@simplewebauthn/server 3.0.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{assertion/generateAssertionOptions.d.ts → authentication/generateAuthenticationOptions.d.ts} +5 -5
- package/dist/{assertion/generateAssertionOptions.js → authentication/generateAuthenticationOptions.js} +6 -6
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -0
- package/dist/{assertion/verifyAssertionResponse.d.ts → authentication/verifyAuthenticationResponse.d.ts} +12 -12
- package/dist/{assertion/verifyAssertionResponse.js → authentication/verifyAuthenticationResponse.js} +13 -12
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -0
- package/dist/helpers/convertAAGUIDToString.js +1 -1
- package/dist/helpers/convertAAGUIDToString.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.d.ts +6 -0
- package/dist/helpers/{convertX509CertToPEM.js → convertCertBufferToPEM.js} +4 -4
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -0
- package/dist/helpers/decodeAttestationObject.d.ts +2 -10
- package/dist/helpers/decodeAttestationObject.js +0 -11
- package/dist/helpers/decodeAttestationObject.js.map +1 -1
- package/dist/helpers/decodeClientDataJSON.d.ts +1 -2
- package/dist/helpers/index.d.ts +23 -0
- package/dist/helpers/index.js +39 -0
- package/dist/helpers/index.js.map +1 -0
- package/dist/helpers/isCertRevoked.js +4 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.d.ts +16 -0
- package/dist/helpers/logging.js +27 -0
- package/dist/helpers/logging.js.map +1 -0
- package/dist/helpers/parseAuthenticatorData.js +13 -18
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/validateCertificatePath.d.ts +2 -1
- package/dist/helpers/validateCertificatePath.js +43 -4
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/index.d.ts +13 -11
- package/dist/index.js +12 -10
- package/dist/index.js.map +1 -1
- package/dist/metadata/mdsTypes.d.ts +207 -0
- package/dist/metadata/mdsTypes.js +3 -0
- package/dist/metadata/mdsTypes.js.map +1 -0
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +5 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +61 -27
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/{attestation/generateAttestationOptions.d.ts → registration/generateRegistrationOptions.d.ts} +2 -2
- package/dist/{attestation/generateAttestationOptions.js → registration/generateRegistrationOptions.js} +3 -3
- package/dist/registration/generateRegistrationOptions.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.js +0 -0
- package/dist/registration/verifications/tpm/constants.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parseCertInfo.d.ts +0 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js +53 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.js +10 -19
- package/dist/registration/verifications/tpm/parsePubArea.js.map +1 -0
- package/dist/registration/verifications/tpm/verifyTPM.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/tpm/verifyTPM.js +14 -4
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidKey.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidKey.js +17 -12
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidSafetyNet.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidSafetyNet.js +6 -27
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -0
- package/dist/registration/verifications/verifyApple.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/verifyApple.js +3 -26
- package/dist/registration/verifications/verifyApple.js.map +1 -0
- package/dist/registration/verifications/verifyFIDOU2F.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyFIDOU2F.js +12 -4
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -0
- package/dist/registration/verifications/verifyPacked.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyPacked.js +15 -7
- package/dist/registration/verifications/verifyPacked.js.map +1 -0
- package/dist/registration/verifyRegistrationResponse.d.ts +71 -0
- package/dist/{attestation/verifyAttestationResponse.js → registration/verifyRegistrationResponse.js} +56 -92
- package/dist/registration/verifyRegistrationResponse.js.map +1 -0
- package/dist/services/defaultRootCerts/android-key.d.ts +24 -0
- package/dist/services/defaultRootCerts/android-key.js +89 -0
- package/dist/services/defaultRootCerts/android-key.js.map +1 -0
- package/dist/services/defaultRootCerts/android-safetynet.d.ts +22 -0
- package/dist/services/defaultRootCerts/android-safetynet.js +69 -0
- package/dist/services/defaultRootCerts/android-safetynet.js.map +1 -0
- package/dist/services/defaultRootCerts/apple.d.ts +11 -0
- package/dist/services/defaultRootCerts/apple.js +29 -0
- package/dist/services/defaultRootCerts/apple.js.map +1 -0
- package/dist/services/defaultRootCerts/mds.d.ts +11 -0
- package/dist/services/defaultRootCerts/mds.js +36 -0
- package/dist/services/defaultRootCerts/mds.js.map +1 -0
- package/dist/services/metadataService.d.ts +54 -0
- package/dist/{metadata → services}/metadataService.js +90 -109
- package/dist/services/metadataService.js.map +1 -0
- package/dist/services/settingsService.d.ts +26 -0
- package/dist/services/settingsService.js +63 -0
- package/dist/services/settingsService.js.map +1 -0
- package/package.json +28 -12
- package/.env +0 -2
- package/dist/assertion/generateAssertionOptions.js.map +0 -1
- package/dist/assertion/verifyAssertionResponse.js.map +0 -1
- package/dist/attestation/generateAttestationOptions.js.map +0 -1
- package/dist/attestation/verifications/tpm/constants.js.map +0 -1
- package/dist/attestation/verifications/tpm/parseCertInfo.js +0 -65
- package/dist/attestation/verifications/tpm/parseCertInfo.js.map +0 -1
- package/dist/attestation/verifications/tpm/parsePubArea.js.map +0 -1
- package/dist/attestation/verifications/tpm/verifyTPM.d.ts +0 -11
- package/dist/attestation/verifications/tpm/verifyTPM.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidKey.d.ts +0 -11
- package/dist/attestation/verifications/verifyAndroidKey.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidSafetyNet.d.ts +0 -14
- package/dist/attestation/verifications/verifyAndroidSafetyNet.js.map +0 -1
- package/dist/attestation/verifications/verifyApple.d.ts +0 -10
- package/dist/attestation/verifications/verifyApple.js.map +0 -1
- package/dist/attestation/verifications/verifyFIDOU2F.d.ts +0 -15
- package/dist/attestation/verifications/verifyFIDOU2F.js.map +0 -1
- package/dist/attestation/verifications/verifyPacked.d.ts +0 -14
- package/dist/attestation/verifications/verifyPacked.js.map +0 -1
- package/dist/attestation/verifyAttestationResponse.d.ts +0 -56
- package/dist/attestation/verifyAttestationResponse.js.map +0 -1
- package/dist/helpers/constants.d.ts +0 -30
- package/dist/helpers/constants.js +0 -52
- package/dist/helpers/constants.js.map +0 -1
- package/dist/helpers/convertX509CertToPEM.d.ts +0 -6
- package/dist/helpers/convertX509CertToPEM.js.map +0 -1
- package/dist/metadata/metadataService.d.ts +0 -75
- package/dist/metadata/metadataService.js.map +0 -1
|
@@ -3,93 +3,105 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.BaseMetadataService = void 0;
|
|
6
7
|
const node_fetch_1 = __importDefault(require("node-fetch"));
|
|
7
8
|
const jsrsasign_1 = require("jsrsasign");
|
|
8
|
-
const base64url_1 = __importDefault(require("base64url"));
|
|
9
|
-
const toHash_1 = __importDefault(require("../helpers/toHash"));
|
|
10
9
|
const validateCertificatePath_1 = __importDefault(require("../helpers/validateCertificatePath"));
|
|
11
|
-
const
|
|
10
|
+
const convertCertBufferToPEM_1 = __importDefault(require("../helpers/convertCertBufferToPEM"));
|
|
12
11
|
const convertAAGUIDToString_1 = __importDefault(require("../helpers/convertAAGUIDToString"));
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
const parseJWT_1 = __importDefault(require("
|
|
12
|
+
const settingsService_1 = __importDefault(require("../services/settingsService"));
|
|
13
|
+
const logging_1 = require("../helpers/logging");
|
|
14
|
+
const parseJWT_1 = __importDefault(require("../metadata/parseJWT"));
|
|
15
|
+
const defaultURLMDS = 'https://mds.fidoalliance.org/'; // v3
|
|
16
16
|
var SERVICE_STATE;
|
|
17
17
|
(function (SERVICE_STATE) {
|
|
18
18
|
SERVICE_STATE[SERVICE_STATE["DISABLED"] = 0] = "DISABLED";
|
|
19
19
|
SERVICE_STATE[SERVICE_STATE["REFRESHING"] = 1] = "REFRESHING";
|
|
20
20
|
SERVICE_STATE[SERVICE_STATE["READY"] = 2] = "READY";
|
|
21
21
|
})(SERVICE_STATE || (SERVICE_STATE = {}));
|
|
22
|
+
const log = logging_1.getLogger('MetadataService');
|
|
22
23
|
/**
|
|
23
|
-
* A basic service for coordinating interactions with the FIDO Metadata Service. This includes
|
|
24
|
+
* A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
|
|
24
25
|
* download and parsing, and on-demand requesting and caching of individual metadata statements.
