@simplewebauthn/server 12.0.0 → 13.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/esm/authentication/generateAuthenticationOptions.d.ts +13 -13
- package/esm/authentication/generateAuthenticationOptions.d.ts.map +1 -1
- package/esm/authentication/verifyAuthenticationResponse.d.ts +18 -15
- package/esm/authentication/verifyAuthenticationResponse.d.ts.map +1 -1
- package/esm/helpers/convertCertBufferToPEM.d.ts +1 -1
- package/esm/helpers/convertCertBufferToPEM.d.ts.map +1 -1
- package/esm/helpers/cose.d.ts +22 -0
- package/esm/helpers/cose.d.ts.map +1 -1
- package/esm/helpers/cose.js +20 -0
- package/esm/helpers/decodeAttestationObject.d.ts +4 -0
- package/esm/helpers/decodeAttestationObject.d.ts.map +1 -1
- package/esm/helpers/decodeAttestationObject.js +4 -1
- package/esm/helpers/decodeClientDataJSON.d.ts +5 -1
- package/esm/helpers/decodeClientDataJSON.d.ts.map +1 -1
- package/esm/helpers/decodeClientDataJSON.js +4 -1
- package/esm/helpers/decodeCredentialPublicKey.d.ts +4 -0
- package/esm/helpers/decodeCredentialPublicKey.d.ts.map +1 -1
- package/esm/helpers/decodeCredentialPublicKey.js +4 -1
- package/esm/helpers/fetch.d.ts +4 -0
- package/esm/helpers/fetch.d.ts.map +1 -1
- package/esm/helpers/fetch.js +4 -1
- package/esm/helpers/generateChallenge.d.ts +4 -0
- package/esm/helpers/generateChallenge.d.ts.map +1 -1
- package/esm/helpers/generateChallenge.js +4 -1
- package/esm/helpers/generateUserID.d.ts +4 -0
- package/esm/helpers/generateUserID.d.ts.map +1 -1
- package/esm/helpers/generateUserID.js +4 -1
- package/esm/helpers/index.d.ts +16 -23
- package/esm/helpers/index.d.ts.map +1 -1
- package/esm/helpers/index.js +16 -17
- package/esm/helpers/iso/isoBase64URL.d.ts +1 -1
- package/esm/helpers/iso/isoBase64URL.d.ts.map +1 -1
- package/esm/helpers/iso/isoBase64URL.js +4 -0
- package/esm/helpers/iso/isoCBOR.d.ts +4 -0
- package/esm/helpers/iso/isoCBOR.d.ts.map +1 -1
- package/esm/helpers/iso/isoCBOR.js +4 -0
- package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts +1 -1
- package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/index.d.ts +4 -0
- package/esm/helpers/iso/isoCrypto/index.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/index.js +4 -0
- package/esm/helpers/iso/isoUint8Array.d.ts +4 -0
- package/esm/helpers/iso/isoUint8Array.d.ts.map +1 -1
- package/esm/helpers/iso/isoUint8Array.js +4 -0
- package/esm/helpers/parseAuthenticatorData.d.ts +4 -0
- package/esm/helpers/parseAuthenticatorData.d.ts.map +1 -1
- package/esm/helpers/parseAuthenticatorData.js +4 -1
- package/esm/helpers/parseBackupFlags.d.ts +1 -1
- package/esm/helpers/parseBackupFlags.d.ts.map +1 -1
- package/esm/helpers/validateCertificatePath.d.ts +3 -3
- package/esm/helpers/validateCertificatePath.d.ts.map +1 -1
- package/esm/helpers/validateCertificatePath.js +81 -58
- package/esm/helpers/verifySignature.d.ts +4 -0
- package/esm/helpers/verifySignature.d.ts.map +1 -1
- package/esm/helpers/verifySignature.js +4 -1
- package/esm/index.d.ts +8 -17
- package/esm/index.d.ts.map +1 -1
- package/esm/index.js +8 -11
- package/esm/metadata/mdsTypes.d.ts +5 -1
- package/esm/metadata/mdsTypes.d.ts.map +1 -1
- package/esm/metadata/verifyAttestationWithMetadata.d.ts +2 -2
- package/esm/metadata/verifyAttestationWithMetadata.d.ts.map +1 -1
- package/esm/metadata/verifyAttestationWithMetadata.js +1 -1
