@simplewebauthn/server 3.0.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{assertion/generateAssertionOptions.d.ts → authentication/generateAuthenticationOptions.d.ts} +5 -5
- package/dist/{assertion/generateAssertionOptions.js → authentication/generateAuthenticationOptions.js} +6 -6
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -0
- package/dist/{assertion/verifyAssertionResponse.d.ts → authentication/verifyAuthenticationResponse.d.ts} +12 -12
- package/dist/{assertion/verifyAssertionResponse.js → authentication/verifyAuthenticationResponse.js} +13 -12
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -0
- package/dist/helpers/convertAAGUIDToString.js +1 -1
- package/dist/helpers/convertAAGUIDToString.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.d.ts +6 -0
- package/dist/helpers/{convertX509CertToPEM.js → convertCertBufferToPEM.js} +4 -4
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -0
- package/dist/helpers/decodeAttestationObject.d.ts +2 -10
- package/dist/helpers/decodeAttestationObject.js +0 -11
- package/dist/helpers/decodeAttestationObject.js.map +1 -1
- package/dist/helpers/decodeClientDataJSON.d.ts +1 -2
- package/dist/helpers/index.d.ts +23 -0
- package/dist/helpers/index.js +39 -0
- package/dist/helpers/index.js.map +1 -0
- package/dist/helpers/isCertRevoked.js +4 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.d.ts +16 -0
- package/dist/helpers/logging.js +27 -0
- package/dist/helpers/logging.js.map +1 -0
- package/dist/helpers/parseAuthenticatorData.js +13 -18
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/validateCertificatePath.d.ts +2 -1
- package/dist/helpers/validateCertificatePath.js +43 -4
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/index.d.ts +13 -11
- package/dist/index.js +12 -10
- package/dist/index.js.map +1 -1
- package/dist/metadata/mdsTypes.d.ts +207 -0
- package/dist/metadata/mdsTypes.js +3 -0
- package/dist/metadata/mdsTypes.js.map +1 -0
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +5 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +61 -27
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/{attestation/generateAttestationOptions.d.ts → registration/generateRegistrationOptions.d.ts} +2 -2
- package/dist/{attestation/generateAttestationOptions.js → registration/generateRegistrationOptions.js} +3 -3
- package/dist/registration/generateRegistrationOptions.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.js +0 -0
- package/dist/registration/verifications/tpm/constants.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parseCertInfo.d.ts +0 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js +53 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.js +10 -19
- package/dist/registration/verifications/tpm/parsePubArea.js.map +1 -0
- package/dist/registration/verifications/tpm/verifyTPM.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/tpm/verifyTPM.js +14 -4
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidKey.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidKey.js +17 -12
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidSafetyNet.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidSafetyNet.js +6 -27
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -0
- package/dist/registration/verifications/verifyApple.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/verifyApple.js +3 -26
- package/dist/registration/verifications/verifyApple.js.map +1 -0
- package/dist/registration/verifications/verifyFIDOU2F.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyFIDOU2F.js +12 -4
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -0
- package/dist/registration/verifications/verifyPacked.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyPacked.js +15 -7
- package/dist/registration/verifications/verifyPacked.js.map +1 -0
- package/dist/registration/verifyRegistrationResponse.d.ts +71 -0
- package/dist/{attestation/verifyAttestationResponse.js → registration/verifyRegistrationResponse.js} +56 -92
- package/dist/registration/verifyRegistrationResponse.js.map +1 -0
- package/dist/services/defaultRootCerts/android-key.d.ts +24 -0
- package/dist/services/defaultRootCerts/android-key.js +89 -0
- package/dist/services/defaultRootCerts/android-key.js.map +1 -0
- package/dist/services/defaultRootCerts/android-safetynet.d.ts +22 -0
- package/dist/services/defaultRootCerts/android-safetynet.js +69 -0
- package/dist/services/defaultRootCerts/android-safetynet.js.map +1 -0
- package/dist/services/defaultRootCerts/apple.d.ts +11 -0
- package/dist/services/defaultRootCerts/apple.js +29 -0
- package/dist/services/defaultRootCerts/apple.js.map +1 -0
- package/dist/services/defaultRootCerts/mds.d.ts +11 -0
- package/dist/services/defaultRootCerts/mds.js +36 -0
- package/dist/services/defaultRootCerts/mds.js.map +1 -0
- package/dist/services/metadataService.d.ts +54 -0
- package/dist/{metadata → services}/metadataService.js +90 -109
- package/dist/services/metadataService.js.map +1 -0
- package/dist/services/settingsService.d.ts +26 -0
- package/dist/services/settingsService.js +63 -0
