredentialPublicKey_js_1 = require("../helpers/decodeCredentialPublicKey.js");
@@ -119,7 +120,6 @@ async function verifyAttestationWithMetadata({ statement, credentialPublicKey, x
     }
     return true;
 }
-exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
 /**
  * Convert ALG_SIGN values to COSE info
  *

package/script/metadata/verifyJWT.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@
  * (Pulled from https://www.rfc-editor.org/rfc/rfc7515#section-4.1.1)
  */
 export declare function verifyJWT(jwt: string, leafCert: Uint8Array): Promise<boolean>;
+//# sourceMappingURL=verifyJWT.d.ts.map

package/script/metadata/verifyJWT.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":"AAMA;;;;;;;;GAQG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CA0B7E"}

package/script/metadata/verifyJWT.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyJWT = void 0;
+exports.verifyJWT = verifyJWT;
 const convertX509PublicKeyToCOSE_js_1 = require("../helpers/convertX509PublicKeyToCOSE.js");
 const index_js_1 = require("../helpers/iso/index.js");
 const cose_js_1 = require("../helpers/cose.js");
@@ -38,4 +38,3 @@ function verifyJWT(jwt, leafCert) {
     const kty = certCOSE.get(cose_js_1.COSEKEYS.kty);
     throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`);
 }
-exports.verifyJWT = verifyJWT;

package/script/registration/generateRegistrationOptions.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../deps.js';
+import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '@simplewebauthn/types';
 export type GenerateRegistrationOptionsOpts = {
     rpName: string;
     rpID: string;
@@ -41,3 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
  */
 export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): Promise<PublicKeyCredentialCreationOptionsJSON>;
+//# sourceMappingURL=generateRegistrationOptions.d.ts.map

package/script/registration/generateRegistrationOptions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAEvC,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,+BAA+B,GAAG;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,+BAA+B,CAAC;IAClD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,sCAAsC,CAAC,CAiHjD"}

package/script/registration/generateRegistrationOptions.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateRegistrationOptions = exports.supportedCOSEAlgorithmIdentifiers = void 0;
+exports.supportedCOSEAlgorithmIdentifiers = void 0;
+exports.generateRegistrationOptions = generateRegistrationOptions;
 const generateChallenge_js_1 = require("../helpers/generateChallenge.js");
 const generateUserID_js_1 = require("../helpers/generateUserID.js");
 const index_js_1 = require("../helpers/iso/index.js");
@@ -161,4 +162,3 @@ async function generateRegistrationOptions(options) {
         },
     };
 }
-exports.generateRegistrationOptions = generateRegistrationOptions;

package/script/registration/verifications/tpm/constants.d.ts CHANGED Viewed

@@ -45,3 +45,4 @@ export declare const TPM_ECC_CURVE_COSE_CRV_MAP: {
     [key: string]: number;
 };
 export {};
+//# sourceMappingURL=constants.d.ts.map

package/script/registration/verifications/tpm/constants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAEH;;GAEG;AACH,eAAO,MAAM,MAAM,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAkB3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAsC5C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAUlD,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAiFhE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAM/D,CAAC"}

package/script/registration/verifications/tpm/constants.js CHANGED Viewed

@@ -112,6 +112,10 @@ exports.TPM_MANUFACTURERS = {
         name: 'IBM',
         id: 'IBM',
     },
+    'id:49424D00': {
+        name: 'IBM',
+        id: 'IBM',
+    },
     'id:49465800': {
         name: 'Infineon',
         id: 'IFX',
@@ -177,9 +181,9 @@ exports.TPM_MANUFACTURERS = {
  * Match TPM public area curve ID's to `crv` numbers used in COSE public keys
  */
 exports.TPM_ECC_CURVE_COSE_CRV_MAP = {
-    TPM_ECC_NIST_P256: 1,
-    TPM_ECC_NIST_P384: 2,
-    TPM_ECC_NIST_P521: 3,
-    TPM_ECC_BN_P256: 1,
+    TPM_ECC_NIST_P256: 1, // p256
+    TPM_ECC_NIST_P384: 2, // p384
+    TPM_ECC_NIST_P521: 3, // p521
+    TPM_ECC_BN_P256: 1, // p256
     TPM_ECC_SM2_P256: 1, // p256
 };

package/script/registration/verifications/tpm/parseCertInfo.d.ts CHANGED Viewed

@@ -22,3 +22,4 @@ type ParsedCertInfo = {
     };
 };
 export {};
+//# sourceMappingURL=parseCertInfo.d.ts.map

package/script/registration/verifications/tpm/parseCertInfo.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseCertInfo.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,UAAU,GAAG,cAAc,CAkElE;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,UAAU,CAAC;IAC5B,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE;QACT,KAAK,EAAE,UAAU,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,UAAU,CAAC;QAC1B,IAAI,EAAE,UAAU,CAAC;QACjB,aAAa,EAAE,UAAU,CAAC;KAC3B,CAAC;CACH,CAAC"}

package/script/registration/verifications/tpm/parseCertInfo.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseCertInfo = void 0;
+exports.parseCertInfo = parseCertInfo;
 const constants_js_1 = require("./constants.js");
 const index_js_1 = require("../../../helpers/iso/index.js");
 /**
@@ -59,4 +59,3 @@ function parseCertInfo(certInfo) {
         attested,
     };
 }
-exports.parseCertInfo = parseCertInfo;

