@simplewebauthn/server 10.0.1 → 11.0.0-alpha3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (347) hide show
  1. package/README.md +14 -6
  2. package/esm/authentication/generateAuthenticationOptions.d.ts +2 -1
  3. package/esm/authentication/generateAuthenticationOptions.d.ts.map +1 -0
  4. package/esm/authentication/verifyAuthenticationResponse.d.ts +4 -3
  5. package/esm/authentication/verifyAuthenticationResponse.d.ts.map +1 -0
  6. package/esm/authentication/verifyAuthenticationResponse.js +7 -7
  7. package/esm/helpers/convertAAGUIDToString.d.ts +1 -0
  8. package/esm/helpers/convertAAGUIDToString.d.ts.map +1 -0
  9. package/esm/helpers/convertAAGUIDToString.js +4 -4
  10. package/esm/helpers/convertCOSEtoPKCS.d.ts +1 -0
  11. package/esm/helpers/convertCOSEtoPKCS.d.ts.map +1 -0
  12. package/esm/helpers/convertCertBufferToPEM.d.ts +2 -1
  13. package/esm/helpers/convertCertBufferToPEM.d.ts.map +1 -0
  14. package/esm/helpers/convertPEMToBytes.d.ts +1 -0
  15. package/esm/helpers/convertPEMToBytes.d.ts.map +1 -0
  16. package/esm/helpers/convertX509PublicKeyToCOSE.d.ts +1 -0
  17. package/esm/helpers/convertX509PublicKeyToCOSE.d.ts.map +1 -0
  18. package/esm/helpers/convertX509PublicKeyToCOSE.js +4 -1
  19. package/esm/helpers/cose.d.ts +1 -0
  20. package/esm/helpers/cose.d.ts.map +1 -0
  21. package/esm/helpers/decodeAttestationObject.d.ts +1 -0
  22. package/esm/helpers/decodeAttestationObject.d.ts.map +1 -0
  23. package/esm/helpers/decodeAuthenticatorExtensions.d.ts +5 -14
  24. package/esm/helpers/decodeAuthenticatorExtensions.d.ts.map +1 -0
  25. package/esm/helpers/decodeClientDataJSON.d.ts +2 -1
  26. package/esm/helpers/decodeClientDataJSON.d.ts.map +1 -0
  27. package/esm/helpers/decodeCredentialPublicKey.d.ts +1 -0
  28. package/esm/helpers/decodeCredentialPublicKey.d.ts.map +1 -0
  29. package/esm/helpers/fetch.d.ts +1 -0
  30. package/esm/helpers/fetch.d.ts.map +1 -0
  31. package/esm/helpers/fetch.js +1 -1
  32. package/esm/helpers/generateChallenge.d.ts +1 -0
  33. package/esm/helpers/generateChallenge.d.ts.map +1 -0
  34. package/esm/helpers/generateUserID.d.ts +1 -0
  35. package/esm/helpers/generateUserID.d.ts.map +1 -0
  36. package/esm/helpers/getCertificateInfo.d.ts +2 -1
  37. package/esm/helpers/getCertificateInfo.d.ts.map +1 -0
  38. package/esm/helpers/getCertificateInfo.js +2 -1
  39. package/esm/helpers/index.d.ts +1 -0
  40. package/esm/helpers/index.d.ts.map +1 -0
  41. package/esm/helpers/isCertRevoked.d.ts +2 -1
  42. package/esm/helpers/isCertRevoked.d.ts.map +1 -0
  43. package/esm/helpers/isCertRevoked.js +2 -1
  44. package/esm/helpers/iso/index.d.ts +1 -0
  45. package/esm/helpers/iso/index.d.ts.map +1 -0
  46. package/esm/helpers/iso/isoBase64URL.d.ts +2 -1
  47. package/esm/helpers/iso/isoBase64URL.d.ts.map +1 -0
  48. package/esm/helpers/iso/isoBase64URL.js +1 -1
  49. package/esm/helpers/iso/isoCBOR.d.ts +2 -1
  50. package/esm/helpers/iso/isoCBOR.d.ts.map +1 -0
  51. package/esm/helpers/iso/isoCBOR.js +1 -1
  52. package/esm/helpers/iso/isoCrypto/digest.d.ts +1 -0
  53. package/esm/helpers/iso/isoCrypto/digest.d.ts.map +1 -0
  54. package/esm/helpers/iso/isoCrypto/getRandomValues.d.ts +1 -0
  55. package/esm/helpers/iso/isoCrypto/getRandomValues.d.ts.map +1 -0
  56. package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts +2 -1
  57. package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts.map +1 -0
  58. package/esm/helpers/iso/isoCrypto/importKey.d.ts +1 -0
  59. package/esm/helpers/iso/isoCrypto/importKey.d.ts.map +1 -0
  60. package/esm/helpers/iso/isoCrypto/index.d.ts +1 -0
  61. package/esm/helpers/iso/isoCrypto/index.d.ts.map +1 -0
  62. package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts +1 -0
  63. package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts.map +1 -0
  64. package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts +1 -0
  65. package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts.map +1 -0
  66. package/esm/helpers/iso/isoCrypto/structs.d.ts +1 -0
  67. package/esm/helpers/iso/isoCrypto/structs.d.ts.map +1 -0
  68. package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts +1 -0
  69. package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map +1 -0
  70. package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.js +2 -1
  71. package/esm/helpers/iso/isoCrypto/verify.d.ts +1 -0
  72. package/esm/helpers/iso/isoCrypto/verify.d.ts.map +1 -0
  73. package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts +1 -0
  74. package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts.map +1 -0
  75. package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts +1 -0
  76. package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts.map +1 -0
  77. package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts +1 -0
  78. package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts.map +1 -0
  79. package/esm/helpers/iso/isoUint8Array.d.ts +1 -0
  80. package/esm/helpers/iso/isoUint8Array.d.ts.map +1 -0
  81. package/esm/helpers/logging.d.ts +1 -0
  82. package/esm/helpers/logging.d.ts.map +1 -0
  83. package/esm/helpers/logging.js +0 -1
  84. package/esm/helpers/mapX509SignatureAlgToCOSEAlg.d.ts +1 -0
  85. package/esm/helpers/mapX509SignatureAlgToCOSEAlg.d.ts.map +1 -0
  86. package/esm/helpers/matchExpectedRPID.d.ts +1 -0
  87. package/esm/helpers/matchExpectedRPID.d.ts.map +1 -0
  88. package/esm/helpers/parseAuthenticatorData.d.ts +1 -0
  89. package/esm/helpers/parseAuthenticatorData.d.ts.map +1 -0
  90. package/esm/helpers/parseAuthenticatorData.js +6 -6
  91. package/esm/helpers/parseBackupFlags.d.ts +2 -1
  92. package/esm/helpers/parseBackupFlags.d.ts.map +1 -0
  93. package/esm/helpers/toHash.d.ts +1 -0
  94. package/esm/helpers/toHash.d.ts.map +1 -0
  95. package/esm/helpers/validateCertificatePath.d.ts +1 -0
  96. package/esm/helpers/validateCertificatePath.d.ts.map +1 -0
  97. package/esm/helpers/validateCertificatePath.js +1 -1
  98. package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts +7 -0
  99. package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts.map +1 -0
  100. package/esm/helpers/validateExtFIDOGenCEAAGUID.js +34 -0
  101. package/esm/helpers/verifySignature.d.ts +1 -0
  102. package/esm/helpers/verifySignature.d.ts.map +1 -0
  103. package/esm/index.d.ts +1 -0
  104. package/esm/index.d.ts.map +1 -0
  105. package/esm/metadata/mdsTypes.d.ts +2 -1
  106. package/esm/metadata/mdsTypes.d.ts.map +1 -0
  107. package/esm/metadata/parseJWT.d.ts +1 -0
  108. package/esm/metadata/parseJWT.d.ts.map +1 -0
  109. package/esm/metadata/verifyAttestationWithMetadata.d.ts +2 -1
  110. package/esm/metadata/verifyAttestationWithMetadata.d.ts.map +1 -0