- package/dist/services/settingsService.js.map +1 -0
- package/package.json +28 -12
- package/.env +0 -2
- package/dist/assertion/generateAssertionOptions.js.map +0 -1
- package/dist/assertion/verifyAssertionResponse.js.map +0 -1
- package/dist/attestation/generateAttestationOptions.js.map +0 -1
- package/dist/attestation/verifications/tpm/constants.js.map +0 -1
- package/dist/attestation/verifications/tpm/parseCertInfo.js +0 -65
- package/dist/attestation/verifications/tpm/parseCertInfo.js.map +0 -1
- package/dist/attestation/verifications/tpm/parsePubArea.js.map +0 -1
- package/dist/attestation/verifications/tpm/verifyTPM.d.ts +0 -11
- package/dist/attestation/verifications/tpm/verifyTPM.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidKey.d.ts +0 -11
- package/dist/attestation/verifications/verifyAndroidKey.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidSafetyNet.d.ts +0 -14
- package/dist/attestation/verifications/verifyAndroidSafetyNet.js.map +0 -1
- package/dist/attestation/verifications/verifyApple.d.ts +0 -10
- package/dist/attestation/verifications/verifyApple.js.map +0 -1
- package/dist/attestation/verifications/verifyFIDOU2F.d.ts +0 -15
- package/dist/attestation/verifications/verifyFIDOU2F.js.map +0 -1
- package/dist/attestation/verifications/verifyPacked.d.ts +0 -14
- package/dist/attestation/verifications/verifyPacked.js.map +0 -1
- package/dist/attestation/verifyAttestationResponse.d.ts +0 -56
- package/dist/attestation/verifyAttestationResponse.js.map +0 -1
- package/dist/helpers/constants.d.ts +0 -30
- package/dist/helpers/constants.js +0 -52
- package/dist/helpers/constants.js.map +0 -1
- package/dist/helpers/convertX509CertToPEM.d.ts +0 -6
- package/dist/helpers/convertX509CertToPEM.js.map +0 -1
- package/dist/metadata/metadataService.d.ts +0 -75
- package/dist/metadata/metadataService.js.map +0 -1
package/dist/{attestation/verifyAttestationResponse.js → registration/verifyRegistrationResponse.js}
RENAMED
|
@@ -1,36 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
|
5
|
-
}) : (function(o, m, k, k2) {
|
|
6
|
-
if (k2 === undefined) k2 = k;
|
|
7
|
-
o[k2] = m[k];
|
|
8
|
-
}));
|
|
9
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
10
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
11
|
-
}) : function(o, v) {
|
|
12
|
-
o["default"] = v;
|
|
13
|
-
});
|
|
14
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
15
|
-
if (mod && mod.__esModule) return mod;
|
|
16
|
-
var result = {};
|
|
17
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
18
|
-
__setModuleDefault(result, mod);
|
|
19
|
-
return result;
|
|
20
|
-
};
|
|
21
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
22
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
23
4
|
};
|
|
24
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
6
|
const base64url_1 = __importDefault(require("base64url"));
|
|
26
|
-
const decodeAttestationObject_1 =
|
|
7
|
+
const decodeAttestationObject_1 = __importDefault(require("../helpers/decodeAttestationObject"));
|
|
27
8
|
const decodeClientDataJSON_1 = __importDefault(require("../helpers/decodeClientDataJSON"));
|
|
28
9
|
const parseAuthenticatorData_1 = __importDefault(require("../helpers/parseAuthenticatorData"));
|
|
29
10
|
const toHash_1 = __importDefault(require("../helpers/toHash"));
|
|
30
11
|
const decodeCredentialPublicKey_1 = __importDefault(require("../helpers/decodeCredentialPublicKey"));
|
|
31
12
|
const convertCOSEtoPKCS_1 = require("../helpers/convertCOSEtoPKCS");
|
|
32
13
|
const convertAAGUIDToString_1 = __importDefault(require("../helpers/convertAAGUIDToString"));
|
|
33
|
-
const
|
|
14
|
+
const settingsService_1 = __importDefault(require("../services/settingsService"));
|
|
15
|
+
const generateRegistrationOptions_1 = require("./generateRegistrationOptions");
|
|
34
16
|
const verifyFIDOU2F_1 = __importDefault(require("./verifications/verifyFIDOU2F"));
|
|
35
17
|
const verifyPacked_1 = __importDefault(require("./verifications/verifyPacked"));
|
|
36
18
|
const verifyAndroidSafetyNet_1 = __importDefault(require("./verifications/verifyAndroidSafetyNet"));
|
|
@@ -42,18 +24,18 @@ const verifyApple_1 = __importDefault(require("./verifications/verifyApple"));
|
|
|
42
24
|
*
|
|
43
25
|
* **Options:**
|
|
44
26
|
*
|
|
45
|
-
* @param credential Authenticator credential returned by browser's `
|
|
27
|
+
* @param credential Authenticator credential returned by browser's `startAuthentication()`
|
|
46
28
|
* @param expectedChallenge The base64url-encoded `options.challenge` returned by
|
|
47
|
-
* `
|
|
48
|
-
* @param expectedOrigin Website URL (or array of URLs) that the
|
|
49
|
-
* @param expectedRPID RP ID (or array of IDs) that was specified in the
|
|
29
|
+
* `generateRegistrationOptions()`
|
|
30
|
+
* @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
|
|
31
|
+
* @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
|
|
50
32
|
* @param requireUserVerification (Optional) Enforce user verification by the authenticator
|
|
51
33
|
* (via PIN, fingerprint, etc...)