|
|
25
26
|
*
|
|
26
27
|
* https://fidoalliance.org/metadata/
|
|
27
28
|
*/
|
|
28
|
-
class
|
|
29
|
+
class BaseMetadataService {
|
|
29
30
|
constructor() {
|
|
30
31
|
this.mdsCache = {};
|
|
31
32
|
this.statementCache = {};
|
|
32
33
|
this.state = SERVICE_STATE.DISABLED;
|
|
34
|
+
this.verificationMode = 'strict';
|
|
33
35
|
}
|
|
34
36
|
/**
|
|
35
37
|
* Prepare the service to handle remote MDS servers and/or cache local metadata statements.
|
|
38
|
+
*
|
|
39
|
+
* **Options:**
|
|
40
|
+
*
|
|
41
|
+
* @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
|
|
42
|
+
* (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
|
|
43
|
+
* @param opts.statements An array of local metadata statements
|
|
44
|
+
* @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
|
|
45
|
+
* `"strict"` which throws errors during registration response verification when an
|
|
46
|
+
* unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
|
|
47
|
+
* authenticators with unregistered AAGUIDs
|
|
36
48
|
*/
|
|
37
|
-
async initialize(opts) {
|
|
38
|
-
|
|
39
|
-
throw new Error('MetadataService initialization options are missing');
|
|
40
|
-
}
|
|
41
|
-
const { mdsServers, statements } = opts;
|
|
49
|
+
async initialize(opts = {}) {
|
|
50
|
+
const { mdsServers = [defaultURLMDS], statements, verificationMode, } = opts;
|
|
42
51
|
this.setState(SERVICE_STATE.REFRESHING);
|
|
43
52
|
// If metadata statements are provided, load them into the cache first
|
|
44
53
|
if (statements === null || statements === void 0 ? void 0 : statements.length) {
|
|
54
|
+
let statementsAdded = 0;
|
|
45
55
|
statements.forEach(statement => {
|
|
46
56
|
// Only cache statements that are for FIDO2-compatible authenticators
|
|
47
57
|
if (statement.aaguid) {
|
|
48
58
|
this.statementCache[statement.aaguid] = {
|
|
59
|
+
entry: {
|
|
60
|
+
metadataStatement: statement,
|
|
61
|
+
statusReports: [],
|
|
62
|
+
timeOfLastStatusChange: '1970-01-01',
|
|
63
|
+
},
|
|
49
64
|
url: '',
|
|
50
|
-
hash: '',
|
|
51
|
-
statement,
|
|
52
|
-
statusReports: [],
|
|
53
65
|
};
|
|
66
|
+
statementsAdded += 1;
|
|
54
67
|
}
|
|
55
68
|
});
|
|
56
|
-
|
|
57
|
-
if (!mdsServers.length) {
|
|
58
|
-
throw new Error('MetadataService must be initialized with at least one MDS server');
|
|
69
|
+
log(`Cached ${statementsAdded} local statements`);
|
|
59
70
|
}
|
|
60
71
|
// If MDS servers are provided, then process them and add their statements to the cache
|
|
61
72
|
if (mdsServers === null || mdsServers === void 0 ? void 0 : mdsServers.length) {
|
|
62
|
-
//
|
|
63
|
-
|
|
64
|
-
|
|
73
|
+
// Get a current count so we know how many new statements we've added from MDS servers
|
|
74
|
+
const currentCacheCount = Object.keys(this.statementCache).length;
|
|
75
|
+
let numServers = mdsServers.length;
|
|
76
|
+
for (const url of mdsServers) {
|
|
65
77
|
try {
|
|
66
|
-
await this.
|
|
67
|
-
url
|
|
68
|
-
rootCertURL: server.rootCertURL,
|
|
69
|
-
metadataURLSuffix: server.metadataURLSuffix,
|
|
70
|
-
alg: '',
|
|
78
|
+
await this.downloadBlob({
|
|
79
|
+
url,
|
|
71
80
|
no: 0,
|
|
72
81
|
nextUpdate: new Date(0),
|
|
73
82
|
});
|
|
74
83
|
}
|
|
75
84
|
catch (err) {
|
|
76
85
|
// Notify of the error and move on
|
|
77
|
-
|
|
78
|
-
|
|
86
|
+
log(`Could not download BLOB from ${url}:`, err);
|
|
87
|
+
numServers -= 1;
|
|
79
88
|
}
|
|
80
89
|
}
|
|
81
|
-
//
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
90
|
+
// Calculate the difference to get the total number of new statements we successfully added
|
|
91
|
+
const newCacheCount = Object.keys(this.statementCache).length;
|
|
92
|
+
const cacheDiff = newCacheCount - currentCacheCount;
|
|
93
|
+
log(`Cached ${cacheDiff} statements from ${numServers} metadata server(s)`);
|
|
94
|
+
}
|
|
95
|
+
if (verificationMode) {
|
|
96
|
+
this.verificationMode = verificationMode;
|
|
85
97
|
}
|
|
86
98
|
this.setState(SERVICE_STATE.READY);
|
|
87
99
|
}
|
|
88
100
|
/**
|
|
89
|
-
* Get a metadata statement for a given
|
|
101
|
+
* Get a metadata statement for a given AAGUID.
