@simplewebauthn/server 3.0.0 → 4.3.0

package/dist/{assertion/generateAssertionOptions.d.ts → authentication/generateAuthenticationOptions.d.ts}

@@ -1,6 +1,6 @@
 /// <reference types="node" />
 import type { AuthenticationExtensionsClientInputs, PublicKeyCredentialRequestOptionsJSON, PublicKeyCredentialDescriptor, UserVerificationRequirement } from '@simplewebauthn/typescript-types';
-export declare type GenerateAssertionOptionsOpts = {
+export declare type GenerateAuthenticationOptionsOpts = {
     allowCredentials?: PublicKeyCredentialDescriptor[];
     challenge?: string | Buffer;
     timeout?: number;
@@ -14,11 +14,11 @@ export declare type GenerateAssertionOptionsOpts = {
  * @param allowCredentials Authenticators previously registered by the user, if any. If undefined
  * the client will ask the user which credential they want to use
  * @param challenge Random value the authenticator needs to sign and pass back
- * user for assertion
- * @param timeout How long (in ms) the user can take to complete assertion
+ * user for authentication
+ * @param timeout How long (in ms) the user can take to complete authentication
  * @param userVerification Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise
  * set to `'preferred'` or `'required'` as desired.
- * @param extensions Additional plugins the authenticator or browser should use during assertion
+ * @param extensions Additional plugins the authenticator or browser should use during authentication
  * @param rpID Valid domain name (after `https://`)
  */
-export default function generateAssertionOptions(options?: GenerateAssertionOptionsOpts): PublicKeyCredentialRequestOptionsJSON;
+export default function generateAuthenticationOptions(options?: GenerateAuthenticationOptionsOpts): PublicKeyCredentialRequestOptionsJSON;

package/dist/{assertion/generateAssertionOptions.js → authentication/generateAuthenticationOptions.js}

@@ -11,14 +11,14 @@ const generateChallenge_1 = __importDefault(require("../helpers/generateChalleng
  * @param allowCredentials Authenticators previously registered by the user, if any. If undefined
  * the client will ask the user which credential they want to use
  * @param challenge Random value the authenticator needs to sign and pass back
- * user for assertion
- * @param timeout How long (in ms) the user can take to complete assertion
+ * user for authentication
+ * @param timeout How long (in ms) the user can take to complete authentication
  * @param userVerification Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise
  * set to `'preferred'` or `'required'` as desired.
- * @param extensions Additional plugins the authenticator or browser should use during assertion
+ * @param extensions Additional plugins the authenticator or browser should use during authentication
  * @param rpID Valid domain name (after `https://`)
  */
-function generateAssertionOptions(options = {}) {
+function generateAuthenticationOptions(options = {}) {
     const { allowCredentials, challenge = generateChallenge_1.default(), timeout = 60000, userVerification, extensions, rpID, } = options;
     return {
         challenge: base64url_1.default.encode(challenge),
@@ -32,5 +32,5 @@ function generateAssertionOptions(options = {}) {
         rpId: rpID,
     };
 }
-exports.default = generateAssertionOptions;
-//# sourceMappingURL=generateAssertionOptions.js.map
+exports.default = generateAuthenticationOptions;
+//# sourceMappingURL=generateAuthenticationOptions.js.map

package/dist/authentication/generateAuthenticationOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,2BAAiB,EAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,EAChB,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AAvBD,gDAuBC"}

package/dist/{assertion/verifyAssertionResponse.d.ts → authentication/verifyAuthenticationResponse.d.ts}