  111. package/esm/metadata/verifyJWT.d.ts +1 -0
  112. package/esm/metadata/verifyJWT.d.ts.map +1 -0
  113. package/esm/registration/generateRegistrationOptions.d.ts +2 -1
  114. package/esm/registration/generateRegistrationOptions.d.ts.map +1 -0
  115. package/esm/registration/verifications/tpm/constants.d.ts +1 -0
  116. package/esm/registration/verifications/tpm/constants.d.ts.map +1 -0
  117. package/esm/registration/verifications/tpm/constants.js +8 -4
  118. package/esm/registration/verifications/tpm/parseCertInfo.d.ts +1 -0
  119. package/esm/registration/verifications/tpm/parseCertInfo.d.ts.map +1 -0
  120. package/esm/registration/verifications/tpm/parsePubArea.d.ts +1 -0
  121. package/esm/registration/verifications/tpm/parsePubArea.d.ts.map +1 -0
  122. package/esm/registration/verifications/tpm/verifyAttestationTPM.d.ts +1 -0
  123. package/esm/registration/verifications/tpm/verifyAttestationTPM.d.ts.map +1 -0
  124. package/esm/registration/verifications/tpm/verifyAttestationTPM.js +11 -3
  125. package/esm/registration/verifications/verifyAttestationAndroidKey.d.ts +1 -0
  126. package/esm/registration/verifications/verifyAttestationAndroidKey.d.ts.map +1 -0
  127. package/esm/registration/verifications/verifyAttestationAndroidKey.js +3 -1
  128. package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts +1 -0
  129. package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map +1 -0
  130. package/esm/registration/verifications/verifyAttestationApple.d.ts +1 -0
  131. package/esm/registration/verifications/verifyAttestationApple.d.ts.map +1 -0
  132. package/esm/registration/verifications/verifyAttestationApple.js +2 -1
  133. package/esm/registration/verifications/verifyAttestationFIDOU2F.d.ts +1 -0
  134. package/esm/registration/verifications/verifyAttestationFIDOU2F.d.ts.map +1 -0
  135. package/esm/registration/verifications/verifyAttestationPacked.d.ts +1 -0
  136. package/esm/registration/verifications/verifyAttestationPacked.d.ts.map +1 -0
  137. package/esm/registration/verifications/verifyAttestationPacked.js +10 -3
  138. package/esm/registration/verifyRegistrationResponse.d.ts +5 -4
  139. package/esm/registration/verifyRegistrationResponse.d.ts.map +1 -0
  140. package/esm/registration/verifyRegistrationResponse.js +11 -7
  141. package/esm/services/defaultRootCerts/android-key.d.ts +1 -0
  142. package/esm/services/defaultRootCerts/android-key.d.ts.map +1 -0
  143. package/esm/services/defaultRootCerts/android-safetynet.d.ts +1 -0
  144. package/esm/services/defaultRootCerts/android-safetynet.d.ts.map +1 -0
  145. package/esm/services/defaultRootCerts/apple.d.ts +1 -0
  146. package/esm/services/defaultRootCerts/apple.d.ts.map +1 -0
  147. package/esm/services/defaultRootCerts/mds.d.ts +1 -0
  148. package/esm/services/defaultRootCerts/mds.d.ts.map +1 -0
  149. package/esm/services/metadataService.d.ts +19 -4
  150. package/esm/services/metadataService.d.ts.map +1 -0
  151. package/esm/services/metadataService.js +8 -3
  152. package/esm/services/settingsService.d.ts +17 -14
  153. package/esm/services/settingsService.d.ts.map +1 -0
  154. package/esm/services/settingsService.js +14 -0
  155. package/package.json +29 -33
  156. package/script/authentication/generateAuthenticationOptions.d.ts +2 -1
  157. package/script/authentication/generateAuthenticationOptions.d.ts.map +1 -0
  158. package/script/authentication/generateAuthenticationOptions.js +1 -2
  159. package/script/authentication/verifyAuthenticationResponse.d.ts +4 -3
  160. package/script/authentication/verifyAuthenticationResponse.d.ts.map +1 -0
  161. package/script/authentication/verifyAuthenticationResponse.js +8 -9
  162. package/script/helpers/convertAAGUIDToString.d.ts +1 -0
  163. package/script/helpers/convertAAGUIDToString.d.ts.map +1 -0
  164. package/script/helpers/convertAAGUIDToString.js +5 -6
  165. package/script/helpers/convertCOSEtoPKCS.d.ts +1 -0
  166. package/script/helpers/convertCOSEtoPKCS.d.ts.map +1 -0
  167. package/script/helpers/convertCOSEtoPKCS.js +1 -2
  168. package/script/helpers/convertCertBufferToPEM.d.ts +2 -1
  169. package/script/helpers/convertCertBufferToPEM.d.ts.map +1 -0
  170. package/script/helpers/convertCertBufferToPEM.js +1 -2
  171. package/script/helpers/convertPEMToBytes.d.ts +1 -0
  172. package/script/helpers/convertPEMToBytes.d.ts.map +1 -0
  173. package/script/helpers/convertPEMToBytes.js +1 -2
  174. package/script/helpers/convertX509PublicKeyToCOSE.d.ts +1 -0
  175. package/script/helpers/convertX509PublicKeyToCOSE.d.ts.map +1 -0
  176. package/script/helpers/convertX509PublicKeyToCOSE.js +11 -9
  177. package/script/helpers/cose.d.ts +1 -0
  178. package/script/helpers/cose.d.ts.map +1 -0
  179. package/script/helpers/cose.js +11 -11
  180. package/script/helpers/decodeAttestationObject.d.ts +1 -0
  181. package/script/helpers/decodeAttestationObject.d.ts.map +1 -0
  182. package/script/helpers/decodeAttestationObject.js +2 -2
  183. package/script/helpers/decodeAuthenticatorExtensions.d.ts +5 -14
  184. package/script/helpers/decodeAuthenticatorExtensions.d.ts.map +1 -0
  185. package/script/helpers/decodeAuthenticatorExtensions.js +1 -2
  186. package/script/helpers/decodeClientDataJSON.d.ts +2 -1
  187. package/script/helpers/decodeClientDataJSON.d.ts.map +1 -0
  188. package/script/helpers/decodeClientDataJSON.js +2 -2
  189. package/script/helpers/decodeCredentialPublicKey.d.ts +1 -0
  190. package/script/helpers/decodeCredentialPublicKey.d.ts.map +1 -0
  191. package/script/helpers/decodeCredentialPublicKey.js +2 -2
  192. package/script/helpers/fetch.d.ts +1 -0
  193. package/script/helpers/fetch.d.ts.map +1 -0
  194. package/script/helpers/fetch.js +4 -4
  195. package/script/helpers/generateChallenge.d.ts +1 -0
  196. package/script/helpers/generateChallenge.d.ts.map +1 -0
  197. package/script/helpers/generateChallenge.js +2 -2
  198. package/script/helpers/generateUserID.d.ts +1 -0
  199. package/script/helpers/generateUserID.d.ts.map +1 -0
  200. package/script/helpers/generateUserID.js +2 -2
  201. package/script/helpers/getCertificateInfo.d.ts +2 -1
  202. package/script/helpers/getCertificateInfo.d.ts.map +1 -0
  203. package/script/helpers/getCertificateInfo.js +6 -6
  204. package/script/helpers/index.d.ts +1 -0
  205. package/script/helpers/index.d.ts.map +1 -0
  206. package/script/helpers/isCertRevoked.d.ts +2 -1
  207. package/script/helpers/isCertRevoked.d.ts.map +1 -0
  208. package/script/helpers/isCertRevoked.js +10 -10
  209. package/script/helpers/iso/index.d.ts +1 -0
  210. package/script/helpers/iso/index.d.ts.map +1 -0
  211. package/script/helpers/iso/isoBase64URL.d.ts +2 -1
  212. package/script/helpers/iso/isoBase64URL.d.ts.map +1 -0