|
|
90
102
|
*
|
|
91
|
-
* This method will coordinate updating the
|
|
92
|
-
*
|
|
103
|
+
* This method will coordinate updating the cache as per the `nextUpdate` property in the initial
|
|
104
|
+
* BLOB download.
|
|
93
105
|
*/
|
|
94
106
|
async getStatement(aaguid) {
|
|
95
107
|
if (this.state === SERVICE_STATE.DISABLED) {
|
|
@@ -101,31 +113,35 @@ class MetadataService {
|
|
|
101
113
|
if (aaguid instanceof Buffer) {
|
|
102
114
|
aaguid = convertAAGUIDToString_1.default(aaguid);
|
|
103
115
|
}
|
|
104
|
-
// If a
|
|
116
|
+
// If a cache refresh is in progress then pause this until the service is ready
|
|
105
117
|
await this.pauseUntilReady();
|
|
106
118
|
// Try to grab a cached statement
|
|
107
119
|
const cachedStatement = this.statementCache[aaguid];
|
|
108
120
|
if (!cachedStatement) {
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
121
|
+
if (this.verificationMode === 'strict') {
|
|
122
|
+
// FIDO conformance requires RP's to only support registered AAGUID's
|
|
123
|
+
throw new Error(`No metadata statement found for aaguid "${aaguid}"`);
|
|
124
|
+
}
|
|
125
|
+
// Allow registration verification to continue without using metadata
|
|
126
|
+
return;
|
|
112
127
|
}
|
|
113
128
|
// If the statement points to an MDS API, check the MDS' nextUpdate to see if we need to refresh
|
|
114
|
-
if (cachedStatement.
|
|
115
|
-
const mds = this.mdsCache[cachedStatement.
|
|
129
|
+
if (cachedStatement.url) {
|
|
130
|
+
const mds = this.mdsCache[cachedStatement.url];
|
|
116
131
|
const now = new Date();
|
|
117
132
|
if (now > mds.nextUpdate) {
|
|
118
133
|
try {
|
|
119
134
|
this.setState(SERVICE_STATE.REFRESHING);
|
|
120
|
-
await this.
|
|
135
|
+
await this.downloadBlob(mds);
|
|
121
136
|
}
|
|
122
137
|
finally {
|
|
123
138
|
this.setState(SERVICE_STATE.READY);
|
|
124
139
|
}
|
|
125
140
|
}
|
|
126
141
|
}
|
|
142
|
+
const { entry } = cachedStatement;
|
|
127
143
|
// Check to see if the this aaguid has a status report with a "compromised" status
|
|
128
|
-
for (const report of
|
|
144
|
+
for (const report of entry.statusReports) {
|
|
129
145
|
const { status } = report;
|
|
130
146
|
if (status === 'USER_VERIFICATION_BYPASS' ||
|
|
131
147
|
status === 'ATTESTATION_KEY_COMPROMISE' ||
|
|
@@ -134,63 +150,39 @@ class MetadataService {
|
|
|
134
150
|
throw new Error(`Detected compromised aaguid "${aaguid}"`);
|
|
135
151
|
}
|
|
136
152
|
}
|
|
137
|
-
|
|
138
|
-
if (!cachedStatement.statement && cachedStatement.tocURL) {
|
|
139
|
-
// Download the metadata statement if it's not been cached
|
|
140
|
-
const resp = await node_fetch_1.default(cachedStatement.url);
|
|
141
|
-
const data = await resp.text();
|
|
142
|
-
const statement = JSON.parse(Buffer.from(data, 'base64').toString('utf-8'));
|
|
143
|
-
const mds = this.mdsCache[cachedStatement.tocURL];
|
|
144
|
-
const hashAlg = (mds === null || mds === void 0 ? void 0 : mds.alg) === 'ES256' ? 'SHA256' : undefined;
|
|
145
|
-
const calculatedHash = base64url_1.default.encode(toHash_1.default(data, hashAlg));
|
|
146
|
-
if (calculatedHash === cachedStatement.hash) {
|
|
147
|
-
// Update the cached entry with the latest statement
|
|
148
|
-
cachedStatement.statement = statement;
|
|
149
|
-
}
|
|
150
|
-
else {
|
|
151
|
-
// From FIDO MDS docs: "Ignore the downloaded metadata statement if the hash value doesn't
|
|
152
|
-
// match."
|
|
153
|
-
cachedStatement.statement = undefined;
|
|
154
|
-
throw new Error(`Downloaded metadata for aaguid "${aaguid}" but hash did not match`);
|
|
155
|
-
}
|
|
156
|
-
}
|
|
157
|
-
return cachedStatement.statement;
|
|
153
|
+
return entry.metadataStatement;
|
|
158
154
|
}
|
|
159
155
|
/**
|
|
160
|
-
* Download and process the latest
|
|
156
|
+
* Download and process the latest BLOB from MDS
|
|
161
157
|
*/
|
|
162
|
-
async
|
|
163
|
-
const { url, no
|
|
164
|
-
//
|
|
165
|
-
const
|
|
166
|
-
const data = await
|
|
167
|
-
//
|
|
158
|
+
async downloadBlob(mds) {
|
|
159
|
+
const { url, no } = mds;
|
|
160
|
+
// Get latest "BLOB" (FIDO's terminology, not mine)
|
|
161
|
+
const resp = await node_fetch_1.default(url);
|
|
162
|
+
const data = await resp.text();
|
|
163
|
+
// Parse the JWT
|
|
168
164
|
const parsedJWT = parseJWT_1.default(data);
|
|
169
165
|
const header = parsedJWT[0];
|
|
170
166
|
const payload = parsedJWT[1];
|
|
171
167
|
if (payload.no <= no) {
|
|
172
168
|
// From FIDO MDS docs: "also ignore the file if its number (no) is less or equal to the
|
|
173
|
-
// number of the last
|
|
174
|
-
throw new Error(`Latest
|
|
175
|
-
}
|
|
176
|
-
let fullCertPath = header.x5c.map(convertX509CertToPEM_1.default);
|
|
177
|
-
if (rootCertURL.length > 0) {
|
|
178
|
-
// Download FIDO the root certificate and append it to the TOC certs
|
|
179
|
-
const respFIDORootCert = await node_fetch_1.default(rootCertURL);
|
|
180
|
-
const fidoRootCert = await respFIDORootCert.text();
|
|
181
|
-
fullCertPath = fullCertPath.concat(fidoRootCert);
|
|
169
|
+
// number of the last BLOB cached locally."