@@ -1,7 +1,7 @@
 /// <reference types="node" />
-import { AssertionCredentialJSON, AuthenticatorDevice, UserVerificationRequirement } from '@simplewebauthn/typescript-types';
-export declare type VerifyAssertionResponseOpts = {
-    credential: AssertionCredentialJSON;
+import { AuthenticationCredentialJSON, AuthenticatorDevice, UserVerificationRequirement } from '@simplewebauthn/typescript-types';
+export declare type VerifyAuthenticationResponseOpts = {
+    credential: AuthenticationCredentialJSON;
     expectedChallenge: string;
     expectedOrigin: string | string[];
     expectedRPID: string | string[];
@@ -16,28 +16,28 @@ export declare type VerifyAssertionResponseOpts = {
  * @param credential Authenticator credential returned by browser's `startAssertion()`
  * @param expectedChallenge The base64url-encoded `options.challenge` returned by
  * `generateAssertionOptions()`
- * @param expectedOrigin Website URL (or array of URLs) that the attestation should have occurred on
- * @param expectedRPID RP ID (or array of IDs) that was specified in the attestation options
+ * @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
+ * @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
  * @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
  * @param fidoUserVerification (Optional) The value specified for `userVerification` when calling
  * `generateAssertionOptions()`. Activates FIDO-specific user presence and verification checks.
  * Omitting this value defaults verification to a WebAuthn-specific user presence requirement.
  */
-export default function verifyAssertionResponse(options: VerifyAssertionResponseOpts): VerifiedAssertion;
+export default function verifyAuthenticationResponse(options: VerifyAuthenticationResponseOpts): VerifiedAuthenticationResponse;
 /**
- * Result of assertion verification
+ * Result of authentication verification
  *
- * @param verified If the assertion response could be verified
- * @param assertionInfo.credentialID The ID of the authenticator used during assertion.
+ * @param verified If the authentication response could be verified
+ * @param authenticationInfo.credentialID The ID of the authenticator used during authentication.
  * Should be used to identify which DB authenticator entry needs its `counter` updated to the value
  * below
- * @param assertionInfo.newCounter The number of times the authenticator identified above
+ * @param authenticationInfo.newCounter The number of times the authenticator identified above
  * reported it has been used. **Should be kept in a DB for later reference to help prevent replay
  * attacks!**
  */
-export declare type VerifiedAssertion = {
+export declare type VerifiedAuthenticationResponse = {
     verified: boolean;
-    assertionInfo: {
+    authenticationInfo: {
         credentialID: Buffer;
         newCounter: number;
     };

package/dist/{assertion/verifyAssertionResponse.js → authentication/verifyAuthenticationResponse.js}

@@ -18,14 +18,14 @@ const isBase64URLString_1 = __importDefault(require("../helpers/isBase64URLStrin
  * @param credential Authenticator credential returned by browser's `startAssertion()`
  * @param expectedChallenge The base64url-encoded `options.challenge` returned by
  * `generateAssertionOptions()`
- * @param expectedOrigin Website URL (or array of URLs) that the attestation should have occurred on
- * @param expectedRPID RP ID (or array of IDs) that was specified in the attestation options
+ * @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
+ * @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
  * @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
  * @param fidoUserVerification (Optional) The value specified for `userVerification` when calling
  * `generateAssertionOptions()`. Activates FIDO-specific user presence and verification checks.
  * Omitting this value defaults verification to a WebAuthn-specific user presence requirement.
  */
-function verifyAssertionResponse(options) {
+function verifyAuthenticationResponse(options) {
     const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, fidoUserVerification, } = options;
     const { id, rawId, type: credentialType, response } = credential;
     // Ensure credential specified an ID
@@ -48,23 +48,24 @@ function verifyAssertionResponse(options) {
     }
     const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
     const { type, origin, challenge, tokenBinding } = clientDataJSON;
-    // Make sure we're handling an assertion
+    // Make sure we're handling an authentication
     if (type !== 'webauthn.get') {
-        throw new Error(`Unexpected assertion type: ${type}`);
+        throw new Error(`Unexpected authentication response type: ${type}`);
     }
     // Ensure the device provided the challenge we gave it
     if (challenge !== expectedChallenge) {
-        throw new Error(`Unexpected assertion challenge "${challenge}", expected "${expectedChallenge}"`);
+        throw new Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);
     }
     // Check that the origin is our site
     if (Array.isArray(expectedOrigin)) {
         if (!expectedOrigin.includes(origin)) {
-            throw new Error(`Unexpected assertion origin "${origin}", expected one of: ${expectedOrigin.join(', ')}`);
+            const joinedExpectedOrigin = expectedOrigin.join(', ');
+            throw new Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`);
         }
     }
     else {
         if (origin !== expectedOrigin) {
-            throw new Error(`Unexpected assertion origin "${origin}", expected "${expectedOrigin}"`);
+            throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
         }
     }
     if (!isBase64URLString_1.default(response.authenticatorData)) {
@@ -119,7 +120,7 @@ function verifyAssertionResponse(options) {
     else {
         // WebAuthn only requires the user presence flag be true
         if (!flags.up) {
-            throw new Error('User not present during assertion');
+            throw new Error('User not present during authentication');
         }
     }
     const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
@@ -135,12 +136,12 @@ function verifyAssertionResponse(options) {
     }
     const toReturn = {
         verified: verifySignature_1.default(signature, signatureBase, publicKey),
-        assertionInfo: {
+        authenticationInfo: {
             newCounter: counter,
             credentialID: authenticator.credentialID,
         },
     };
     return toReturn;
 }
-exports.default = verifyAssertionResponse;
-//# sourceMappingURL=verifyAssertionResponse.js.map
+exports.default = verifyAuthenticationResponse;
+//# sourceMappingURL=verifyAuthenticationResponse.js.map