  213. package/script/helpers/iso/isoBase64URL.js +20 -18
  214. package/script/helpers/iso/isoCBOR.d.ts +2 -1
  215. package/script/helpers/iso/isoCBOR.d.ts.map +1 -0
  216. package/script/helpers/iso/isoCBOR.js +28 -6
  217. package/script/helpers/iso/isoCrypto/digest.d.ts +1 -0
  218. package/script/helpers/iso/isoCrypto/digest.d.ts.map +1 -0
  219. package/script/helpers/iso/isoCrypto/digest.js +1 -2
  220. package/script/helpers/iso/isoCrypto/getRandomValues.d.ts +1 -0
  221. package/script/helpers/iso/isoCrypto/getRandomValues.d.ts.map +1 -0
  222. package/script/helpers/iso/isoCrypto/getRandomValues.js +1 -2
  223. package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts +2 -1
  224. package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts.map +1 -0
  225. package/script/helpers/iso/isoCrypto/getWebCrypto.js +2 -2
  226. package/script/helpers/iso/isoCrypto/importKey.d.ts +1 -0
  227. package/script/helpers/iso/isoCrypto/importKey.d.ts.map +1 -0
  228. package/script/helpers/iso/isoCrypto/importKey.js +1 -2
  229. package/script/helpers/iso/isoCrypto/index.d.ts +1 -0
  230. package/script/helpers/iso/isoCrypto/index.d.ts.map +1 -0
  231. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts +1 -0
  232. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts.map +1 -0
  233. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.js +1 -2
  234. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts +1 -0
  235. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts.map +1 -0
  236. package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.js +1 -2
  237. package/script/helpers/iso/isoCrypto/structs.d.ts +1 -0
  238. package/script/helpers/iso/isoCrypto/structs.d.ts.map +1 -0
  239. package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts +1 -0
  240. package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map +1 -0
  241. package/script/helpers/iso/isoCrypto/unwrapEC2Signature.js +4 -4
  242. package/script/helpers/iso/isoCrypto/verify.d.ts +1 -0
  243. package/script/helpers/iso/isoCrypto/verify.d.ts.map +1 -0
  244. package/script/helpers/iso/isoCrypto/verify.js +1 -2
  245. package/script/helpers/iso/isoCrypto/verifyEC2.d.ts +1 -0
  246. package/script/helpers/iso/isoCrypto/verifyEC2.d.ts.map +1 -0
  247. package/script/helpers/iso/isoCrypto/verifyEC2.js +1 -2
  248. package/script/helpers/iso/isoCrypto/verifyOKP.d.ts +1 -0
  249. package/script/helpers/iso/isoCrypto/verifyOKP.d.ts.map +1 -0
  250. package/script/helpers/iso/isoCrypto/verifyOKP.js +1 -2
  251. package/script/helpers/iso/isoCrypto/verifyRSA.d.ts +1 -0
  252. package/script/helpers/iso/isoCrypto/verifyRSA.d.ts.map +1 -0
  253. package/script/helpers/iso/isoCrypto/verifyRSA.js +1 -2
  254. package/script/helpers/iso/isoUint8Array.d.ts +1 -0
  255. package/script/helpers/iso/isoUint8Array.d.ts.map +1 -0
  256. package/script/helpers/iso/isoUint8Array.js +8 -9
  257. package/script/helpers/logging.d.ts +1 -0
  258. package/script/helpers/logging.d.ts.map +1 -0
  259. package/script/helpers/logging.js +2 -4
  260. package/script/helpers/mapX509SignatureAlgToCOSEAlg.d.ts +1 -0
  261. package/script/helpers/mapX509SignatureAlgToCOSEAlg.d.ts.map +1 -0
  262. package/script/helpers/mapX509SignatureAlgToCOSEAlg.js +1 -2
  263. package/script/helpers/matchExpectedRPID.d.ts +1 -0
  264. package/script/helpers/matchExpectedRPID.d.ts.map +1 -0
  265. package/script/helpers/matchExpectedRPID.js +1 -2
  266. package/script/helpers/parseAuthenticatorData.d.ts +1 -0
  267. package/script/helpers/parseAuthenticatorData.d.ts.map +1 -0
  268. package/script/helpers/parseAuthenticatorData.js +8 -8
  269. package/script/helpers/parseBackupFlags.d.ts +2 -1
  270. package/script/helpers/parseBackupFlags.d.ts.map +1 -0
  271. package/script/helpers/parseBackupFlags.js +2 -2
  272. package/script/helpers/toHash.d.ts +1 -0
  273. package/script/helpers/toHash.d.ts.map +1 -0
  274. package/script/helpers/toHash.js +1 -2
  275. package/script/helpers/validateCertificatePath.d.ts +1 -0
  276. package/script/helpers/validateCertificatePath.d.ts.map +1 -0
  277. package/script/helpers/validateCertificatePath.js +3 -4
  278. package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts +7 -0
  279. package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts.map +1 -0
  280. package/script/helpers/validateExtFIDOGenCEAAGUID.js +37 -0
  281. package/script/helpers/verifySignature.d.ts +1 -0
  282. package/script/helpers/verifySignature.d.ts.map +1 -0
  283. package/script/helpers/verifySignature.js +2 -2
  284. package/script/index.d.ts +1 -0
  285. package/script/index.d.ts.map +1 -0
  286. package/script/metadata/mdsTypes.d.ts +2 -1
  287. package/script/metadata/mdsTypes.d.ts.map +1 -0
  288. package/script/metadata/parseJWT.d.ts +1 -0
  289. package/script/metadata/parseJWT.d.ts.map +1 -0
  290. package/script/metadata/parseJWT.js +1 -2
  291. package/script/metadata/verifyAttestationWithMetadata.d.ts +2 -1
  292. package/script/metadata/verifyAttestationWithMetadata.d.ts.map +1 -0
  293. package/script/metadata/verifyAttestationWithMetadata.js +2 -2
  294. package/script/metadata/verifyJWT.d.ts +1 -0
  295. package/script/metadata/verifyJWT.d.ts.map +1 -0
  296. package/script/metadata/verifyJWT.js +1 -2
  297. package/script/registration/generateRegistrationOptions.d.ts +2 -1
  298. package/script/registration/generateRegistrationOptions.d.ts.map +1 -0
  299. package/script/registration/generateRegistrationOptions.js +2 -2
  300. package/script/registration/verifications/tpm/constants.d.ts +1 -0
  301. package/script/registration/verifications/tpm/constants.d.ts.map +1 -0
  302. package/script/registration/verifications/tpm/constants.js +8 -4
  303. package/script/registration/verifications/tpm/parseCertInfo.d.ts +1 -0
  304. package/script/registration/verifications/tpm/parseCertInfo.d.ts.map +1 -0
  305. package/script/registration/verifications/tpm/parseCertInfo.js +1 -2
  306. package/script/registration/verifications/tpm/parsePubArea.d.ts +1 -0
  307. package/script/registration/verifications/tpm/parsePubArea.d.ts.map +1 -0
  308. package/script/registration/verifications/tpm/parsePubArea.js +1 -2
  309. package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts +1 -0
  310. package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts.map +1 -0
  311. package/script/registration/verifications/tpm/verifyAttestationTPM.js +17 -10
  312. package/script/registration/verifications/verifyAttestationAndroidKey.d.ts +1 -0
  313. package/script/registration/verifications/verifyAttestationAndroidKey.d.ts.map +1 -0
  314. package/script/registration/verifications/verifyAttestationAndroidKey.js +7 -6