|
|
170
|
+
throw new Error(`Latest BLOB no. "${payload.no}" is not greater than previous ${no}`);
|
|
182
171
|
}
|
|
172
|
+
const headerCertsPEM = header.x5c.map(convertCertBufferToPEM_1.default);
|
|
183
173
|
try {
|
|
184
174
|
// Validate the certificate chain
|
|
185
|
-
|
|
175
|
+
const rootCerts = settingsService_1.default.getRootCertificates({ identifier: 'mds' });
|
|
176
|
+
await validateCertificatePath_1.default(headerCertsPEM, rootCerts);
|
|
186
177
|
}
|
|
187
|
-
catch (
|
|
178
|
+
catch (error) {
|
|
179
|
+
const _error = error;
|
|
188
180
|
// From FIDO MDS docs: "ignore the file if the chain cannot be verified or if one of the
|
|
189
181
|
// chain certificates is revoked"
|
|
190
|
-
throw new Error(`
|
|
182
|
+
throw new Error(`BLOB certificate path could not be validated: ${_error.message}`);
|
|
191
183
|
}
|
|
192
|
-
// Verify the
|
|
193
|
-
const leafCert =
|
|
184
|
+
// Verify the BLOB JWT signature
|
|
185
|
+
const leafCert = headerCertsPEM[0];
|
|
194
186
|
const verified = jsrsasign_1.KJUR.jws.JWS.verifyJWT(data, leafCert, {
|
|
195
187
|
alg: [header.alg],
|
|
196
188
|
// Empty values to appease TypeScript and this library's subtly mis-typed @types definitions
|
|
@@ -200,30 +192,20 @@ class MetadataService {
|
|
|
200
192
|
});
|
|
201
193
|
if (!verified) {
|
|
202
194
|
// From FIDO MDS docs: "The FIDO Server SHOULD ignore the file if the signature is invalid."
|
|
203
|
-
throw new Error('
|
|
195
|
+
throw new Error('BLOB signature could not be verified');
|
|
204
196
|
}
|
|
205
|
-
//
|
|
197
|
+
// Cache statements for FIDO2 devices
|
|
206
198
|
for (const entry of payload.entries) {
|
|
207
199
|
// Only cache entries with an `aaguid`
|
|
208
200
|
if (entry.aaguid) {
|
|
209
|
-
|
|
210
|
-
const cached = {
|
|
211
|
-
url: `${entry.url}${metadataURLSuffix}`,
|
|
212
|
-
hash: entry.hash,
|
|
213
|
-
statusReports: entry.statusReports,
|
|
214
|
-
// An easy way for us to link back to a cached MDS API entry
|
|
215
|
-
tocURL: url,
|
|
216
|
-
};
|
|
217
|
-
this.statementCache[_entry.aaguid] = cached;
|
|
201
|
+
this.statementCache[entry.aaguid] = { entry, url };
|
|
218
202
|
}
|
|
219
203
|
}
|
|
220
|
-
//
|
|
204
|
+
// Remember info about the server so we can refresh later
|
|
221
205
|
const [year, month, day] = payload.nextUpdate.split('-');
|
|
222
206
|
this.mdsCache[url] = {
|
|
223
207
|
...mds,
|
|
224
|
-
// Store the
|
|
225
|
-
alg: header.alg,
|
|
226
|
-
// Store the payload `no` to make sure we're getting the next TOC in the sequence
|
|
208
|
+
// Store the payload `no` to make sure we're getting the next BLOB in the sequence
|
|
227
209
|
no: payload.no,
|
|
228
210
|
// Convert the nextUpdate property into a Date so we can determine when to re-download
|
|
229
211
|
nextUpdate: new Date(parseInt(year, 10),
|
|
@@ -264,19 +246,18 @@ class MetadataService {
|
|
|
264
246
|
setState(newState) {
|
|
265
247
|
this.state = newState;
|
|
266
248
|
if (newState === SERVICE_STATE.DISABLED) {
|
|
267
|
-
|
|
268
|
-
// log('MetadataService is DISABLED');
|
|
249
|
+
log('MetadataService is DISABLED');
|
|
269
250
|
}
|
|
270
251
|
else if (newState === SERVICE_STATE.REFRESHING) {
|
|
271
|
-
|
|
272
|
-
// log('MetadataService is REFRESHING');
|
|
252
|
+
log('MetadataService is REFRESHING');
|
|
273
253
|
}
|
|
274
254
|
else if (newState === SERVICE_STATE.READY) {
|
|
275
|
-
|
|
276
|
-
// log('MetadataService is READY');
|
|
255
|
+
log('MetadataService is READY');
|
|
277
256
|
}
|
|
278
257
|
}
|
|
279
258
|
}
|
|
280
|
-
|
|
281
|
-
|
|
259
|
+
exports.BaseMetadataService = BaseMetadataService;
|
|
260
|
+
// Export a service singleton
|
|
261
|
+
const MetadataService = new BaseMetadataService();
|
|
262
|
+
exports.default = MetadataService;
|
|
282
263
|
//# sourceMappingURL=metadataService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metadataService.js","sourceRoot":"","sources":["../../src/services/metadataService.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,yCAAiC;AAEjC,iGAAyE;AACzE,+FAAuE;AACvE,6FAAqE;AAOrE,kFAA0D;AAC1D,gDAA+C;AAE/C,oEAA4C;AAc5C,MAAM,aAAa,GAAG,+BAA+B,CAAC,CAAC,KAAK;AAE5D,IAAK,aAIJ;AAJD,WAAK,aAAa;IAChB,yDAAQ,CAAA;IACR,6DAAU,CAAA;IACV,mDAAK,CAAA;AACP,CAAC,EAJI,aAAa,KAAb,aAAa,QAIjB;AAMD,MAAM,GAAG,GAAG,mBAAS,CAAC,iBAAiB,CAAC,CAAC;AAEzC;;;;;GAKG;AACH,MAAa,mBAAmB;IAAhC;QACU,aAAQ,GAAiC,EAAE,CAAC;QAC5C,mBAAc,GAA0C,EAAE,CAAC;QAC3D,UAAK,GAAkB,aAAa,CAAC,QAAQ,CAAC;QAC9C,qBAAgB,GAAqB,QAAQ,CAAC;IA6QxD,CAAC;IA3QC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,UAAU,CACd,OAII,EAAE;QAEN,MAAM,EACJ,UAAU,GAAG,CAAC,aAAa,CAAC,EAC5B,UAAU,EACV,gBAAgB,GACjB,GAAG,IAAI,CAAC;QAET,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAExC,sEAAsE;QACtE,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,EAAE;YACtB,IAAI,eAAe,GAAG,CAAC,CAAC;YAExB,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBAC7B,qEAAqE;gBACrE,IAAI,SAAS,CAAC,MAAM,EAAE;oBACpB,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG;wBACtC,KAAK,EAAE;4BACL,iBAAiB,EAAE,SAAS;4BAC5B,aAAa,EAAE,EAAE;4BACjB,sBAAsB,EAAE,YAAY;yBACrC;wBACD,GAAG,EAAE,EAAE;qBACR,CAAC;oBAEF,eAAe,IAAI,CAAC,CAAC;iBACtB;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,UAAU,eAAe,mBAAmB,CAAC,CAAC;SACnD;QAED,uFAAuF;QACvF,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,EAAE;YACtB,sFAAsF;YACtF,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;YAClE,IAAI,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;YAEnC