@simplewebauthn/server 13.1.2 → 13.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/authentication/generateAuthenticationOptions.d.ts +2 -2
- package/esm/authentication/generateAuthenticationOptions.d.ts.map +1 -1
- package/esm/helpers/convertAAGUIDToString.d.ts +2 -1
- package/esm/helpers/convertAAGUIDToString.d.ts.map +1 -1
- package/esm/helpers/convertCOSEtoPKCS.d.ts +2 -1
- package/esm/helpers/convertCOSEtoPKCS.d.ts.map +1 -1
- package/esm/helpers/convertCertBufferToPEM.d.ts +2 -2
- package/esm/helpers/convertCertBufferToPEM.d.ts.map +1 -1
- package/esm/helpers/convertPEMToBytes.d.ts +2 -1
- package/esm/helpers/convertPEMToBytes.d.ts.map +1 -1
- package/esm/helpers/convertX509PublicKeyToCOSE.d.ts +2 -1
- package/esm/helpers/convertX509PublicKeyToCOSE.d.ts.map +1 -1
- package/esm/helpers/convertX509PublicKeyToCOSE.js +2 -2
- package/esm/helpers/cose.d.ts +11 -10
- package/esm/helpers/cose.d.ts.map +1 -1
- package/esm/helpers/cose.js +0 -11
- package/esm/helpers/decodeAttestationObject.d.ts +8 -7
- package/esm/helpers/decodeAttestationObject.d.ts.map +1 -1
- package/esm/helpers/decodeAuthenticatorExtensions.d.ts +2 -1
- package/esm/helpers/decodeAuthenticatorExtensions.d.ts.map +1 -1
- package/esm/helpers/decodeCredentialPublicKey.d.ts +3 -2
- package/esm/helpers/decodeCredentialPublicKey.d.ts.map +1 -1
- package/esm/helpers/generateChallenge.d.ts +3 -2
- package/esm/helpers/generateChallenge.d.ts.map +1 -1
- package/esm/helpers/generateUserID.d.ts +3 -2
- package/esm/helpers/generateUserID.d.ts.map +1 -1
- package/esm/helpers/getCertificateInfo.d.ts +2 -1
- package/esm/helpers/getCertificateInfo.d.ts.map +1 -1
- package/esm/helpers/isCertRevoked.d.ts +2 -2
- package/esm/helpers/isCertRevoked.d.ts.map +1 -1
- package/esm/helpers/isCertRevoked.js +19 -22
- package/esm/helpers/iso/isoBase64URL.d.ts +3 -3
- package/esm/helpers/iso/isoBase64URL.d.ts.map +1 -1
- package/esm/helpers/iso/isoBase64URL.js +1 -1
- package/esm/helpers/iso/isoCBOR.d.ts +3 -2
- package/esm/helpers/iso/isoCBOR.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/digest.d.ts +3 -2
- package/esm/helpers/iso/isoCrypto/digest.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/getRandomValues.d.ts +2 -1
- package/esm/helpers/iso/isoCrypto/getRandomValues.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts +2 -1
- package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/verify.d.ts +4 -3
- package/esm/helpers/iso/isoCrypto/verify.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts +4 -3
- package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts +4 -3
- package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts.map +1 -1
- package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts +4 -3
- package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts.map +1 -1
- package/esm/helpers/iso/isoUint8Array.d.ts +9 -8
- package/esm/helpers/iso/isoUint8Array.d.ts.map +1 -1
- package/esm/helpers/matchExpectedRPID.d.ts +2 -1
- package/esm/helpers/matchExpectedRPID.d.ts.map +1 -1
- package/esm/helpers/parseAuthenticatorData.d.ts +10 -9
- package/esm/helpers/parseAuthenticatorData.d.ts.map +1 -1
- package/esm/helpers/toHash.d.ts +3 -2
- package/esm/helpers/toHash.d.ts.map +1 -1
- package/esm/helpers/validateCertificatePath.d.ts.map +1 -1
- package/esm/helpers/validateCertificatePath.js +85 -90
- package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts +3 -2
- package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts.map +1 -1
- package/esm/helpers/verifySignature.d.ts +5 -4
- package/esm/helpers/verifySignature.d.ts.map +1 -1
- package/esm/metadata/verifyAttestationWithMetadata.d.ts +3 -2
- package/esm/metadata/verifyAttestationWithMetadata.d.ts.map +1 -1
- package/esm/metadata/verifyJWT.d.ts +2 -1
- package/esm/metadata/verifyJWT.d.ts.map +1 -1
- package/esm/registration/generateRegistrationOptions.d.ts +3 -3
- package/esm/registration/generateRegistrationOptions.d.ts.map +1 -1
- package/esm/registration/verifications/tpm/parseCertInfo.d.ts +9 -8
- package/esm/registration/verifications/tpm/parseCertInfo.d.ts.map +1 -1
- package/esm/registration/verifications/tpm/parsePubArea.d.ts +4 -3
- package/esm/registration/verifications/tpm/parsePubArea.d.ts.map +1 -1
- package/esm/registration/verifications/tpm/verifyAttestationTPM.d.ts.map +1 -1
- package/esm/registration/verifications/verifyAttestationAndroidKey.js +2 -2
- package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map +1 -1
- package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.js +2 -2
- package/esm/registration/verifyRegistrationResponse.d.ts +16 -10
- package/esm/registration/verifyRegistrationResponse.d.ts.map +1 -1
- package/esm/registration/verifyRegistrationResponse.js +12 -10
- package/esm/services/defaultRootCerts/mds.d.ts +1 -1
- package/esm/services/defaultRootCerts/mds.d.ts.map +1 -1
- package/esm/services/defaultRootCerts/mds.js +20 -20
- package/esm/services/metadataService.d.ts +2 -1
- package/esm/services/metadataService.d.ts.map +1 -1
- package/esm/services/metadataService.js +1 -1
- package/esm/services/settingsService.d.ts +2 -1
- package/esm/services/settingsService.d.ts.map +1 -1
- package/esm/types/index.d.ts +16 -1
- package/esm/types/index.d.ts.map +1 -1
- package/package.json +3 -2
- package/script/authentication/generateAuthenticationOptions.d.ts +2 -2
- package/script/authentication/generateAuthenticationOptions.d.ts.map +1 -1
- package/script/helpers/convertAAGUIDToString.d.ts +2 -1
- package/script/helpers/convertAAGUIDToString.d.ts.map +1 -1
- package/script/helpers/convertCOSEtoPKCS.d.ts +2 -1
- package/script/helpers/convertCOSEtoPKCS.d.ts.map +1 -1
- package/script/helpers/convertCertBufferToPEM.d.ts +2 -2
- package/script/helpers/convertCertBufferToPEM.d.ts.map +1 -1
- package/script/helpers/convertPEMToBytes.d.ts +2 -1
- package/script/helpers/convertPEMToBytes.d.ts.map +1 -1
- package/script/helpers/convertX509PublicKeyToCOSE.d.ts +2 -1
- package/script/helpers/convertX509PublicKeyToCOSE.d.ts.map +1 -1
- package/script/helpers/convertX509PublicKeyToCOSE.js +2 -2
- package/script/helpers/cose.d.ts +11 -10
