@simplewebauthn/server 11.0.0 → 13.0.0-alpha1

package/esm/registration/verifications/verifyAttestationPacked.d.ts

@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
  * Verify an attestation response with fmt 'packed'
  */
 export declare function verifyAttestationPacked(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationPacked.d.ts.map

package/esm/registration/verifications/verifyAttestationPacked.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyAttestationPacked.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationPacked.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAYtF;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CAyJlB"}

package/esm/registration/verifyRegistrationResponse.d.ts

@@ -1,16 +1,10 @@
-import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../deps.js';
-import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
-import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
-export type VerifyRegistrationResponseOpts = {
-    response: RegistrationResponseJSON;
-    expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
-    expectedOrigin: string | string[];
-    expectedRPID?: string | string[];
-    expectedType?: string | string[];
-    requireUserPresence?: boolean;
-    requireUserVerification?: boolean;
-    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
-};
+import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../types/index.js';
+import { type AttestationFormat, type AttestationStatement } from '../helpers/decodeAttestationObject.js';
+import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
+/**
+ * Configurable options when calling `verifyRegistrationResponse()`
+ */
+export type VerifyRegistrationResponseOpts = Parameters<typeof verifyRegistrationResponse>[0];
 /**
  * Verify that the user has legitimately completed the registration process
  *
@@ -25,7 +19,16 @@ export type VerifyRegistrationResponseOpts = {
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
-export declare function verifyRegistrationResponse(options: VerifyRegistrationResponseOpts): Promise<VerifiedRegistrationResponse>;
+export declare function verifyRegistrationResponse(options: {
+    response: RegistrationResponseJSON;
+    expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
+    expectedOrigin: string | string[];
+    expectedRPID?: string | string[];
+    expectedType?: string | string[];
+    requireUserPresence?: boolean;
+    requireUserVerification?: boolean;
+    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
+}): Promise<VerifiedRegistrationResponse>;
 /**
  * Result of registration verification
  *
@@ -82,3 +85,4 @@ export type AttestationFormatVerifierOpts = {
     rpIdHash: Uint8Array;
     verifyTimestampMS?: boolean;
 };
+//# sourceMappingURL=verifyRegistrationResponse.d.ts.map

package/esm/registration/verifyRegistrationResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAE1B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoBhH;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9F;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE;IACP,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,GACA,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}

package/esm/services/defaultRootCerts/android-key.d.ts

@@ -22,3 +22,4 @@ export declare const Google_Hardware_Attestation_Root_1 = "-----BEGIN CERTIFICAT
  * 1E:F1:A0:4B:8B:A5:8A:B9:45:89:AC:49:8C:89:82:A7:83:F2:4E:A7:30:7E:01:59:A0:C3:A7:3B:37:7D:87:CC
  */
 export declare const Google_Hardware_Attestation_Root_2 = "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAz\nNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud\nIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnu\nXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83U\nh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cno\nL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2ok\nQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vA\nD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAI\nmMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoW\nFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91\noeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09o\njm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUB\nZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCH\nex0SdDrx+tWUDqG8At2JHA==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-key.d.ts.map

package/esm/services/defaultRootCerts/android-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-key.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,u6DA+B9C,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,60DA8B9C,CAAC"}

package/esm/services/defaultRootCerts/android-safetynet.d.ts

@@ -9,3 +9,4 @@
  * EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
  */
 export declare const GlobalSign_Root_CA = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=android-safetynet.d.ts.map

package/esm/services/defaultRootCerts/android-safetynet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"android-safetynet.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-safetynet.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,uwCAqB9B,CAAC"}

package/esm/services/defaultRootCerts/apple.d.ts

@@ -9,3 +9,4 @@
  * 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
  */
 export declare const Apple_WebAuthn_Root_CA = "-----BEGIN CERTIFICATE-----\nMIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w\nHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ\nbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx\nNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG\nA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k\nxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/\npcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk\n2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3\njAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B\n1bWeT0vT\n-----END CERTIFICATE-----\n";
+//# sourceMappingURL=apple.d.ts.map