  315. package/script/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts +1 -0
  316. package/script/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map +1 -0
  317. package/script/registration/verifications/verifyAttestationAndroidSafetyNet.js +1 -2
  318. package/script/registration/verifications/verifyAttestationApple.d.ts +1 -0
  319. package/script/registration/verifications/verifyAttestationApple.d.ts.map +1 -0
  320. package/script/registration/verifications/verifyAttestationApple.js +4 -4
  321. package/script/registration/verifications/verifyAttestationFIDOU2F.d.ts +1 -0
  322. package/script/registration/verifications/verifyAttestationFIDOU2F.d.ts.map +1 -0
  323. package/script/registration/verifications/verifyAttestationFIDOU2F.js +1 -2
  324. package/script/registration/verifications/verifyAttestationPacked.d.ts +1 -0
  325. package/script/registration/verifications/verifyAttestationPacked.d.ts.map +1 -0
  326. package/script/registration/verifications/verifyAttestationPacked.js +11 -5
  327. package/script/registration/verifyRegistrationResponse.d.ts +5 -4
  328. package/script/registration/verifyRegistrationResponse.d.ts.map +1 -0
  329. package/script/registration/verifyRegistrationResponse.js +12 -9
  330. package/script/services/defaultRootCerts/android-key.d.ts +1 -0
  331. package/script/services/defaultRootCerts/android-key.d.ts.map +1 -0
  332. package/script/services/defaultRootCerts/android-safetynet.d.ts +1 -0
  333. package/script/services/defaultRootCerts/android-safetynet.d.ts.map +1 -0
  334. package/script/services/defaultRootCerts/apple.d.ts +1 -0
  335. package/script/services/defaultRootCerts/apple.d.ts.map +1 -0
  336. package/script/services/defaultRootCerts/mds.d.ts +1 -0
  337. package/script/services/defaultRootCerts/mds.d.ts.map +1 -0
  338. package/script/services/metadataService.d.ts +19 -4
  339. package/script/services/metadataService.d.ts.map +1 -0
  340. package/script/services/metadataService.js +8 -3
  341. package/script/services/settingsService.d.ts +17 -14
  342. package/script/services/settingsService.d.ts.map +1 -0
  343. package/script/services/settingsService.js +14 -0
  344. package/esm/deps.d.ts +0 -9
  345. package/esm/deps.js +0 -12
  346. package/script/deps.d.ts +0 -9
  347. package/script/deps.js +0 -68
package/script/helpers/validateExtFIDOGenCEAAGUID.js ADDED
@@ -0,0 +1,37 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.validateExtFIDOGenCEAAGUID = validateExtFIDOGenCEAAGUID;
4
+ const asn1_schema_1 = require("@peculiar/asn1-schema");
5
+ const index_js_1 = require("./iso/index.js");
6
+ /**
7
+ * Attestation Certificate Extension OID: `id-fido-gen-ce-aaguid`
8
+ *
9
+ * Sourced from https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html#verifying-an-attestation-statement
10
+ */
11
+ const id_fido_gen_ce_aaguid = '1.3.6.1.4.1.45724.1.1.4';
12
+ /**
13
+ * Look for the id-fido-gen-ce-aaguid certificate extension. If it's present then check it against
14
+ * the attestation statement AAGUID.
15
+ */
16
+ function validateExtFIDOGenCEAAGUID(certExtensions, aaguid) {
17
+ // The certificate had no extensions so there's nothing to validate
18
+ if (!certExtensions) {
19
+ return true;
20
+ }
21
+ const extFIDOGenCEAAGUID = certExtensions.find((ext) => ext.extnID === id_fido_gen_ce_aaguid);
22
+ // The extension isn't present so there's nothing to validate
23
+ if (!extFIDOGenCEAAGUID) {
24
+ return true;
25
+ }
26
+ // Parse the extension value
27
+ const parsedExtFIDOGenCEAAGUID = asn1_schema_1.AsnParser.parse(extFIDOGenCEAAGUID.extnValue, asn1_schema_1.OctetString);
28
+ const extValue = new Uint8Array(parsedExtFIDOGenCEAAGUID.buffer);
29
+ // Compare the two values
30
+ const aaguidAndExtAreEqual = index_js_1.isoUint8Array.areEqual(aaguid, extValue);
31
+ if (!aaguidAndExtAreEqual) {
32
+ const _debugExtHex = index_js_1.isoUint8Array.toHex(extValue);
33
+ const _debugAAGUIDHex = index_js_1.isoUint8Array.toHex(aaguid);
34
+ throw new Error(`Certificate extension id-fido-gen-ce-aaguid (${id_fido_gen_ce_aaguid}) value of "${_debugExtHex}" was present but not equal to attestation statement AAGUID value of "${_debugAAGUIDHex}"`);
35
+ }
36
+ return true;
37
+ }
package/script/helpers/verifySignature.d.ts CHANGED
@@ -12,3 +12,4 @@ export declare function verifySignature(opts: {
12
12
  export declare const _verifySignatureInternals: {
13
13
  stubThis: (value: Promise<boolean>) => Promise<boolean>;
14
14
  };
15
+ //# sourceMappingURL=verifySignature.d.ts.map
package/script/helpers/verifySignature.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifySignature.d.ts","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAiB,MAAM,WAAW,CAAC;AAKnD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,CAAC,CAmCnB;AAGD,eAAO,MAAM,yBAAyB;sBAClB,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}
package/script/helpers/verifySignature.js CHANGED
@@ -1,6 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports._verifySignatureInternals = exports.verifySignature = void 0;
3
+ exports._verifySignatureInternals = void 0;
4
+ exports.verifySignature = verifySignature;
4
5
  const index_js_1 = require("./iso/index.js");
5
6
  const decodeCredentialPublicKey_js_1 = require("./decodeCredentialPublicKey.js");
6
7
  const convertX509PublicKeyToCOSE_js_1 = require("./convertX509PublicKeyToCOSE.js");
@@ -29,7 +30,6 @@ function verifySignature(opts) {
29
30
  shaHashOverride: hashAlgorithm,
30
31
  }));
31
32
  }
32
- exports.verifySignature = verifySignature;
33
33
  // Make it possible to stub the return value during testing
34
34
  exports._verifySignatureInternals = {
35
35
  stubThis: (value) => value,
package/script/index.d.ts CHANGED
@@ -15,3 +15,4 @@ import type { MetadataStatement } from './metadata/mdsTypes.js';
15
15
  import type { VerifiedRegistrationResponse, VerifyRegistrationResponseOpts } from './registration/verifyRegistrationResponse.js';
16
16
  import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse.js';
17
17
  export type { GenerateAuthenticationOptionsOpts, GenerateRegistrationOptionsOpts, MetadataStatement, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, VerifyAuthenticationResponseOpts, VerifyRegistrationResponseOpts, };
18
+ //# sourceMappingURL=index.d.ts.map
package/script/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+CAA+C,CAAC;AAC5F,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,4BAA4B,EAC5B,0BAA0B,GAC3B,CAAC;AAEF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AACrG,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mDAAmD,CAAC;AAC3G,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EACV,4BAA4B,EAC5B,8BAA8B,EAC/B,MAAM,8CAA8C,CAAC;AACtD,OAAO,KAAK,EACV,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,kDAAkD,CAAC;AAE1D,YAAY,EACV,iCAAiC,EACjC,+BAA+B,EAC/B,iBAAiB,EACjB,8BAA8B,EAC9B,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,GAC/B,CAAC"}