- package/script/helpers/cose.d.ts.map +1 -1
- package/script/helpers/cose.js +0 -11
- package/script/helpers/decodeAttestationObject.d.ts +8 -7
- package/script/helpers/decodeAttestationObject.d.ts.map +1 -1
- package/script/helpers/decodeAuthenticatorExtensions.d.ts +2 -1
- package/script/helpers/decodeAuthenticatorExtensions.d.ts.map +1 -1
- package/script/helpers/decodeCredentialPublicKey.d.ts +3 -2
- package/script/helpers/decodeCredentialPublicKey.d.ts.map +1 -1
- package/script/helpers/generateChallenge.d.ts +3 -2
- package/script/helpers/generateChallenge.d.ts.map +1 -1
- package/script/helpers/generateUserID.d.ts +3 -2
- package/script/helpers/generateUserID.d.ts.map +1 -1
- package/script/helpers/getCertificateInfo.d.ts +2 -1
- package/script/helpers/getCertificateInfo.d.ts.map +1 -1
- package/script/helpers/isCertRevoked.d.ts +2 -2
- package/script/helpers/isCertRevoked.d.ts.map +1 -1
- package/script/helpers/isCertRevoked.js +19 -22
- package/script/helpers/iso/isoBase64URL.d.ts +3 -3
- package/script/helpers/iso/isoBase64URL.d.ts.map +1 -1
- package/script/helpers/iso/isoBase64URL.js +1 -1
- package/script/helpers/iso/isoCBOR.d.ts +3 -2
- package/script/helpers/iso/isoCBOR.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/digest.d.ts +3 -2
- package/script/helpers/iso/isoCrypto/digest.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/getRandomValues.d.ts +2 -1
- package/script/helpers/iso/isoCrypto/getRandomValues.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts +2 -1
- package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/verify.d.ts +4 -3
- package/script/helpers/iso/isoCrypto/verify.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/verifyEC2.d.ts +4 -3
- package/script/helpers/iso/isoCrypto/verifyEC2.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/verifyOKP.d.ts +4 -3
- package/script/helpers/iso/isoCrypto/verifyOKP.d.ts.map +1 -1
- package/script/helpers/iso/isoCrypto/verifyRSA.d.ts +4 -3
- package/script/helpers/iso/isoCrypto/verifyRSA.d.ts.map +1 -1
- package/script/helpers/iso/isoUint8Array.d.ts +9 -8
- package/script/helpers/iso/isoUint8Array.d.ts.map +1 -1
- package/script/helpers/iso/isoUint8Array.js +4 -4
- package/script/helpers/matchExpectedRPID.d.ts +2 -1
- package/script/helpers/matchExpectedRPID.d.ts.map +1 -1
- package/script/helpers/parseAuthenticatorData.d.ts +10 -9
- package/script/helpers/parseAuthenticatorData.d.ts.map +1 -1
- package/script/helpers/toHash.d.ts +3 -2
- package/script/helpers/toHash.d.ts.map +1 -1
- package/script/helpers/validateCertificatePath.d.ts.map +1 -1
- package/script/helpers/validateCertificatePath.js +85 -90
- package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts +3 -2
- package/script/helpers/validateExtFIDOGenCEAAGUID.d.ts.map +1 -1
- package/script/helpers/verifySignature.d.ts +5 -4
- package/script/helpers/verifySignature.d.ts.map +1 -1
- package/script/metadata/verifyAttestationWithMetadata.d.ts +3 -2
- package/script/metadata/verifyAttestationWithMetadata.d.ts.map +1 -1
- package/script/metadata/verifyJWT.d.ts +2 -1
- package/script/metadata/verifyJWT.d.ts.map +1 -1
- package/script/registration/generateRegistrationOptions.d.ts +3 -3
- package/script/registration/generateRegistrationOptions.d.ts.map +1 -1
- package/script/registration/verifications/tpm/parseCertInfo.d.ts +9 -8
- package/script/registration/verifications/tpm/parseCertInfo.d.ts.map +1 -1
- package/script/registration/verifications/tpm/parsePubArea.d.ts +4 -3
- package/script/registration/verifications/tpm/parsePubArea.d.ts.map +1 -1
- package/script/registration/verifications/tpm/verifyAttestationTPM.d.ts.map +1 -1
- package/script/registration/verifications/verifyAttestationAndroidKey.js +2 -2
- package/script/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map +1 -1
- package/script/registration/verifications/verifyAttestationAndroidSafetyNet.js +2 -2
- package/script/registration/verifyRegistrationResponse.d.ts +16 -10
- package/script/registration/verifyRegistrationResponse.d.ts.map +1 -1
- package/script/registration/verifyRegistrationResponse.js +12 -10
- package/script/services/defaultRootCerts/mds.d.ts +1 -1
- package/script/services/defaultRootCerts/mds.d.ts.map +1 -1
- package/script/services/defaultRootCerts/mds.js +20 -20
- package/script/services/metadataService.d.ts +2 -1
- package/script/services/metadataService.d.ts.map +1 -1
- package/script/services/metadataService.js +1 -1
- package/script/services/settingsService.d.ts +2 -1
- package/script/services/settingsService.d.ts.map +1 -1
- package/script/types/index.d.ts +16 -1
- package/script/types/index.d.ts.map +1 -1
|
@@ -80,7 +80,7 @@ export async function verifyAttestationAndroidKey(options) {
|
|
|
80
80
|
}
|
|
81
81
|
catch (err) {
|
|
82
82
|
const _err = err;
|
|
83
|
-
throw new Error(`${_err.message} (Android Key)
|
|
83
|
+
throw new Error(`${_err.message} (Android Key)`, { cause: _err });
|
|
84
84
|
}
|
|
85
85
|
}
|
|
86
86
|
else {
|
|
@@ -94,7 +94,7 @@ export async function verifyAttestationAndroidKey(options) {
|
|
|
94
94
|
}
|
|
95
95
|
catch (err) {
|
|
96
96
|
const _err = err;
|
|
97
|
-
throw new Error(`${_err.message} (Android Key)
|
|
97
|
+
throw new Error(`${_err.message} (Android Key)`, { cause: _err });
|
|
98
98
|
}
|
|
99
99
|
/**
|
|
100
100
|
* Make sure the root certificate is one of the Google Hardware Attestation Root certificates
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationAndroidSafetyNet.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAWtF;;GAEG;AACH,wBAAsB,iCAAiC,CACrD,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"verifyAttestationAndroidSafetyNet.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAWtF;;GAEG;AACH,wBAAsB,iCAAiC,CACrD,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA4IlB"}
|
|
@@ -10,7 +10,7 @@ import { verifyAttestationWithMetadata } from '../../metadata/verifyAttestationW
|
|
|
10
10
|
* Verify an attestation response with fmt 'android-safetynet'
|
|
11
11
|
*/
|
|
12
12
|
export async function verifyAttestationAndroidSafetyNet(options) {
|
|