package/dist/authentication/verifyAuthenticationResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;AAW7D;;;;;;;;;;;;;;GAcG;AACH,SAAwB,4BAA4B,CAClD,OAAyC;IAEzC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,8BAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,SAAS,KAAK,iBAAiB,EAAE;QACnC,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,gCAAsB,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC;IAEpD,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,wCAAwC;IACxC,IAAI,oBAAoB,EAAE;QACxB,IAAI,oBAAoB,KAAK,UAAU,EAAE;YACvC,0DAA0D;YAC1D,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;aAC/E;SACF;aAAM,IAAI,oBAAoB,KAAK,WAAW,IAAI,oBAAoB,KAAK,aAAa,EAAE;YACzF,oBAAoB;SACrB;KACF;SAAM;QACL,wDAAwD;QACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;SAC3D;KACF;IAED,MAAM,cAAc,GAAG,gBAAM,CAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,+BAAqB,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,yBAAe,CAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC;QAC9D,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;SACzC;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AA1JD,+CA0JC"}

package/dist/helpers/convertAAGUIDToString.js

@@ -11,7 +11,7 @@ function convertAAGUIDToString(aaguid) {
         hex.slice(8, 12),
         hex.slice(12, 16),
         hex.slice(16, 20),
-        hex.slice(20, 32),
+        hex.slice(20, 32), // 8
     ];
     // Formatted: adce0002-35bc-c60a-648b-0b25f1f05503
     return segments.join('-');

package/dist/helpers/convertAAGUIDToString.js.map

@@ -1 +1 @@
-{"version":3,"file":"convertAAGUIDToString.js","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":";;AAAA;;GAEG;AACH,SAAwB,qBAAqB,CAAC,MAAc;IAC1D,4CAA4C;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAa;QACzB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KAClB,CAAC;IAEF,kDAAkD;IAClD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAdD,wCAcC"}
+{"version":3,"file":"convertAAGUIDToString.js","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":";;AAAA;;GAEG;AACH,SAAwB,qBAAqB,CAAC,MAAc;IAC1D,4CAA4C;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAa;QACzB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI;KACxB,CAAC;IAEF,kDAAkD;IAClD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAdD,wCAcC"}

package/dist/helpers/convertCertBufferToPEM.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+import type { Base64URLString } from '@simplewebauthn/typescript-types';
+/**
+ * Convert buffer to an OpenSSL-compatible PEM text format.
+ */
+export default function convertCertBufferToPEM(certBuffer: Buffer | Base64URLString): string;

package/dist/helpers/{convertX509CertToPEM.js → convertCertBufferToPEM.js}

@@ -5,9 +5,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const base64url_1 = __importDefault(require("base64url"));
 /**
- * Convert X.509 certificate to an OpenSSL-compatible PEM text format.
+ * Convert buffer to an OpenSSL-compatible PEM text format.
  */
-function convertX509CertToPEM(certBuffer) {
+function convertCertBufferToPEM(certBuffer) {
     let buffer;
     if (typeof certBuffer === 'string') {
         buffer = base64url_1.default.toBuffer(certBuffer);
@@ -24,5 +24,5 @@ function convertX509CertToPEM(certBuffer) {
     PEMKey = `-----BEGIN CERTIFICATE-----\n${PEMKey}-----END CERTIFICATE-----\n`;
     return PEMKey;
 }
-exports.default = convertX509CertToPEM;
-//# sourceMappingURL=convertX509CertToPEM.js.map
+exports.default = convertCertBufferToPEM;
+//# sourceMappingURL=convertCertBufferToPEM.js.map