package/esm/services/defaultRootCerts/apple.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/apple.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,6xBAclC,CAAC"}

package/esm/services/defaultRootCerts/mds.d.ts

@@ -9,3 +9,4 @@
  * CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
  */
 export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\n MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\n A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\n Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\n MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\n A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\n RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\n gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\n KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\n QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\n XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\n DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\n LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\n RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\n jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\n mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\n Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n WD9f\n -----END CERTIFICATE-----\n ";
+//# sourceMappingURL=mds.d.ts.map

package/esm/services/defaultRootCerts/mds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mds.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,4vCAqBhC,CAAC"}

package/esm/services/metadataService.d.ts

@@ -1,16 +1,10 @@
 import type { MetadataStatement } from '../metadata/mdsTypes.js';
-type VerificationMode = 'permissive' | 'strict';
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
- *
- * https://fidoalliance.org/metadata/
+ * Allow MetadataService to accommodate unregistered AAGUIDs (`"permissive"`), or only allow
+ * registered AAGUIDs (`"strict"`). Currently primarily impacts how `getStatement()` operates
  */
-export declare class BaseMetadataService {
-    private mdsCache;
-    private statementCache;
-    private state;
-    private verificationMode;
+export type VerificationMode = 'permissive' | 'strict';
+interface MetadataService {
     /**
      * Prepare the service to handle remote MDS servers and/or cache local metadata statements.
      *
@@ -36,6 +30,24 @@ export declare class BaseMetadataService {
      * BLOB download.
      */
     getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
+}
+/**
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+export declare class BaseMetadataService implements MetadataService {
+    private mdsCache;
+    private statementCache;
+    private state;
+    private verificationMode;
+    initialize(opts?: {
+        mdsServers?: string[];
+        statements?: MetadataStatement[];
+        verificationMode?: VerificationMode;
+    }): Promise<void>;
+    getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
     /**
      * Download and process the latest BLOB from MDS
      */
@@ -49,5 +61,12 @@ export declare class BaseMetadataService {
      */
     private setState;
 }
-export declare const MetadataService: BaseMetadataService;
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+export declare const MetadataService: MetadataService;
 export {};
+//# sourceMappingURL=metadataService.d.ts.map

package/esm/services/metadataService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;AA6BjC;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,QAAQ,CAAC;AAIvD,UAAU,eAAe;IACvB;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,IAAI,CAAC,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB;;;;;OAKG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CACnF;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAoC;IACpD,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,gBAAgB,CAA8B;IAEhD,UAAU,CACd,IAAI,GAAE;QACJ,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KAChC,GACL,OAAO,CAAC,IAAI,CAAC;IA+DV,YAAY,CAChB,MAAM,EAAE,MAAM,GAAG,UAAU,GAC1B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IA6DzC;;OAEG;YACW,YAAY;IAoE1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgCvB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAWjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/esm/services/metadataService.js

@@ -16,8 +16,8 @@ var SERVICE_STATE;
 })(SERVICE_STATE || (SERVICE_STATE = {}));
 const log = getLogger('MetadataService');
 /**
- * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
- * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ * An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
+ * requesting and caching of individual metadata statements.
  *
  * https://fidoalliance.org/metadata/
  */
@@ -48,19 +48,6 @@ export class BaseMetadataService {
             value: 'strict'
         });
     }
-    /**
-     * Prepare the service to handle remote MDS servers and/or cache local metadata statements.
-     *
-     * **Options:**
-     *
-     * @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
-     * (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
-     * @param opts.statements An array of local metadata statements
-     * @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
-     * `"strict"` which throws errors during registration response verification when an
-     * unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
-     * authenticators with unregistered AAGUIDs
-     */
     async initialize(opts = {}) {
         const { mdsServers = [defaultURLMDS], statements, verificationMode } = opts;
         this.setState(SERVICE_STATE.REFRESHING);
@@ -112,12 +99,6 @@ export class BaseMetadataService {
         }
         this.setState(SERVICE_STATE.READY);
     }
-    /**
-     * Get a metadata statement for a given AAGUID.
-     *
-     * This method will coordinate updating the cache as per the `nextUpdate` property in the initial
-     * BLOB download.
-     */
     async getStatement(aaguid) {
         if (this.state === SERVICE_STATE.DISABLED) {
             return;
@@ -269,5 +250,10 @@ export class BaseMetadataService {
         }
     }
 }
-// Export a service singleton
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
 export const MetadataService = new BaseMetadataService();