13
|
-
const { attStmt, clientDataHash, authData, aaguid, rootCertificates, verifyTimestampMS = true, credentialPublicKey, } = options;
|
|
13
|
+
const { attStmt, clientDataHash, authData, aaguid, rootCertificates, verifyTimestampMS = true, credentialPublicKey, attestationSafetyNetEnforceCTSCheck, } = options;
|
|
14
14
|
const alg = attStmt.get('alg');
|
|
15
15
|
const response = attStmt.get('response');
|
|
16
16
|
const ver = attStmt.get('ver');
|
|
@@ -49,7 +49,7 @@ export async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
49
49
|
if (nonce !== expectedNonce) {
|
|
50
50
|
throw new Error('Could not verify payload nonce (SafetyNet)');
|
|
51
51
|
}
|
|
52
|
-
if (!ctsProfileMatch) {
|
|
52
|
+
if (attestationSafetyNetEnforceCTSCheck && !ctsProfileMatch) {
|
|
53
53
|
throw new Error('Could not verify device integrity (SafetyNet)');
|
|
54
54
|
}
|
|
55
55
|
/**
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../types/index.js';
|
|
1
|
+
import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, Uint8Array_, WebAuthnCredential } from '../types/index.js';
|
|
2
2
|
import { type AttestationFormat, type AttestationStatement } from '../helpers/decodeAttestationObject.js';
|
|
3
3
|
import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
|
|
4
4
|
/**
|
|
@@ -18,6 +18,7 @@ export type VerifyRegistrationResponseOpts = Parameters<typeof verifyRegistratio
|
|
|
18
18
|
* @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
|
|
19
19
|
* @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
|
|
20
20
|
* @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
|
|
21
|
+
* @param attestationSafetyNetEnforceCTSCheck **(Optional)** - Require that an Android device's system integrity has not been tampered with if it uses SafetyNet attestation. Defaults to `true`
|
|
21
22
|
*/
|
|
22
23
|
export declare function verifyRegistrationResponse(options: {
|
|
23
24
|
response: RegistrationResponseJSON;
|
|
@@ -28,6 +29,7 @@ export declare function verifyRegistrationResponse(options: {
|
|
|
28
29
|
requireUserPresence?: boolean;
|
|
29
30
|
requireUserVerification?: boolean;
|
|
30
31
|
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
32
|
+
attestationSafetyNetEnforceCTSCheck?: boolean;
|
|
31
33
|
}): Promise<VerifiedRegistrationResponse>;
|
|
32
34
|
/**
|
|
33
35
|
* Result of registration verification
|
|
@@ -56,13 +58,16 @@ export declare function verifyRegistrationResponse(options: {
|
|
|
56
58
|
* by the browser
|
|
57
59
|
*/
|
|
58
60
|
export type VerifiedRegistrationResponse = {
|
|
59
|
-
verified:
|
|
60
|
-
registrationInfo?:
|
|
61
|
+
verified: false;
|
|
62
|
+
registrationInfo?: never;
|
|
63
|
+
} | {
|
|
64
|
+
verified: true;
|
|
65
|
+
registrationInfo: {
|
|
61
66
|
fmt: AttestationFormat;
|
|
62
67
|
aaguid: string;
|
|
63
68
|
credential: WebAuthnCredential;
|
|
64
69
|
credentialType: 'public-key';
|
|
65
|
-
attestationObject:
|
|
70
|
+
attestationObject: Uint8Array_;
|
|
66
71
|
userVerified: boolean;
|
|
67
72
|
credentialDeviceType: CredentialDeviceType;
|
|
68
73
|
credentialBackedUp: boolean;
|
|
@@ -75,14 +80,15 @@ export type VerifiedRegistrationResponse = {
|
|
|
75
80
|
* Values passed to all attestation format verifiers, from which they are free to use as they please
|
|
76
81
|
*/
|
|
77
82
|
export type AttestationFormatVerifierOpts = {
|
|
78
|
-
aaguid:
|
|
83
|
+
aaguid: Uint8Array_;
|
|
79
84
|
attStmt: AttestationStatement;
|
|
80
|
-
authData:
|
|
81
|
-
clientDataHash:
|
|
82
|
-
credentialID:
|
|
83
|
-
credentialPublicKey:
|
|
85
|
+
authData: Uint8Array_;
|
|
86
|
+
clientDataHash: Uint8Array_;
|
|
87
|
+
credentialID: Uint8Array_;
|
|
88
|
+
credentialPublicKey: Uint8Array_;
|
|
84
89
|
rootCertificates: string[];
|
|
85
|
-
rpIdHash:
|
|
90
|
+
rpIdHash: Uint8Array_;
|
|
86
91
|
verifyTimestampMS?: boolean;
|
|
92
|
+
attestationSafetyNetEnforceCTSCheck?: boolean;
|
|
87
93
|
};
|
|
88
94
|
//# sourceMappingURL=verifyRegistrationResponse.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAE1B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoBhH;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9F
|
|
1
|
+
{"version":3,"file":"verifyRegistrationResponse.d.ts","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,WAAW,EACX,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EAE1B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAoBhH;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9F;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE;IACP,QAAQ,EAAE,wBAAwB,CAAC;IACnC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClD,mCAAmC,CAAC,EAAE,OAAO,CAAC;CAC/C,GACA,OAAO,CAAC,4BAA4B,CAAC,CAqPvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,QAAQ,EAAE,KAAK,CAAC;IAChB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC1B,GAAG;IACF,QAAQ,EAAE,IAAI,CAAC;IACf,gBAAgB,EAAE;QAChB,GAAG,EAAE,iBAAiB,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,kBAAkB,CAAC;QAC/B,cAAc,EAAE,YAAY,CAAC;QAC7B,iBAAiB,EAAE,WAAW,CAAC;QAC/B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC;IACtB,cAAc,EAAE,WAAW,CAAC;IAC5B,YAAY,EAAE,WAAW,CAAC;IAC1B,mBAAmB,EAAE,WAAW,CAAC;IACjC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,mCAAmC,CAAC,EAAE,OAAO,CAAC;CAC/C,CAAC"}
|
|
@@ -29,9 +29,10 @@ import { verifyAttestationApple } from './verifications/verifyAttestationApple.j
|
|
|
29
29
|
* @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true`
|
|
30
30
|
* @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
|
|
31
31
|
* @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs
|
|
32
|
+
* @param attestationSafetyNetEnforceCTSCheck **(Optional)** - Require that an Android device's system integrity has not been tampered with if it uses SafetyNet attestation. Defaults to `true`
|
|
32
33
|
*/
|
|
33
34
|
export async function verifyRegistrationResponse(options) {
|
|
34
|
-
const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserPresence = true, requireUserVerification = true, supportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers, } = options;
|
|
35
|
+