package/script/metadata/mdsTypes.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { Base64URLString } from '../deps.js';
1
+ import type { Base64URLString } from '@simplewebauthn/types';
2
2
  /**
3
3
  * Metadata Service structures
4
4
  * https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
@@ -214,3 +214,4 @@ export type AuthenticatorGetInfo = {
214
214
  }[];
215
215
  };
216
216
  export {};
217
+ //# sourceMappingURL=mdsTypes.d.ts.map
package/script/metadata/mdsTypes.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}
package/script/metadata/parseJWT.d.ts CHANGED
@@ -2,3 +2,4 @@
2
2
  * Process a JWT into Javascript-friendly data structures
3
3
  */
4
4
  export declare function parseJWT<T1, T2>(jwt: string): [T1, T2, string];
5
+ //# sourceMappingURL=parseJWT.d.ts.map
package/script/metadata/parseJWT.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"parseJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/parseJWT.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CAO9D"}
package/script/metadata/parseJWT.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.parseJWT = void 0;
3
+ exports.parseJWT = parseJWT;
4
4
  const index_js_1 = require("../helpers/iso/index.js");
5
5
  /**
6
6
  * Process a JWT into Javascript-friendly data structures
@@ -13,4 +13,3 @@ function parseJWT(jwt) {
13
13
  parts[2],
14
14
  ];
15
15
  }
16
- exports.parseJWT = parseJWT;
package/script/metadata/verifyAttestationWithMetadata.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { Base64URLString } from '../deps.js';
1
+ import type { Base64URLString } from '@simplewebauthn/types';
2
2
  import type { AlgSign, MetadataStatement } from './mdsTypes.js';
3
3
  import { COSEALG, COSECRV, COSEKTY } from '../helpers/cose.js';
4
4
  /**
@@ -27,3 +27,4 @@ export declare const algSignToCOSEInfoMap: {
27
27
  [key in AlgSign]: COSEInfo;
28
28
  };
29
29
  export {};
30
+ //# sourceMappingURL=verifyAttestationWithMetadata.d.ts.map
package/script/metadata/verifyAttestationWithMetadata.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAY,OAAO,EAAsB,MAAM,oBAAoB,CAAC;AAE7F;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}
package/script/metadata/verifyAttestationWithMetadata.js CHANGED
@@ -1,6 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.algSignToCOSEInfoMap = exports.verifyAttestationWithMetadata = void 0;
3
+ exports.algSignToCOSEInfoMap = void 0;
4
+ exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
4
5
  const convertCertBufferToPEM_js_1 = require("../helpers/convertCertBufferToPEM.js");
5
6
  const validateCertificatePath_js_1 = require("../helpers/validateCertificatePath.js");
6
7
  const decodeCredentialPublicKey_js_1 = require("../helpers/decodeCredentialPublicKey.js");
@@ -119,7 +120,6 @@ async function verifyAttestationWithMetadata({ statement, credentialPublicKey, x
119
120
  }
120
121
  return true;
121
122
  }
122
- exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
123
123
  /**
124
124
  * Convert ALG_SIGN values to COSE info
125
125
  *
package/script/metadata/verifyJWT.d.ts CHANGED
@@ -8,3 +8,4 @@
8
8
  * (Pulled from https://www.rfc-editor.org/rfc/rfc7515#section-4.1.1)
9
9
  */
10
10
  export declare function verifyJWT(jwt: string, leafCert: Uint8Array): Promise<boolean>;
11
+ //# sourceMappingURL=verifyJWT.d.ts.map
package/script/metadata/verifyJWT.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":"AAMA;;;;;;;;GAQG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CA0B7E"}
package/script/metadata/verifyJWT.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyJWT = void 0;
3
+ exports.verifyJWT = verifyJWT;
4
4
  const convertX509PublicKeyToCOSE_js_1 = require("../helpers/convertX509PublicKeyToCOSE.js");
5
5
  const index_js_1 = require("../helpers/iso/index.js");
6
6
  const cose_js_1 = require("../helpers/cose.js");
@@ -38,4 +38,3 @@ function verifyJWT(jwt, leafCert) {
38
38
  const kty = certCOSE.get(cose_js_1.COSEKEYS.kty);
39
39
  throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`);
40
40
  }
41
- exports.verifyJWT = verifyJWT;
package/script/registration/generateRegistrationOptions.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../deps.js';
1
+ import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '@simplewebauthn/types';
2
2
  export type GenerateRegistrationOptionsOpts = {
3
3
  rpName: string;
4
4
  rpID: string;
@@ -41,3 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
41
41
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
42
42
  */
43
43
  export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): Promise<PublicKeyCredentialCreationOptionsJSON>;
44
+ //# sourceMappingURL=generateRegistrationOptions.d.ts.map
package/script/registration/generateRegistrationOptions.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAEvC,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,+BAA+B,GAAG;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,+BAA+B,CAAC;IAClD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,sCAAsC,CAAC,CAiHjD"}
package/script/registration/generateRegistrationOptions.js CHANGED
@@ -1,6 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.generateRegistrationOptions = exports.supportedCOSEAlgorithmIdentifiers = void 0;
3
+ exports.supportedCOSEAlgorithmIdentifiers = void 0;
4
+ exports.generateRegistrationOptions = generateRegistrationOptions;
4
5
  const generateChallenge_js_1 = require("../helpers/generateChallenge.js");
5
6
  const generateUserID_js_1 = require("../helpers/generateUserID.js");
6
7
  const index_js_1 = require("../helpers/iso/index.js");
@@ -161,4 +162,3 @@ async function generateRegistrationOptions(options) {
161
162
  },
162
163
  };
163
164
  }
164
- exports.generateRegistrationOptions = generateRegistrationOptions;
package/script/registration/verifications/tpm/constants.d.ts CHANGED
@@ -45,3 +45,4 @@ export declare const TPM_ECC_CURVE_COSE_CRV_MAP: {
45
45
  [key: string]: number;
46
46
  };
47
47
  export {};
48
+ //# sourceMappingURL=constants.d.ts.map
package/script/registration/verifications/tpm/constants.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAEH;;GAEG;AACH,eAAO,MAAM,MAAM,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAkB3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAsC5C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAUlD,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAiFhE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAM/D,CAAC"}
package/script/registration/verifications/tpm/constants.js CHANGED
@@ -112,6 +112,10 @@ exports.TPM_MANUFACTURERS = {
112
112
  name: 'IBM',
