@simplewebauthn/server 4.4.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.js +1 -1
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +11 -5
- package/dist/authentication/verifyAuthenticationResponse.js +22 -29
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +4 -3
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeCbor.js +10 -2
- package/dist/helpers/decodeCbor.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/isCertRevoked.js +2 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.js +1 -1
- package/dist/helpers/logging.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +2 -0
- package/dist/helpers/parseAuthenticatorData.js +10 -6
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.d.ts +16 -0
- package/dist/helpers/parseBackupFlags.js +30 -0
- package/dist/helpers/parseBackupFlags.js.map +1 -0
- package/dist/helpers/validateCertificatePath.js +3 -3
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +4 -3
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.js +1 -1
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyTPM.js +14 -12
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidKey.js +14 -8
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js +10 -8
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -1
- package/dist/registration/verifications/verifyApple.js +5 -4
- package/dist/registration/verifications/verifyApple.js.map +1 -1
- package/dist/registration/verifications/verifyFIDOU2F.js +6 -5
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -1
- package/dist/registration/verifications/verifyPacked.js +18 -12
- package/dist/registration/verifications/verifyPacked.js.map +1 -1
- package/dist/registration/verifyRegistrationResponse.d.ts +12 -5
- package/dist/registration/verifyRegistrationResponse.js +20 -16
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.js +5 -5
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.js +1 -1
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +6 -6
|
@@ -19,7 +19,7 @@ const generateChallenge_1 = __importDefault(require("../helpers/generateChalleng
|
|
|
19
19
|
* @param rpID Valid domain name (after `https://`)
|
|
20
20
|
*/
|
|
21
21
|
function generateAuthenticationOptions(options = {}) {
|
|
22
|
-
const { allowCredentials, challenge = generateChallenge_1.default(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
22
|
+
const { allowCredentials, challenge = (0, generateChallenge_1.default)(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
23
23
|
return {
|
|
24
24
|
challenge: base64url_1.default.encode(challenge),
|
|
25
25
|
allowCredentials: allowCredentials === null || allowCredentials === void 0 ? void 0 : allowCredentials.map(cred => ({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,EAChB,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AAvBD,gDAuBC"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { AuthenticationCredentialJSON, AuthenticatorDevice,
|
|
2
|
+
import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
3
3
|
export declare type VerifyAuthenticationResponseOpts = {
|
|
4
4
|
credential: AuthenticationCredentialJSON;
|
|
5
5
|
expectedChallenge: string | ((challenge: string) => boolean);
|
|
6
6
|
expectedOrigin: string | string[];
|
|
7
7
|
expectedRPID: string | string[];
|
|
8
8
|
authenticator: AuthenticatorDevice;
|
|
9
|
-
|
|
9
|
+
requireUserVerification?: boolean;
|
|
10
10
|
};
|
|
11
11
|
/**
|
|
12
12
|
* Verify that the user has legitimately completed the login process
|
|
@@ -19,9 +19,8 @@ export declare type VerifyAuthenticationResponseOpts = {
|
|
|
19
19
|
* @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
|
|
20
20
|
* @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
|
|
21
21
|
* @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
|
|
22
|
-
* @param
|
|
23
|
-
*
|
|
24
|
-
* Omitting this value defaults verification to a WebAuthn-specific user presence requirement.
|
|
22
|
+
* @param requireUserVerification (Optional) Enforce user verification by the authenticator
|
|
23
|
+
* (via PIN, fingerprint, etc...)
|
|
25
24
|
*/
|
|
26
25
|
export default function verifyAuthenticationResponse(options: VerifyAuthenticationResponseOpts): VerifiedAuthenticationResponse;
|
|
27
26
|
/**
|
|
@@ -34,11 +33,18 @@ export default function verifyAuthenticationResponse(options: VerifyAuthenticati
|
|
|
34
33
|
* @param authenticationInfo.newCounter The number of times the authenticator identified above
|
|
35
34
|
* reported it has been used. **Should be kept in a DB for later reference to help prevent replay
|
|
36
35
|
* attacks!**
|
|
36
|
+
* @param authenticationInfo.credentialDeviceType Whether this is a single-device or multi-device
|
|
37
|
+
* credential. **Should be kept in a DB for later reference!**
|
|
38
|
+
* @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been
|
|
39
|
+
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
|
|
40
|
+
* reference!**
|
|
37
41
|
*/
|
|
38
42
|
export declare type VerifiedAuthenticationResponse = {
|
|
39
43
|
verified: boolean;
|
|
40
44
|
authenticationInfo: {
|
|
41
45
|
credentialID: Buffer;
|
|
42
46
|
newCounter: number;
|
|
47
|
+
credentialDeviceType: CredentialDeviceType;
|
|
48
|
+
credentialBackedUp: boolean;
|
|
43
49
|
};
|
|
44
50
|
};
|
|
@@ -10,6 +10,7 @@ const convertPublicKeyToPEM_1 = __importDefault(require("../helpers/convertPubli
|
|
|
10
10
|
const verifySignature_1 = __importDefault(require("../helpers/verifySignature"));
|
|
11
11
|
const parseAuthenticatorData_1 = __importDefault(require("../helpers/parseAuthenticatorData"));
|
|
12
12
|
const isBase64URLString_1 = __importDefault(require("../helpers/isBase64URLString"));
|
|
13
|
+
const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
|
|
13
14
|
/**
|
|
14
15
|
* Verify that the user has legitimately completed the login process
|
|
15
16
|
*
|
|
@@ -21,12 +22,11 @@ const isBase64URLString_1 = __importDefault(require("../helpers/isBase64URLStrin
|
|
|
21
22
|
* @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
|
|
22
23
|
* @param expectedRPID RP ID (or array of IDs) that was specified in the registration options
|
|
23
24
|
* @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
|
|
24
|
-
* @param
|
|
25
|
-
*
|
|
26
|
-
* Omitting this value defaults verification to a WebAuthn-specific user presence requirement.