- package/esm/registration/generateRegistrationOptions.d.ts +21 -19
- package/esm/registration/generateRegistrationOptions.d.ts.map +1 -1
- package/esm/registration/generateRegistrationOptions.js +22 -1
- package/esm/registration/verifyRegistrationResponse.d.ts +17 -14
- package/esm/registration/verifyRegistrationResponse.d.ts.map +1 -1
- package/esm/services/metadataService.d.ts +22 -18
- package/esm/services/metadataService.d.ts.map +1 -1
- package/esm/services/metadataService.js +0 -19
- package/esm/services/settingsService.d.ts +11 -1
- package/esm/services/settingsService.d.ts.map +1 -1
- package/esm/services/settingsService.js +0 -10
- package/esm/types/dom.d.ts +329 -0
- package/esm/types/dom.d.ts.map +1 -0
- package/esm/types/dom.js +1 -0
- package/esm/types/index.d.ts +205 -0
- package/esm/types/index.d.ts.map +1 -0
- package/esm/types/index.js +1 -0
- package/package.json +2 -3
- package/script/authentication/generateAuthenticationOptions.d.ts +13 -13
- package/script/authentication/generateAuthenticationOptions.d.ts.map +1 -1
- package/script/authentication/verifyAuthenticationResponse.d.ts +18 -15
- package/script/authentication/verifyAuthenticationResponse.d.ts.map +1 -1
- package/script/helpers/convertCertBufferToPEM.d.ts +1 -1
- package/script/helpers/convertCertBufferToPEM.d.ts.map +1 -1
- package/script/helpers/cose.d.ts +22 -0
- package/script/helpers/cose.d.ts.map +1 -1
- package/script/helpers/cose.js +20 -0
- package/script/helpers/decodeAttestationObject.d.ts +4 -0
- package/script/helpers/decodeAttestationObject.d.ts.map +1 -1
- package/script/helpers/decodeAttestationObject.js +4 -1
- package/script/helpers/decodeClientDataJSON.d.ts +5 -1
- package/script/helpers/decodeClientDataJSON.d.ts.map +1 -1
- package/script/helpers/decodeClientDataJSON.js +4 -1
- package/script/helpers/decodeCredentialPublicKey.d.ts +4 -0
- package/script/helpers/decodeCredentialPublicKey.d.ts.map +1 -1
- package/script/helpers/decodeCredentialPublicKey.js +4 -1
- package/script/helpers/fetch.d.ts +4 -0
- package/script/helpers/fetch.d.ts.map +1 -1
- package/script/helpers/fetch.js +4 -1
- package/script/helpers/generateChallenge.d.ts +4 -0
- package/script/helpers/generateChallenge.d.ts.map +1 -1
- package/script/helpers/generateChallenge.js +4 -1
- package/script/helpers/generateUserID.d.ts +4 -0
- package/script/helpers/generateUserID.d.ts.map +1 -1
- package/script/helpers/generateUserID.js +4 -1
- package/script/helpers/index.d.ts +16 -23
- package/script/helpers/index.d.ts.map +1 -1
- package/script/helpers/index.js +20 -36
- package/script/helpers/iso/isoBase64URL.d.ts +1 -1
- package/script/helpers/iso/isoBase64URL.d.ts.map +1 -1
- package/script/helpers/iso/isoBase64URL.js +4 -0
- package/script/helpers/iso/isoCBOR.d.ts +4 -0
- package/script/helpers/iso/isoCBOR.d.ts.map +1 -1
- package/script/helpers/iso/isoCBOR.js +4 -0
- package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts +1 -1
- package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/index.d.ts +4 -0
- package/script/helpers/iso/isoCrypto/index.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/index.js +4 -0
- package/script/helpers/iso/isoUint8Array.d.ts +4 -0
- package/script/helpers/iso/isoUint8Array.d.ts.map +1 -1
- package/script/helpers/iso/isoUint8Array.js +4 -0
