@simplewebauthn/server 10.0.1 → 11.0.0-alpha3

package/script/registration/verifyRegistrationResponse.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyRegistrationResponse = void 0;
+exports.verifyRegistrationResponse = verifyRegistrationResponse;
 const decodeAttestationObject_js_1 = require("../helpers/decodeAttestationObject.js");
 const decodeClientDataJSON_js_1 = require("../helpers/decodeClientDataJSON.js");
 const parseAuthenticatorData_js_1 = require("../helpers/parseAuthenticatorData.js");
@@ -29,11 +29,12 @@ const verifyAttestationApple_js_1 = require("./verifications/verifyAttestationAp
  * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
  * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
  * @param expectedType **(Optional)** - The response type expected ('webauthn.create')
+ * @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
 async function verifyRegistrationResponse(options) {
-    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserVerification = true, supportedAlgorithmIDs = generateRegistrationOptions_js_1.supportedCOSEAlgorithmIdentifiers, } = options;
+    const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserPresence = true, requireUserVerification = true, supportedAlgorithmIDs = generateRegistrationOptions_js_1.supportedCOSEAlgorithmIdentifiers, } = options;
     const { id, rawId, type: credentialType, response: attestationResponse } = response;
     // Ensure credential specified an ID
     if (!id) {
@@ -112,12 +113,12 @@ async function verifyRegistrationResponse(options) {
         matchedRPID = await (0, matchExpectedRPID_js_1.matchExpectedRPID)(rpIdHash, expectedRPIDs);
     }
     // Make sure someone was physically present
-    if (!flags.up) {
-        throw new Error('User not present during registration');
+    if (requireUserPresence && !flags.up) {
+        throw new Error('User presence was required, but user was not present');
     }
     // Enforce user verification if specified
     if (requireUserVerification && !flags.uv) {
-        throw new Error('User verification required, but user could not be verified');
+        throw new Error('User verification was required, but user could not be verified');
     }
     if (!credentialID) {
         throw new Error('No credential ID was provided by authenticator');
@@ -192,11 +193,14 @@ async function verifyRegistrationResponse(options) {
         const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_js_1.parseBackupFlags)(flags);
         toReturn.registrationInfo = {
             fmt,
-            counter,
             aaguid: (0, convertAAGUIDToString_js_1.convertAAGUIDToString)(aaguid),
-            credentialID: index_js_1.isoBase64URL.fromBuffer(credentialID),
-            credentialPublicKey,
             credentialType,
+            credential: {
+                id: index_js_1.isoBase64URL.fromBuffer(credentialID),
+                publicKey: credentialPublicKey,
+                counter,
+                transports: response.response.transports,
+            },
             attestationObject,
             userVerified: flags.uv,
             credentialDeviceType,
@@ -208,4 +212,3 @@ async function verifyRegistrationResponse(options) {
     }
     return toReturn;
 }
-exports.verifyRegistrationResponse = verifyRegistrationResponse;

package/script/services/defaultRootCerts/android-key.d.ts

@@ -22,3 +22,4 @@ export declare const Google_Hardware_Attestation_Root_1 = "-----BEGIN CERTIFICAT
  * 1E:F1:A0:4B:8B:A5:8A:B9:45:89:AC:49:8C:89:82:A7:83:F2:4E:A7:30:7E:01:59:A0:C3:A7:3B:37:7D:87:CC
  */
 export declare const Google_Hardware_Attestation_Root_2 = "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAz\nNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud\nIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnu\nXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83U\nh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cno\nL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2ok\nQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vA\nD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAI\nmMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoW\nFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91\noeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09o\njm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUB\nZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCH\nex0SdDrx+tWUDqG8At2JHA==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-key.d.ts.map

package/script/services/defaultRootCerts/android-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-key.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,u6DA+B9C,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,60DA8B9C,CAAC"}

package/script/services/defaultRootCerts/android-safetynet.d.ts

@@ -9,3 +9,4 @@
  * EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
  */
 export declare const GlobalSign_Root_CA = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-safetynet.d.ts.map

package/script/services/defaultRootCerts/android-safetynet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-safetynet.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-safetynet.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,uwCAqB9B,CAAC"}

package/script/services/defaultRootCerts/apple.d.ts

@@ -9,3 +9,4 @@
  * 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
  */
 export declare const Apple_WebAuthn_Root_CA = "-----BEGIN CERTIFICATE-----\nMIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w\nHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ\nbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx\nNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG\nA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k\nxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/\npcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk\n2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3\njAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B\n1bWeT0vT\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=apple.d.ts.map

package/script/services/defaultRootCerts/apple.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/apple.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,6xBAclC,CAAC"}