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE;gBAC5B,IAAI;oBACF,MAAM,IAAI,CAAC,YAAY,CAAC;wBACtB,GAAG;wBACH,EAAE,EAAE,CAAC;wBACL,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC;qBACxB,CAAC,CAAC;iBACJ;gBAAC,OAAO,GAAG,EAAE;oBACZ,kCAAkC;oBAClC,GAAG,CAAC,gCAAgC,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC;oBACjD,UAAU,IAAI,CAAC,CAAC;iBACjB;aACF;YAED,2FAA2F;YAC3F,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;YAC9D,MAAM,SAAS,GAAG,aAAa,GAAG,iBAAiB,CAAC;YACpD,GAAG,CAAC,UAAU,SAAS,oBAAoB,UAAU,qBAAqB,CAAC,CAAC;SAC7E;QAED,IAAI,gBAAgB,EAAE;YACpB,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;SAC1C;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,MAAuB;QACxC,IAAI,IAAI,CAAC,KAAK,KAAK,aAAa,CAAC,QAAQ,EAAE;YACzC,OAAO;SACR;QAED,IAAI,CAAC,MAAM,EAAE;YACX,OAAO;SACR;QAED,IAAI,MAAM,YAAY,MAAM,EAAE;YAC5B,MAAM,GAAG,+BAAqB,CAAC,MAAM,CAAC,CAAC;SACxC;QAED,+EAA+E;QAC/E,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7B,iCAAiC;QACjC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEpD,IAAI,CAAC,eAAe,EAAE;YACpB,IAAI,IAAI,CAAC,gBAAgB,KAAK,QAAQ,EAAE;gBACtC,qEAAqE;gBACrE,MAAM,IAAI,KAAK,CAAC,2CAA2C,MAAM,GAAG,CAAC,CAAC;aACvE;YAED,qEAAqE;YACrE,OAAO;SACR;QAED,gGAAgG;QAChG,IAAI,eAAe,CAAC,GAAG,EAAE;YACvB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE;gBACxB,IAAI;oBACF,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;oBACxC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;iBAC9B;wBAAS;oBACR,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;iBACpC;aACF;SACF;QAED,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC;QAElC,kFAAkF;QAClF,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,aAAa,EAAE;YACxC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;YAC1B,IACE,MAAM,KAAK,0BAA0B;gBACrC,MAAM,KAAK,4BAA4B;gBACvC,MAAM,KAAK,4BAA4B;gBACvC,MAAM,KAAK,8BAA8B,EACzC;gBACA,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,GAAG,CAAC,CAAC;aAC5D;SACF;QAED,OAAO,KAAK,CAAC,iBAAiB,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,GAAc;QACvC,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC;QACxB,mDAAmD;QACnD,MAAM,IAAI,GAAG,MAAM,oBAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAE/B,gBAAgB;QAChB,MAAM,SAAS,GAAG,kBAAQ,CAA8B,IAAI,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAE7B,IAAI,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE;YACpB,uFAAuF;YACvF,2CAA2C;YAC3C,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,CAAC,EAAE,kCAAkC,EAAE,EAAE,CAAC,CAAC;SACvF;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,CAAC;QAC9D,IAAI;YACF,iCAAiC;YACjC,MAAM,SAAS,GAAG,yBAAe,CAAC,mBAAmB,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,MAAM,iCAAuB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;SAC1D;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,MAAM,GAAU,KAAc,CAAC;YACrC,wFAAwF;YACxF,iCAAiC;YACjC,MAAM,IAAI,KAAK,CAAC,iDAAiD,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;SACpF;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,gBAAI,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE;YACtD,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC;YACjB,4FAA4F;YAC5F,GAAG,EAAE,EAAE;YACP,GAAG,EAAE,EAAE;YACP,GAAG,EAAE,EAAE;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE;YACb,4FAA4F;YAC5F,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;SACzD;QAED,qCAAqC;QACrC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE;YACnC,sCAAsC;YACtC,IAAI,KAAK,CAAC,MAAM,EAAE;gBAChB,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;aACpD;SACF;QAED,yDAAyD;QACzD,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG;YACnB,GAAG,GAAG;YACN,kFAAkF;YAClF,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,sFAAsF;YACtF,UAAU,EAAE,IAAI,IAAI,CAClB,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;YAClB,iCAAiC;YACjC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,EACvB,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAClB;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe;QAC3B,IAAI,IAAI,CAAC,KAAK,KAAK,aAAa,CAAC,KAAK,EAAE;YACtC,OAAO;SACR;QAED,uCAAuC;QACvC,MAAM,YAAY,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,MAAM,cAAc,GAAG,KAAK,CAAC;YAC7B,MAAM,UAAU,GAAG,GAAG,CAAC;YACvB,IAAI,UAAU,GAAG,cAAc,GAAG,UAAU,CAAC;YAE7C,sDAAsD;YACtD,MAAM,UAAU,GAAmB,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE;gBACzD,IAAI,UAAU,GAAG,CAAC,EAAE;oBAClB,aAAa,CAAC,UAAU,CAAC,CAAC;oBAC1B,MAAM,CAAC,iCAAiC,cAAc,GAAG,IAAI,UAAU,CAAC,CAAC;iBAC1E;qBAAM,IAAI,IAAI,CAAC,KAAK,KAAK,aAAa,CAAC,KAAK,EAAE;oBAC7C,aAAa,CAAC,UAAU,CAAC,CAAC;oBAC1B,OAAO,EAAE,CAAC;iBACX;gBAED,UAAU,IAAI,CAAC,CAAC;YAClB,CAAC,EAAE,UAAU,CAAC,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,QAAuB;QACtC,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;QAEtB,IAAI,QAAQ,KAAK,aAAa,CAAC,QAAQ,EAAE;YACvC,GAAG,CAAC,6BAA6B,CAAC,CAAC;SACpC;aAAM,IAAI,QAAQ,KAAK,aAAa,CAAC,UAAU,EAAE;YAChD,GAAG,CAAC,+BAA+B,CAAC,CAAC;SACtC;aAAM,IAAI,QAAQ,KAAK,aAAa,CAAC,KAAK,EAAE;YAC3C,GAAG,CAAC,0BAA0B,CAAC,CAAC;SACjC;IACH,CAAC;CACF;AAjRD,kDAiRC;AAED,6BAA6B;AAC7B,MAAM,eAAe,GAAG,IAAI,mBAAmB,EAAE,CAAC;AAElD,kBAAe,eAAe,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
import { AttestationFormat } from '../helpers/decodeAttestationObject';
|
|
3
|
+
declare type RootCertIdentifier = AttestationFormat | 'mds';
|
|
4
|
+
declare class SettingsService {
|
|
5
|
+
private pemCertificates;
|
|
6
|
+
constructor();
|
|
7
|
+
/**
|
|
8
|
+
* Set potential root certificates for attestation formats that use them. Root certs will be tried
|
|
9
|
+
* one-by-one when validating a certificate path.
