@simplewebauthn/server 12.0.0 → 13.0.0-alpha1

package/esm/helpers/iso/isoUint8Array.js

@@ -1,3 +1,7 @@
+/**
+ * A runtime-agnostic collection of methods for working with Uint8Arrays
+ * @module
+ */
 /**
  * Make sure two Uint8Arrays are deeply equivalent
  */

package/esm/helpers/parseAuthenticatorData.d.ts

@@ -23,6 +23,10 @@ export type ParsedAuthenticatorData = {
     extensionsData?: AuthenticationExtensionsAuthenticatorOutputs;
     extensionsDataBuffer?: Uint8Array;
 };
+/**
+ * Make it possible to stub the return value during testing
+ * @ignore Don't include this in docs output
+ */
 export declare const _parseAuthenticatorDataInternals: {
     stubThis: (value: ParsedAuthenticatorData) => ParsedAuthenticatorData;
 };

package/esm/helpers/parseAuthenticatorData.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parseAuthenticatorData.d.ts","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4CAA4C,EAE7C,MAAM,oCAAoC,CAAC;AAI5C;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAwHzB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,UAAU,CAAC;IACrB,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE;QACL,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,cAAc,CAAC,EAAE,4CAA4C,CAAC;IAC9D,oBAAoB,CAAC,EAAE,UAAU,CAAC;CACnC,CAAC;AAGF,eAAO,MAAM,gCAAgC;sBACzB,uBAAuB;CAC1C,CAAC"}
+{"version":3,"file":"parseAuthenticatorData.d.ts","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4CAA4C,EAE7C,MAAM,oCAAoC,CAAC;AAI5C;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAwHzB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,UAAU,CAAC;IACrB,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE;QACL,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,cAAc,CAAC,EAAE,4CAA4C,CAAC;IAC9D,oBAAoB,CAAC,EAAE,UAAU,CAAC;CACnC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,gCAAgC;sBACzB,uBAAuB;CAC1C,CAAC"}

package/esm/helpers/parseAuthenticatorData.js

@@ -97,7 +97,10 @@ export function parseAuthenticatorData(authData) {
         extensionsDataBuffer,
     });
 }
-// Make it possible to stub the return value during testing
+/**
+ * Make it possible to stub the return value during testing
+ * @ignore Don't include this in docs output
+ */
 export const _parseAuthenticatorDataInternals = {
     stubThis: (value) => value,
 };

package/esm/helpers/parseBackupFlags.d.ts

@@ -1,4 +1,4 @@
-import type { CredentialDeviceType } from '@simplewebauthn/types';
+import type { CredentialDeviceType } from '../types/index.js';
 /**
  * Make sense of Bits 3 and 4 in authenticator indicating:
  *

package/esm/helpers/parseBackupFlags.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parseBackupFlags.d.ts","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAElE;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,GAAG;IAC1E,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,kBAAkB,EAAE,OAAO,CAAC;CAC7B,CAeA;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B"}
+{"version":3,"file":"parseBackupFlags.d.ts","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAE9D;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,GAAG;IAC1E,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,kBAAkB,EAAE,OAAO,CAAC;CAC7B,CAeA;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B"}

package/esm/helpers/validateCertificatePath.d.ts

@@ -1,7 +1,7 @@
 /**
  * Traverse an array of PEM certificates and ensure they form a proper chain
- * @param certificates Typically the result of `x5c.map(convertASN1toPEM)`
- * @param rootCertificates Possible root certificates to complete the path
+ * @param x5cCertsPEM Typically the result of `x5c.map(convertASN1toPEM)`
+ * @param trustAnchorsPEM PEM-formatted certs that an attestation statement x5c may chain back to
  */
-export declare function validateCertificatePath(certificates: string[], rootCertificates?: string[]): Promise<boolean>;
+export declare function validateCertificatePath(x5cCertsPEM: string[], trustAnchorsPEM?: string[]): Promise<boolean>;
 //# sourceMappingURL=validateCertificatePath.d.ts.map