package/script/services/defaultRootCerts/mds.d.ts

@@ -9,3 +9,4 @@
  * CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
  */
 export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\n MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\n A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\n Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\n MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\n A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\n RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\n gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\n KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\n QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\n XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\n DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\n LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\n RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\n jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\n mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\n Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n WD9f\n -----END CERTIFICATE-----\n ";
+//# sourceMappingURL=mds.d.ts.map

package/script/services/defaultRootCerts/mds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mds.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,4vCAqBhC,CAAC"}

package/script/services/metadataService.d.ts

@@ -1,12 +1,20 @@
 import type { MetadataStatement } from '../metadata/mdsTypes.js';
 type VerificationMode = 'permissive' | 'strict';
+interface MetadataService {
+    initialize(opts?: {
+        mdsServers?: string[];
+        statements?: MetadataStatement[];
+        verificationMode?: VerificationMode;
+    }): Promise<void>;
+    getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
+}
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
  *
  * https://fidoalliance.org/metadata/
  */
-export declare class BaseMetadataService {
+export declare class BaseMetadataService implements MetadataService {
     private mdsCache;
     private statementCache;
     private state;
@@ -49,5 +57,12 @@ export declare class BaseMetadataService {
      */
     private setState;
 }
-export declare const MetadataService: BaseMetadataService;
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+export declare const MetadataService: MetadataService;
 export {};
+//# sourceMappingURL=metadataService.d.ts.map

package/script/services/metadataService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;AA+BjC,KAAK,gBAAgB,GAAG,YAAY,GAAG,QAAQ,CAAC;AAIhD,UAAU,eAAe;IACvB,UAAU,CAAC,IAAI,CAAC,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CACnF;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAoC;IACpD,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,gBAAgB,CAA8B;IAEtD;;;;;;;;;;;;OAYG;IACG,UAAU,CACd,IAAI,GAAE;QACJ,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KAChC,GACL,OAAO,CAAC,IAAI,CAAC;IA+DhB;;;;;OAKG;IACG,YAAY,CAChB,MAAM,EAAE,MAAM,GAAG,UAAU,GAC1B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IA6DzC;;OAEG;YACW,YAAY;IAoE1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgCvB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAWjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/script/services/metadataService.js

@@ -19,8 +19,8 @@ var SERVICE_STATE;
 })(SERVICE_STATE || (SERVICE_STATE = {}));
 const log = (0, logging_js_1.getLogger)('MetadataService');
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
  *
  * https://fidoalliance.org/metadata/
  */
@@ -273,5 +273,10 @@ class BaseMetadataService {
     }
 }
 exports.BaseMetadataService = BaseMetadataService;
-// Export a service singleton
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
 exports.MetadataService = new BaseMetadataService();

package/script/services/settingsService.d.ts

@@ -1,25 +1,28 @@
 import { AttestationFormat } from '../helpers/decodeAttestationObject.js';
 type RootCertIdentifier = AttestationFormat | 'mds';
-declare class BaseSettingsService {
-    private pemCertificates;
-    constructor();
-    /**
-     * Set potential root certificates for attestation formats that use them. Root certs will be tried
-     * one-by-one when validating a certificate path.
-     *
-     * Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
-     * `Buffer` is passed in it will be converted to PEM format.
-     */
+interface SettingsService {
     setRootCertificates(opts: {
         identifier: RootCertIdentifier;
         certificates: (Uint8Array | string)[];
     }): void;
-    /**
-     * Get any registered root certificates for the specified attestation format
-     */
     getRootCertificates(opts: {
         identifier: RootCertIdentifier;
     }): string[];
 }
-export declare const SettingsService: BaseSettingsService;
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
+export declare const SettingsService: SettingsService;
 export {};
+//# sourceMappingURL=settingsService.d.ts.map

package/script/services/settingsService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAW1E,KAAK,kBAAkB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAEpD,UAAU,eAAe;IACvB,mBAAmB,CAAC,IAAI,EAAE;QACxB,UAAU,EAAE,kBAAkB,CAAC;QAC/B,YAAY,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAC;KACvC,GAAG,IAAI,CAAC;IACT,mBAAmB,CAAC,IAAI,EAAE;QAAE,UAAU,EAAE,kBAAkB,CAAA;KAAE,GAAG,MAAM,EAAE,CAAC;CACzE;AA4CD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/script/services/settingsService.js