|
|
10
|
+
*
|
|
11
|
+
* Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
|
|
12
|
+
* `Buffer` is passed in it will be converted to PEM format.
|
|
13
|
+
*/
|
|
14
|
+
setRootCertificates(opts: {
|
|
15
|
+
identifier: RootCertIdentifier;
|
|
16
|
+
certificates: (Buffer | string)[];
|
|
17
|
+
}): void;
|
|
18
|
+
/**
|
|
19
|
+
* Get any registered root certificates for the specified attestation format
|
|
20
|
+
*/
|
|
21
|
+
getRootCertificates(opts: {
|
|
22
|
+
identifier: RootCertIdentifier;
|
|
23
|
+
}): string[];
|
|
24
|
+
}
|
|
25
|
+
declare const settingsService: SettingsService;
|
|
26
|
+
export default settingsService;
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const convertCertBufferToPEM_1 = __importDefault(require("../helpers/convertCertBufferToPEM"));
|
|
7
|
+
const android_safetynet_1 = require("./defaultRootCerts/android-safetynet");
|
|
8
|
+
const android_key_1 = require("./defaultRootCerts/android-key");
|
|
9
|
+
const apple_1 = require("./defaultRootCerts/apple");
|
|
10
|
+
const mds_1 = require("./defaultRootCerts/mds");
|
|
11
|
+
class SettingsService {
|
|
12
|
+
constructor() {
|
|
13
|
+
this.pemCertificates = new Map();
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Set potential root certificates for attestation formats that use them. Root certs will be tried
|
|
17
|
+
* one-by-one when validating a certificate path.
|
|
18
|
+
*
|
|
19
|
+
* Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
|
|
20
|
+
* `Buffer` is passed in it will be converted to PEM format.
|
|
21
|
+
*/
|
|
22
|
+
setRootCertificates(opts) {
|
|
23
|
+
const { identifier, certificates } = opts;
|
|
24
|
+
const newCertificates = [];
|
|
25
|
+
for (const cert of certificates) {
|
|
26
|
+
if (cert instanceof Buffer) {
|
|
27
|
+
newCertificates.push(convertCertBufferToPEM_1.default(cert));
|
|
28
|
+
}
|
|
29
|
+
else {
|
|
30
|
+
newCertificates.push(cert);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
this.pemCertificates.set(identifier, newCertificates);
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Get any registered root certificates for the specified attestation format
|
|
37
|
+
*/
|
|
38
|
+
getRootCertificates(opts) {
|
|
39
|
+
var _a;
|
|
40
|
+
const { identifier } = opts;
|
|
41
|
+
return (_a = this.pemCertificates.get(identifier)) !== null && _a !== void 0 ? _a : [];
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
const settingsService = new SettingsService();
|
|
45
|
+
// Initialize default certificates
|
|
46
|
+
settingsService.setRootCertificates({
|
|
47
|
+
identifier: 'android-key',
|
|
48
|
+
certificates: [android_key_1.Google_Hardware_Attestation_Root_1, android_key_1.Google_Hardware_Attestation_Root_2],
|
|
49
|
+
});
|
|
50
|
+
settingsService.setRootCertificates({
|
|
51
|
+
identifier: 'android-safetynet',
|
|
52
|
+
certificates: [android_safetynet_1.GlobalSign_R2, android_safetynet_1.GlobalSign_Root_CA],
|
|
53
|
+
});
|
|
54
|
+
settingsService.setRootCertificates({
|
|
55
|
+
identifier: 'apple',
|
|
56
|
+
certificates: [apple_1.Apple_WebAuthn_Root_CA],
|
|
57
|
+
});
|
|
58
|
+
settingsService.setRootCertificates({
|
|
59
|
+
identifier: 'mds',
|
|
60
|
+
certificates: [mds_1.GlobalSign_Root_CA_R3],
|
|
61
|
+
});
|
|
62
|
+
exports.default = settingsService;
|
|
63
|
+
//# sourceMappingURL=settingsService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"settingsService.js","sourceRoot":"","sources":["../../src/services/settingsService.ts"],"names":[],"mappings":";;;;;AACA,+FAAuE;AAEvE,4EAAyF;AACzF,gEAGwC;AACxC,oDAAkE;AAClE,gDAA+D;AAI/D,MAAM,eAAe;IAInB;QACE,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACH,mBAAmB,CAAC,IAGnB;QACC,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;QAE1C,MAAM,eAAe,GAAa,EAAE,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,IAAI,IAAI,YAAY,MAAM,EAAE;gBAC1B,eAAe,CAAC,IAAI,CAAC,gCAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;aACpD;iBAAM;gBACL,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aAC5B;SACF;QAED,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAwC;;QAC1D,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAC5B,OAAO,MAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,EAAE,CAAC;IACpD,CAAC;CACF;AAED,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;AAE9C,kCAAkC;AAClC,eAAe,CAAC,mBAAmB,CAAC;IAClC,UAAU,EAAE,aAAa;IACzB,YAAY,EAAE,CAAC,gDAAkC,EAAE,gDAAkC,CAAC;CACvF,CAAC,CAAC;AAEH,eAAe,CAAC,mBAAmB,CAAC;IAClC,UAAU,EAAE,mBAAmB;IAC/B,YAAY,EAAE,CAAC,iCAAa,EAAE,sCAAkB,CAAC;CAClD,CAAC,CAAC;AAEH,eAAe,CAAC,mBAAmB,CAAC;IAClC,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE,CAAC,8BAAsB,CAAC;CACvC,CAAC,CAAC;AAEH,eAAe,CAAC,mBAAmB,CAAC;IAClC,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE,CAAC,2BAAqB,CAAC;CACtC,CAAC,CAAC;AAEH,kBAAe,eAAe,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,9 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simplewebauthn/server",
|
|
3
|
-
"version": "3.0
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"description": "SimpleWebAuthn for Servers",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
|
+
"exports": {
|
|
8
|
+
".": "./dist/index.js",
|
|
9
|
+
"./helpers": "./dist/helpers/index.js"
|
|
10
|
+
},
|
|
11
|
+
"typesVersions": {
|
|
12
|
+
"*": {
|
|
13
|
+
"./dist/index.d.ts": [
|
|
14
|
+
"./dist/index.d.ts"
|
|
15
|
+
],
|
|
16
|
+
"helpers": [
|
|
17
|
+
"./dist/helpers/index.d.ts"
|
|
18
|
+
]
|
|
19
|
+
}
|
|
20
|
+
},
|
|
7
21
|
"author": "Matthew Miller <matthew@millerti.me>",
|
|
8
22
|
"license": "MIT",
|
|
9
23
|
"repository": {
|
|
@@ -32,25 +46,27 @@
|
|
|
32
46
|
"node"
|
|
33
47
|
],
|
|
34
48
|
"dependencies": {
|
|
35
|
-
"@peculiar/asn1-android": "^2.0.