|
|
25
|
+
* @param requireUserVerification (Optional) Enforce user verification by the authenticator
|
|
26
|
+
* (via PIN, fingerprint, etc...)
|
|
27
27
|
*/
|
|
28
28
|
function verifyAuthenticationResponse(options) {
|
|
29
|
-
const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator,
|
|
29
|
+
const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, requireUserVerification, } = options;
|
|
30
30
|
const { id, rawId, type: credentialType, response } = credential;
|
|
31
31
|
// Ensure credential specified an ID
|
|
32
32
|
if (!id) {
|
|
@@ -46,7 +46,7 @@ function verifyAuthenticationResponse(options) {
|
|
|
46
46
|
if (typeof (response === null || response === void 0 ? void 0 : response.clientDataJSON) !== 'string') {
|
|
47
47
|
throw new Error('Credential response clientDataJSON was not a string');
|
|
48
48
|
}
|
|
49
|
-
const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
|
|
49
|
+
const clientDataJSON = (0, decodeClientDataJSON_1.default)(response.clientDataJSON);
|
|
50
50
|
const { type, origin, challenge, tokenBinding } = clientDataJSON;
|
|
51
51
|
// Make sure we're handling an authentication
|
|
52
52
|
if (type !== 'webauthn.get') {
|
|
@@ -73,10 +73,10 @@ function verifyAuthenticationResponse(options) {
|
|
|
73
73
|
throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
|
|
74
74
|
}
|
|
75
75
|
}
|
|
76
|
-
if (!isBase64URLString_1.default(response.authenticatorData)) {
|
|
76
|
+
if (!(0, isBase64URLString_1.default)(response.authenticatorData)) {
|
|
77
77
|
throw new Error('Credential response authenticatorData was not a base64url string');
|
|
78
78
|
}
|
|
79
|
-
if (!isBase64URLString_1.default(response.signature)) {
|
|
79
|
+
if (!(0, isBase64URLString_1.default)(response.signature)) {
|
|
80
80
|
throw new Error('Credential response signature was not a base64url string');
|
|
81
81
|
}
|
|
82
82
|
if (response.userHandle && typeof response.userHandle !== 'string') {
|
|
@@ -91,11 +91,11 @@ function verifyAuthenticationResponse(options) {
|
|
|
91
91
|
}
|
|
92
92
|
}
|
|
93
93
|
const authDataBuffer = base64url_1.default.toBuffer(response.authenticatorData);
|
|
94
|
-
const parsedAuthData = parseAuthenticatorData_1.default(authDataBuffer);
|
|
94
|
+
const parsedAuthData = (0, parseAuthenticatorData_1.default)(authDataBuffer);
|
|
95
95
|
const { rpIdHash, flags, counter } = parsedAuthData;
|
|
96
96
|
// Make sure the response's RP ID is ours
|
|
97
97
|
if (typeof expectedRPID === 'string') {
|
|
98
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expectedRPID, 'ascii'));
|
|
98
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expectedRPID, 'ascii'));
|
|
99
99
|
if (!rpIdHash.equals(expectedRPIDHash)) {
|
|
100
100
|
throw new Error(`Unexpected RP ID hash`);
|
|
101
101
|
}
|
|
@@ -103,34 +103,24 @@ function verifyAuthenticationResponse(options) {
|
|
|
103
103
|
else {
|
|
104
104
|
// Go through each expected RP ID and try to find one that matches
|
|
105
105
|
const foundMatch = expectedRPID.some(expected => {
|
|
106
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expected, 'ascii'));
|
|
106
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expected, 'ascii'));
|
|
107
107
|
return rpIdHash.equals(expectedRPIDHash);
|
|
108
108
|
});
|
|
109
109
|
if (!foundMatch) {
|
|
110
110
|
throw new Error(`Unexpected RP ID hash`);
|
|
111
111
|
}
|
|
112
112
|
}
|
|
113
|
-
//
|
|
114
|
-
if (
|
|
115
|
-
|
|
116
|
-
// Require `flags.uv` be true (implies `flags.up` is true)
|
|
117
|
-
if (!flags.uv) {
|
|
118
|
-
throw new Error('User verification required, but user could not be verified');
|
|
119
|
-
}
|
|
120
|
-
}
|
|
121
|
-
else if (fidoUserVerification === 'preferred' || fidoUserVerification === 'discouraged') {
|
|
122
|
-
// Ignore `flags.uv`
|
|
123
|
-
}
|
|
113
|
+
// WebAuthn only requires the user presence flag be true
|
|
114
|
+
if (!flags.up) {
|
|
115
|
+
throw new Error('User not present during authentication');
|
|
124
116
|
}
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
throw new Error('User not present during authentication');
|
|
129
|
-
}
|
|
117
|
+
// Enforce user verification if required
|
|
118
|
+
if (requireUserVerification && !flags.uv) {
|
|
119
|
+
throw new Error('User verification required, but user could not be verified');
|
|
130
120
|
}
|
|
131
|
-