package/esm/helpers/validateCertificatePath.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validateCertificatePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,YAAY,EAAE,MAAM,EAAE,EACtB,gBAAgB,GAAE,MAAM,EAAO,GAC9B,OAAO,CAAC,OAAO,CAAC,CAuClB"}
+{"version":3,"file":"validateCertificatePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":"AASA;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,WAAW,EAAE,MAAM,EAAE,EACrB,eAAe,GAAE,MAAM,EAAO,GAC7B,OAAO,CAAC,OAAO,CAAC,CAsClB"}

package/esm/helpers/validateCertificatePath.js

@@ -6,23 +6,22 @@ import { getCertificateInfo } from './getCertificateInfo.js';
 import { convertPEMToBytes } from './convertPEMToBytes.js';
 /**
  * Traverse an array of PEM certificates and ensure they form a proper chain
- * @param certificates Typically the result of `x5c.map(convertASN1toPEM)`
- * @param rootCertificates Possible root certificates to complete the path
+ * @param x5cCertsPEM Typically the result of `x5c.map(convertASN1toPEM)`
+ * @param trustAnchorsPEM PEM-formatted certs that an attestation statement x5c may chain back to
  */
-export async function validateCertificatePath(certificates, rootCertificates = []) {
-    if (rootCertificates.length === 0) {
-        // We have no root certs with which to create a full path, so skip path validation
-        // TODO: Is this going to be acceptable default behavior??
+export async function validateCertificatePath(x5cCertsPEM, trustAnchorsPEM = []) {
+    if (trustAnchorsPEM.length === 0) {
+        // We have no trust anchors to chain back to, so skip path validation
         return true;
     }
     let invalidSubjectAndIssuerError = false;
     let certificateNotYetValidOrExpiredErrorMessage = undefined;
-    for (const rootCert of rootCertificates) {
+    for (const anchorPEM of trustAnchorsPEM) {
         try {
-            const certsWithRoot = certificates.concat([rootCert]);
-            await _validatePath(certsWithRoot);
+            const certsWithTrustAnchor = x5cCertsPEM.concat([anchorPEM]);
+            await _validatePath(certsWithTrustAnchor);
             // If we successfully validated a path then there's no need to continue. Reset any existing
-            // errors that were thrown by earlier root certificates
+            // errors that were thrown by earlier trust anchors
             invalidSubjectAndIssuerError = false;
             certificateNotYetValidOrExpiredErrorMessage = undefined;
             break;
@@ -39,7 +38,7 @@ export async function validateCertificatePath(certificates, rootCertificates = [
             }
         }
     }
-    // We tried multiple root certs and none of them worked
+    // We tried multiple trust anchors and none of them worked
     if (invalidSubjectAndIssuerError) {
         throw new InvalidSubjectAndIssuer();
     }
@@ -48,64 +47,81 @@ export async function validateCertificatePath(certificates, rootCertificates = [
     }
     return true;
 }
-async function _validatePath(certificates) {
-    if (new Set(certificates).size !== certificates.length) {
+/**
+ * @param x5cCerts X.509 `x5c` certs in PEM string format
+ * @param anchorCert X.509 trust anchor cert in PEM string format
+ */
+async function _validatePath(x5cCertsWithTrustAnchorPEM) {
+    if (new Set(x5cCertsWithTrustAnchorPEM).size !== x5cCertsWithTrustAnchorPEM.length) {
         throw new Error('Invalid certificate path: found duplicate certificates');
     }
-    // From leaf to root, make sure each cert is issued by the next certificate in the chain
-    for (let i = 0; i < certificates.length; i += 1) {
-        const subjectPem = certificates[i];
-        const isLeafCert = i === 0;
-        const isRootCert = i + 1 >= certificates.length;
-        let issuerPem = '';
-        if (isRootCert) {
-            issuerPem = subjectPem;
-        }
-        else {
-            issuerPem = certificates[i + 1];
-        }
+    // Make sure no certs are revoked, and all are within their time validity window
+    for (const certificatePEM of x5cCertsWithTrustAnchorPEM) {
+        const certInfo = getCertificateInfo(convertPEMToBytes(certificatePEM));
+        await assertCertNotRevoked(certInfo.parsedCertificate);
+        assertCertIsWithinValidTimeWindow(certInfo, certificatePEM);
+    }
+    // Make sure each x5c cert is issued by the next certificate in the chain
+    for (let i = 0; i < (x5cCertsWithTrustAnchorPEM.length - 1); i += 1) {
+        const subjectPem = x5cCertsWithTrustAnchorPEM[i];
+        const issuerPem = x5cCertsWithTrustAnchorPEM[i + 1];
         const subjectInfo = getCertificateInfo(convertPEMToBytes(subjectPem));
         const issuerInfo = getCertificateInfo(convertPEMToBytes(issuerPem));