- package/script/helpers/parseAuthenticatorData.d.ts +4 -0
- package/script/helpers/parseAuthenticatorData.d.ts.map +1 -1
- package/script/helpers/parseAuthenticatorData.js +4 -1
- package/script/helpers/parseBackupFlags.d.ts +1 -1
- package/script/helpers/parseBackupFlags.d.ts.map +1 -1
- package/script/helpers/validateCertificatePath.d.ts +3 -3
- package/script/helpers/validateCertificatePath.d.ts.map +1 -1
- package/script/helpers/validateCertificatePath.js +81 -58
- package/script/helpers/verifySignature.d.ts +4 -0
- package/script/helpers/verifySignature.d.ts.map +1 -1
- package/script/helpers/verifySignature.js +4 -1
- package/script/index.d.ts +8 -17
- package/script/index.d.ts.map +1 -1
- package/script/index.js +22 -17
- package/script/metadata/mdsTypes.d.ts +5 -1
- package/script/metadata/mdsTypes.d.ts.map +1 -1
- package/script/metadata/verifyAttestationWithMetadata.d.ts +2 -2
- package/script/metadata/verifyAttestationWithMetadata.d.ts.map +1 -1
- package/script/registration/generateRegistrationOptions.d.ts +21 -19
- package/script/registration/generateRegistrationOptions.d.ts.map +1 -1
- package/script/registration/generateRegistrationOptions.js +22 -1
- package/script/registration/verifyRegistrationResponse.d.ts +17 -14
- package/script/registration/verifyRegistrationResponse.d.ts.map +1 -1
- package/script/services/metadataService.d.ts +22 -18
- package/script/services/metadataService.d.ts.map +1 -1
- package/script/services/metadataService.js +0 -19
- package/script/services/settingsService.d.ts +11 -1
- package/script/services/settingsService.d.ts.map +1 -1
- package/script/services/settingsService.js +0 -10
- package/script/types/dom.d.ts +329 -0
- package/script/types/dom.d.ts.map +1 -0
- package/script/types/dom.js +2 -0
- package/script/types/index.d.ts +205 -0
- package/script/types/index.d.ts.map +1 -0
- package/script/types/index.js +2 -0
package/script/index.js
CHANGED
|
@@ -1,19 +1,24 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
2
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
Object.defineProperty(exports, "verifyRegistrationResponse", { enumerable: true, get: function () { return verifyRegistrationResponse_js_1.verifyRegistrationResponse; } });
|
|
12
|
-
const generateAuthenticationOptions_js_1 = require("./authentication/generateAuthenticationOptions.js");
|
|
13
|
-
Object.defineProperty(exports, "generateAuthenticationOptions", { enumerable: true, get: function () { return generateAuthenticationOptions_js_1.generateAuthenticationOptions; } });
|
|
14
|
-
const verifyAuthenticationResponse_js_1 = require("./authentication/verifyAuthenticationResponse.js");
|
|
15
|
-
Object.defineProperty(exports, "verifyAuthenticationResponse", { enumerable: true, get: function () { return verifyAuthenticationResponse_js_1.verifyAuthenticationResponse; } });
|
|
16
|
-
const metadataService_js_1 = require("./services/metadataService.js");
|
|
17
|
-
Object.defineProperty(exports, "MetadataService", { enumerable: true, get: function () { return metadataService_js_1.MetadataService; } });
|
|
18
|
-
const settingsService_js_1 = require("./services/settingsService.js");
|
|
19
|
-
Object.defineProperty(exports, "SettingsService", { enumerable: true, get: function () { return settingsService_js_1.SettingsService; } });
|
|
17
|
+