@@ -45,6 +45,20 @@ class BaseSettingsService {
         return this.pemCertificates.get(identifier) ?? [];
     }
 }
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
 exports.SettingsService = new BaseSettingsService();
 // Initialize default certificates
 exports.SettingsService.setRootCertificates({

package/esm/deps.d.ts

@@ -1,9 +0,0 @@
-export type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticationResponseJSON, AuthenticatorDevice, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, Crypto, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialParameters, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON, UserVerificationRequirement, } from '@simplewebauthn/types';
-export * as tinyCbor from '@levischuck/tiny-cbor';
-export { default as base64 } from '@hexagon/base64';
-export { fetch as crossFetch } from 'cross-fetch';
-export { AsnParser, AsnSerializer } from '@peculiar/asn1-schema';
-export { AuthorityKeyIdentifier, BasicConstraints, Certificate, CertificateList, CRLDistributionPoints, ExtendedKeyUsage, id_ce_authorityKeyIdentifier, id_ce_basicConstraints, id_ce_cRLDistributionPoints, id_ce_extKeyUsage, id_ce_subjectAltName, id_ce_subjectKeyIdentifier, Name, SubjectAlternativeName, SubjectKeyIdentifier, } from '@peculiar/asn1-x509';
-export { ECDSASigValue, ECParameters, id_ecPublicKey, id_secp256r1, id_secp384r1, } from '@peculiar/asn1-ecc';
-export { RSAPublicKey } from '@peculiar/asn1-rsa';
-export { id_ce_keyDescription, KeyDescription } from '@peculiar/asn1-android';

package/esm/deps.js

@@ -1,12 +0,0 @@
-// tiny_cbor (a.k.a. tiny-cbor in Node land)
-export * as tinyCbor from '@levischuck/tiny-cbor';
-// b64 (a.k.a. @hexagon/base64 in Node land)
-export { default as base64 } from '@hexagon/base64';
-// cross-fetch
-export { fetch as crossFetch } from 'cross-fetch';
-// @peculiar libraries
-export { AsnParser, AsnSerializer } from '@peculiar/asn1-schema';
-export { AuthorityKeyIdentifier, BasicConstraints, Certificate, CertificateList, CRLDistributionPoints, ExtendedKeyUsage, id_ce_authorityKeyIdentifier, id_ce_basicConstraints, id_ce_cRLDistributionPoints, id_ce_extKeyUsage, id_ce_subjectAltName, id_ce_subjectKeyIdentifier, Name, SubjectAlternativeName, SubjectKeyIdentifier, } from '@peculiar/asn1-x509';
-export { ECDSASigValue, ECParameters, id_ecPublicKey, id_secp256r1, id_secp384r1, } from '@peculiar/asn1-ecc';
-export { RSAPublicKey } from '@peculiar/asn1-rsa';
-export { id_ce_keyDescription, KeyDescription } from '@peculiar/asn1-android';

package/script/deps.d.ts

@@ -1,9 +0,0 @@
-export type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticationResponseJSON, AuthenticatorDevice, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, Crypto, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialParameters, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON, UserVerificationRequirement, } from '@simplewebauthn/types';
-export * as tinyCbor from '@levischuck/tiny-cbor';
-export { default as base64 } from '@hexagon/base64';
-export { fetch as crossFetch } from 'cross-fetch';
-export { AsnParser, AsnSerializer } from '@peculiar/asn1-schema';
-export { AuthorityKeyIdentifier, BasicConstraints, Certificate, CertificateList, CRLDistributionPoints, ExtendedKeyUsage, id_ce_authorityKeyIdentifier, id_ce_basicConstraints, id_ce_cRLDistributionPoints, id_ce_extKeyUsage, id_ce_subjectAltName, id_ce_subjectKeyIdentifier, Name, SubjectAlternativeName, SubjectKeyIdentifier, } from '@peculiar/asn1-x509';
-export { ECDSASigValue, ECParameters, id_ecPublicKey, id_secp256r1, id_secp384r1, } from '@peculiar/asn1-ecc';
-export { RSAPublicKey } from '@peculiar/asn1-rsa';
-export { id_ce_keyDescription, KeyDescription } from '@peculiar/asn1-android';