-        const x509Subject = subjectInfo.parsedCertificate;
-        // Check for certificate revocation
-        const subjectCertRevoked = await isCertRevoked(x509Subject);
-        if (subjectCertRevoked) {
-            throw new Error(`Found revoked certificate in certificate path`);
-        }
-        // Check that intermediate certificate is within its valid time window
-        const { notBefore, notAfter } = issuerInfo;
-        const now = new Date(Date.now());
-        if (notBefore > now || notAfter < now) {
-            if (isLeafCert) {
-                throw new CertificateNotYetValidOrExpired(`Leaf certificate is not yet valid or expired: ${issuerPem}`);
-            }
-            else if (isRootCert) {
-                throw new CertificateNotYetValidOrExpired(`Root certificate is not yet valid or expired: ${issuerPem}`);
-            }
-            else {
-                throw new CertificateNotYetValidOrExpired(`Intermediate certificate is not yet valid or expired: ${issuerPem}`);
-            }
-        }
+        // Make sure subject issuer is issuer subject
         if (subjectInfo.issuer.combined !== issuerInfo.subject.combined) {
             throw new InvalidSubjectAndIssuer();
         }
-        // Verify the subject certificate's signature with the issuer cert's public key
-        const data = AsnSerializer.serialize(x509Subject.tbsCertificate);
-        const signature = x509Subject.signatureValue;
-        const signatureAlgorithm = mapX509SignatureAlgToCOSEAlg(x509Subject.signatureAlgorithm.algorithm);
-        const issuerCertBytes = convertPEMToBytes(issuerPem);
-        const verified = await verifySignature({
-            data: new Uint8Array(data),
-            signature: new Uint8Array(signature),
-            x509Certificate: issuerCertBytes,
-            hashAlgorithm: signatureAlgorithm,
-        });
-        if (!verified) {
-            throw new Error('Invalid certificate path: invalid signature');
+        const issuerCertIsRootCert = issuerInfo.issuer.combined === issuerInfo.subject.combined;
+        await assertSubjectIsSignedByIssuer(subjectInfo.parsedCertificate, issuerPem);
+        // Perform one final check if the issuer cert is also a root certificate
+        if (issuerCertIsRootCert) {
+            await assertSubjectIsSignedByIssuer(issuerInfo.parsedCertificate, issuerPem);
         }
     }
     return true;
 }
+/**
+ * Check if the certificate is revoked or not. If it is, raise an error
+ */
+async function assertCertNotRevoked(certificate) {
+    // Check for certificate revocation
+    const subjectCertRevoked = await isCertRevoked(certificate);
+    if (subjectCertRevoked) {
+        throw new Error(`Found revoked certificate in certificate path`);
+    }
+}
+/**
+ * Require the cert to be within its notBefore and notAfter time window
+ *
+ * @param certInfo Parsed cert information
+ * @param certPEM PEM-formatted certificate, for error reporting
+ */
+function assertCertIsWithinValidTimeWindow(certInfo, certPEM) {
+    const { notBefore, notAfter } = certInfo;
+    const now = new Date(Date.now());
+    if (notBefore > now || notAfter < now) {
+        throw new CertificateNotYetValidOrExpired(`Certificate is not yet valid or expired: ${certPEM}`);
+    }
+}
+/**
+ * Ensure that the subject cert has been signed by the next cert in the chain
+ */
+async function assertSubjectIsSignedByIssuer(subjectCert, issuerPEM) {
+    // Verify the subject certificate's signature with the issuer cert's public key
+    const data = AsnSerializer.serialize(subjectCert.tbsCertificate);
+    const signature = subjectCert.signatureValue;
+    const signatureAlgorithm = mapX509SignatureAlgToCOSEAlg(subjectCert.signatureAlgorithm.algorithm);
+    const issuerCertBytes = convertPEMToBytes(issuerPEM);
+    const verified = await verifySignature({
+        data: new Uint8Array(data),
+        signature: new Uint8Array(signature),
+        x509Certificate: issuerCertBytes,
+        hashAlgorithm: signatureAlgorithm,
+    });
+    if (!verified) {
+        throw new InvalidSubjectSignatureForIssuer();
+    }
+}
 // Custom errors to help pass on certain errors
 class InvalidSubjectAndIssuer extends Error {
     constructor() {
@@ -114,6 +130,13 @@ class InvalidSubjectAndIssuer extends Error {
         this.name = 'InvalidSubjectAndIssuer';
     }
 }
+class InvalidSubjectSignatureForIssuer extends Error {
+    constructor() {
+        const message = 'Subject signature was invalid for issuer';
+        super(message);
+        this.name = 'InvalidSubjectSignatureForIssuer';
+    }
+}
 class CertificateNotYetValidOrExpired extends Error {
     constructor(message) {
         super(message);