package/esm/services/settingsService.d.ts

@@ -1,8 +1,6 @@
 import { AttestationFormat } from '../helpers/decodeAttestationObject.js';
-type RootCertIdentifier = AttestationFormat | 'mds';
-declare class BaseSettingsService {
-    private pemCertificates;
-    constructor();
+export type RootCertIdentifier = AttestationFormat | 'mds';
+interface SettingsService {
     /**
      * Set potential root certificates for attestation formats that use them. Root certs will be tried
      * one-by-one when validating a certificate path.
@@ -21,5 +19,20 @@ declare class BaseSettingsService {
         identifier: RootCertIdentifier;
     }): string[];
 }
-export declare const SettingsService: BaseSettingsService;
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
+export declare const SettingsService: SettingsService;
 export {};
+//# sourceMappingURL=settingsService.d.ts.map

package/esm/services/settingsService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAW1E,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAE3D,UAAU,eAAe;IACvB;;;;;;OAMG;IACH,mBAAmB,CAAC,IAAI,EAAE;QACxB,UAAU,EAAE,kBAAkB,CAAC;QAC/B,YAAY,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAC;KACvC,GAAG,IAAI,CAAC;IAET;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE;QAAE,UAAU,EAAE,kBAAkB,CAAA;KAAE,GAAG,MAAM,EAAE,CAAC;CACzE;AAkCD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}

package/esm/services/settingsService.js

@@ -14,13 +14,6 @@ class BaseSettingsService {
         });
         this.pemCertificates = new Map();
     }
-    /**
-     * Set potential root certificates for attestation formats that use them. Root certs will be tried
-     * one-by-one when validating a certificate path.
-     *
-     * Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
-     * `Buffer` is passed in it will be converted to PEM format.
-     */
     setRootCertificates(opts) {
         const { identifier, certificates } = opts;
         const newCertificates = [];
@@ -34,14 +27,25 @@ class BaseSettingsService {
         }
         this.pemCertificates.set(identifier, newCertificates);
     }
-    /**
-     * Get any registered root certificates for the specified attestation format
-     */
     getRootCertificates(opts) {
         const { identifier } = opts;
         return this.pemCertificates.get(identifier) ?? [];
     }
 }
+/**
+ * A basic service for specifying acceptable root certificates for all supported attestation
+ * statement formats.
+ *
+ * In addition, default root certificates are included for the following statement formats:
+ *
+ * - `'android-key'`
+ * - `'android-safetynet'`
+ * - `'apple'`
+ * - `'android-mds'`
+ *
+ * These can be overwritten as needed by setting alternative root certificates for their format
+ * identifier using `setRootCertificates()`.
+ */
 export const SettingsService = new BaseSettingsService();
 // Initialize default certificates
 SettingsService.setRootCertificates({