package/script/deps.js

@@ -1,68 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.KeyDescription = exports.id_ce_keyDescription = exports.RSAPublicKey = exports.id_secp384r1 = exports.id_secp256r1 = exports.id_ecPublicKey = exports.ECParameters = exports.ECDSASigValue = exports.SubjectKeyIdentifier = exports.SubjectAlternativeName = exports.Name = exports.id_ce_subjectKeyIdentifier = exports.id_ce_subjectAltName = exports.id_ce_extKeyUsage = exports.id_ce_cRLDistributionPoints = exports.id_ce_basicConstraints = exports.id_ce_authorityKeyIdentifier = exports.ExtendedKeyUsage = exports.CRLDistributionPoints = exports.CertificateList = exports.Certificate = exports.BasicConstraints = exports.AuthorityKeyIdentifier = exports.AsnSerializer = exports.AsnParser = exports.crossFetch = exports.base64 = exports.tinyCbor = void 0;
-// tiny_cbor (a.k.a. tiny-cbor in Node land)
-exports.tinyCbor = __importStar(require("@levischuck/tiny-cbor"));
-// b64 (a.k.a. @hexagon/base64 in Node land)
-var base64_1 = require("@hexagon/base64");
-Object.defineProperty(exports, "base64", { enumerable: true, get: function () { return __importDefault(base64_1).default; } });
-// cross-fetch
-var cross_fetch_1 = require("cross-fetch");
-Object.defineProperty(exports, "crossFetch", { enumerable: true, get: function () { return cross_fetch_1.fetch; } });
-// @peculiar libraries
-var asn1_schema_1 = require("@peculiar/asn1-schema");
-Object.defineProperty(exports, "AsnParser", { enumerable: true, get: function () { return asn1_schema_1.AsnParser; } });
-Object.defineProperty(exports, "AsnSerializer", { enumerable: true, get: function () { return asn1_schema_1.AsnSerializer; } });
-var asn1_x509_1 = require("@peculiar/asn1-x509");
-Object.defineProperty(exports, "AuthorityKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.AuthorityKeyIdentifier; } });
-Object.defineProperty(exports, "BasicConstraints", { enumerable: true, get: function () { return asn1_x509_1.BasicConstraints; } });
-Object.defineProperty(exports, "Certificate", { enumerable: true, get: function () { return asn1_x509_1.Certificate; } });
-Object.defineProperty(exports, "CertificateList", { enumerable: true, get: function () { return asn1_x509_1.CertificateList; } });
-Object.defineProperty(exports, "CRLDistributionPoints", { enumerable: true, get: function () { return asn1_x509_1.CRLDistributionPoints; } });
-Object.defineProperty(exports, "ExtendedKeyUsage", { enumerable: true, get: function () { return asn1_x509_1.ExtendedKeyUsage; } });
-Object.defineProperty(exports, "id_ce_authorityKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.id_ce_authorityKeyIdentifier; } });
-Object.defineProperty(exports, "id_ce_basicConstraints", { enumerable: true, get: function () { return asn1_x509_1.id_ce_basicConstraints; } });
-Object.defineProperty(exports, "id_ce_cRLDistributionPoints", { enumerable: true, get: function () { return asn1_x509_1.id_ce_cRLDistributionPoints; } });
-Object.defineProperty(exports, "id_ce_extKeyUsage", { enumerable: true, get: function () { return asn1_x509_1.id_ce_extKeyUsage; } });
-Object.defineProperty(exports, "id_ce_subjectAltName", { enumerable: true, get: function () { return asn1_x509_1.id_ce_subjectAltName; } });
-Object.defineProperty(exports, "id_ce_subjectKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.id_ce_subjectKeyIdentifier; } });
-Object.defineProperty(exports, "Name", { enumerable: true, get: function () { return asn1_x509_1.Name; } });
-Object.defineProperty(exports, "SubjectAlternativeName", { enumerable: true, get: function () { return asn1_x509_1.SubjectAlternativeName; } });
-Object.defineProperty(exports, "SubjectKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.SubjectKeyIdentifier; } });
-var asn1_ecc_1 = require("@peculiar/asn1-ecc");
-Object.defineProperty(exports, "ECDSASigValue", { enumerable: true, get: function () { return asn1_ecc_1.ECDSASigValue; } });
-Object.defineProperty(exports, "ECParameters", { enumerable: true, get: function () { return asn1_ecc_1.ECParameters; } });
-Object.defineProperty(exports, "id_ecPublicKey", { enumerable: true, get: function () { return asn1_ecc_1.id_ecPublicKey; } });
-Object.defineProperty(exports, "id_secp256r1", { enumerable: true, get: function () { return asn1_ecc_1.id_secp256r1; } });
-Object.defineProperty(exports, "id_secp384r1", { enumerable: true, get: function () { return asn1_ecc_1.id_secp384r1; } });
-var asn1_rsa_1 = require("@peculiar/asn1-rsa");
-Object.defineProperty(exports, "RSAPublicKey", { enumerable: true, get: function () { return asn1_rsa_1.RSAPublicKey; } });
-var asn1_android_1 = require("@peculiar/asn1-android");
-Object.defineProperty(exports, "id_ce_keyDescription", { enumerable: true, get: function () { return asn1_android_1.id_ce_keyDescription; } });
-Object.defineProperty(exports, "KeyDescription", { enumerable: true, get: function () { return asn1_android_1.KeyDescription; } });