package/dist/helpers/convertCertBufferToPEM.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"convertCertBufferToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAGlC;;GAEG;AACH,SAAwB,sBAAsB,CAAC,UAAoC;IACjF,IAAI,MAAc,CAAC;IACnB,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,MAAM,GAAG,mBAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;KACzC;SAAM;QACL,MAAM,GAAG,UAAU,CAAC;KACrB;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE1C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE;QAC1D,MAAM,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;QAErB,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC;KAC5C;IAED,MAAM,GAAG,gCAAgC,MAAM,6BAA6B,CAAC;IAE7E,OAAO,MAAM,CAAC;AAChB,CAAC;AApBD,yCAoBC"}

package/dist/helpers/decodeAttestationObject.d.ts

@@ -5,17 +5,9 @@
  * @param base64AttestationObject Attestation Object buffer
  */
 export default function decodeAttestationObject(attestationObject: Buffer): AttestationObject;
-export declare enum ATTESTATION_FORMAT {
-    FIDO_U2F = "fido-u2f",
-    PACKED = "packed",
-    ANDROID_SAFETYNET = "android-safetynet",
-    ANDROID_KEY = "android-key",
-    TPM = "tpm",
-    APPLE = "apple",
-    NONE = "none"
-}
+export declare type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
 export declare type AttestationObject = {
-    fmt: ATTESTATION_FORMAT;
+    fmt: AttestationFormat;
     attStmt: AttestationStatement;
     authData: Buffer;
 };

package/dist/helpers/decodeAttestationObject.js

@@ -3,7 +3,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ATTESTATION_FORMAT = void 0;
 const cbor_1 = __importDefault(require("cbor"));
 /**
  * Convert an AttestationObject buffer to a proper object
@@ -15,14 +14,4 @@ function decodeAttestationObject(attestationObject) {
     return toCBOR;
 }
 exports.default = decodeAttestationObject;
-var ATTESTATION_FORMAT;
-(function (ATTESTATION_FORMAT) {
-    ATTESTATION_FORMAT["FIDO_U2F"] = "fido-u2f";
-    ATTESTATION_FORMAT["PACKED"] = "packed";
-    ATTESTATION_FORMAT["ANDROID_SAFETYNET"] = "android-safetynet";
-    ATTESTATION_FORMAT["ANDROID_KEY"] = "android-key";
-    ATTESTATION_FORMAT["TPM"] = "tpm";
-    ATTESTATION_FORMAT["APPLE"] = "apple";
-    ATTESTATION_FORMAT["NONE"] = "none";
-})(ATTESTATION_FORMAT = exports.ATTESTATION_FORMAT || (exports.ATTESTATION_FORMAT = {}));
 //# sourceMappingURL=decodeAttestationObject.js.map

package/dist/helpers/decodeAttestationObject.js.map

@@ -1 +1 @@
-{"version":3,"file":"decodeAttestationObject.js","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB;;;;GAIG;AACH,SAAwB,uBAAuB,CAAC,iBAAyB;IACvE,MAAM,MAAM,GAAsB,cAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,OAAO,MAAM,CAAC;AAChB,CAAC;AAHD,0CAGC;AAED,IAAY,kBAQX;AARD,WAAY,kBAAkB;IAC5B,2CAAqB,CAAA;IACrB,uCAAiB,CAAA;IACjB,6DAAuC,CAAA;IACvC,iDAA2B,CAAA;IAC3B,iCAAW,CAAA;IACX,qCAAe,CAAA;IACf,mCAAa,CAAA;AACf,CAAC,EARW,kBAAkB,GAAlB,0BAAkB,KAAlB,0BAAkB,QAQ7B"}
+{"version":3,"file":"decodeAttestationObject.js","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AAExB;;;;GAIG;AACH,SAAwB,uBAAuB,CAAC,iBAAyB;IACvE,MAAM,MAAM,GAAsB,cAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,OAAO,MAAM,CAAC;AAChB,CAAC;AAHD,0CAGC"}