__exportStar(require("./registration/generateRegistrationOptions.js"), exports);
|
|
18
|
+
__exportStar(require("./registration/verifyRegistrationResponse.js"), exports);
|
|
19
|
+
__exportStar(require("./authentication/generateAuthenticationOptions.js"), exports);
|
|
20
|
+
__exportStar(require("./authentication/verifyAuthenticationResponse.js"), exports);
|
|
21
|
+
__exportStar(require("./services/metadataService.js"), exports);
|
|
22
|
+
__exportStar(require("./services/settingsService.js"), exports);
|
|
23
|
+
__exportStar(require("./metadata/mdsTypes.js"), exports);
|
|
24
|
+
__exportStar(require("./types/index.js"), exports);
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import type { Base64URLString } from '
|
|
1
|
+
import type { Base64URLString } from '../types/index.js';
|
|
2
2
|
/**
|
|
3
3
|
* Metadata Service structures
|
|
4
4
|
* https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
|
|
5
5
|
*/
|
|
6
|
+
/** */
|
|
6
7
|
export type MDSJWTHeader = {
|
|
7
8
|
alg: string;
|
|
8
9
|
typ: string;
|
|
@@ -105,6 +106,9 @@ export type ExtensionDescriptor = {
|
|
|
105
106
|
data?: string;
|
|
106
107
|
fail_if_unknown: boolean;
|
|
107
108
|
};
|
|
109
|
+
/**
|
|
110
|
+
* langCode -> "en-US", "ja-JP", etc...
|
|
111
|
+
*/
|
|
108
112
|
export type AlternativeDescriptions = {
|
|
109
113
|
[langCode: string]: string;
|
|
110
114
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD;;;GAGG;AAEH,MAAM;AACN,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { Base64URLString } from '
|
|
1
|
+
import type { Base64URLString } from '../types/index.js';
|
|
2
2
|
import type { AlgSign, MetadataStatement } from './mdsTypes.js';
|
|
3
|
-
import { COSEALG, COSECRV, COSEKTY } from '../helpers/cose.js';
|
|
3
|
+
import { type COSEALG, type COSECRV, COSEKTY } from '../helpers/cose.js';
|
|
4
4
|
/**
|
|
5
5
|
* Match properties of the authenticator's attestation statement against expected values as
|
|
6
6
|
* registered with the FIDO Alliance Metadata Service
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EAEZ,OAAO,EAER,MAAM,oBAAoB,CAAC;AAE5B;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}
|
|
@@ -1,21 +1,5 @@
|
|
|
1
|
-
import type {
|
|
2
|
-
export type GenerateRegistrationOptionsOpts =
|
|
3
|
-
rpName: string;
|
|
4
|
-
rpID: string;
|
|
5
|
-
userName: string;
|
|
6
|
-
userID?: Uint8Array;
|
|
7
|
-
challenge?: string | Uint8Array;
|
|
8
|
-
userDisplayName?: string;
|
|
9
|
-
timeout?: number;
|
|
10
|
-
attestationType?: AttestationConveyancePreference;
|
|
11
|
-
excludeCredentials?: {
|
|
12
|
-
id: Base64URLString;
|
|
13
|
-
transports?: AuthenticatorTransportFuture[];
|
|
14
|
-
}[];
|
|
15
|
-
authenticatorSelection?: AuthenticatorSelectionCriteria;
|
|
16
|
-
extensions?: AuthenticationExtensionsClientInputs;
|
|
17
|
-
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
18
|
-
};
|
|
1
|
+
import type { AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../types/index.js';
|
|
2
|
+
export type GenerateRegistrationOptionsOpts = Parameters<typeof generateRegistrationOptions>[0];
|
|
19
3
|
/**
|
|
20
4
|
* Supported crypto algo identifiers
|
|
21
5
|
* See https://w3c.github.io/webauthn/#sctn-alg-identifier
|
|
@@ -39,6 +23,24 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
|
|
|
39
23
|
* @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