package/esm/types/dom.d.ts

@@ -0,0 +1,329 @@
+/**
+ * DO NOT MODIFY THESE FILES!
+ *
+ * These files were copied from the **types** package. To update this file, make changes to those
+ * files instead and then run the following command from the monorepo root folder:
+ *
+ * deno task codegen:types
+ */
+/**
+ * Generated from typescript@5.6.3
+ * To regenerate, run the following command from the package root:
+ * deno task extract-dom-types
+ */
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAssertionResponse)
+ */
+export interface AuthenticatorAssertionResponse extends AuthenticatorResponse {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAssertionResponse/authenticatorData) */
+    readonly authenticatorData: ArrayBuffer;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAssertionResponse/signature) */
+    readonly signature: ArrayBuffer;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAssertionResponse/userHandle) */
+    readonly userHandle: ArrayBuffer | null;
+}
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse)
+ */
+export interface AuthenticatorAttestationResponse extends AuthenticatorResponse {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse/attestationObject) */
+    readonly attestationObject: ArrayBuffer;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse/getAuthenticatorData) */
+    getAuthenticatorData(): ArrayBuffer;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse/getPublicKey) */
+    getPublicKey(): ArrayBuffer | null;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse/getPublicKeyAlgorithm) */
+    getPublicKeyAlgorithm(): COSEAlgorithmIdentifier;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorAttestationResponse/getTransports) */
+    getTransports(): string[];
+}
+export interface AuthenticationExtensionsClientInputs {
+    appid?: string;
+    credProps?: boolean;
+    hmacCreateSecret?: boolean;
+    minPinLength?: boolean;
+}
+export interface AuthenticationExtensionsClientOutputs {
+    appid?: boolean;
+    credProps?: CredentialPropertiesOutput;
+    hmacCreateSecret?: boolean;
+}
+export interface AuthenticatorSelectionCriteria {
+    authenticatorAttachment?: AuthenticatorAttachment;
+    requireResidentKey?: boolean;
+    residentKey?: ResidentKeyRequirement;
+    userVerification?: UserVerificationRequirement;
+}
+/**
+ * Basic cryptography features available in the current context. It allows access to a cryptographically strong random number generator and to cryptographic primitives.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Crypto)
+ */
+export interface Crypto {
+    /**
+     * Available only in secure contexts.
+     *
+     * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Crypto/subtle)
+     */
+    readonly subtle: SubtleCrypto;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Crypto/getRandomValues) */
+    getRandomValues<T extends ArrayBufferView | null>(array: T): T;
+    /**
+     * Available only in secure contexts.
+     *
+     * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Crypto/randomUUID)
+     */
+    randomUUID(): `${string}-${string}-${string}-${string}-${string}`;
+}
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/PublicKeyCredential)
+ */
+export interface PublicKeyCredential extends Credential {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/PublicKeyCredential/authenticatorAttachment) */
+    readonly authenticatorAttachment: string | null;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/PublicKeyCredential/rawId) */
+    readonly rawId: ArrayBuffer;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/PublicKeyCredential/response) */
+    readonly response: AuthenticatorResponse;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/PublicKeyCredential/getClientExtensionResults) */
+    getClientExtensionResults(): AuthenticationExtensionsClientOutputs;
+}
+export interface PublicKeyCredentialCreationOptions {
+    attestation?: AttestationConveyancePreference;
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    challenge: BufferSource;
+    excludeCredentials?: PublicKeyCredentialDescriptor[];
+    extensions?: AuthenticationExtensionsClientInputs;
+    pubKeyCredParams: PublicKeyCredentialParameters[];
+    rp: PublicKeyCredentialRpEntity;
+    timeout?: number;
+    user: PublicKeyCredentialUserEntity;
+}
+export interface PublicKeyCredentialDescriptor {
+    id: BufferSource;