package/dist/helpers/decodeClientDataJSON.d.ts

@@ -2,7 +2,7 @@
  * Decode an authenticator's base64url-encoded clientDataJSON to JSON
  */
 export default function decodeClientDataJSON(data: string): ClientDataJSON;
-declare type ClientDataJSON = {
+export declare type ClientDataJSON = {
     type: string;
     challenge: string;
     origin: string;
@@ -12,4 +12,3 @@ declare type ClientDataJSON = {
         status: 'present' | 'supported' | 'not-supported';
     };
 };
-export {};

package/dist/helpers/index.d.ts

@@ -0,0 +1,23 @@
+import convertAAGUIDToString from './convertAAGUIDToString';
+import convertCertBufferToPEM from './convertCertBufferToPEM';
+import convertCOSEtoPKCS from './convertCOSEtoPKCS';
+import convertPublicKeyToPEM from './convertPublicKeyToPEM';
+import decodeAttestationObject from './decodeAttestationObject';
+import { decodeCborFirst } from './decodeCbor';
+import decodeClientDataJSON from './decodeClientDataJSON';
+import decodeCredentialPublicKey from './decodeCredentialPublicKey';
+import generateChallenge from './generateChallenge';
+import getCertificateInfo from './getCertificateInfo';
+import isBase64URLString from './isBase64URLString';
+import isCertRevoked from './isCertRevoked';
+import parseAuthenticatorData from './parseAuthenticatorData';
+import toHash from './toHash';
+import validateCertificatePath from './validateCertificatePath';
+import verifySignature from './verifySignature';
+export { convertAAGUIDToString, convertCertBufferToPEM, convertCOSEtoPKCS, convertPublicKeyToPEM, decodeAttestationObject, decodeCborFirst, decodeClientDataJSON, decodeCredentialPublicKey, generateChallenge, getCertificateInfo, isBase64URLString, isCertRevoked, parseAuthenticatorData, toHash, validateCertificatePath, verifySignature, };
+import type { AttestationFormat, AttestationObject, AttestationStatement } from './decodeAttestationObject';
+import type { CertificateInfo } from './getCertificateInfo';
+import type { ClientDataJSON } from './decodeClientDataJSON';
+import type { COSEPublicKey } from './convertCOSEtoPKCS';
+import type { ParsedAuthenticatorData } from './parseAuthenticatorData';
+export type { AttestationFormat, AttestationObject, AttestationStatement, CertificateInfo, ClientDataJSON, COSEPublicKey, ParsedAuthenticatorData, };

package/dist/helpers/index.js

@@ -0,0 +1,39 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySignature = exports.validateCertificatePath = exports.toHash = exports.parseAuthenticatorData = exports.isCertRevoked = exports.isBase64URLString = exports.getCertificateInfo = exports.generateChallenge = exports.decodeCredentialPublicKey = exports.decodeClientDataJSON = exports.decodeCborFirst = exports.decodeAttestationObject = exports.convertPublicKeyToPEM = exports.convertCOSEtoPKCS = exports.convertCertBufferToPEM = exports.convertAAGUIDToString = void 0;
+const convertAAGUIDToString_1 = __importDefault(require("./convertAAGUIDToString"));
+exports.convertAAGUIDToString = convertAAGUIDToString_1.default;
+const convertCertBufferToPEM_1 = __importDefault(require("./convertCertBufferToPEM"));
+exports.convertCertBufferToPEM = convertCertBufferToPEM_1.default;
+const convertCOSEtoPKCS_1 = __importDefault(require("./convertCOSEtoPKCS"));
+exports.convertCOSEtoPKCS = convertCOSEtoPKCS_1.default;
+const convertPublicKeyToPEM_1 = __importDefault(require("./convertPublicKeyToPEM"));
+exports.convertPublicKeyToPEM = convertPublicKeyToPEM_1.default;
+const decodeAttestationObject_1 = __importDefault(require("./decodeAttestationObject"));
+exports.decodeAttestationObject = decodeAttestationObject_1.default;
+const decodeCbor_1 = require("./decodeCbor");
+Object.defineProperty(exports, "decodeCborFirst", { enumerable: true, get: function () { return decodeCbor_1.decodeCborFirst; } });
+const decodeClientDataJSON_1 = __importDefault(require("./decodeClientDataJSON"));
+exports.decodeClientDataJSON = decodeClientDataJSON_1.default;
+const decodeCredentialPublicKey_1 = __importDefault(require("./decodeCredentialPublicKey"));
+exports.decodeCredentialPublicKey = decodeCredentialPublicKey_1.default;
+const generateChallenge_1 = __importDefault(require("./generateChallenge"));
+exports.generateChallenge = generateChallenge_1.default;
+const getCertificateInfo_1 = __importDefault(require("./getCertificateInfo"));
+exports.getCertificateInfo = getCertificateInfo_1.default;
+const isBase64URLString_1 = __importDefault(require("./isBase64URLString"));
+exports.isBase64URLString = isBase64URLString_1.default;
+const isCertRevoked_1 = __importDefault(require("./isCertRevoked"));
+exports.isCertRevoked = isCertRevoked_1.default;
+const parseAuthenticatorData_1 = __importDefault(require("./parseAuthenticatorData"));
+exports.parseAuthenticatorData = parseAuthenticatorData_1.default;
+const toHash_1 = __importDefault(require("./toHash"));
+exports.toHash = toHash_1.default;
+const validateCertificatePath_1 = __importDefault(require("./validateCertificatePath"));
+exports.validateCertificatePath = validateCertificatePath_1.default;
+const verifySignature_1 = __importDefault(require("./verifySignature"));
+exports.verifySignature = verifySignature_1.default;
+//# sourceMappingURL=index.js.map