const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserPresence = true, requireUserVerification = true, supportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers, attestationSafetyNetEnforceCTSCheck = true, } = options;
|
|
35
36
|
const { id, rawId, type: credentialType, response: attestationResponse } = response;
|
|
36
37
|
// Ensure credential specified an ID
|
|
37
38
|
if (!id) {
|
|
@@ -150,6 +151,7 @@ export async function verifyRegistrationResponse(options) {
|
|
|
150
151
|
credentialPublicKey,
|
|
151
152
|
rootCertificates,
|
|
152
153
|
rpIdHash,
|
|
154
|
+
attestationSafetyNetEnforceCTSCheck,
|
|
153
155
|
};
|
|
154
156
|
/**
|
|
155
157
|
* Verification can only be performed when attestation = 'direct'
|
|
@@ -183,12 +185,13 @@ export async function verifyRegistrationResponse(options) {
|
|
|
183
185
|
else {
|
|
184
186
|
throw new Error(`Unsupported Attestation Format: ${fmt}`);
|
|
185
187
|
}
|
|
186
|
-
|
|
187
|
-
verified
|
|
188
|
-
}
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
188
|
+
if (!verified) {
|
|
189
|
+
return { verified: false };
|
|
190
|
+
}
|
|
191
|
+
const { credentialDeviceType, credentialBackedUp } = parseBackupFlags(flags);
|
|
192
|
+
return {
|
|
193
|
+
verified: true,
|
|
194
|
+
registrationInfo: {
|
|
192
195
|
fmt,
|
|
193
196
|
aaguid: convertAAGUIDToString(aaguid),
|
|
194
197
|
credentialType,
|
|
@@ -205,7 +208,6 @@ export async function verifyRegistrationResponse(options) {
|
|
|
205
208
|
origin: clientDataJSON.origin,
|
|
206
209
|
rpID: matchedRPID,
|
|
207
210
|
authenticatorExtensionResults: extensionsData,
|
|
208
|
-
}
|
|
209
|
-
}
|
|
210
|
-
return toReturn;
|
|
211
|
+
},
|
|
212
|
+
};
|
|
211
213
|
}
|
|
@@ -8,5 +8,5 @@
|
|
|
8
8
|
* SHA256 Fingerprint
|
|
9
9
|
* CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
|
|
10
10
|
*/
|
|
11
|
-
export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\
|
|
11
|
+
export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\nMTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\nRgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\ngHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\nKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\nQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\nXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\nDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\nLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\nRUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\njjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\nmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\nMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\nWD9f\n-----END CERTIFICATE-----\n ";
|
|
12
12
|
//# sourceMappingURL=mds.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mds.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,
|
|
1
|
+
{"version":3,"file":"mds.d.ts","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,wuCAqBhC,CAAC"}
|
|
@@ -9,24 +9,24 @@
|
|
|
9
9
|
* CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
|
|
10
10
|
*/
|
|
11
11
|
export const GlobalSign_Root_CA_R3 = `-----BEGIN CERTIFICATE-----
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
12
|
+
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
|
|
13
|
+
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
|
|
14
|
+
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
|
|
15
|
+
MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
|
|
16
|
+
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
|
|
17
|
+
hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
|
|
18
|
+
RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
|
|
19
|
+
gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
|
|
20
|
+
KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
|
|
21
|
+
QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
|
|
22
|
+
XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
|
|
23
|
+
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
|
|
24
|
+
LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
|
|
25
|
+
RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
|
|
26
|
+
jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
|
|
27
|
+
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
|
|
28
|
+
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
|
|
29
|
+
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
|
|
30
|
+
WD9f
|
|
31
|
+
-----END CERTIFICATE-----
|
|
32
32
|
`;
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { MetadataStatement } from '../metadata/mdsTypes.js';
|
|
2
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
2
3
|
/**
|
|
3
4
|
* Allow MetadataService to accommodate unregistered AAGUIDs (`"permissive"`), or only allow
|
|
4
5
|
* registered AAGUIDs (`"strict"`). Currently primarily impacts how `getStatement()` operates
|
|
@@ -47,7 +48,7 @@ export declare class BaseMetadataService implements MetadataService {
|
|
|
47
48
|
statements?: MetadataStatement[];
|
|
48
49
|
verificationMode?: VerificationMode;
|
|
49
50
|
}): Promise<void>;
|
|
50
|
-
getStatement(aaguid: string |
|
|
51
|
+
getStatement(aaguid: string | Uint8Array_): Promise<MetadataStatement | undefined>;
|
|
51
52
|
/**
|
|
52
53
|
* Download and process the latest BLOB from MDS
|
|
53
54
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"metadataService.d.ts","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAIV,iBAAiB,EAClB,MAAM,yBAAyB,CAAC;AAKjC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAyBrD;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,QAAQ,CAAC;AAIvD,UAAU,eAAe;IACvB;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,IAAI,CAAC,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB;;;;;OAKG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;CACnF;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAoC;IACpD,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,gBAAgB,CAA8B;IAEhD,UAAU,CACd,IAAI,GAAE;QACJ,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;QACjC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KAChC,GACL,OAAO,CAAC,IAAI,CAAC;IA+DV,YAAY,CAChB,MAAM,EAAE,MAAM,GAAG,WAAW,GAC3B,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IA6DzC;;OAEG;YACW,YAAY;IAqE1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgCvB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAWjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}