+    transports?: AuthenticatorTransport[];
+    type: PublicKeyCredentialType;
+}
+export interface PublicKeyCredentialParameters {
+    alg: COSEAlgorithmIdentifier;
+    type: PublicKeyCredentialType;
+}
+export interface PublicKeyCredentialRequestOptions {
+    allowCredentials?: PublicKeyCredentialDescriptor[];
+    challenge: BufferSource;
+    extensions?: AuthenticationExtensionsClientInputs;
+    rpId?: string;
+    timeout?: number;
+    userVerification?: UserVerificationRequirement;
+}
+export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity {
+    displayName: string;
+    id: BufferSource;
+}
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorResponse)
+ */
+export interface AuthenticatorResponse {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/AuthenticatorResponse/clientDataJSON) */
+    readonly clientDataJSON: ArrayBuffer;
+}
+export interface CredentialPropertiesOutput {
+    rk?: boolean;
+}
+/**
+ * This Web Crypto API interface provides a number of low-level cryptographic functions. It is accessed via the Crypto.subtle properties available in a window context (via Window.crypto).
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto)
+ */
+export interface SubtleCrypto {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/decrypt) */
+    decrypt(algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/deriveBits) */
+    deriveBits(algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params, baseKey: CryptoKey, length: number): Promise<ArrayBuffer>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/deriveKey) */
+    deriveKey(algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params, baseKey: CryptoKey, derivedKeyType: AlgorithmIdentifier | AesDerivedKeyParams | HmacImportParams | HkdfParams | Pbkdf2Params, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/digest) */
+    digest(algorithm: AlgorithmIdentifier, data: BufferSource): Promise<ArrayBuffer>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/encrypt) */
+    encrypt(algorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/exportKey) */
+    exportKey(format: "jwk", key: CryptoKey): Promise<JsonWebKey>;
+    exportKey(format: Exclude<KeyFormat, "jwk">, key: CryptoKey): Promise<ArrayBuffer>;
+    exportKey(format: KeyFormat, key: CryptoKey): Promise<ArrayBuffer | JsonWebKey>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/generateKey) */
+    generateKey(algorithm: "Ed25519", extractable: boolean, keyUsages: ReadonlyArray<"sign" | "verify">): Promise<CryptoKeyPair>;
+    generateKey(algorithm: RsaHashedKeyGenParams | EcKeyGenParams, extractable: boolean, keyUsages: ReadonlyArray<KeyUsage>): Promise<CryptoKeyPair>;
+    generateKey(algorithm: AesKeyGenParams | HmacKeyGenParams | Pbkdf2Params, extractable: boolean, keyUsages: ReadonlyArray<KeyUsage>): Promise<CryptoKey>;
+    generateKey(algorithm: AlgorithmIdentifier, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKeyPair | CryptoKey>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/importKey) */
+    importKey(format: "jwk", keyData: JsonWebKey, algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: ReadonlyArray<KeyUsage>): Promise<CryptoKey>;
+    importKey(format: Exclude<KeyFormat, "jwk">, keyData: BufferSource, algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/sign) */
+    sign(algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams, key: CryptoKey, data: BufferSource): Promise<ArrayBuffer>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/unwrapKey) */
+    unwrapKey(format: KeyFormat, wrappedKey: BufferSource, unwrappingKey: CryptoKey, unwrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams, unwrappedKeyAlgorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/verify) */
+    verify(algorithm: AlgorithmIdentifier | RsaPssParams | EcdsaParams, key: CryptoKey, signature: BufferSource, data: BufferSource): Promise<boolean>;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/SubtleCrypto/wrapKey) */
+    wrapKey(format: KeyFormat, key: CryptoKey, wrappingKey: CryptoKey, wrapAlgorithm: AlgorithmIdentifier | RsaOaepParams | AesCtrParams | AesCbcParams | AesGcmParams): Promise<ArrayBuffer>;
+}
+/**
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Credential)
+ */
+export interface Credential {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Credential/id) */
+    readonly id: string;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/Credential/type) */