|
|
40
24
|
* @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
|
|
41
25
|
* @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
|
|
26
|
+
* @param preferredAuthenticatorType **(Optional)** - Encourage the browser to prompt the user to register a specific type of authenticator
|
|
42
27
|
*/
|
|
43
|
-
export declare function generateRegistrationOptions(options:
|
|
28
|
+
export declare function generateRegistrationOptions(options: {
|
|
29
|
+
rpName: string;
|
|
30
|
+
rpID: string;
|
|
31
|
+
userName: string;
|
|
32
|
+
userID?: Uint8Array;
|
|
33
|
+
challenge?: string | Uint8Array;
|
|
34
|
+
userDisplayName?: string;
|
|
35
|
+
timeout?: number;
|
|
36
|
+
attestationType?: 'direct' | 'enterprise' | 'none';
|
|
37
|
+
excludeCredentials?: {
|
|
38
|
+
id: Base64URLString;
|
|
39
|
+
transports?: AuthenticatorTransportFuture[];
|
|
40
|
+
}[];
|
|
41
|
+
authenticatorSelection?: AuthenticatorSelectionCriteria;
|
|
42
|
+
extensions?: AuthenticationExtensionsClientInputs;
|
|
43
|
+
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
44
|
+
preferredAuthenticatorType?: 'securityKey' | 'localDevice' | 'remoteDevice';
|
|
45
|
+
}): Promise<PublicKeyCredentialCreationOptionsJSON>;
|
|
44
46
|
//# sourceMappingURL=generateRegistrationOptions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAGvC,MAAM,mBAAmB,CAAC;AAK3B,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,OAAO,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;AAEhG;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE;IACP,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,MAAM,CAAC;IACnD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClD,0BAA0B,CAAC,EAAE,aAAa,GAAG,aAAa,GAAG,cAAc,CAAC;CAC7E,GACA,OAAO,CAAC,sCAAsC,CAAC,CAqIjD"}
|
|
@@ -67,9 +67,10 @@ const defaultSupportedAlgorithmIDs = [-8, -7, -257];
|
|
|
67
67
|
* @param authenticatorSelection **(Optional)** - Advanced criteria for restricting the types of authenticators that may be used. Defaults to `{ residentKey: 'preferred', userVerification: 'preferred' }`
|
|
68
68
|
* @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during attestation
|
|
69
69
|
* @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
|
|
70
|
+
* @param preferredAuthenticatorType **(Optional)** - Encourage the browser to prompt the user to register a specific type of authenticator
|
|
70
71
|
*/
|
|
71
72
|
async function generateRegistrationOptions(options) {
|
|
72
|
-
const { rpName, rpID, userName, userID, challenge = await (0, generateChallenge_js_1.generateChallenge)(), userDisplayName = '', timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
73
|
+
const { rpName, rpID, userName, userID, challenge = await (0, generateChallenge_js_1.generateChallenge)(), userDisplayName = '', timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, preferredAuthenticatorType, } = options;
|
|
73
74
|
/**
|
|
74
75
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
75
76
|
*/
|
|
@@ -131,6 +132,25 @@ async function generateRegistrationOptions(options) {
|
|
|
131
132
|
if (!_userID) {
|
|
132
133
|
_userID = await (0, generateUserID_js_1.generateUserID)();
|
|
133
134
|
}
|
|
135
|
+
/**
|
|
136
|
+
* Map authenticator preference to hints. Map to authenticatorAttachment as well for
|
|
137
|
+
* backwards-compatibility.