|
|
52
34
|
* @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
|
|
53
35
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
54
36
|
*/
|
|
55
|
-
async function
|
|
56
|
-
const { credential, expectedChallenge, expectedOrigin, expectedRPID, requireUserVerification = false, supportedAlgorithmIDs =
|
|
37
|
+
async function verifyRegistrationResponse(options) {
|
|
38
|
+
const { credential, expectedChallenge, expectedOrigin, expectedRPID, requireUserVerification = false, supportedAlgorithmIDs = generateRegistrationOptions_1.supportedCOSEAlgorithmIdentifiers, } = options;
|
|
57
39
|
const { id, rawId, type: credentialType, response } = credential;
|
|
58
40
|
// Ensure credential specified an ID
|
|
59
41
|
if (!id) {
|
|
@@ -69,23 +51,28 @@ async function verifyAttestationResponse(options) {
|
|
|
69
51
|
}
|
|
70
52
|
const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
|
|
71
53
|
const { type, origin, challenge, tokenBinding } = clientDataJSON;
|
|
72
|
-
// Make sure we're handling an
|
|
54
|
+
// Make sure we're handling an registration
|
|
73
55
|
if (type !== 'webauthn.create') {
|
|
74
|
-
throw new Error(`Unexpected
|
|
56
|
+
throw new Error(`Unexpected registration response type: ${type}`);
|
|
75
57
|
}
|
|
76
58
|
// Ensure the device provided the challenge we gave it
|
|
77
|
-
if (
|
|
78
|
-
|
|
59
|
+
if (typeof expectedChallenge === 'function') {
|
|
60
|
+
if (!expectedChallenge(challenge)) {
|
|
61
|
+
throw new Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
else if (challenge !== expectedChallenge) {
|
|
65
|
+
throw new Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);
|
|
79
66
|
}
|
|
80
67
|
// Check that the origin is our site
|
|
81
68
|
if (Array.isArray(expectedOrigin)) {
|
|
82
69
|
if (!expectedOrigin.includes(origin)) {
|
|
83
|
-
throw new Error(`Unexpected
|
|
70
|
+
throw new Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(', ')}`);
|
|
84
71
|
}
|
|
85
72
|
}
|
|
86
73
|
else {
|
|
87
74
|
if (origin !== expectedOrigin) {
|
|
88
|
-
throw new Error(`Unexpected
|
|
75
|
+
throw new Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);
|
|
89
76
|
}
|
|
90
77
|
}
|
|
91
78
|
if (tokenBinding) {
|
|
@@ -122,7 +109,7 @@ async function verifyAttestationResponse(options) {
|
|
|
122
109
|
}
|
|
123
110
|
// Make sure someone was physically present
|
|
124
111
|
if (!flags.up) {
|
|
125
|
-
throw new Error('User not present during
|
|
112
|
+
throw new Error('User not present during registration');
|
|
126
113
|
}
|
|
127
114
|
// Enforce user verification if specified
|
|
128
115
|
if (requireUserVerification && !flags.uv) {
|
|
@@ -135,77 +122,54 @@ async function verifyAttestationResponse(options) {
|
|
|
135
122
|
throw new Error('No public key was provided by authenticator');
|
|
136
123
|
}
|
|
137
124
|
if (!aaguid) {
|
|
138
|
-
throw new Error('No AAGUID was present
|
|
125
|
+
throw new Error('No AAGUID was present during registration');
|
|
139
126
|
}
|
|
140
127
|
const decodedPublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
141
128
|
const alg = decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.alg);
|
|
142
129
|
if (typeof alg !== 'number') {
|
|
143
130
|
throw new Error('Credential public key was missing numeric alg');
|
|
144
131
|
}
|
|
145
|
-
// Make sure the key algorithm is one we specified within the
|
|
132
|
+
// Make sure the key algorithm is one we specified within the registration options
|
|
146
133
|
if (!supportedAlgorithmIDs.includes(alg)) {
|
|
147
134
|
const supported = supportedAlgorithmIDs.join(', ');
|
|
148
135
|
throw new Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`);
|
|
149
136
|
}
|
|
150
137
|
const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
138
|
+
const rootCertificates = settingsService_1.default.getRootCertificates({ identifier: fmt });
|
|
139
|
+
// Prepare arguments to pass to the relevant verification method
|
|
140
|
+
const verifierOpts = {
|
|
141
|
+
aaguid,
|
|
142
|
+
attStmt,
|
|
143
|
+
authData,
|
|
144
|
+
clientDataHash,
|
|
145
|
+
credentialID,
|
|
146
|
+
credentialPublicKey,
|
|
147
|
+
rootCertificates,
|
|
148
|
+
rpIdHash,
|
|
149
|
+
};
|
|
151
150
|
/**
|
|
152
151
|
* Verification can only be performed when attestation = 'direct'
|
|
153
152
|
*/
|
|
154
153
|
let verified = false;
|
|
155
|
-
if (fmt ===
|
|
156
|
-
verified = verifyFIDOU2F_1.default(
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
});
|
|
173
|
-
}
|
|
174
|
-
else if (fmt === decodeAttestationObject_1.ATTESTATION_FORMAT.ANDROID_SAFETYNET) {
|
|
175
|
-
verified = await verifyAndroidSafetyNet_1.default({
|
|
176
|
-
attStmt,
|
|
177
|
-
authData,
|
|
178
|
-
clientDataHash,
|
|
179
|
-
aaguid,
|
|
180
|
-
});
|
|
181
|
-
}
|
|
182
|
-
else if (fmt === decodeAttestationObject_1.ATTESTATION_FORMAT.ANDROID_KEY) {
|
|
183
|
-
verified = await verifyAndroidKey_1.default({
|
|
184
|
-
attStmt,
|
|
185
|
-
authData,
|
|
186
|
-
clientDataHash,
|
|
187
|
-
credentialPublicKey,
|
|
188
|
-
aaguid,
|
|
189
|
-
});
|
|
190
|
-
}
|
|
191
|
-
else if (fmt === decodeAttestationObject_1.ATTESTATION_FORMAT.TPM) {
|
|
192
|
-
verified = await verifyTPM_1.default({
|
|
193
|
-
aaguid,
|
|
194
|
-
attStmt,
|
|
195
|
-
authData,
|
|
196
|
-
credentialPublicKey,
|
|
197
|
-
clientDataHash,
|
|
198
|
-
});
|
|
199
|
-
}
|
|
200
|
-
else if (fmt === decodeAttestationObject_1.ATTESTATION_FORMAT.APPLE) {
|
|
201
|
-
verified = await verifyApple_1.default({
|
|
202
|
-
attStmt,
|
|
203
|
-
authData,
|
|
204
|
-
clientDataHash,
|
|
205
|
-
credentialPublicKey,
|
|
206
|
-
});
|
|
154
|
+
if (fmt === 'fido-u2f') {
|
|
155
|
+
verified = await verifyFIDOU2F_1.default(verifierOpts);