113
113
  id: 'IBM',
114
114
  },
115
+ 'id:49424D00': {
116
+ name: 'IBM',
117
+ id: 'IBM',
118
+ },
115
119
  'id:49465800': {
116
120
  name: 'Infineon',
117
121
  id: 'IFX',
@@ -177,9 +181,9 @@ exports.TPM_MANUFACTURERS = {
177
181
  * Match TPM public area curve ID's to `crv` numbers used in COSE public keys
178
182
  */
179
183
  exports.TPM_ECC_CURVE_COSE_CRV_MAP = {
180
- TPM_ECC_NIST_P256: 1,
181
- TPM_ECC_NIST_P384: 2,
182
- TPM_ECC_NIST_P521: 3,
183
- TPM_ECC_BN_P256: 1,
184
+ TPM_ECC_NIST_P256: 1, // p256
185
+ TPM_ECC_NIST_P384: 2, // p384
186
+ TPM_ECC_NIST_P521: 3, // p521
187
+ TPM_ECC_BN_P256: 1, // p256
184
188
  TPM_ECC_SM2_P256: 1, // p256
185
189
  };
package/script/registration/verifications/tpm/parseCertInfo.d.ts CHANGED
@@ -22,3 +22,4 @@ type ParsedCertInfo = {
22
22
  };
23
23
  };
24
24
  export {};
25
+ //# sourceMappingURL=parseCertInfo.d.ts.map
package/script/registration/verifications/tpm/parseCertInfo.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"parseCertInfo.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,UAAU,GAAG,cAAc,CAkElE;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,UAAU,CAAC;IAC5B,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE;QACT,KAAK,EAAE,UAAU,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,UAAU,CAAC;QAC1B,IAAI,EAAE,UAAU,CAAC;QACjB,aAAa,EAAE,UAAU,CAAC;KAC3B,CAAC;CACH,CAAC"}
package/script/registration/verifications/tpm/parseCertInfo.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.parseCertInfo = void 0;
3
+ exports.parseCertInfo = parseCertInfo;
4
4
  const constants_js_1 = require("./constants.js");
5
5
  const index_js_1 = require("../../../helpers/iso/index.js");
6
6
  /**
@@ -59,4 +59,3 @@ function parseCertInfo(certInfo) {
59
59
  attested,
60
60
  };
61
61
  }
62
- exports.parseCertInfo = parseCertInfo;
package/script/registration/verifications/tpm/parsePubArea.d.ts CHANGED
@@ -41,3 +41,4 @@ type ECCParameters = {
41
41
  kdf: string;
42
42
  };
43
43
  export {};
44
+ //# sourceMappingURL=parsePubArea.d.ts.map
package/script/registration/verifications/tpm/parsePubArea.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"parsePubArea.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,GAAG,aAAa,CAyG/D;AAED,KAAK,aAAa,GAAG;IACnB,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,OAAO,CAAC;QACrB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,IAAI,EAAE,OAAO,CAAC;QACd,oBAAoB,EAAE,OAAO,CAAC;QAC9B,UAAU,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE;QACV,GAAG,CAAC,EAAE,aAAa,CAAC;QACpB,GAAG,CAAC,EAAE,aAAa,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,UAAU,CAAC;CACpB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC"}
package/script/registration/verifications/tpm/parsePubArea.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.parsePubArea = void 0;
3
+ exports.parsePubArea = parsePubArea;
4
4
  const constants_js_1 = require("./constants.js");
5
5
  const index_js_1 = require("../../../helpers/iso/index.js");
6
6
  /**
@@ -95,4 +95,3 @@ function parsePubArea(pubArea) {
95
95
  unique,
96
96
  };
97
97
  }
98
- exports.parsePubArea = parsePubArea;
package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts CHANGED
@@ -1,2 +1,3 @@
1
1
  import type { AttestationFormatVerifierOpts } from '../../verifyRegistrationResponse.js';
2
2
  export declare function verifyAttestationTPM(options: AttestationFormatVerifierOpts): Promise<boolean>;
3
+ //# sourceMappingURL=verifyAttestationTPM.d.ts.map
package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationTPM.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAuBzF,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA+VlB"}
package/script/registration/verifications/tpm/verifyAttestationTPM.js CHANGED
@@ -1,7 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationTPM = void 0;
4
- const deps_js_1 = require("../../../deps.js");
3
+ exports.verifyAttestationTPM = verifyAttestationTPM;
4
+ const asn1_schema_1 = require("@peculiar/asn1-schema");
5
+ const asn1_x509_1 = require("@peculiar/asn1-x509");
5
6
  const decodeCredentialPublicKey_js_1 = require("../../../helpers/decodeCredentialPublicKey.js");
6
7
  const cose_js_1 = require("../../../helpers/cose.js");
7
8
  const toHash_js_1 = require("../../../helpers/toHash.js");
@@ -10,6 +11,7 @@ const validateCertificatePath_js_1 = require("../../../helpers/validateCertifica
10
11
  const getCertificateInfo_js_1 = require("../../../helpers/getCertificateInfo.js");
11
12
  const verifySignature_js_1 = require("../../../helpers/verifySignature.js");
12
13
  const index_js_1 = require("../../../helpers/iso/index.js");
14
+ const validateExtFIDOGenCEAAGUID_js_1 = require("../../../helpers/validateExtFIDOGenCEAAGUID.js");
13
15
  const metadataService_js_1 = require("../../../services/metadataService.js");
14
16
  const verifyAttestationWithMetadata_js_1 = require("../../../metadata/verifyAttestationWithMetadata.js");
15
17
  const constants_js_1 = require("./constants.js");
@@ -170,18 +172,18 @@ async function verifyAttestationTPM(options) {
170
172
  /**
171
173
  * Plumb the depths of the certificate's ASN.1-formatted data for some values we need to verify
172
174
  */
173
- const parsedCert = deps_js_1.AsnParser.parse(x5c[0], deps_js_1.Certificate);
175
+ const parsedCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
174
176
  if (!parsedCert.tbsCertificate.extensions) {
175
177
  throw new Error('Certificate was missing extensions (TPM)');
176
178
  }
177
179
  let subjectAltNamePresent;
178
180
  let extKeyUsage;
179
181
  parsedCert.tbsCertificate.extensions.forEach((ext) => {
180
- if (ext.extnID === deps_js_1.id_ce_subjectAltName) {
181
- subjectAltNamePresent = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.SubjectAlternativeName);
182
+ if (ext.extnID === asn1_x509_1.id_ce_subjectAltName) {
183
+ subjectAltNamePresent = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.SubjectAlternativeName);
182
184
  }
183
- else if (ext.extnID === deps_js_1.id_ce_extKeyUsage) {
184
- extKeyUsage = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.ExtendedKeyUsage);
185
+ else if (ext.extnID === asn1_x509_1.id_ce_extKeyUsage) {
186
+ extKeyUsage = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.ExtendedKeyUsage);
185
187
  }
186
188
  });
187
189
  // Check that certificate contains subjectAltName (2.5.29.17) extension,
@@ -209,8 +211,14 @@ async function verifyAttestationTPM(options) {
209
211
  if (extKeyUsage[0] !== '2.23.133.8.3') {
210
212
  throw new Error(`Unexpected extKeyUsage "${extKeyUsage[0]}", expected "2.23.133.8.3" (TPM)`);
211
213
  }
212
- // TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
213
- // that it’s value is set to the same AAGUID as in authData.