package/script/registration/verifications/tpm/parsePubArea.d.ts CHANGED Viewed

@@ -41,3 +41,4 @@ type ECCParameters = {
     kdf: string;
 };
 export {};
+//# sourceMappingURL=parsePubArea.d.ts.map

package/script/registration/verifications/tpm/parsePubArea.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parsePubArea.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,GAAG,aAAa,CAyG/D;AAED,KAAK,aAAa,GAAG;IACnB,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,OAAO,CAAC;QACrB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,IAAI,EAAE,OAAO,CAAC;QACd,oBAAoB,EAAE,OAAO,CAAC;QAC9B,UAAU,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE;QACV,GAAG,CAAC,EAAE,aAAa,CAAC;QACpB,GAAG,CAAC,EAAE,aAAa,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,UAAU,CAAC;CACpB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC"}

package/script/registration/verifications/tpm/parsePubArea.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parsePubArea = void 0;
+exports.parsePubArea = parsePubArea;
 const constants_js_1 = require("./constants.js");
 const index_js_1 = require("../../../helpers/iso/index.js");
 /**
@@ -95,4 +95,3 @@ function parsePubArea(pubArea) {
         unique,
     };
 }
-exports.parsePubArea = parsePubArea;

package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 import type { AttestationFormatVerifierOpts } from '../../verifyRegistrationResponse.js';
 export declare function verifyAttestationTPM(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationTPM.d.ts.map

package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationTPM.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAuBzF,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA+VlB"}

package/script/registration/verifications/tpm/verifyAttestationTPM.js CHANGED Viewed

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyAttestationTPM = void 0;
-const deps_js_1 = require("../../../deps.js");
+exports.verifyAttestationTPM = verifyAttestationTPM;
+const asn1_schema_1 = require("@peculiar/asn1-schema");
+const asn1_x509_1 = require("@peculiar/asn1-x509");
 const decodeCredentialPublicKey_js_1 = require("../../../helpers/decodeCredentialPublicKey.js");
 const cose_js_1 = require("../../../helpers/cose.js");
 const toHash_js_1 = require("../../../helpers/toHash.js");
@@ -10,6 +11,7 @@ const validateCertificatePath_js_1 = require("../../../helpers/validateCertifica
 const getCertificateInfo_js_1 = require("../../../helpers/getCertificateInfo.js");
 const verifySignature_js_1 = require("../../../helpers/verifySignature.js");
 const index_js_1 = require("../../../helpers/iso/index.js");
+const validateExtFIDOGenCEAAGUID_js_1 = require("../../../helpers/validateExtFIDOGenCEAAGUID.js");
 const metadataService_js_1 = require("../../../services/metadataService.js");
 const verifyAttestationWithMetadata_js_1 = require("../../../metadata/verifyAttestationWithMetadata.js");
 const constants_js_1 = require("./constants.js");
@@ -170,18 +172,18 @@ async function verifyAttestationTPM(options) {
     /**
      * Plumb the depths of the certificate's ASN.1-formatted data for some values we need to verify
      */
-    const parsedCert = deps_js_1.AsnParser.parse(x5c[0], deps_js_1.Certificate);
+    const parsedCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
     if (!parsedCert.tbsCertificate.extensions) {
         throw new Error('Certificate was missing extensions (TPM)');
     }
     let subjectAltNamePresent;
     let extKeyUsage;
     parsedCert.tbsCertificate.extensions.forEach((ext) => {
-        if (ext.extnID === deps_js_1.id_ce_subjectAltName) {
-            subjectAltNamePresent = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.SubjectAlternativeName);
+        if (ext.extnID === asn1_x509_1.id_ce_subjectAltName) {
+            subjectAltNamePresent = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.SubjectAlternativeName);
         }
-        else if (ext.extnID === deps_js_1.id_ce_extKeyUsage) {
-            extKeyUsage = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.ExtendedKeyUsage);
+        else if (ext.extnID === asn1_x509_1.id_ce_extKeyUsage) {
+            extKeyUsage = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.ExtendedKeyUsage);
         }
     });
     // Check that certificate contains subjectAltName (2.5.29.17) extension,
@@ -209,8 +211,14 @@ async function verifyAttestationTPM(options) {
     if (extKeyUsage[0] !== '2.23.133.8.3') {
         throw new Error(`Unexpected extKeyUsage "${extKeyUsage[0]}", expected "2.23.133.8.3" (TPM)`);
     }
-    // TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
-    // that it’s value is set to the same AAGUID as in authData.
+    // Validate attestation statement AAGUID against leaf cert AAGUID
+    try {
+        await (0, validateExtFIDOGenCEAAGUID_js_1.validateExtFIDOGenCEAAGUID)(parsedCert.tbsCertificate.extensions, aaguid);
+    }
+    catch (err) {
+        const _err = err;
+        throw new Error(`${_err.message} (TPM)`);
+    }
     // Run some metadata checks if a statement exists for this authenticator
     const statement = await metadataService_js_1.MetadataService.getStatement(aaguid);
     if (statement) {
@@ -246,7 +254,6 @@ async function verifyAttestationTPM(options) {
         hashAlgorithm: alg,
     });
 }
-exports.verifyAttestationTPM = verifyAttestationTPM;
 /**
  * Contain logic for pulling TPM-specific values out of subjectAlternativeName extension
  */