|
|
@@ -177,7 +177,7 @@ export class BaseMetadataService {
|
|
|
177
177
|
const _error = error;
|
|
178
178
|
// From FIDO MDS docs: "ignore the file if the chain cannot be verified or if one of the
|
|
179
179
|
// chain certificates is revoked"
|
|
180
|
-
throw new Error(
|
|
180
|
+
throw new Error('BLOB certificate path could not be validated', { cause: _error });
|
|
181
181
|
}
|
|
182
182
|
// Verify the BLOB JWT signature
|
|
183
183
|
const leafCert = headerCertsPEM[0];
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { AttestationFormat } from '../helpers/decodeAttestationObject.js';
|
|
2
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
2
3
|
export type RootCertIdentifier = AttestationFormat | 'mds';
|
|
3
4
|
interface SettingsService {
|
|
4
5
|
/**
|
|
@@ -10,7 +11,7 @@ interface SettingsService {
|
|
|
10
11
|
*/
|
|
11
12
|
setRootCertificates(opts: {
|
|
12
13
|
identifier: RootCertIdentifier;
|
|
13
|
-
certificates: (
|
|
14
|
+
certificates: (Uint8Array_ | string)[];
|
|
14
15
|
}): void;
|
|
15
16
|
/**
|
|
16
17
|
* Get any registered root certificates for the specified attestation format
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;
|
|
1
|
+
{"version":3,"file":"settingsService.d.ts","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAE/E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAYrD,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAE3D,UAAU,eAAe;IACvB;;;;;;OAMG;IACH,mBAAmB,CAAC,IAAI,EAAE;QACxB,UAAU,EAAE,kBAAkB,CAAC;QAC/B,YAAY,EAAE,CAAC,WAAW,GAAG,MAAM,CAAC,EAAE,CAAC;KACxC,GAAG,IAAI,CAAC;IAET;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE;QAAE,UAAU,EAAE,kBAAkB,CAAA;KAAE,GAAG,MAAM,EAAE,CAAC;CACzE;AAkCD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,EAAE,eAA2C,CAAC"}
|
package/esm/types/index.d.ts
CHANGED
|
@@ -130,7 +130,7 @@ export interface AuthenticatorAssertionResponseJSON {
|
|
|
130
130
|
*/
|
|
131
131
|
export type WebAuthnCredential = {
|
|
132
132
|
id: Base64URLString;
|
|
133
|
-
publicKey:
|
|
133
|
+
publicKey: Uint8Array_;
|
|
134
134
|
counter: number;
|
|
135
135
|
transports?: AuthenticatorTransportFuture[];
|
|
136
136
|
};
|
|
@@ -202,4 +202,19 @@ export type PublicKeyCredentialHint = 'hybrid' | 'security-key' | 'client-device
|
|
|
202
202
|
* See https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-attestation-statement-format-ids
|
|
203
203
|
*/
|
|
204
204
|
export type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
|
|
205
|
+
/**
|
|
206
|
+
* Equivalent to `Uint8Array` before TypeScript 5.7, and `Uint8Array<ArrayBuffer>` in TypeScript 5.7
|
|
207
|
+
* and beyond.
|
|
208
|
+
*
|
|
209
|
+
* **Context**
|
|
210
|
+
*
|
|
211
|
+
* `Uint8Array` became a generic type in TypeScript 5.7, requiring types defined simply as
|
|
212
|
+
* `Uint8Array` to be refactored to `Uint8Array<ArrayBuffer>` starting in Deno 2.2. `Uint8Array` is
|
|
213
|
+
* _not_ generic in Deno 2.1.x and earlier, though, so this type helps bridge this gap.
|
|
214
|
+
*
|
|
215
|
+
* Inspired by Deno's std library:
|
|
216
|
+
*
|
|
217
|
+
* https://github.com/denoland/std/blob/b5a5fe4f96b91c1fe8dba5cc0270092dd11d3287/bytes/_types.ts#L11
|
|
218
|
+
*/
|
|
219
|
+
export type Uint8Array_ = ReturnType<Uint8Array['slice']>;
|
|
205
220
|
//# sourceMappingURL=index.d.ts.map
|
package/esm/types/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,uBAAuB,EACvB,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,2BAA2B,EAC5B,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,EACN,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,6BAA6B,EAC7B,sBAAsB,EACtB,2BAA2B,GAC5B,MAAM,UAAU,CAAC;AAElB;;;;;;;;GAQG;AACH,MAAM,WAAW,sCAAsC;IACrD,EAAE,EAAE,2BAA2B,CAAC;IAChC,IAAI,EAAE,iCAAiC,CAAC;IACxC,SAAS,EAAE,eAAe,CAAC;IAC3B,gBAAgB,EAAE,6BAA6B,EAAE,CAAC;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACzD,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,+BAA+B,CAAC;IAC9C,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;;GAGG;AACH,MAAM,WAAW,qCAAqC;IACpD,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACvD,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;IAC/C,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,eAAe,CAAC;IACpB,IAAI,EAAE,uBAAuB,CAAC;IAC9B,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,yBAAyB;IACvE,QAAQ,EAAE,sCAAsC,CAAC;CAClD;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,oCAAoC,CAAC;IAC/C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,yBAAyB;IACzE,QAAQ,EAAE,8BAA8B,CAAC;CAC1C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,kCAAkC,CAAC;IAC7C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;;;;GAKG;AACH,MAAM,WAAW,oCAAoC;IACnD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IAEnC,iBAAiB,CAAC,EAAE,eAAe,CAAC;IAEpC,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;IAE5C,kBAAkB,CAAC,EAAE,uBAAuB,CAAC;IAC7C,SAAS,CAAC,EAAE,eAAe,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,kCAAkC;IACjD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IACnC,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,eAAe,CAAC;IACpB,SAAS,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,uBAAuB,EACvB,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,2BAA2B,EAC5B,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,qCAAqC,EACrC,8BAA8B,EAC9B,uBAAuB,EACvB,gCAAgC,EAChC,8BAA8B,EAC9B,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,EACN,mBAAmB,EACnB,kCAAkC,EAClC,6BAA6B,EAC7B,6BAA6B,EAC7B,iCAAiC,EACjC,2BAA2B,EAC3B,uBAAuB,EACvB,6BAA6B,EAC7B,sBAAsB,EACtB,2BAA2B,GAC5B,MAAM,UAAU,CAAC;AAElB;;;;;;;;GAQG;AACH,MAAM,WAAW,sCAAsC;IACrD,EAAE,EAAE,2BAA2B,CAAC;IAChC,IAAI,EAAE,iCAAiC,CAAC;IACxC,SAAS,EAAE,eAAe,CAAC;IAC3B,gBAAgB,EAAE,6BAA6B,EAAE,CAAC;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACzD,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,+BAA+B,CAAC;IAC9C,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;;GAGG;AACH,MAAM,WAAW,qCAAqC;IACpD,