|
|
36
|
-
"@peculiar/asn1-schema": "^2.0.
|
|
37
|
-
"@peculiar/asn1-x509": "^2.0.
|
|
38
|
-
"@simplewebauthn/typescript-types": "^
|
|
49
|
+
"@peculiar/asn1-android": "^2.0.38",
|
|
50
|
+
"@peculiar/asn1-schema": "^2.0.38",
|
|
51
|
+
"@peculiar/asn1-x509": "^2.0.38",
|
|
52
|
+
"@simplewebauthn/typescript-types": "^4.0.0",
|
|
39
53
|
"base64url": "^3.0.1",
|
|
40
54
|
"cbor": "^5.1.0",
|
|
55
|
+
"debug": "^4.3.2",
|
|
41
56
|
"elliptic": "^6.5.3",
|
|
42
|
-
"jsrsasign": "^10.
|
|
57
|
+
"jsrsasign": "^10.4.0",
|
|
43
58
|
"jwk-to-pem": "^2.0.4",
|
|
44
59
|
"node-fetch": "^2.6.0",
|
|
45
60
|
"node-rsa": "^1.1.1"
|
|
46
61
|
},
|
|
47
|
-
"gitHead": "
|
|
62
|
+
"gitHead": "717b7037f58ff18003309e2c1f05f5a2f7036c2d",
|
|
48
63
|
"devDependencies": {
|
|
49
64
|
"@types/cbor": "^5.0.1",
|
|
50
|
-
"@types/
|
|
51
|
-
"@types/
|
|
52
|
-
"@types/
|
|
53
|
-
"@types/
|
|
54
|
-
"@types/node-
|
|
65
|
+
"@types/debug": "^4.1.7",
|
|
66
|
+
"@types/elliptic": "^6.4.13",
|
|
67
|
+
"@types/jsrsasign": "^8.0.13",
|
|
68
|
+
"@types/jwk-to-pem": "^2.0.1",
|
|
69
|
+
"@types/node-fetch": "^2.5.12",
|
|
70
|
+
"@types/node-rsa": "^1.1.1"
|
|
55
71
|
}
|
|
56
72
|
}
|
package/.env
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"generateAssertionOptions.js","sourceRoot":"","sources":["../../src/assertion/generateAssertionOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,wBAAwB,CAC9C,UAAwC,EAAE;IAE1C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,2BAAiB,EAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,EAChB,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AAvBD,2CAuBC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAssertionResponse.js","sourceRoot":"","sources":["../../src/assertion/verifyAssertionResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;AAW7D;;;;;;;;;;;;;;GAcG;AACH,SAAwB,uBAAuB,CAC7C,OAAoC;IAEpC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,QAAO,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,8BAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,wCAAwC;IACxC,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;KACvD;IAED,sDAAsD;IACtD,IAAI,SAAS,KAAK,iBAAiB,EAAE;QACnC,MAAM,IAAI,KAAK,CACb,mCAAmC,SAAS,gBAAgB,iBAAiB,GAAG,CACjF,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,uBAAuB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzF,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,gBAAgB,cAAc,GAAG,CAAC,CAAC;SAC1F;KACF;IAED,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,gCAAsB,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC;IAEpD,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,gBAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,wCAAwC;IACxC,IAAI,oBAAoB,EAAE;QACxB,IAAI,oBAAoB,KAAK,UAAU,EAAE;YACvC,0DAA0D;YAC1D,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;aAC/E;SACF;aAAM,IAAI,oBAAoB,KAAK,WAAW,IAAI,oBAAoB,KAAK,aAAa,EAAE;YACzF,oBAAoB;SACrB;KACF;SAAM;QACL,wDAAwD;QACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;SACtD;KACF;IAED,MAAM,cAAc,GAAG,gBAAM,CAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,+BAAqB,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,yBAAe,CAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC;QAC9D,aAAa,EAAE;YACb,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;SACzC;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAvJD,0CAuJC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"generateAttestationOptions.js","sourceRoot":"","sources":["../../src/attestation/generateAttestationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,0BAA0B,CAChD,OAAuC;IAEvC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,2BAAiB,EAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,6CA2DC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/attestation/verifications/tpm/constants.ts"],"names":[],"mappings":";;;AAAA,sDAAsD;AACzC,QAAA,MAAM,GAA8B;IAC/C,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,qBAAqB;IAC7B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,oBAAoB;CAC7B,CAAC;AAEW,QAAA,OAAO,GAA8B;IAChD,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,kBAAkB;IAClB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;CACtB,CAAC;AAEW,QAAA,aAAa,GAA8B;IACtD,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;CAC3B,CAAC;AAOW,QAAA,iBAAiB,GAAwC;IACpE,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,wBAAwB;QAC9B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,oBAAoB;QAC1B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,qBAAqB;QAC3B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,mBAAmB;QACzB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,MAAM;KACX;CACF,CAAC"}
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
const constants_1 = require("./constants");
|
|
4
|
-
/**
|
|
5
|
-
* Cut up a TPM attestation's certInfo into intelligible chunks
|
|
6
|
-
*/
|
|
7
|
-
function parseCertInfo(certInfo) {
|
|
8
|
-
let certBuffer = certInfo;
|
|
9
|
-
// Get a magic constant
|
|
10
|
-
const magic = certBuffer.slice(0, 4).readUInt32BE(0);
|
|
11
|
-
certBuffer = certBuffer.slice(4);
|
|
12
|
-
// Determine the algorithm used for attestation
|
|
13
|
-
const typeBuffer = certBuffer.slice(0, 2);
|
|
14
|
-
certBuffer = certBuffer.slice(2);
|
|
15
|
-
const type = constants_1.TPM_ST[typeBuffer.readUInt16BE(0)];
|
|
16
|
-
// The name of a parent entity, can be ignored
|
|
17
|
-
const qualifiedSignerLength = certBuffer.slice(0, 2).readUInt16BE(0);
|
|
18
|
-
certBuffer = certBuffer.slice(2);
|
|
19
|
-
const qualifiedSigner = certBuffer.slice(0, qualifiedSignerLength);
|
|
20
|
-
certBuffer = certBuffer.slice(qualifiedSignerLength);
|
|
21
|
-
// Get the expected hash of `attsToBeSigned`
|
|
22
|
-
const extraDataLength = certBuffer.slice(0, 2).readUInt16BE(0);
|
|
23
|
-
certBuffer = certBuffer.slice(2);
|
|
24
|
-
const extraData = certBuffer.slice(0, extraDataLength);
|
|
25
|
-
certBuffer = certBuffer.slice(extraDataLength);
|
|
26
|
-
// Information about the TPM device's internal clock, can be ignored
|
|
27
|
-
const clockInfoBuffer = certBuffer.slice(0, 17);
|
|
28
|
-
certBuffer = certBuffer.slice(17);
|
|
29
|
-
const clockInfo = {
|
|
30
|
-
clock: clockInfoBuffer.slice(0, 8),
|
|
31
|
-
resetCount: clockInfoBuffer.slice(8, 12).readUInt32BE(0),
|
|
32
|
-
restartCount: clockInfoBuffer.slice(12, 16).readUInt32BE(0),
|
|
33
|
-