package/esm/helpers/verifySignature.d.ts

@@ -9,6 +9,10 @@ export declare function verifySignature(opts: {
     x509Certificate?: Uint8Array;
     hashAlgorithm?: COSEALG;
 }): Promise<boolean>;
+/**
+ * Make it possible to stub the return value during testing
+ * @ignore Don't include this in docs output
+ */
 export declare const _verifySignatureInternals: {
     stubThis: (value: Promise<boolean>) => Promise<boolean>;
 };

package/esm/helpers/verifySignature.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifySignature.d.ts","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAiB,MAAM,WAAW,CAAC;AAKnD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,CAAC,CAmCnB;AAGD,eAAO,MAAM,yBAAyB;sBAClB,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}
+{"version":3,"file":"verifySignature.d.ts","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAiB,MAAM,WAAW,CAAC;AAKnD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,CAAC,CAmCnB;AAED;;;GAGG;AACH,eAAO,MAAM,yBAAyB;sBAClB,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/esm/helpers/verifySignature.js

@@ -26,7 +26,10 @@ export function verifySignature(opts) {
         shaHashOverride: hashAlgorithm,
     }));
 }
-// Make it possible to stub the return value during testing
+/**
+ * Make it possible to stub the return value during testing
+ * @ignore Don't include this in docs output
+ */
 export const _verifySignatureInternals = {
     stubThis: (value) => value,
 };