package/dist/helpers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/helpers/index.ts"],"names":[],"mappings":";;;;;;AAAA,oFAA4D;AAkB1D,gCAlBK,+BAAqB,CAkBL;AAjBvB,sFAA8D;AAkB5D,iCAlBK,gCAAsB,CAkBL;AAjBxB,4EAAoD;AAkBlD,4BAlBK,2BAAiB,CAkBL;AAjBnB,oFAA4D;AAkB1D,gCAlBK,+BAAqB,CAkBL;AAjBvB,wFAAgE;AAkB9D,kCAlBK,iCAAuB,CAkBL;AAjBzB,6CAA+C;AAkB7C,gGAlBO,4BAAe,OAkBP;AAjBjB,kFAA0D;AAkBxD,+BAlBK,8BAAoB,CAkBL;AAjBtB,4FAAoE;AAkBlE,oCAlBK,mCAAyB,CAkBL;AAjB3B,4EAAoD;AAkBlD,4BAlBK,2BAAiB,CAkBL;AAjBnB,8EAAsD;AAkBpD,6BAlBK,4BAAkB,CAkBL;AAjBpB,4EAAoD;AAkBlD,4BAlBK,2BAAiB,CAkBL;AAjBnB,oEAA4C;AAkB1C,wBAlBK,uBAAa,CAkBL;AAjBf,sFAA8D;AAkB5D,iCAlBK,gCAAsB,CAkBL;AAjBxB,sDAA8B;AAkB5B,iBAlBK,gBAAM,CAkBL;AAjBR,wFAAgE;AAkB9D,kCAlBK,iCAAuB,CAkBL;AAjBzB,wEAAgD;AAkB9C,0BAlBK,yBAAe,CAkBL"}

package/dist/helpers/isCertRevoked.js

@@ -7,6 +7,7 @@ const jsrsasign_1 = require("jsrsasign");
 const node_fetch_1 = __importDefault(require("node-fetch"));
 const asn1_schema_1 = require("@peculiar/asn1-schema");
 const asn1_x509_1 = require("@peculiar/asn1-x509");
+const convertCertBufferToPEM_1 = __importDefault(require("./convertCertBufferToPEM"));
 const cacheRevokedCerts = {};
 /**
  * A method to pull a CRL from a certificate and compare its serial number to the list of revoked
@@ -50,8 +51,9 @@ async function isCertRevoked(cert) {
     const crlCert = new jsrsasign_1.X509();
     try {
         const respCRL = await node_fetch_1.default(crlURL[0]);
-        const dataCRL = await respCRL.text();
-        crlCert.readCertPEM(dataCRL);
+        const dataCRL = await respCRL.buffer();
+        const dataPEM = convertCertBufferToPEM_1.default(dataCRL);
+        crlCert.readCertPEM(dataPEM);
     }
     catch (err) {
         return false;

package/dist/helpers/isCertRevoked.js.map

@@ -1 +1 @@
-{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAWtD,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,oBAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA3ED,gCA2EC"}
+{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,oBAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,gCAAsB,CAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA5ED,gCA4EC"}