|
|
156
|
+
}
|
|
157
|
+
else if (fmt === 'packed') {
|
|
158
|
+
verified = await verifyPacked_1.default(verifierOpts);
|
|
159
|
+
}
|
|
160
|
+
else if (fmt === 'android-safetynet') {
|
|
161
|
+
verified = await verifyAndroidSafetyNet_1.default(verifierOpts);
|
|
162
|
+
}
|
|
163
|
+
else if (fmt === 'android-key') {
|
|
164
|
+
verified = await verifyAndroidKey_1.default(verifierOpts);
|
|
165
|
+
}
|
|
166
|
+
else if (fmt === 'tpm') {
|
|
167
|
+
verified = await verifyTPM_1.default(verifierOpts);
|
|
168
|
+
}
|
|
169
|
+
else if (fmt === 'apple') {
|
|
170
|
+
verified = await verifyApple_1.default(verifierOpts);
|
|
207
171
|
}
|
|
208
|
-
else if (fmt ===
|
|
172
|
+
else if (fmt === 'none') {
|
|
209
173
|
if (Object.keys(attStmt).length > 0) {
|
|
210
174
|
throw new Error('None attestation had unexpected attestation statement');
|
|
211
175
|
}
|
|
@@ -219,7 +183,7 @@ async function verifyAttestationResponse(options) {
|
|
|
219
183
|
verified,
|
|
220
184
|
};
|
|
221
185
|
if (toReturn.verified) {
|
|
222
|
-
toReturn.
|
|
186
|
+
toReturn.registrationInfo = {
|
|
223
187
|
fmt,
|
|
224
188
|
counter,
|
|
225
189
|
aaguid: convertAAGUIDToString_1.default(aaguid),
|
|
@@ -232,5 +196,5 @@ async function verifyAttestationResponse(options) {
|
|
|
232
196
|
}
|
|
233
197
|
return toReturn;
|
|
234
198
|
}
|
|
235
|
-
exports.default =
|
|
236
|
-
//# sourceMappingURL=
|
|
199
|
+
exports.default = verifyRegistrationResponse;
|
|
200
|
+
//# sourceMappingURL=verifyRegistrationResponse.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifyRegistrationResponse.js","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAMlC,iGAG4C;AAC5C,2FAAmE;AACnE,+FAAuE;AACvE,+DAAuC;AACvC,qGAA6E;AAC7E,oEAAwD;AACxD,6FAAqE;AACrE,kFAA0D;AAE1D,+EAAkF;AAClF,kFAA0D;AAC1D,gFAAwD;AACxD,oGAA4E;AAC5E,8EAAsD;AACtD,wFAAgE;AAChE,8EAAsD;AAYtD;;;;;;;;;;;;;;GAcG;AACY,KAAK,UAAU,0BAA0B,CACtD,OAAuC;IAEvC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,uBAAuB,GAAG,KAAK,EAC/B,qBAAqB,GAAG,+DAAiC,GAC1D,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,MAAM,cAAc,GAAG,8BAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,2CAA2C;IAC3C,IAAI,IAAI,KAAK,iBAAiB,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,EAAE,CAAC,CAAC;KACnE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,+CAA+C,SAAS,gBAAgB,iBAAiB,GAAG,CAC7F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,uBAAuB,cAAc,CAAC,IAAI,CAC1F,IAAI,CACL,EAAE,CACJ,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,gBAAgB,cAAc,GAAG,CACpF,CAAC;SACH;KACF;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,GAAG,CAAC,CAAC;SACxE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC9E,MAAM,IAAI,KAAK,CAAC,4CAA4C,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;SACrF;KACF;IAED,MAAM,iBAAiB,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACzE,MAAM,wBAAwB,GAAG,iCAAuB,CAAC,iBAAiB,CAAC,CAAC;IAC5E,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,wBAAwB,CAAC;IAE5D,MAAM,cAAc,GAAG,gCAAsB,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,mBAAmB,EAAE,GAAG,cAAc,CAAC;IAE/F,yCAAyC;IACzC,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;gBACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;aAC1C;SACF;aAAM;YACL,kEAAkE;YAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAC9C,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,EAAE;gBACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;aAC1C;SACF;KACF;IAED,2CAA2C;IAC3C,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;KACzD;IAED,yCAAyC;IACzC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;KACnE;IAED,IAAI,CAAC,mBAAmB,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IAED,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;IAED,MAAM,gBAAgB,GAAG,mCAAyB,CAAC,mBAAmB,CAAC,CAAC;IACxE,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;IAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IAED,kFAAkF;IAClF,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,GAAa,CAAC,EAAE;QAClD,MAAM,SAAS,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,uBAAuB,SAAS,GAAG,CAAC,CAAC;KACvF;IAED,MAAM,cAAc,GAAG,gBAAM,CAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,yBAAe,CAAC,mBAAmB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IAElF,gEAAgE;IAChE,MAAM,YAAY,GAAkC;QAClD,MAAM;QACN,OAAO;QACP,QAAQ;QACR,cAAc;QACd,YAAY;QACZ,mBAAmB;QACnB,gBAAgB;QAChB,QAAQ;KACT,CAAC;IAEF;;OAEG;IACH,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,GAAG,KAAK,UAAU,EAAE;QACtB,QAAQ,GAAG,MAAM,uBAAa,CAAC,YAAY,CAAC,CAAC;KAC9C;SAAM,IAAI,GAAG,KAAK,QAAQ,EAAE;QAC3B,QAAQ,GAAG,MAAM,sBAAY,CAAC,YAAY,CAAC,CAAC;KAC7C;SAAM,IAAI,GAAG,KAAK,mBAAmB,EAAE;QACtC,QAAQ,GAAG,MAAM,gCAAsB,CAAC,YAAY,CAAC,CAAC;KACvD;SAAM,IAAI,GAAG,KAAK,aAAa,EAAE;QAChC,QAAQ,GAAG,MAAM,0BAAgB,CAAC,YAAY,CAAC,CAAC;KACjD;SAAM,IAAI,GAAG,KAAK,KAAK,EAAE;QACxB,QAAQ,GAAG,MAAM,mBAAS,CAAC,YAAY,CAAC,CAAC;KAC1C;SAAM,IAAI,GAAG,KAAK,OAAO,EAAE;QAC1B,QAAQ,GAAG,MAAM,qBAAW,CAAC,YAAY,CAAC,CAAC;KAC5C;SAAM,IAAI,GAAG,KAAK,MAAM,EAAE;QACzB,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;QACD,kFAAkF;QAClF,QAAQ,GAAG,IAAI,CAAC;KACjB;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;KAC3D;IAED,MAAM,QAAQ,GAAiC;QAC7C,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,CAAC,QAAQ,EAAE;QACrB,QAAQ,CAAC,gBAAgB,GAAG;YAC1B,GAAG;YACH,OAAO;YACP,MAAM,EAAE,+BAAqB,CAAC,MAAM,CAAC;YACrC,mBAAmB;YACnB,YAAY;YACZ,cAAc;YACd,YAAY,EAAE,KAAK,CAAC,EAAE;YACtB,iBAAiB;SAClB,CAAC;KACH;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAtMD,6CAsMC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Google Hardware Attestation Root 1
|
|
3
|
+
*
|
|
4
|
+
* Downloaded from https://developer.android.com/training/articles/security-key-attestation#root_certificate