package/esm/index.d.ts

@@ -1,18 +1,9 @@
-/**
- * @packageDocumentation
- * @module @simplewebauthn/server
- */
-import { generateRegistrationOptions } from './registration/generateRegistrationOptions.js';
-import { verifyRegistrationResponse } from './registration/verifyRegistrationResponse.js';
-import { generateAuthenticationOptions } from './authentication/generateAuthenticationOptions.js';
-import { verifyAuthenticationResponse } from './authentication/verifyAuthenticationResponse.js';
-import { MetadataService } from './services/metadataService.js';
-import { SettingsService } from './services/settingsService.js';
-export { generateAuthenticationOptions, generateRegistrationOptions, MetadataService, SettingsService, verifyAuthenticationResponse, verifyRegistrationResponse, };
-import type { GenerateRegistrationOptionsOpts } from './registration/generateRegistrationOptions.js';
-import type { GenerateAuthenticationOptionsOpts } from './authentication/generateAuthenticationOptions.js';
-import type { MetadataStatement } from './metadata/mdsTypes.js';
-import type { VerifiedRegistrationResponse, VerifyRegistrationResponseOpts } from './registration/verifyRegistrationResponse.js';
-import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse.js';
-export type { GenerateAuthenticationOptionsOpts, GenerateRegistrationOptionsOpts, MetadataStatement, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, VerifyAuthenticationResponseOpts, VerifyRegistrationResponseOpts, };
+export * from './registration/generateRegistrationOptions.js';
+export * from './registration/verifyRegistrationResponse.js';
+export * from './authentication/generateAuthenticationOptions.js';
+export * from './authentication/verifyAuthenticationResponse.js';
+export * from './services/metadataService.js';
+export * from './services/settingsService.js';
+export * from './metadata/mdsTypes.js';
+export * from './types/index.js';
 //# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+CAA+C,CAAC;AAC5F,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,4BAA4B,EAC5B,0BAA0B,GAC3B,CAAC;AAEF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AACrG,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mDAAmD,CAAC;AAC3G,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EACV,4BAA4B,EAC5B,8BAA8B,EAC/B,MAAM,8CAA8C,CAAC;AACtD,OAAO,KAAK,EACV,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,kDAAkD,CAAC;AAE1D,YAAY,EACV,iCAAiC,EACjC,+BAA+B,EAC/B,iBAAiB,EACjB,8BAA8B,EAC9B,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,GAC/B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,+CAA+C,CAAC;AAC9D,cAAc,8CAA8C,CAAC;AAC7D,cAAc,mDAAmD,CAAC;AAClE,cAAc,kDAAkD,CAAC;AACjE,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC"}

package/esm/index.js

@@ -1,11 +1,8 @@
-/**
- * @packageDocumentation
- * @module @simplewebauthn/server
- */
-import { generateRegistrationOptions } from './registration/generateRegistrationOptions.js';
-import { verifyRegistrationResponse } from './registration/verifyRegistrationResponse.js';
-import { generateAuthenticationOptions } from './authentication/generateAuthenticationOptions.js';
-import { verifyAuthenticationResponse } from './authentication/verifyAuthenticationResponse.js';
-import { MetadataService } from './services/metadataService.js';
-import { SettingsService } from './services/settingsService.js';
-export { generateAuthenticationOptions, generateRegistrationOptions, MetadataService, SettingsService, verifyAuthenticationResponse, verifyRegistrationResponse, };
+export * from './registration/generateRegistrationOptions.js';
+export * from './registration/verifyRegistrationResponse.js';
+export * from './authentication/generateAuthenticationOptions.js';
+export * from './authentication/verifyAuthenticationResponse.js';
+export * from './services/metadataService.js';
+export * from './services/settingsService.js';
+export * from './metadata/mdsTypes.js';
+export * from './types/index.js';

package/esm/metadata/mdsTypes.d.ts

@@ -1,8 +1,9 @@
-import type { Base64URLString } from '@simplewebauthn/types';
+import type { Base64URLString } from '../types/index.js';
 /**
  * Metadata Service structures
  * https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
  */
+/** */
 export type MDSJWTHeader = {
     alg: string;
     typ: string;
@@ -105,6 +106,9 @@ export type ExtensionDescriptor = {
     data?: string;
     fail_if_unknown: boolean;
 };
+/**
+ * langCode -> "en-US", "ja-JP", etc...
+ */
 export type AlternativeDescriptions = {
     [langCode: string]: string;
 };

package/esm/metadata/mdsTypes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}
+{"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD;;;GAGG;AAEH,MAAM;AACN,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}