|
|
138
|
+
*/
|
|
139
|
+
const hints = [];
|
|
140
|
+
if (preferredAuthenticatorType) {
|
|
141
|
+
if (preferredAuthenticatorType === 'securityKey') {
|
|
142
|
+
hints.push('security-key');
|
|
143
|
+
authenticatorSelection.authenticatorAttachment = 'cross-platform';
|
|
144
|
+
}
|
|
145
|
+
else if (preferredAuthenticatorType === 'localDevice') {
|
|
146
|
+
hints.push('client-device');
|
|
147
|
+
authenticatorSelection.authenticatorAttachment = 'platform';
|
|
148
|
+
}
|
|
149
|
+
else if (preferredAuthenticatorType === 'remoteDevice') {
|
|
150
|
+
hints.push('hybrid');
|
|
151
|
+
authenticatorSelection.authenticatorAttachment = 'cross-platform';
|
|
152
|
+
}
|
|
153
|
+
}
|
|
134
154
|
return {
|
|
135
155
|
challenge: index_js_1.isoBase64URL.fromBuffer(_challenge),
|
|
136
156
|
rp: {
|
|
@@ -160,5 +180,6 @@ async function generateRegistrationOptions(options) {
|
|
|
160
180
|
...extensions,
|
|
161
181
|
credProps: true,
|
|
162
182
|
},
|
|
183
|
+
hints,
|
|
163
184
|
};
|
|
164
185
|
}
|
|
@@ -1,16 +1,10 @@
|
|
|
1
|
-
import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '
|
|
2
|
-
import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject.js';
|
|
3
|
-
import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
expectedRPID?: string | string[];
|
|
9
|
-
expectedType?: string | string[];
|
|
10
|
-
requireUserPresence?: boolean;
|
|
11
|
-
requireUserVerification?: boolean;
|
|
12
|
-
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
13
|
-
};
|
|
1
|
+
import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../types/index.js';
|
|
2
|
+
import { type AttestationFormat, type AttestationStatement } from '../helpers/decodeAttestationObject.js';
|
|
3
|
+
import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
|
|
4
|
+
/**
|
|
5
|
+
* Configurable options when calling `verifyRegistrationResponse()`
|
|
6
|
+
*/
|
|
7
|
+
export type VerifyRegistrationResponseOpts = Parameters<typeof verifyRegistrationResponse>[0];
|
|
14
8
|
/**
|
|
15
9
|
* Verify that the user has legitimately completed the registration process
|
|
16
10
|
*
|
|
@@ -25,7 +19,16 @@ export type VerifyRegistrationResponseOpts = {
|
|
|
25
19
|
* @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
|
|
26
20
|
* @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
|
|
27
21
|
*/
|
|
28
|
-
export declare function verifyRegistrationResponse(options:
|
|
22
|
+
export declare function verifyRegistrationResponse(options: {
|
|
23
|
+
response: RegistrationResponseJSON;
|
|
24
|
+
expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
|
|
25
|
+
expectedOrigin: string | string[];
|
|
26
|
+
expectedRPID?: string | string[];
|
|
27
|
+
expectedType?: string | string[];
|
|
28
|
+
requireUserPresence?: boolean;
|
|
29
|
+
requireUserVerification?: boolean;
|
|
30
|
+
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
31
|
+
}): Promise<VerifiedRegistrationResponse>;
|
|
29
32
|
/**
|
|
30
33
|
* Result of registration verification
|
|
31
34
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,
|
|
1
|
+
{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAE1B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoBhH;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9F;;;;;;;;;;;;;GAaG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE;IACP,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,GACA,OAAO,CAAC,4BAA4B,CAAC,CAsPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,CAAC,EAAE;QACjB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,UAAU,CAAC;IACrB,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,mBAAmB,EAAE,UAAU,CAAC;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,UAAU,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC"}
|
|
@@ -1,24 +1,10 @@
|
|
|
1
1
|
import type { MetadataStatement } from '../metadata/mdsTypes.js';
|
|
2
|
-
type VerificationMode = 'permissive' | 'strict';
|
|
3
|
-
interface MetadataService {
|
|
4
|
-
initialize(opts?: {
|
|
5
|
-
mdsServers?: string[];
|
|
6
|
-
statements?: MetadataStatement[];
|
|
7
|
-
verificationMode?: VerificationMode;
|
|
8
|
-
}): Promise<void>;
|
|
9
|
-
getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
|
|
10
|
-
}
|
|
11
2
|
/**
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
15
|
-
* https://fidoalliance.org/metadata/
|
|
3
|
+
* Allow MetadataService to accommodate unregistered AAGUIDs (`"permissive"`), or only allow
|
|
4
|
+
* registered AAGUIDs (`"strict"`). Currently primarily impacts how `getStatement()` operates
|
|
16
5
|
*/
|
|
17
|
-
export
|
|
18
|
-
|
|
19
|
-
private statementCache;
|
|
20
|
-
private state;
|
|
21
|
-
private verificationMode;
|
|
6
|
+
export type VerificationMode = 'permissive' | 'strict';
|
|
7
|
+
interface MetadataService {
|
|
22
8
|
/**
|
|
23
9
|
* Prepare the service to handle remote MDS servers and/or cache local metadata statements.