package/dist/helpers/logging.d.ts

@@ -0,0 +1,16 @@
+import { Debugger } from 'debug';
+/**
+ * Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
+ * consistent naming.
+ *
+ * See https://www.npmjs.com/package/debug for information on how to control logging output when
+ * using @simplewebauthn/server
+ *
+ * Example:
+ *
+ * ```
+ * const log = getLogger('mds');
+ * log('hello'); // simplewebauthn:mds hello +0ms
+ * ```
+ */
+export declare function getLogger(name: string): Debugger;

package/dist/helpers/logging.js

@@ -0,0 +1,27 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLogger = void 0;
+const debug_1 = __importDefault(require("debug"));
+const defaultLogger = debug_1.default('SimpleWebAuthn');
+/**
+ * Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
+ * consistent naming.
+ *
+ * See https://www.npmjs.com/package/debug for information on how to control logging output when
+ * using @simplewebauthn/server
+ *
+ * Example:
+ *
+ * ```
+ * const log = getLogger('mds');
+ * log('hello'); // simplewebauthn:mds hello +0ms
+ * ```
+ */
+function getLogger(name) {
+    return defaultLogger.extend(name);
+}
+exports.getLogger = getLogger;
+//# sourceMappingURL=logging.js.map

package/dist/helpers/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,eAAK,CAAC,gBAAgB,CAAC,CAAC;AAE9C;;;;;;;;;;;;;GAaG;AACH,SAAgB,SAAS,CAAC,IAAY;IACpC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAFD,8BAEC"}

package/dist/helpers/parseAuthenticatorData.js

@@ -12,11 +12,9 @@ function parseAuthenticatorData(authData) {
     if (authData.byteLength < 37) {
         throw new Error(`Authenticator data was ${authData.byteLength} bytes, expected at least 37 bytes`);
     }
-    let intBuffer = authData;
-    const rpIdHash = intBuffer.slice(0, 32);
-    intBuffer = intBuffer.slice(32);
-    const flagsBuf = intBuffer.slice(0, 1);
-    intBuffer = intBuffer.slice(1);
+    let pointer = 0;
+    const rpIdHash = authData.slice(pointer, (pointer += 32));
+    const flagsBuf = authData.slice(pointer, (pointer += 1));
     const flagsInt = flagsBuf[0];
     const flags = {
         up: !!(flagsInt & 0x01),
@@ -25,34 +23,31 @@ function parseAuthenticatorData(authData) {
         ed: !!(flagsInt & 0x80),
         flagsInt,
     };
-    const counterBuf = intBuffer.slice(0, 4);
-    intBuffer = intBuffer.slice(4);
+    const counterBuf = authData.slice(pointer, (pointer += 4));
     const counter = counterBuf.readUInt32BE(0);
     let aaguid = undefined;
     let credentialID = undefined;
     let credentialPublicKey = undefined;
     if (flags.at) {
-        aaguid = intBuffer.slice(0, 16);
-        intBuffer = intBuffer.slice(16);
-        const credIDLenBuf = intBuffer.slice(0, 2);
-        intBuffer = intBuffer.slice(2);
+        aaguid = authData.slice(pointer, (pointer += 16));
+        const credIDLenBuf = authData.slice(pointer, (pointer += 2));
         const credIDLen = credIDLenBuf.readUInt16BE(0);
-        credentialID = intBuffer.slice(0, credIDLen);
-        intBuffer = intBuffer.slice(credIDLen);
+        credentialID = authData.slice(pointer, (pointer += credIDLen));
         // Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
-        const firstDecoded = decodeCbor_1.decodeCborFirst(intBuffer);
+        const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
         const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
         credentialPublicKey = firstEncoded;
-        intBuffer = intBuffer.slice(firstEncoded.byteLength);
+        pointer += firstEncoded.byteLength;
     }
     let extensionsDataBuffer = undefined;
     if (flags.ed) {
-        const firstDecoded = decodeCbor_1.decodeCborFirst(intBuffer);
+        const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
         const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
         extensionsDataBuffer = firstEncoded;
-        intBuffer = intBuffer.slice(firstEncoded.byteLength);
+        pointer += firstEncoded.byteLength;
     }
-    if (intBuffer.byteLength > 0) {
+    // Pointer should be at the end of the authenticator data, otherwise too much data was sent
+    if (authData.byteLength > pointer) {
         throw new Error('Leftover bytes detected while parsing authenticator data');
     }
     return {