214
+ // Validate attestation statement AAGUID against leaf cert AAGUID
215
+ try {
216
+ await (0, validateExtFIDOGenCEAAGUID_js_1.validateExtFIDOGenCEAAGUID)(parsedCert.tbsCertificate.extensions, aaguid);
217
+ }
218
+ catch (err) {
219
+ const _err = err;
220
+ throw new Error(`${_err.message} (TPM)`);
221
+ }
214
222
  // Run some metadata checks if a statement exists for this authenticator
215
223
  const statement = await metadataService_js_1.MetadataService.getStatement(aaguid);
216
224
  if (statement) {
@@ -246,7 +254,6 @@ async function verifyAttestationTPM(options) {
246
254
  hashAlgorithm: alg,
247
255
  });
248
256
  }
249
- exports.verifyAttestationTPM = verifyAttestationTPM;
250
257
  /**
251
258
  * Contain logic for pulling TPM-specific values out of subjectAlternativeName extension
252
259
  */
package/script/registration/verifications/verifyAttestationAndroidKey.d.ts CHANGED
@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
3
3
  * Verify an attestation response with fmt 'android-key'
4
4
  */
5
5
  export declare function verifyAttestationAndroidKey(options: AttestationFormatVerifierOpts): Promise<boolean>;
6
+ //# sourceMappingURL=verifyAttestationAndroidKey.d.ts.map
package/script/registration/verifications/verifyAttestationAndroidKey.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationAndroidKey.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidKey.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAUtF;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA+HlB"}
package/script/registration/verifications/verifyAttestationAndroidKey.js CHANGED
@@ -1,7 +1,9 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationAndroidKey = void 0;
4
- const deps_js_1 = require("../../deps.js");
3
+ exports.verifyAttestationAndroidKey = verifyAttestationAndroidKey;
4
+ const asn1_schema_1 = require("@peculiar/asn1-schema");
5
+ const asn1_x509_1 = require("@peculiar/asn1-x509");
6
+ const asn1_android_1 = require("@peculiar/asn1-android");
5
7
  const convertCertBufferToPEM_js_1 = require("../../helpers/convertCertBufferToPEM.js");
6
8
  const validateCertificatePath_js_1 = require("../../helpers/validateCertificatePath.js");
7
9
  const verifySignature_js_1 = require("../../helpers/verifySignature.js");
@@ -32,7 +34,7 @@ async function verifyAttestationAndroidKey(options) {
32
34
  }
33
35
  // Check that credentialPublicKey matches the public key in the attestation certificate
34
36
  // Find the public cert in the certificate as PKCS
35
- const parsedCert = deps_js_1.AsnParser.parse(x5c[0], deps_js_1.Certificate);
37
+ const parsedCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
36
38
  const parsedCertPubKey = new Uint8Array(parsedCert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey);
37
39
  // Convert the credentialPublicKey to PKCS
38
40
  const credPubKeyPKCS = (0, convertCOSEtoPKCS_js_1.convertCOSEtoPKCS)(credentialPublicKey);
@@ -40,11 +42,11 @@ async function verifyAttestationAndroidKey(options) {
40
42
  throw new Error('Credential public key does not equal leaf cert public key (AndroidKey)');
41
43
  }
42
44
  // Find Android KeyStore Extension in certificate extensions
43
- const extKeyStore = parsedCert.tbsCertificate.extensions?.find((ext) => ext.extnID === deps_js_1.id_ce_keyDescription);
45
+ const extKeyStore = parsedCert.tbsCertificate.extensions?.find((ext) => ext.extnID === asn1_android_1.id_ce_keyDescription);
44
46
  if (!extKeyStore) {
45
47
  throw new Error('Certificate did not contain extKeyStore (AndroidKey)');
46
48
  }
47
- const parsedExtKeyStore = deps_js_1.AsnParser.parse(extKeyStore.extnValue, deps_js_1.KeyDescription);
49
+ const parsedExtKeyStore = asn1_schema_1.AsnParser.parse(extKeyStore.extnValue, asn1_android_1.KeyDescription);
48
50
  // Verify extKeyStore values
49
51
  const { attestationChallenge, teeEnforced, softwareEnforced } = parsedExtKeyStore;
50
52
  if (!index_js_1.isoUint8Array.areEqual(new Uint8Array(attestationChallenge.buffer), clientDataHash)) {
@@ -91,4 +93,3 @@ async function verifyAttestationAndroidKey(options) {
91
93
  hashAlgorithm: alg,
92
94
  });
93
95
  }
94
- exports.verifyAttestationAndroidKey = verifyAttestationAndroidKey;
package/script/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts CHANGED
@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
3
3
  * Verify an attestation response with fmt 'android-safetynet'
4
4
  */
5
5
  export declare function verifyAttestationAndroidSafetyNet(options: AttestationFormatVerifierOpts): Promise<boolean>;
6
+ //# sourceMappingURL=verifyAttestationAndroidSafetyNet.d.ts.map
package/script/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationAndroidSafetyNet.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAWtF;;GAEG;AACH,wBAAsB,iCAAiC,CACrD,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA2IlB"}
package/script/registration/verifications/verifyAttestationAndroidSafetyNet.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationAndroidSafetyNet = void 0;
3
+ exports.verifyAttestationAndroidSafetyNet = verifyAttestationAndroidSafetyNet;
4
4
  const toHash_js_1 = require("../../helpers/toHash.js");
5
5
  const verifySignature_js_1 = require("../../helpers/verifySignature.js");
6
6
  const getCertificateInfo_js_1 = require("../../helpers/getCertificateInfo.js");
@@ -113,4 +113,3 @@ async function verifyAttestationAndroidSafetyNet(options) {
113
113
  */
114
114
  return verified;
115
115
  }
116
- exports.verifyAttestationAndroidSafetyNet = verifyAttestationAndroidSafetyNet;
package/script/registration/verifications/verifyAttestationApple.d.ts CHANGED
@@ -1,2 +1,3 @@
1
1
  import type { AttestationFormatVerifierOpts } from '../verifyRegistrationResponse.js';
2
2
  export declare function verifyAttestationApple(options: AttestationFormatVerifierOpts): Promise<boolean>;
3
+ //# sourceMappingURL=verifyAttestationApple.d.ts.map
package/script/registration/verifications/verifyAttestationApple.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationApple.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationApple.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAOtF,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA6ElB"}
package/script/registration/verifications/verifyAttestationApple.js CHANGED
@@ -1,7 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationApple = void 0;
4
- const deps_js_1 = require("../../deps.js");
3
+ exports.verifyAttestationApple = verifyAttestationApple;
4
+ const asn1_schema_1 = require("@peculiar/asn1-schema");
5
+ const asn1_x509_1 = require("@peculiar/asn1-x509");
5
6
  const validateCertificatePath_js_1 = require("../../helpers/validateCertificatePath.js");
6
7
  const convertCertBufferToPEM_js_1 = require("../../helpers/convertCertBufferToPEM.js");
7
8
  const toHash_js_1 = require("../../helpers/toHash.js");
@@ -26,7 +27,7 @@ async function verifyAttestationApple(options) {
26
27
  /**
27
28
  * Compare nonce in certificate extension to computed nonce
28
29
  */
29
- const parsedCredCert = deps_js_1.AsnParser.parse(x5c[0], deps_js_1.Certificate);
30
+ const parsedCredCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
30
31
  const { extensions, subjectPublicKeyInfo } = parsedCredCert.tbsCertificate;