|
|
5
|
+
* (first entry)
|
|
6
|
+
*
|
|
7
|
+
* Valid until 2026-05-24 @ 09:28 PST
|
|
8
|
+
*
|
|
9
|
+
* SHA256 Fingerprint
|
|
10
|
+
* C1:98:4A:3E:F4:5C:1E:2A:91:85:51:DE:10:60:3C:86:F7:05:1B:22:49:C4:89:1C:AE:32:30:EA:BD:0C:97:D5
|
|
11
|
+
*/
|
|
12
|
+
export declare const Google_Hardware_Attestation_Root_1 = "-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYy\nODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYD\nVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAO\nBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lk\nLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQAD\nggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfB\nPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00m\nqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rY\nDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPm\nQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4u\nJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyD\nCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79Iy\nZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxD\nqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23Uaic\nMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1\nwDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk\n-----END CERTIFICATE-----\n";
|
|
13
|
+
/**
|
|
14
|
+
* Google Hardware Attestation Root 2
|
|
15
|
+
*
|
|
16
|
+
* Downloaded from https://developer.android.com/training/articles/security-key-attestation#root_certificate
|
|
17
|
+
* (second entry)
|
|
18
|
+
*
|
|
19
|
+
* Valid until 2034-11-18 @ 12:37 PST
|
|
20
|
+
*
|
|
21
|
+
* SHA256 Fingerprint
|
|
22
|
+
* 1E:F1:A0:4B:8B:A5:8A:B9:45:89:AC:49:8C:89:82:A7:83:F2:4E:A7:30:7E:01:59:A0:C3:A7:3B:37:7D:87:CC
|
|
23
|
+
*/
|
|
24
|
+
export declare const Google_Hardware_Attestation_Root_2 = "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAz\nNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud\nIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnu\nXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83U\nh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cno\nL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2ok\nQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vA\nD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAI\nmMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoW\nFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91\noeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09o\njm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUB\nZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCH\nex0SdDrx+tWUDqG8At2JHA==\n-----END CERTIFICATE-----\n";
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Google_Hardware_Attestation_Root_2 = exports.Google_Hardware_Attestation_Root_1 = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Google Hardware Attestation Root 1
|
|
6
|
+
*
|
|
7
|
+
* Downloaded from https://developer.android.com/training/articles/security-key-attestation#root_certificate
|
|
8
|
+
* (first entry)
|
|
9
|
+
*
|
|
10
|
+
* Valid until 2026-05-24 @ 09:28 PST
|
|
11
|
+
*
|
|
12
|
+
* SHA256 Fingerprint
|
|
13
|
+
* C1:98:4A:3E:F4:5C:1E:2A:91:85:51:DE:10:60:3C:86:F7:05:1B:22:49:C4:89:1C:AE:32:30:EA:BD:0C:97:D5
|
|
14
|
+
*/
|
|
15
|
+
exports.Google_Hardware_Attestation_Root_1 = `-----BEGIN CERTIFICATE-----
|
|
16
|
+
MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
|
|
17
|
+
BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYy
|
|
18
|
+
ODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B
|
|
19
|
+
AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS
|
|
20
|
+
Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7
|
|
21
|
+
tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj
|
|
22
|
+
nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq
|
|
23
|
+
C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ
|
|
24
|
+
oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O
|
|
25
|
+
JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg
|
|
26
|
+
sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi
|
|
27
|
+
igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M
|
|
28
|
+
RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E
|
|
29
|
+
aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um
|
|
30
|
+
AGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYD
|
|
31
|
+
VR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAO
|
|
32
|
+
BgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lk
|
|
33
|
+
Lmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQAD
|
|
34
|
+
ggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfB
|
|
35
|
+
Pb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00m
|
|
36
|
+
qC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rY
|
|
37
|
+
DBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPm
|
|
38
|
+
QUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4u
|
|
39
|
+
JU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyD
|
|
40
|
+
CdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79Iy
|
|
41
|
+
ZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxD
|
|
42
|
+
qwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23Uaic
|
|
43
|
+
MDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1
|
|
44
|
+
wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk
|
|
45
|
+
-----END CERTIFICATE-----
|
|
46
|
+
`;
|
|
47
|
+
/**
|
|
48
|
+
* Google Hardware Attestation Root 2
|
|
49
|
+
*
|
|
50
|
+
* Downloaded from https://developer.android.com/training/articles/security-key-attestation#root_certificate
|
|
51
|
+
* (second entry)
|
|
52
|
+
*
|
|
53
|
+
* Valid until 2034-11-18 @ 12:37 PST
|
|
54
|
+
*
|
|
55
|
+
* SHA256 Fingerprint