safe: !!clockInfoBuffer[16],
|
|
34
|
-
};
|
|
35
|
-
// TPM device firmware version
|
|
36
|
-
const firmwareVersion = certBuffer.slice(0, 8);
|
|
37
|
-
certBuffer = certBuffer.slice(8);
|
|
38
|
-
// Attested Name
|
|
39
|
-
const attestedNameLength = certBuffer.slice(0, 2).readUInt16BE(0);
|
|
40
|
-
certBuffer = certBuffer.slice(2);
|
|
41
|
-
const attestedName = certBuffer.slice(0, attestedNameLength);
|
|
42
|
-
certBuffer = certBuffer.slice(attestedNameLength);
|
|
43
|
-
// Attested qualified name, can be ignored
|
|
44
|
-
const qualifiedNameLength = certBuffer.slice(0, 2).readUInt16BE(0);
|
|
45
|
-
certBuffer = certBuffer.slice(2);
|
|
46
|
-
const qualifiedName = certBuffer.slice(0, qualifiedNameLength);
|
|
47
|
-
certBuffer = certBuffer.slice(qualifiedNameLength);
|
|
48
|
-
const attested = {
|
|
49
|
-
nameAlg: constants_1.TPM_ALG[attestedName.slice(0, 2).readUInt16BE(0)],
|
|
50
|
-
nameAlgBuffer: attestedName.slice(0, 2),
|
|
51
|
-
name: attestedName,
|
|
52
|
-
qualifiedName,
|
|
53
|
-
};
|
|
54
|
-
return {
|
|
55
|
-
magic,
|
|
56
|
-
type,
|
|
57
|
-
qualifiedSigner,
|
|
58
|
-
extraData,
|
|
59
|
-
clockInfo,
|
|
60
|
-
firmwareVersion,
|
|
61
|
-
attested,
|
|
62
|
-
};
|
|
63
|
-
}
|
|
64
|
-
exports.default = parseCertInfo;
|
|
65
|
-
//# sourceMappingURL=parseCertInfo.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"parseCertInfo.js","sourceRoot":"","sources":["../../../../src/attestation/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":";;AAAA,2CAA8C;AAE9C;;GAEG;AACH,SAAwB,aAAa,CAAC,QAAgB;IACpD,IAAI,UAAU,GAAG,QAAQ,CAAC;IAE1B,uBAAuB;IACvB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACrD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjC,+CAA+C;IAC/C,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1C,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,kBAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,8CAA8C;IAC9C,MAAM,qBAAqB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACrE,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC;IACnE,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAErD,4CAA4C;IAC5C,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC/D,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACvD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAE/C,oEAAoE;IACpE,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG;QAChB,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAClC,UAAU,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACxD,YAAY,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC;KAC5B,CAAC;IAEF,8BAA8B;IAC9B,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjC,gBAAgB;IAChB,MAAM,kBAAkB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAClE,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;IAC7D,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAElD,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnE,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;IAC/D,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAEnD,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE,mBAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1D,aAAa,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,EAAE,YAAY;QAClB,aAAa;KACd,CAAC;IAEF,OAAO;QACL,KAAK;QACL,IAAI;QACJ,eAAe;QACf,SAAS;QACT,SAAS;QACT,eAAe;QACf,QAAQ;KACT,CAAC;AACJ,CAAC;AAlED,gCAkEC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"parsePubArea.js","sourceRoot":"","sources":["../../../../src/attestation/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":";;AAAA,2CAAqD;AAErD;;GAEG;AACH,SAAwB,YAAY,CAAC,OAAe;IAClD,IAAI,SAAS,GAAW,OAAO,CAAC;IAEhC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACzC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,mBAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjD,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,mBAAO,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,uCAAuC;IACvC,MAAM,mBAAmB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAClE,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,gBAAgB,GAAG;QACvB,QAAQ,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACpC,WAAW,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACxC,mBAAmB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QACjD,YAAY,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC1C,eAAe,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,GAAG,CAAC;QACnC,oBAAoB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,IAAI,CAAC;QACpD,UAAU,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAC3C,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QACxC,aAAa,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,MAAM,CAAC;KAChD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,gBAAgB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC/D,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACxD,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAE9C,oDAAoD;IACpD,MAAM,UAAU,GAAiD,EAAE,CAAC;IACpE,IAAI,IAAI,KAAK,aAAa,EAAE;QAC1B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAEhC,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;YAC9C,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;SACjD,CAAC;KACH;SAAM,IAAI,IAAI,KAAK,aAAa,EAAE;QACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACxC,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE/B,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,yBAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7D,GAAG,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SACpD,CAAC;KACH;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,SAAS,CAAC,CAAC;KACpD;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3D,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAChD,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE1C,OAAO;QACL,IAAI;QACJ,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,UAAU;QACV,MAAM;KACP,CAAC;AACJ,CAAC;AA1ED,+BA0EC"}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
/// <reference types="node" />
|
|
2
|
-
import type { AttestationStatement } from '../../../helpers/decodeAttestationObject';
|
|
3
|
-
declare type Options = {
|
|
4
|
-
aaguid: Buffer;
|
|
5
|
-
attStmt: AttestationStatement;
|
|
6
|
-
authData: Buffer;
|
|
7
|
-
credentialPublicKey: Buffer;
|
|
8
|
-
clientDataHash: Buffer;
|
|
9
|
-
};
|
|
10
|
-
export default function verifyTPM(options: Options): Promise<boolean>;
|
|
11
|
-
export {};
|