+    readonly type: string;
+}
+export interface PublicKeyCredentialRpEntity extends PublicKeyCredentialEntity {
+    id?: string;
+}
+export interface PublicKeyCredentialEntity {
+    name: string;
+}
+export interface RsaOaepParams extends Algorithm {
+    label?: BufferSource;
+}
+export interface AesCtrParams extends Algorithm {
+    counter: BufferSource;
+    length: number;
+}
+export interface AesCbcParams extends Algorithm {
+    iv: BufferSource;
+}
+export interface AesGcmParams extends Algorithm {
+    additionalData?: BufferSource;
+    iv: BufferSource;
+    tagLength?: number;
+}
+/**
+ * The CryptoKey dictionary of the Web Crypto API represents a cryptographic key.
+ * Available only in secure contexts.
+ *
+ * [MDN Reference](https://developer.mozilla.org/docs/Web/API/CryptoKey)
+ */
+export interface CryptoKey {
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/CryptoKey/algorithm) */
+    readonly algorithm: KeyAlgorithm;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/CryptoKey/extractable) */
+    readonly extractable: boolean;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/CryptoKey/type) */
+    readonly type: KeyType;
+    /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/CryptoKey/usages) */
+    readonly usages: KeyUsage[];
+}
+export interface EcdhKeyDeriveParams extends Algorithm {
+    public: CryptoKey;
+}
+export interface HkdfParams extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+    info: BufferSource;
+    salt: BufferSource;
+}
+export interface Pbkdf2Params extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+    iterations: number;
+    salt: BufferSource;
+}
+export interface AesDerivedKeyParams extends Algorithm {
+    length: number;
+}
+export interface HmacImportParams extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+    length?: number;
+}
+export interface JsonWebKey {
+    alg?: string;
+    crv?: string;
+    d?: string;
+    dp?: string;
+    dq?: string;
+    e?: string;
+    ext?: boolean;
+    k?: string;
+    key_ops?: string[];
+    kty?: string;
+    n?: string;
+    oth?: RsaOtherPrimesInfo[];
+    p?: string;
+    q?: string;
+    qi?: string;
+    use?: string;
+    x?: string;
+    y?: string;
+}
+export interface CryptoKeyPair {
+    privateKey: CryptoKey;
+    publicKey: CryptoKey;
+}
+export interface RsaHashedKeyGenParams extends RsaKeyGenParams {
+    hash: HashAlgorithmIdentifier;
+}
+export interface EcKeyGenParams extends Algorithm {
+    namedCurve: NamedCurve;
+}
+export interface AesKeyGenParams extends Algorithm {
+    length: number;
+}
+export interface HmacKeyGenParams extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+    length?: number;
+}
+export interface RsaHashedImportParams extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+}
+export interface EcKeyImportParams extends Algorithm {
+    namedCurve: NamedCurve;
+}
+export interface AesKeyAlgorithm extends KeyAlgorithm {
+    length: number;
+}
+export interface RsaPssParams extends Algorithm {
+    saltLength: number;
+}
+export interface EcdsaParams extends Algorithm {
+    hash: HashAlgorithmIdentifier;
+}
+export interface Algorithm {
+    name: string;
+}
+export interface KeyAlgorithm {
+    name: string;
+}
+export interface RsaOtherPrimesInfo {
+    d?: string;
+    r?: string;
+    t?: string;
+}
+export interface RsaKeyGenParams extends Algorithm {
+    modulusLength: number;
+    publicExponent: BigInteger;
+}
+export type AttestationConveyancePreference = "direct" | "enterprise" | "indirect" | "none";
+export type AuthenticatorTransport = "ble" | "hybrid" | "internal" | "nfc" | "usb";
+export type COSEAlgorithmIdentifier = number;
+export type UserVerificationRequirement = "discouraged" | "preferred" | "required";
+export type AuthenticatorAttachment = "cross-platform" | "platform";
+export type ResidentKeyRequirement = "discouraged" | "preferred" | "required";
+export type BufferSource = ArrayBufferView | ArrayBuffer;
+export type PublicKeyCredentialType = "public-key";
+export type AlgorithmIdentifier = Algorithm | string;
+export type KeyUsage = "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
+export type KeyFormat = "jwk" | "pkcs8" | "raw" | "spki";
+export type KeyType = "private" | "public" | "secret";
+export type HashAlgorithmIdentifier = AlgorithmIdentifier;
+export type NamedCurve = string;
+export type BigInteger = Uint8Array;
+//# sourceMappingURL=dom.d.ts.map