|
|
24
10
|
*
|
|
@@ -44,6 +30,24 @@ export declare class BaseMetadataService implements MetadataService {
|
|
|
44
30
|
* BLOB download.
|
|
45
31
|
*/
|
|
46
32
|
getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* An implementation of `MetadataService` that can download and parse BLOBs, and support on-demand
|
|
36
|
+
* requesting and caching of individual metadata statements.
|
|
37
|
+
*
|
|
38
|
+
* https://fidoalliance.org/metadata/
|
|
39
|
+
*/
|
|
40
|
+
export declare class BaseMetadataService implements MetadataService {
|
|
41
|
+
private mdsCache;
|
|
42
|
+
private statementCache;
|
|
43
|
+
private state;
|
|
44
|
+
private verificationMode;
|
|
45
|
+
initialize(opts?: {
|
|
46
|
+
mdsServers?: string[];
|
|
47
|
+
statements?: MetadataStatement[];
|
|
48
|
+
verificationMode?: VerificationMode;
|
|
49
|
+
}): Promise<void>;
|
|
50
|
+
getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
|
|
47
51
|
/**
|
|
48
52
|
* Download and process the latest BLOB from MDS
|
|
49
53
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;AA6BjC;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,QAAQ,CAAC;AAIvD,UAAU,eAAe;IACvB;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,IAAI,CAAC,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB;;;;;OAKG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CACnF;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAoC;IACpD,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,gBAAgB,CAA8B;IAEhD,UAAU,CACd,IAAI,GAAE;QACJ,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KAChC,GACL,OAAO,CAAC,IAAI,CAAC;IA+DV,YAAY,CAChB,MAAM,EAAE,MAAM,GAAG,UAAU,GAC1B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IA6DzC;;OAEG;YACW,YAAY;IAoE1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgCvB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAWjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}
|
|
@@ -51,19 +51,6 @@ class BaseMetadataService {
|
|
|
51
51
|
value: 'strict'
|
|
52
52
|
});
|
|
53
53
|
}
|
|
54
|
-
/**
|
|
55
|
-
* Prepare the service to handle remote MDS servers and/or cache local metadata statements.
|
|
56
|
-
*
|
|
57
|
-
* **Options:**
|
|
58
|
-
*
|
|
59
|
-
* @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
|
|
60
|
-
* (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
|
|
61
|
-
* @param opts.statements An array of local metadata statements
|
|
62
|
-
* @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
|
|
63
|
-
* `"strict"` which throws errors during registration response verification when an
|
|
64
|
-
* unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
|
|
65
|
-
* authenticators with unregistered AAGUIDs
|
|
66
|
-
*/
|
|
67
54
|
async initialize(opts = {}) {
|
|
68
55
|
const { mdsServers = [defaultURLMDS], statements, verificationMode } = opts;
|
|
69
56
|
this.setState(SERVICE_STATE.REFRESHING);
|
|
@@ -115,12 +102,6 @@ class BaseMetadataService {
|
|
|
115
102
|
}
|
|
116
103
|
this.setState(SERVICE_STATE.READY);
|
|
117
104
|
}
|
|
118
|
-
/**
|
|
119
|
-
* Get a metadata statement for a given AAGUID.