package/esm/metadata/verifyAttestationWithMetadata.d.ts

@@ -1,6 +1,6 @@
-import type { Base64URLString } from '@simplewebauthn/types';
+import type { Base64URLString } from '../types/index.js';
 import type { AlgSign, MetadataStatement } from './mdsTypes.js';
-import { COSEALG, COSECRV, COSEKTY } from '../helpers/cose.js';
+import { type COSEALG, type COSECRV, COSEKTY } from '../helpers/cose.js';
 /**
  * Match properties of the authenticator's attestation statement against expected values as
  * registered with the FIDO Alliance Metadata Service

package/esm/metadata/verifyAttestationWithMetadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAY,OAAO,EAAsB,MAAM,oBAAoB,CAAC;AAE7F;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}
+{"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EAEZ,OAAO,EAER,MAAM,oBAAoB,CAAC;AAE5B;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}

package/esm/metadata/verifyAttestationWithMetadata.js

@@ -1,7 +1,7 @@
 import { convertCertBufferToPEM } from '../helpers/convertCertBufferToPEM.js';
 import { validateCertificatePath } from '../helpers/validateCertificatePath.js';
 import { decodeCredentialPublicKey } from '../helpers/decodeCredentialPublicKey.js';
-import { COSEKEYS, COSEKTY, isCOSEPublicKeyEC2 } from '../helpers/cose.js';
+import { COSEKEYS, COSEKTY, isCOSEPublicKeyEC2, } from '../helpers/cose.js';
 /**
  * Match properties of the authenticator's attestation statement against expected values as
  * registered with the FIDO Alliance Metadata Service

package/esm/registration/generateRegistrationOptions.d.ts

@@ -1,21 +1,5 @@
-import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '@simplewebauthn/types';
-export type GenerateRegistrationOptionsOpts = {
-    rpName: string;
-    rpID: string;
-    userName: string;
-    userID?: Uint8Array;
-    challenge?: string | Uint8Array;
-    userDisplayName?: string;
-    timeout?: number;
-    attestationType?: AttestationConveyancePreference;
-    excludeCredentials?: {
-        id: Base64URLString;
-        transports?: AuthenticatorTransportFuture[];
-    }[];
-    authenticatorSelection?: AuthenticatorSelectionCriteria;
-    extensions?: AuthenticationExtensionsClientInputs;
-    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
-};
+import type { AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../types/index.js';
+export type GenerateRegistrationOptionsOpts = Parameters<typeof generateRegistrationOptions>[0];
 /**
  * Supported crypto algo identifiers
  * See https://w3c.github.io/webauthn/#sctn-alg-identifier
@@ -39,6 +23,24 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
  * @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
  * @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
+ * @param preferredAuthenticatorType **(Optional)** - Encourage the browser to prompt the user to register a specific type of authenticator
  */
-export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): Promise<PublicKeyCredentialCreationOptionsJSON>;
+export declare function generateRegistrationOptions(options: {
+    rpName: string;
+    rpID: string;
+    userName: string;
+    userID?: Uint8Array;
+    challenge?: string | Uint8Array;
+    userDisplayName?: string;
+    timeout?: number;
+    attestationType?: 'direct' | 'enterprise' | 'none';
+    excludeCredentials?: {
+        id: Base64URLString;
+        transports?: AuthenticatorTransportFuture[];
+    }[];
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    extensions?: AuthenticationExtensionsClientInputs;
+    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
+    preferredAuthenticatorType?: 'securityKey' | 'localDevice' | 'remoteDevice';
+}): Promise<PublicKeyCredentialCreationOptionsJSON>;
 //# sourceMappingURL=generateRegistrationOptions.d.ts.map

package/esm/registration/generateRegistrationOptions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAEvC,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,+BAA+B,GAAG;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,+BAA+B,CAAC;IAClD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,sCAAsC,CAAC,CAiHjD"}
+{"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAGvC,MAAM,mBAAmB,CAAC;AAK3B,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,OAAO,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;AAEhG;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE;IACP,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,MAAM,CAAC;IACnD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClD,0BAA0B,CAAC,EAAE,aAAa,GAAG,aAAa,GAAG,cAAc,CAAC;CAC7E,GACA,OAAO,CAAC,sCAAsC,CAAC,CAqIjD"}