|
|
56
|
+
* 1E:F1:A0:4B:8B:A5:8A:B9:45:89:AC:49:8C:89:82:A7:83:F2:4E:A7:30:7E:01:59:A0:C3:A7:3B:37:7D:87:CC
|
|
57
|
+
*/
|
|
58
|
+
exports.Google_Hardware_Attestation_Root_2 = `-----BEGIN CERTIFICATE-----
|
|
59
|
+
MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
|
|
60
|
+
BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAz
|
|
61
|
+
NzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B
|
|
62
|
+
AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS
|
|
63
|
+
Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7
|
|
64
|
+
tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj
|
|
65
|
+
nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq
|
|
66
|
+
C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ
|
|
67
|
+
oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O
|
|
68
|
+
JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg
|
|
69
|
+
sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi
|
|
70
|
+
igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M
|
|
71
|
+
RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E
|
|
72
|
+
aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um
|
|
73
|
+
AGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud
|
|
74
|
+
IwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD
|
|
75
|
+
VR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnu
|
|
76
|
+
XKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83U
|
|
77
|
+
h6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cno
|
|
78
|
+
L/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2ok
|
|
79
|
+
QBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vA
|
|
80
|
+
D32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAI
|
|
81
|
+
mMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoW
|
|
82
|
+
Fua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91
|
|
83
|
+
oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09o
|
|
84
|
+
jm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUB
|
|
85
|
+
ZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCH
|
|
86
|
+
ex0SdDrx+tWUDqG8At2JHA==
|
|
87
|
+
-----END CERTIFICATE-----
|
|
88
|
+
`;
|
|
89
|
+
//# sourceMappingURL=android-key.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"android-key.js","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-key.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;GAUG;AACU,QAAA,kCAAkC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BjD,CAAC;AAEF;;;;;;;;;;GAUG;AACU,QAAA,kCAAkC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BjD,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GlobalSign Root CA
|
|
3
|
+
*
|
|
4
|
+
* Downloaded from https://pki.goog/roots.pem
|
|
5
|
+
*
|
|
6
|
+
* Valid until 2028-01-28 @ 04:00 PST
|
|
7
|
+
*
|
|
8
|
+
* SHA256 Fingerprint
|
|
9
|
+
* EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
|
|
10
|
+
*/
|
|
11
|
+
export declare const GlobalSign_Root_CA = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n";
|
|
12
|
+
/**
|
|
13
|
+
* GlobalSign R2
|
|
14
|
+
*
|
|
15
|
+
* Downloaded from https://pki.goog/repo/certs/gsr2.pem
|
|
16
|
+
*
|
|
17
|
+
* Valid until 2021-12-15 @ 00:00 PST
|
|
18
|
+
*
|
|
19
|
+
* SHA256 Fingerprint
|
|
20
|
+
* 69:E2:D0:6C:30:F3:66:16:61:65:E9:1D:68:D1:CE:E5:CC:47:58:4A:80:22:7E:76:66:60:86:C0:10:72:41:EB
|
|
21
|
+
*/
|
|
22
|
+
export declare const GlobalSign_R2 = "-----BEGIN CERTIFICATE-----\nMIIDvDCCAqSgAwIBAgINAgPk9GHsmdnVeWbKejANBgkqhkiG9w0BAQUFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0wNjEyMTUwODAwMDBaFw0yMTEy\nMTUwODAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMw\nEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4hVJsL03+EcPoS\ns8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtKpspJpl6op4xa\nEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK561l94tAGhl9e\nSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh+dOUScskYpEg\nvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJhE4hcn+CTClGX\nilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8KbjwIDAQABo4Gc\nMIGZMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSb\n4gdXZxwewGoG3lm0mi3f3BmGLjAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f\n3BmGLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0\nL3Jvb3QtcjIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQANeX81Z1YqDIs4EaLjG0qP\nOxIzaJI/y4kiRj3a+y3KOx74clIkLuMgi/9/5iv/n+1LyhGU9g7174slbzJOPbSp\np1eT19ST2mYbdgTLx/hm3tTLoHIY/w4ZbnQYwfnPwAG4RefnEFYPQJmpD+Wh8BJw\nBgtm2drTale/T6NBwmwnEFunfaMfMX3g6IBrx7VKnxIkJh/3p190WveLKgl9n7i5\nSWce/4woPimEn9WfEQWRvp6wKhaCKFjuCMuulEZusoOUJ4LfJnXxcuQTgIrSnwI7\nKfSSjsd42w3lX1fbgJp7vPmLM6OBRvAXuYRKTFqMAWbb7OaGIEE+cbxY6PDepnva\n-----END CERTIFICATE-----\n";
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.GlobalSign_R2 = exports.GlobalSign_Root_CA = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* GlobalSign Root CA
|
|
6
|
+
*
|
|
7
|
+
* Downloaded from https://pki.goog/roots.pem
|
|
8
|
+
*
|
|
9
|
+
* Valid until 2028-01-28 @ 04:00 PST
|
|
10
|
+
*
|
|
11
|
+
* SHA256 Fingerprint
|
|
12
|
+
* EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
|
|
13
|
+
*/
|
|
14
|
+
exports.GlobalSign_Root_CA = `-----BEGIN CERTIFICATE-----
|
|
15
|
+
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
|
|
16
|
+
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
|
17
|
+
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
|
|
18
|
+
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
|
|
19
|
+
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
|
|
20
|
+
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
|
|
21
|
+
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
|
|
22
|
+
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