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,iCAAiC,EAAE,CAAC;IACvD,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;IAC/C,KAAK,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,eAAe,CAAC;IACpB,IAAI,EAAE,uBAAuB,CAAC;IAC9B,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,yBAAyB;IACvE,QAAQ,EAAE,sCAAsC,CAAC;CAClD;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,oCAAoC,CAAC;IAC/C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,yBAAyB;IACzE,QAAQ,EAAE,8BAA8B,CAAC;CAC1C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,kCAAkC,CAAC;IAC7C,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,sBAAsB,EAAE,qCAAqC,CAAC;IAC9D,IAAI,EAAE,uBAAuB,CAAC;CAC/B;AAED;;;;;GAKG;AACH,MAAM,WAAW,oCAAoC;IACnD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IAEnC,iBAAiB,CAAC,EAAE,eAAe,CAAC;IAEpC,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;IAE5C,kBAAkB,CAAC,EAAE,uBAAuB,CAAC;IAC7C,SAAS,CAAC,EAAE,eAAe,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,kCAAkC;IACjD,cAAc,EAAE,eAAe,CAAC;IAChC,iBAAiB,EAAE,eAAe,CAAC;IACnC,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,eAAe,CAAC;IACpB,SAAS,EAAE,WAAW,CAAC;IAEvB,OAAO,EAAE,MAAM,CAAC;IAEhB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,WAAW,sCAAuC,SAAQ,gCAAgC;IAC9F,aAAa,IAAI,4BAA4B,EAAE,CAAC;CACjD;AAED;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GACpC,KAAK,GACL,OAAO,GACP,QAAQ,GACR,UAAU,GACV,KAAK,GACL,YAAY,GACZ,KAAK,CAAC;AAEV;;;;GAIG;AACH,MAAM,WAAW,mCACf,SAAQ,IAAI,CAAC,6BAA6B,EAAE,YAAY,CAAC;IACzD,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C;AAED,MAAM;AACN,MAAM,MAAM,uBAAuB,GAC/B,wBAAwB,GACxB,0BAA0B,CAAC;AAE/B;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,mBAAmB;IACpE,IAAI,EAAE,uBAAuB,CAAC;IAE9B,+BAA+B,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAErD,4BAA4B,CAAC,CAC3B,OAAO,EAAE,sCAAsC,GAC9C,kCAAkC,CAAC;IAEtC,2BAA2B,CAAC,CAC1B,OAAO,EAAE,qCAAqC,GAC7C,iCAAiC,CAAC;IAErC,MAAM,CAAC,IAAI,uBAAuB,CAAC;CACpC;AAED;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,aAAa,CAAC;AAElE;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,cAAc,GAAG,eAAe,CAAC;AAElF;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GACzB,UAAU,GACV,QAAQ,GACR,mBAAmB,GACnB,aAAa,GACb,KAAK,GACL,OAAO,GACP,MAAM,CAAC;AAEX;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,WAAW,GAAG,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simplewebauthn/server",
|
|
3
|
-
"version": "13.
|
|
3
|
+
"version": "13.2.0",
|
|
4
4
|
"description": "SimpleWebAuthn for Servers",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"typescript",
|
|
@@ -55,7 +55,8 @@
|
|
|
55
55
|
"@peculiar/asn1-ecc": "^2.3.8",
|
|
56
56
|
"@peculiar/asn1-rsa": "^2.3.8",
|
|
57
57
|
"@peculiar/asn1-schema": "^2.3.8",
|
|
58
|
-
"@peculiar/asn1-x509": "^2.3.8"
|
|
58
|
+
"@peculiar/asn1-x509": "^2.3.8",
|
|
59
|
+
"@peculiar/x509": "^1.13.0"
|
|
59
60
|
},
|
|
60
61
|
"devDependencies": {
|
|
61
62
|
"@types/node": "^20.9.0"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { AuthenticationExtensionsClientInputs, AuthenticatorTransportFuture, Base64URLString, PublicKeyCredentialRequestOptionsJSON } from '../types/index.js';
|
|
1
|
+
import type { AuthenticationExtensionsClientInputs, AuthenticatorTransportFuture, Base64URLString, PublicKeyCredentialRequestOptionsJSON, Uint8Array_ } from '../types/index.js';
|
|
2
2
|
export type GenerateAuthenticationOptionsOpts = Parameters<typeof generateAuthenticationOptions>[0];
|
|
3
3
|
/**
|
|
4
4
|
* Prepare a value to pass into navigator.credentials.get(...) for authenticator authentication
|
|
@@ -18,7 +18,7 @@ export declare function generateAuthenticationOptions(options: {
|
|
|
18
18
|
id: Base64URLString;
|
|
19
19
|
transports?: AuthenticatorTransportFuture[];
|
|
20
20
|
}[];
|
|
21
|
-
challenge?: string |
|
|
21
|
+
challenge?: string | Uint8Array_;
|
|
22
22
|
timeout?: number;
|
|
23
23
|
userVerification?: 'required' | 'preferred' | 'discouraged';
|
|
24
24
|
extensions?: AuthenticationExtensionsClientInputs;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateAuthenticationOptions.d.ts","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,4BAA4B,EAC5B,eAAe,EACf,qCAAqC,
|
|
1
|
+
{"version":3,"file":"generateAuthenticationOptions.d.ts","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,4BAA4B,EAC5B,eAAe,EACf,qCAAqC,EACrC,WAAW,EACZ,MAAM,mBAAmB,CAAC;AAI3B,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,OAAO,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpG;;;;;;;;;;;GAWG;AACH,wBAAsB,6BAA6B,CACjD,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE;QACjB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,SAAS,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;IAC5D,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD,GACA,OAAO,CAAC,qCAAqC,CAAC,CAoChD"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Convert the aaguid buffer in authData into a UUID string
|
|
3
4
|
*/
|
|
4
|
-
export declare function convertAAGUIDToString(aaguid:
|
|
5
|
+
export declare function convertAAGUIDToString(aaguid: Uint8Array_): string;
|
|
5
6
|
//# sourceMappingURL=convertAAGUIDToString.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertAAGUIDToString.d.ts","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"convertAAGUIDToString.d.ts","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAcjE"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Takes COSE-encoded public key and converts it to PKCS key
|
|
3
4
|
*/
|
|
4
|
-
export declare function convertCOSEtoPKCS(cosePublicKey:
|
|
5
|
+
export declare function convertCOSEtoPKCS(cosePublicKey: Uint8Array_): Uint8Array_;
|
|
5
6
|
//# sourceMappingURL=convertCOSEtoPKCS.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCOSEtoPKCS.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"convertCOSEtoPKCS.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,WAAW,GAAG,WAAW,CAmBzE"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { Base64URLString } from '../types/index.js';
|
|
1
|
+
import type { Base64URLString, Uint8Array_ } from '../types/index.js';
|
|
2
2
|
/**
|
|
3
3
|
* Convert buffer to an OpenSSL-compatible PEM text format.