|
|
120
|
-
*
|
|
121
|
-
* This method will coordinate updating the cache as per the `nextUpdate` property in the initial
|
|
122
|
-
* BLOB download.
|
|
123
|
-
*/
|
|
124
105
|
async getStatement(aaguid) {
|
|
125
106
|
if (this.state === SERVICE_STATE.DISABLED) {
|
|
126
107
|
return;
|
|
@@ -1,10 +1,20 @@
|
|
|
1
1
|
import { AttestationFormat } from '../helpers/decodeAttestationObject.js';
|
|
2
|
-
type RootCertIdentifier = AttestationFormat | 'mds';
|
|
2
|
+
export type RootCertIdentifier = AttestationFormat | 'mds';
|
|
3
3
|
interface SettingsService {
|
|
4
|
+
/**
|
|
5
|
+
* Set potential root certificates for attestation formats that use them. Root certs will be tried
|
|
6
|
+
* one-by-one when validating a certificate path.
|
|
7
|
+
*
|
|
8
|
+
* Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
|
|
9
|
+
* `Buffer` is passed in it will be converted to PEM format.
|
|
10
|
+
*/
|
|
4
11
|
setRootCertificates(opts: {
|
|
5
12
|
identifier: RootCertIdentifier;
|
|
6
13
|
certificates: (Uint8Array | string)[];
|
|
7
14
|
}): void;
|
|
15
|
+
/**
|
|
16
|
+
* Get any registered root certificates for the specified attestation format
|
|
17
|
+
*/
|
|
8
18
|
getRootCertificates(opts: {
|
|
9
19
|
identifier: RootCertIdentifier;
|
|
10
20
|
}): string[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAW1E,
|
|
1
|
+
{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAW1E,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAE3D,UAAU,eAAe;IACvB;;;;;;OAMG;IACH,mBAAmB,CAAC,IAAI,EAAE;QACxB,UAAU,EAAE,kBAAkB,CAAC;QAC/B,YAAY,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAC;KACvC,GAAG,IAAI,CAAC;IAET;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE;QAAE,UAAU,EAAE,kBAAkB,CAAA;KAAE,GAAG,MAAM,EAAE,CAAC;CACzE;AAkCD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}
|
|
@@ -17,13 +17,6 @@ class BaseSettingsService {
|
|
|
17
17
|
});
|
|
18
18
|
this.pemCertificates = new Map();
|
|
19
19
|
}
|
|
20
|
-
/**
|
|
21
|
-
* Set potential root certificates for attestation formats that use them. Root certs will be tried
|
|
22
|
-
* one-by-one when validating a certificate path.
|
|
23
|
-
*
|
|
24
|
-
* Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
|
|
25
|
-
* `Buffer` is passed in it will be converted to PEM format.
|
|
26
|
-
*/
|
|
27
20
|
setRootCertificates(opts) {
|
|
28
21
|
const { identifier, certificates } = opts;
|
|
29
22
|
const newCertificates = [];
|
|
@@ -37,9 +30,6 @@ class BaseSettingsService {
|
|
|
37
30
|
}
|
|
38
31
|
this.pemCertificates.set(identifier, newCertificates);
|
|
39
32
|
}
|
|
40
|
-
/**
|
|
41
|
-
* Get any registered root certificates for the specified attestation format
|
|
42
|
-
*/
|
|
43
33
|
getRootCertificates(opts) {
|
|
44
34
|
const { identifier } = opts;
|
|
45
35
|
return this.pemCertificates.get(identifier) ?? [];
|