|
|
23
|
+
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
|
|
24
|
+
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
|
|
25
|
+
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
|
|
26
|
+
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
|
|
27
|
+
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
|
|
28
|
+
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
|
|
29
|
+
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
|
|
30
|
+
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
|
|
31
|
+
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
|
|
32
|
+
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
|
|
33
|
+
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
|
|
34
|
+
-----END CERTIFICATE-----
|
|
35
|
+
`;
|
|
36
|
+
/**
|
|
37
|
+
* GlobalSign R2
|
|
38
|
+
*
|
|
39
|
+
* Downloaded from https://pki.goog/repo/certs/gsr2.pem
|
|
40
|
+
*
|
|
41
|
+
* Valid until 2021-12-15 @ 00:00 PST
|
|
42
|
+
*
|
|
43
|
+
* SHA256 Fingerprint
|
|
44
|
+
* 69:E2:D0:6C:30:F3:66:16:61:65:E9:1D:68:D1:CE:E5:CC:47:58:4A:80:22:7E:76:66:60:86:C0:10:72:41:EB
|
|
45
|
+
*/
|
|
46
|
+
exports.GlobalSign_R2 = `-----BEGIN CERTIFICATE-----
|
|
47
|
+
MIIDvDCCAqSgAwIBAgINAgPk9GHsmdnVeWbKejANBgkqhkiG9w0BAQUFADBMMSAw
|
|
48
|
+
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
|
|
49
|
+
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0wNjEyMTUwODAwMDBaFw0yMTEy
|
|
50
|
+
MTUwODAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMw
|
|
51
|
+
EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIBIjANBgkq
|
|
52
|
+
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4hVJsL03+EcPoS
|
|
53
|
+
s8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtKpspJpl6op4xa
|
|
54
|
+
Ebx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK561l94tAGhl9e
|
|
55
|
+
SWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh+dOUScskYpEg
|
|
56
|
+
vN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJhE4hcn+CTClGX
|
|
57
|
+
ilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8KbjwIDAQABo4Gc
|
|
58
|
+
MIGZMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSb
|
|
59
|
+
4gdXZxwewGoG3lm0mi3f3BmGLjAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f
|
|
60
|
+
3BmGLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0
|
|
61
|
+
L3Jvb3QtcjIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQANeX81Z1YqDIs4EaLjG0qP
|
|
62
|
+
OxIzaJI/y4kiRj3a+y3KOx74clIkLuMgi/9/5iv/n+1LyhGU9g7174slbzJOPbSp
|
|
63
|
+
p1eT19ST2mYbdgTLx/hm3tTLoHIY/w4ZbnQYwfnPwAG4RefnEFYPQJmpD+Wh8BJw
|
|
64
|
+
Bgtm2drTale/T6NBwmwnEFunfaMfMX3g6IBrx7VKnxIkJh/3p190WveLKgl9n7i5
|
|
65
|
+
SWce/4woPimEn9WfEQWRvp6wKhaCKFjuCMuulEZusoOUJ4LfJnXxcuQTgIrSnwI7
|
|
66
|
+
KfSSjsd42w3lX1fbgJp7vPmLM6OBRvAXuYRKTFqMAWbb7OaGIEE+cbxY6PDepnva
|
|
67
|
+
-----END CERTIFICATE-----
|
|
68
|
+
`;
|
|
69
|
+
//# sourceMappingURL=android-safetynet.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"android-safetynet.js","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/android-safetynet.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqBjC,CAAC;AAEF;;;;;;;;;GASG;AACU,QAAA,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;CAsB5B,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Apple WebAuthn Root CA
|
|
3
|
+
*
|
|
4
|
+
* Downloaded from https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
|
|
5
|
+
*
|
|
6
|
+
* Valid until 2045-03-14 @ 17:00 PST
|
|
7
|
+
*
|
|
8
|
+
* SHA256 Fingerprint
|
|
9
|
+
* 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
|
|
10
|
+
*/
|
|
11
|
+
export declare const Apple_WebAuthn_Root_CA = "-----BEGIN CERTIFICATE-----\nMIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w\nHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ\nbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx\nNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG\nA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k\nxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/\npcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk\n2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3\njAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B\n1bWeT0vT\n-----END CERTIFICATE-----\n";
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Apple_WebAuthn_Root_CA = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Apple WebAuthn Root CA
|
|
6
|
+
*
|
|
7
|
+
* Downloaded from https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
|
|
8
|
+
*
|
|
9
|
+
* Valid until 2045-03-14 @ 17:00 PST
|
|
10
|
+
*
|
|
11
|
+
* SHA256 Fingerprint
|
|
12
|
+
* 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
|
|
13
|
+
*/
|
|
14
|
+
exports.Apple_WebAuthn_Root_CA = `-----BEGIN CERTIFICATE-----
|
|
15
|
+
MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
|
|
16
|
+
HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
|
|
17
|
+
bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
|
|
18
|
+
NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
|
|
19
|
+
A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
|
|
20
|
+
AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
|
|
21
|
+
xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
|
|
22
|
+
pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
|
|
23
|
+
2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
|
|
24
|
+
MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
|
|
25
|
+
jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
|
|
26
|
+
1bWeT0vT
|
|
27
|
+
-----END CERTIFICATE-----
|
|
28
|
+
`;
|
|
29
|
+
//# sourceMappingURL=apple.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"apple.js","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/apple.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,sBAAsB,GAAG;;;;;;;;;;;;;;CAcrC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GlobalSign Root CA - R3