|
|
4
4
|
*/
|
|
5
|
-
export declare function convertCertBufferToPEM(certBuffer:
|
|
5
|
+
export declare function convertCertBufferToPEM(certBuffer: Uint8Array_ | Base64URLString): string;
|
|
6
6
|
//# sourceMappingURL=convertCertBufferToPEM.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCertBufferToPEM.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"convertCertBufferToPEM.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGtE;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,WAAW,GAAG,eAAe,GACxC,MAAM,CA4BR"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Take a certificate in PEM format and convert it to bytes
|
|
3
4
|
*/
|
|
4
|
-
export declare function convertPEMToBytes(pem: string):
|
|
5
|
+
export declare function convertPEMToBytes(pem: string): Uint8Array_;
|
|
5
6
|
//# sourceMappingURL=convertPEMToBytes.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertPEMToBytes.d.ts","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"convertPEMToBytes.d.ts","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAO1D"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
import { COSEPublicKey } from './cose.js';
|
|
2
|
-
|
|
2
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
3
|
+
export declare function convertX509PublicKeyToCOSE(x509Certificate: Uint8Array_): COSEPublicKey;
|
|
3
4
|
//# sourceMappingURL=convertX509PublicKeyToCOSE.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertX509PublicKeyToCOSE.d.ts","sourceRoot":"","sources":["../../src/helpers/convertX509PublicKeyToCOSE.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"convertX509PublicKeyToCOSE.d.ts","sourceRoot":"","sources":["../../src/helpers/convertX509PublicKeyToCOSE.ts"],"names":[],"mappings":"AAKA,OAAO,EAIL,aAAa,EAGd,MAAM,WAAW,CAAC;AAEnB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,wBAAgB,0BAA0B,CACxC,eAAe,EAAE,WAAW,GAC3B,aAAa,CA+Ff"}
|
|
@@ -4,8 +4,8 @@ exports.convertX509PublicKeyToCOSE = convertX509PublicKeyToCOSE;
|
|
|
4
4
|
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
5
5
|
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
6
6
|
const asn1_ecc_1 = require("@peculiar/asn1-ecc");
|
|
7
|
-
const cose_js_1 = require("./cose.js");
|
|
8
7
|
const asn1_rsa_1 = require("@peculiar/asn1-rsa");
|
|
8
|
+
const cose_js_1 = require("./cose.js");
|
|
9
9
|
const mapX509SignatureAlgToCOSEAlg_js_1 = require("./mapX509SignatureAlgToCOSEAlg.js");
|
|
10
10
|
function convertX509PublicKeyToCOSE(x509Certificate) {
|
|
11
11
|
let cosePublicKey = new Map();
|
|
@@ -57,7 +57,7 @@ function convertX509PublicKeyToCOSE(x509Certificate) {
|
|
|
57
57
|
coseEC2PubKey.set(cose_js_1.COSEKEYS.y, y);
|
|
58
58
|
cosePublicKey = coseEC2PubKey;
|
|
59
59
|
}
|
|
60
|
-
else if (publicKeyAlgorithmID ===
|
|
60
|
+
else if (publicKeyAlgorithmID === asn1_rsa_1.id_rsaEncryption) {
|
|
61
61
|
/**
|
|
62
62
|
* RSA public key
|
|
63
63
|
*/
|
package/script/helpers/cose.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Fundamental values that are needed to discern the more specific COSE public key types below.
|
|
3
4
|
*
|
|
@@ -23,29 +24,29 @@ export type COSEPublicKey = {
|
|
|
23
24
|
*/
|
|
24
25
|
export type COSEPublicKeyOKP = COSEPublicKey & {
|
|
25
26
|
get(key: COSEKEYS.crv): number | undefined;
|
|
26
|
-
get(key: COSEKEYS.x):
|
|
27
|
+
get(key: COSEKEYS.x): Uint8Array_ | undefined;
|
|
27
28
|
set(key: COSEKEYS.crv, value: number): void;
|
|
28
|
-
set(key: COSEKEYS.x, value:
|
|
29
|
+
set(key: COSEKEYS.x, value: Uint8Array_): void;
|
|
29
30
|
};
|
|
30
31
|
/**
|
|
31
32
|
* Values specific to Elliptic Curve Cryptography public keys
|
|
32
33
|
*/
|
|
33
34
|
export type COSEPublicKeyEC2 = COSEPublicKey & {
|
|
34
35
|
get(key: COSEKEYS.crv): number | undefined;
|
|
35
|
-
get(key: COSEKEYS.x):
|
|
36
|
-
get(key: COSEKEYS.y):
|
|
36
|
+
get(key: COSEKEYS.x): Uint8Array_ | undefined;
|
|
37
|
+
get(key: COSEKEYS.y): Uint8Array_ | undefined;
|
|
37
38
|
set(key: COSEKEYS.crv, value: number): void;
|
|
38
|
-
set(key: COSEKEYS.x, value:
|
|
39
|
-
set(key: COSEKEYS.y, value:
|
|
39
|
+
set(key: COSEKEYS.x, value: Uint8Array_): void;
|
|
40
|
+
set(key: COSEKEYS.y, value: Uint8Array_): void;
|
|
40
41
|
};
|
|
41
42
|
/**
|
|
42
43
|
* Values specific to RSA public keys
|
|
43
44
|
*/
|
|
44
45
|
export type COSEPublicKeyRSA = COSEPublicKey & {
|
|
45
|
-
get(key: COSEKEYS.n):
|
|
46
|
-
get(key: COSEKEYS.e):
|
|
47
|
-
set(key: COSEKEYS.n, value:
|
|
48
|
-
set(key: COSEKEYS.e, value:
|
|
46
|
+
get(key: COSEKEYS.n): Uint8Array_ | undefined;
|
|
47
|
+
get(key: COSEKEYS.e): Uint8Array_ | undefined;
|
|
48
|
+
set(key: COSEKEYS.n, value: Uint8Array_): void;
|
|
49
|
+
set(key: COSEKEYS.e, value: Uint8Array_): void;
|
|
49
50
|
};
|
|
50
51
|
/**
|
|
51
52
|
* A type guard for determining if a COSE public key is an OKP key pair
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cose.d.ts","sourceRoot":"","sources":["../../src/helpers/cose.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAE1B,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAE5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,