package/dist/helpers/parseAuthenticatorData.js.map

@@ -1 +1 @@
-{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,SAAS,GAAG,QAAQ,CAAC;IAEzB,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAEhC,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACzC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE/B,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAEhC,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE/B,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEvC,8EAA8E;QAC9E,MAAM,YAAY,GAAG,4BAAe,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;KACtD;IAED,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IACzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,4BAAe,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;KACtD;IAED,IAAI,SAAS,CAAC,UAAU,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AA5ED,yCA4EC"}
+{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAElD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,YAAY,GAAG,4BAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IACzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,4BAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,2FAA2F;IAC3F,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AApED,yCAoEC"}

package/dist/helpers/validateCertificatePath.d.ts

@@ -1,5 +1,6 @@
 /**
  * Traverse an array of PEM certificates and ensure they form a proper chain
  * @param certificates Typically the result of `x5c.map(convertASN1toPEM)`
+ * @param rootCertificates Possible root certificates to complete the path
  */
-export default function validateCertificatePath(certificates: string[]): Promise<boolean>;
+export default function validateCertificatePath(certificates: string[], rootCertificates?: string[]): Promise<boolean>;

package/dist/helpers/validateCertificatePath.js

@@ -12,8 +12,40 @@ const { crypto } = jsrsasign_1.KJUR;
 /**
  * Traverse an array of PEM certificates and ensure they form a proper chain
  * @param certificates Typically the result of `x5c.map(convertASN1toPEM)`
+ * @param rootCertificates Possible root certificates to complete the path
  */
-async function validateCertificatePath(certificates) {
+async function validateCertificatePath(certificates, rootCertificates = []) {
+    if (rootCertificates.length === 0) {
+        // We have no root certs with which to create a full path, so skip path validation
+        // TODO: Is this going to be acceptable default behavior??
+        return true;
+    }
+    let invalidSubjectAndIssuerError = false;
+    for (const rootCert of rootCertificates) {
+        try {
+            const certsWithRoot = certificates.concat([rootCert]);
+            await _validatePath(certsWithRoot);
+            // If we successfully validated a path then there's no need to continue
+            invalidSubjectAndIssuerError = false;
+            break;
+        }
+        catch (err) {
+            if (err instanceof InvalidSubjectAndIssuer) {
+                invalidSubjectAndIssuerError = true;
+            }
+            else {
+                throw err;
+            }
+        }
+    }
+    // We tried multiple root certs and none of them worked
+    if (invalidSubjectAndIssuerError) {
+        throw new InvalidSubjectAndIssuer();
+    }
+    return true;
+}
+exports.default = validateCertificatePath;
+async function _validatePath(certificates) {
     if (new Set(certificates).size !== certificates.length) {
         throw new Error('Invalid certificate path: found duplicate certificates');
     }
@@ -39,12 +71,12 @@ async function validateCertificatePath(certificates) {
         // Check that intermediate certificate is within its valid time window
         const notBefore = jsrsasign_1.zulutodate(issuerCert.getNotBefore());
         const notAfter = jsrsasign_1.zulutodate(issuerCert.getNotAfter());
-        const now = new Date();
+        const now = new Date(Date.now());
         if (notBefore > now || notAfter < now) {
             throw new Error('Intermediate certificate is not yet valid or expired');
         }
         if (subjectCert.getIssuerString() !== issuerCert.getSubjectString()) {
-            throw new Error('Invalid certificate path: subject issuer did not match issuer subject');
+            throw new InvalidSubjectAndIssuer();
         }
         const subjectCertStruct = jsrsasign_1.ASN1HEX.getTLVbyList(subjectCert.hex, 0, [0]);
         const alg = subjectCert.getSignatureAlgorithmField();
@@ -58,5 +90,12 @@ async function validateCertificatePath(certificates) {
     }
     return true;
 }
-exports.default = validateCertificatePath;
+// Custom errors to help pass on certain errors
+class InvalidSubjectAndIssuer extends Error {
+    constructor() {
+        const message = 'Subject issuer did not match issuer subject';
+        super(message);
+        this.name = 'InvalidSubjectAndIssuer';
+    }
+}
 //# sourceMappingURL=validateCertificatePath.js.map