package/esm/registration/generateRegistrationOptions.js

@@ -63,9 +63,10 @@ const defaultSupportedAlgorithmIDs = [-8, -7, -257];
  * @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
  * @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
+ * @param preferredAuthenticatorType **(Optional)** - Encourage the browser to prompt the user to register a specific type of authenticator
  */
 export async function generateRegistrationOptions(options) {
-    const { rpName, rpID, userName, userID, challenge = await generateChallenge(), userDisplayName = '', timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
+    const { rpName, rpID, userName, userID, challenge = await generateChallenge(), userDisplayName = '', timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, preferredAuthenticatorType, } = options;
     /**
      * Prepare pubKeyCredParams from the array of algorithm ID's
      */
@@ -127,6 +128,25 @@ export async function generateRegistrationOptions(options) {
     if (!_userID) {
         _userID = await generateUserID();
     }
+    /**
+     * Map authenticator preference to hints. Map to authenticatorAttachment as well for
+     * backwards-compatibility.
+     */
+    const hints = [];
+    if (preferredAuthenticatorType) {
+        if (preferredAuthenticatorType === 'securityKey') {
+            hints.push('security-key');
+            authenticatorSelection.authenticatorAttachment = 'cross-platform';
+        }
+        else if (preferredAuthenticatorType === 'localDevice') {
+            hints.push('client-device');
+            authenticatorSelection.authenticatorAttachment = 'platform';
+        }
+        else if (preferredAuthenticatorType === 'remoteDevice') {
+            hints.push('hybrid');
+            authenticatorSelection.authenticatorAttachment = 'cross-platform';
+        }
+    }
     return {
         challenge: isoBase64URL.fromBuffer(_challenge),
         rp: {
@@ -156,5 +176,6 @@ export async function generateRegistrationOptions(options) {
             ...extensions,
             credProps: true,
         },
+        hints,
     };
 }

package/esm/registration/verifyRegistrationResponse.d.ts

@@ -1,16 +1,10 @@
-import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '@simplewebauthn/types';
-import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
-import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
-export type VerifyRegistrationResponseOpts = {
-    response: RegistrationResponseJSON;
-    expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
-    expectedOrigin: string | string[];
-    expectedRPID?: string | string[];
-    expectedType?: string | string[];
-    requireUserPresence?: boolean;
-    requireUserVerification?: boolean;
-    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
-};
+import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../types/index.js';
+import { type AttestationFormat, type AttestationStatement } from '../helpers/decodeAttestationObject.js';
+import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
+/**
+ * Configurable options when calling `verifyRegistrationResponse()`
+ */
+export type VerifyRegistrationResponseOpts = Parameters<typeof verifyRegistrationResponse>[0];
 /**
  * Verify that the user has legitimately completed the registration process
  *
@@ -25,7 +19,16 @@ export type VerifyRegistrationResponseOpts = {
  * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
  */
-export declare function verifyRegistrationResponse(options: VerifyRegistrationResponseOpts): Promise<VerifiedRegistrationResponse>;
+export declare function verifyRegistrationResponse(options: {
+    response: RegistrationResponseJSON;
+    expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
+    expectedOrigin: string | string[];
+    expectedRPID?: string | string[];
+    expectedType?: string | string[];
+    requireUserPresence?: boolean;
+    requireUserVerification?: boolean;
+    supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
+}): Promise<VerifiedRegistrationResponse>;
 /**
  * Result of registration verification
  *

package/esm/registration/verifyRegistrationResponse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EAErB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoB3G,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,8BAA8B,GACtC,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}
+{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAE1B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoBhH;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9F;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE;IACP,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,GACA,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}