|
|
3
|
+
*
|
|
4
|
+
* Downloaded from https://valid.r3.roots.globalsign.com/
|
|
5
|
+
*
|
|
6
|
+
* Valid until 2029-03-18 @ 00:00 PST
|
|
7
|
+
*
|
|
8
|
+
* SHA256 Fingerprint
|
|
9
|
+
* CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
|
|
10
|
+
*/
|
|
11
|
+
export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\n MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\n A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\n Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\n MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\n A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\n RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\n gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\n KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\n QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\n XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\n DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\n LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\n RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\n jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\n mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\n Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n WD9f\n -----END CERTIFICATE-----\n ";
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.GlobalSign_Root_CA_R3 = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* GlobalSign Root CA - R3
|
|
6
|
+
*
|
|
7
|
+
* Downloaded from https://valid.r3.roots.globalsign.com/
|
|
8
|
+
*
|
|
9
|
+
* Valid until 2029-03-18 @ 00:00 PST
|
|
10
|
+
*
|
|
11
|
+
* SHA256 Fingerprint
|
|
12
|
+
* CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
|
|
13
|
+
*/
|
|
14
|
+
exports.GlobalSign_Root_CA_R3 = `-----BEGIN CERTIFICATE-----
|
|
15
|
+
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
|
|
16
|
+
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
|
|
17
|
+
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
|
|
18
|
+
MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
|
|
19
|
+
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
|
|
20
|
+
hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
|
|
21
|
+
RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
|
|
22
|
+
gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
|
|
23
|
+
KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
|
|
24
|
+
QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
|
|
25
|
+
XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
|
|
26
|
+
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
|
|
27
|
+
LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
|
|
28
|
+
RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
|
|
29
|
+
jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
|
|
30
|
+
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
|
|
31
|
+
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
|
|
32
|
+
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
|
|
33
|
+
WD9f
|
|
34
|
+
-----END CERTIFICATE-----
|
|
35
|
+
`;
|
|
36
|
+
//# sourceMappingURL=mds.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mds.js","sourceRoot":"","sources":["../../../src/services/defaultRootCerts/mds.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;EAqBnC,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
import type { MetadataStatement } from '../metadata/mdsTypes';
|
|
3
|
+
declare type VerificationMode = 'permissive' | 'strict';
|
|
4
|
+
/**
|
|
5
|
+
* A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
|
|
6
|
+
* download and parsing, and on-demand requesting and caching of individual metadata statements.
|
|
7
|
+
*
|
|
8
|
+
* https://fidoalliance.org/metadata/
|
|
9
|
+
*/
|
|
10
|
+
export declare class BaseMetadataService {
|
|
11
|
+
private mdsCache;
|
|
12
|
+
private statementCache;
|
|
13
|
+
private state;
|
|
14
|
+
private verificationMode;
|
|
15
|
+
/**
|
|
16
|
+
* Prepare the service to handle remote MDS servers and/or cache local metadata statements.
|
|
17
|
+
*
|
|
18
|
+
* **Options:**
|
|
19
|
+
*
|
|
20
|
+
* @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
|
|
21
|
+
* (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
|
|
22
|
+
* @param opts.statements An array of local metadata statements
|
|
23
|
+
* @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
|
|
24
|
+
* `"strict"` which throws errors during registration response verification when an
|
|
25
|
+
* unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
|
|
26
|
+
* authenticators with unregistered AAGUIDs
|
|
27
|
+
*/
|
|
28
|
+
initialize(opts?: {
|
|
29
|
+
mdsServers?: string[];
|
|
30
|
+
statements?: MetadataStatement[];
|
|
31
|
+
verificationMode?: VerificationMode;
|
|
32
|
+
}): Promise<void>;
|
|
33
|
+
/**
|
|
34
|
+
* Get a metadata statement for a given AAGUID.
|
|
35
|
+
*
|
|
36
|
+
* This method will coordinate updating the cache as per the `nextUpdate` property in the initial
|
|
37
|
+
* BLOB download.
|
|
38
|
+
*/
|
|
39
|
+
getStatement(aaguid: string | Buffer): Promise<MetadataStatement | undefined>;
|
|
40
|
+
/**
|
|
41
|
+
* Download and process the latest BLOB from MDS
|
|
42
|
+
*/
|
|
43
|
+
private downloadBlob;
|
|
44
|
+
/**
|
|
45
|
+
* A helper method to pause execution until the service is ready
|
|
46
|
+
*/
|
|
47
|
+
private pauseUntilReady;
|
|
48
|
+
/**
|
|
49
|
+
* Report service status on change
|
|
50
|
+
*/
|
|
51
|
+
private setState;
|
|
52
|
+
}
|
|
53
|
+
declare const MetadataService: BaseMetadataService;
|
|
54
|
+
export default MetadataService;
|