|
|
1
|
+
{"version":3,"file":"cose.d.ts","sourceRoot":"","sources":["../../src/helpers/cose.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAE1B,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAE5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC;IAE9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC;IAE9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC;IAE9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;;;;GAKG;AACH,oBAAY,QAAQ;IAClB,GAAG,IAAI;IACP,GAAG,IAAI;IACP,GAAG,KAAK;IACR,CAAC,KAAK;IACN,CAAC,KAAK;IACN,CAAC,KAAK;IACN,CAAC,KAAK;CACP;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,GAAG,IAAI;IACP,GAAG,IAAI;IACP,GAAG,IAAI;CACR;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,IAAI,IAAI;IACR,IAAI,IAAI;IACR,IAAI,IAAI;IACR,OAAO,IAAI;IACX,SAAS,IAAI;CACd;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,KAAK,KAAK;IACV,KAAK,KAAK;IACV,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,MAAM,MAAM;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,GAAG,SAAS;CACb;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE"}
|
package/script/helpers/cose.js
CHANGED
|
@@ -1,15 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Fundamental values that are needed to discern the more specific COSE public key types below.
|
|
4
|
-
*
|
|
5
|
-
* The use of `Maps` here is due to CBOR encoding being used with public keys, and the CBOR "Map"
|
|
6
|
-
* type is being decoded to JavaScript's `Map` type instead of, say, a basic Object as us JS
|
|
7
|
-
* developers might prefer.
|
|
8
|
-
*
|
|
9
|
-
* These types are an unorthodox way of saying "these Maps should involve these discrete lists of
|
|
10
|
-
* keys", but it works.
|
|
11
|
-
* @module
|
|
12
|
-
*/
|
|
13
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
3
|
exports.COSEALG = exports.COSECRV = exports.COSEKTY = exports.COSEKEYS = void 0;
|
|
15
4
|
exports.isCOSEPublicKeyOKP = isCOSEPublicKeyOKP;
|
|
@@ -1,27 +1,28 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Convert an AttestationObject buffer to a proper object
|
|
3
4
|
*
|
|
4
5
|
* @param base64AttestationObject Attestation Object buffer
|
|
5
6
|
*/
|
|
6
|
-
export declare function decodeAttestationObject(attestationObject:
|
|
7
|
+
export declare function decodeAttestationObject(attestationObject: Uint8Array_): AttestationObject;
|
|
7
8
|
export type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
|
|
8
9
|
export type AttestationObject = {
|
|
9
10
|
get(key: 'fmt'): AttestationFormat;
|
|
10
11
|
get(key: 'attStmt'): AttestationStatement;
|
|
11
|
-
get(key: 'authData'):
|
|
12
|
+
get(key: 'authData'): Uint8Array_;
|
|
12
13
|
};
|
|
13
14
|
/**
|
|
14
15
|
* `AttestationStatement` will be an instance of `Map`, but these keys help make finite the list of
|
|
15
16
|
* possible values within it.
|
|
16
17
|
*/
|
|
17
18
|
export type AttestationStatement = {
|
|
18
|
-
get(key: 'sig'):
|
|
19
|
-
get(key: 'x5c'):
|
|
20
|
-
get(key: 'response'):
|
|
19
|
+
get(key: 'sig'): Uint8Array_ | undefined;
|
|
20
|
+
get(key: 'x5c'): Uint8Array_[] | undefined;
|
|
21
|
+
get(key: 'response'): Uint8Array_ | undefined;
|
|
21
22
|
get(key: 'alg'): number | undefined;
|
|
22
23
|
get(key: 'ver'): string | undefined;
|
|
23
|
-
get(key: 'certInfo'):
|
|
24
|
-
get(key: 'pubArea'):
|
|
24
|
+
get(key: 'certInfo'): Uint8Array_ | undefined;
|
|
25
|
+
get(key: 'pubArea'): Uint8Array_ | undefined;
|
|
25
26
|
readonly size: number;
|
|
26
27
|
};
|
|
27
28
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeAttestationObject.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"decodeAttestationObject.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,iBAAiB,EAAE,WAAW,GAC7B,iBAAiB,CAInB;AAED,MAAM,MAAM,iBAAiB,GACzB,UAAU,GACV,QAAQ,GACR,mBAAmB,GACnB,aAAa,GACb,KAAK,GACL,OAAO,GACP,MAAM,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,iBAAiB,CAAC;IACnC,GAAG,CAAC,GAAG,EAAE,SAAS,GAAG,oBAAoB,CAAC;IAC1C,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,WAAW,CAAC;CACnC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,WAAW,GAAG,SAAS,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,WAAW,EAAE,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,WAAW,GAAG,SAAS,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,WAAW,GAAG,SAAS,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,SAAS,GAAG,WAAW,GAAG,SAAS,CAAC;IAE7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,iCAAiC;sBAC1B,iBAAiB;CACpC,CAAC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
+
import type { Uint8Array_ } from '../types/index.js';
|
|
1
2
|
/**
|
|
2
3
|
* Convert authenticator extension data buffer to a proper object
|
|
3
4
|
*
|
|
4
5
|
* @param extensionData Authenticator Extension Data buffer
|
|
5
6
|
*/
|
|
6
|
-
export declare function decodeAuthenticatorExtensions(extensionData:
|
|
7
|
+
export declare function decodeAuthenticatorExtensions(extensionData: Uint8Array_): AuthenticationExtensionsAuthenticatorOutputs | undefined;
|
|
7
8
|
/**
|
|
8
9
|
* Attempt to support authenticator extensions we might not know about in WebAuthn
|
|
9
10
|
*/
|