31
32
  if (!extensions) {
32
33
  throw new Error('credCert missing extensions (Apple)');
@@ -58,4 +59,3 @@ async function verifyAttestationApple(options) {
58
59
  }
59
60
  return true;
60
61
  }
61
- exports.verifyAttestationApple = verifyAttestationApple;
package/script/registration/verifications/verifyAttestationFIDOU2F.d.ts CHANGED
@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
3
3
  * Verify an attestation response with fmt 'fido-u2f'
4
4
  */
5
5
  export declare function verifyAttestationFIDOU2F(options: AttestationFormatVerifierOpts): Promise<boolean>;
6
+ //# sourceMappingURL=verifyAttestationFIDOU2F.d.ts.map
package/script/registration/verifications/verifyAttestationFIDOU2F.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationFIDOU2F.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationFIDOU2F.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAStF;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA4DlB"}
package/script/registration/verifications/verifyAttestationFIDOU2F.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationFIDOU2F = void 0;
3
+ exports.verifyAttestationFIDOU2F = verifyAttestationFIDOU2F;
4
4
  const convertCOSEtoPKCS_js_1 = require("../../helpers/convertCOSEtoPKCS.js");
5
5
  const convertCertBufferToPEM_js_1 = require("../../helpers/convertCertBufferToPEM.js");
6
6
  const validateCertificatePath_js_1 = require("../../helpers/validateCertificatePath.js");
@@ -49,4 +49,3 @@ async function verifyAttestationFIDOU2F(options) {
49
49
  hashAlgorithm: cose_js_1.COSEALG.ES256,
50
50
  });
51
51
  }
52
- exports.verifyAttestationFIDOU2F = verifyAttestationFIDOU2F;
package/script/registration/verifications/verifyAttestationPacked.d.ts CHANGED
@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
3
3
  * Verify an attestation response with fmt 'packed'
4
4
  */
5
5
  export declare function verifyAttestationPacked(options: AttestationFormatVerifierOpts): Promise<boolean>;
6
+ //# sourceMappingURL=verifyAttestationPacked.d.ts.map
package/script/registration/verifications/verifyAttestationPacked.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyAttestationPacked.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationPacked.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAYtF;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CAyJlB"}
package/script/registration/verifications/verifyAttestationPacked.js CHANGED
@@ -1,12 +1,13 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.verifyAttestationPacked = void 0;
3
+ exports.verifyAttestationPacked = verifyAttestationPacked;
4
4
  const cose_js_1 = require("../../helpers/cose.js");
5
5
  const convertCertBufferToPEM_js_1 = require("../../helpers/convertCertBufferToPEM.js");
6
6
  const validateCertificatePath_js_1 = require("../../helpers/validateCertificatePath.js");
7
7
  const getCertificateInfo_js_1 = require("../../helpers/getCertificateInfo.js");
8
8
  const verifySignature_js_1 = require("../../helpers/verifySignature.js");
9
9
  const index_js_1 = require("../../helpers/iso/index.js");
10
+ const validateExtFIDOGenCEAAGUID_js_1 = require("../../helpers/validateExtFIDOGenCEAAGUID.js");
10
11
  const metadataService_js_1 = require("../../services/metadataService.js");
11
12
  const verifyAttestationWithMetadata_js_1 = require("../../metadata/verifyAttestationWithMetadata.js");
12
13
  /**
@@ -29,7 +30,7 @@ async function verifyAttestationPacked(options) {
29
30
  const signatureBase = index_js_1.isoUint8Array.concat([authData, clientDataHash]);
30
31
  let verified = false;
31
32
  if (x5c) {
32
- const { subject, basicConstraintsCA, version, notBefore, notAfter } = (0, getCertificateInfo_js_1.getCertificateInfo)(x5c[0]);
33
+ const { subject, basicConstraintsCA, version, notBefore, notAfter, parsedCertificate, } = (0, getCertificateInfo_js_1.getCertificateInfo)(x5c[0]);
33
34
  const { OU, CN, O, C } = subject;
34
35
  if (OU !== 'Authenticator Attestation') {
35
36
  throw new Error('Certificate OU was not "Authenticator Attestation" (Packed|Full)');
@@ -57,8 +58,14 @@ async function verifyAttestationPacked(options) {
57
58
  if (notAfter < now) {
58
59
  throw new Error(`Certificate not good after "${notAfter.toString()}" (Packed|Full)`);
59
60
  }
60
- // TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
61
- // that it’s value is set to the same AAGUID as in authData.
61
+ // Validate attestation statement AAGUID against leaf cert AAGUID
62
+ try {
63
+ await (0, validateExtFIDOGenCEAAGUID_js_1.validateExtFIDOGenCEAAGUID)(parsedCertificate.tbsCertificate.extensions, aaguid);
64
+ }
65
+ catch (err) {
66
+ const _err = err;
67
+ throw new Error(`${_err.message} (Packed|Full)`);
68
+ }
62
69
  // If available, validate attestation alg and x5c with info in the metadata statement
63
70
  const statement = await metadataService_js_1.MetadataService.getStatement(aaguid);
64
71
  if (statement) {
@@ -106,4 +113,3 @@ async function verifyAttestationPacked(options) {
106
113
  }
107
114
  return verified;
108
115
  }
109
- exports.verifyAttestationPacked = verifyAttestationPacked;
package/script/registration/verifyRegistrationResponse.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON } from '../deps.js';
1
+ import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '@simplewebauthn/types';
2
2
  import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
3
3
  import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
4
4
  export type VerifyRegistrationResponseOpts = {
@@ -7,6 +7,7 @@ export type VerifyRegistrationResponseOpts = {
7
7
  expectedOrigin: string | string[];
8
8
  expectedRPID?: string | string[];
9
9
  expectedType?: string | string[];
10
+ requireUserPresence?: boolean;
10
11
  requireUserVerification?: boolean;
11
12
  supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
12
13
  };
@@ -20,6 +21,7 @@ export type VerifyRegistrationResponseOpts = {
20
21
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
21
22
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
22
23
  * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
24
+ * @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
23
25
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
24
26
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
25
27
  */
@@ -54,10 +56,8 @@ export type VerifiedRegistrationResponse = {
54
56
  verified: boolean;
55
57
  registrationInfo?: {
56
58
  fmt: AttestationFormat;
57
- counter: number;
58
59
  aaguid: string;
59
- credentialID: Base64URLString;
60
- credentialPublicKey: Uint8Array;
60
+ credential: WebAuthnCredential;
61
61
  credentialType: 'public-key';
62
62
  attestationObject: Uint8Array;
63
63
  userVerified: boolean;
@@ -82,3 +82,4 @@ export type AttestationFormatVerifierOpts = {
82
82
  rpIdHash: Uint8Array;
83
83
  verifyTimestampMS?: boolean;
84
84
  };
85
+ //# sourceMappingURL=verifyRegistrationResponse.d.ts.map
package/script/registration/verifyRegistrationResponse.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EAErB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoB3G,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,8BAA8B,GACtC,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}