const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
121
|
+
const clientDataHash = (0, toHash_1.default)(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
132
122
|
const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]);
|
|
133
|
-
const publicKey = convertPublicKeyToPEM_1.default(authenticator.credentialPublicKey);
|
|
123
|
+
const publicKey = (0, convertPublicKeyToPEM_1.default)(authenticator.credentialPublicKey);
|
|
134
124
|
const signature = base64url_1.default.toBuffer(response.signature);
|
|
135
125
|
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
|
|
136
126
|
// Error out when the counter in the DB is greater than or equal to the counter in the
|
|
@@ -139,11 +129,14 @@ function verifyAuthenticationResponse(options) {
|
|
|
139
129
|
// on the device without going through this site
|
|
140
130
|
throw new Error(`Response counter value ${counter} was lower than expected ${authenticator.counter}`);
|
|
141
131
|
}
|
|
132
|
+
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
|
|
142
133
|
const toReturn = {
|
|
143
|
-
verified: verifySignature_1.default(signature, signatureBase, publicKey),
|
|
134
|
+
verified: (0, verifySignature_1.default)(signature, signatureBase, publicKey),
|
|
144
135
|
authenticationInfo: {
|
|
145
136
|
newCounter: counter,
|
|
146
137
|
credentialID: authenticator.credentialID,
|
|
138
|
+
credentialDeviceType,
|
|
139
|
+
credentialBackedUp,
|
|
147
140
|
},
|
|
148
141
|
};
|
|
149
142
|
return toReturn;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;
|
|
1
|
+
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;AAC7D,kEAA+D;AAW/D;;;;;;;;;;;;;GAaG;AACH,SAAwB,4BAA4B,CAClD,OAAyC;IAEzC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,GACxB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,IAAA,8BAAoB,EAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,IAAA,gCAAsB,EAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC;IAEpD,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,wDAAwD;IACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC3D;IAED,wCAAwC;IACxC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,MAAM,cAAc,GAAG,IAAA,gBAAM,EAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,IAAA,+BAAqB,EAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,IAAA,yBAAe,EAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC;QAC9D,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,oBAAoB;YACpB,kBAAkB;SACnB;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AA7JD,+CA6JC"}
|
|
@@ -6,7 +6,7 @@ const decodeCbor_1 = require("./decodeCbor");
|
|
|
6
6
|
* Takes COSE-encoded public key and converts it to PKCS key
|
|
7
7
|
*/
|
|
8
8
|
function convertCOSEtoPKCS(cosePublicKey) {
|
|
9
|
-
const struct = decodeCbor_1.decodeCborFirst(cosePublicKey);
|
|
9
|
+
const struct = (0, decodeCbor_1.decodeCborFirst)(cosePublicKey);
|
|
10
10
|
const tag = Buffer.from([0x04]);
|
|
11
11
|
const x = struct.get(COSEKEYS.x);
|
|
12
12
|
const y = struct.get(COSEKEYS.y);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,4BAAe,
|
|
1
|
+
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,IAAA,4BAAe,EAAC,aAAa,CAAC,CAAC;IAE7D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,EAAE;QACL,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,CAAC,CAAC,CAAC;AAC3C,CAAC;AAhBD,oCAgBC;AAID,IAAY,QAQX;AARD,WAAY,QAAQ;IAClB,qCAAO,CAAA;IACP,qCAAO,CAAA;IACP,sCAAQ,CAAA;IACR,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;AACR,CAAC,EARW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAQnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAEY,QAAA,aAAa,GAAyC;IACjE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,YAAY;IACnB,KAAK,EAAE,YAAY;IACnB,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,0DAA0D;AAC7C,QAAA,OAAO,GAA8B;IAChD,UAAU;IACV,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,UAAU;IACV,CAAC,EAAE,SAAS;CACb,CAAC;AAEW,QAAA,WAAW,GAA8B;IACpD,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,MAAM;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,QAAQ;CAChB,CAAC"}
|
|
@@ -12,7 +12,8 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
12
12
|
struct = cbor_1.default.decodeAllSync(publicKey)[0];
|
|
13
13
|
}
|
|
14
14
|
catch (err) {
|
|
15
|
-
|
|
15
|
+
const _err = err;
|
|
16
|
+
throw new Error(`Error decoding public key while converting to PEM: ${_err.message}`);
|
|
16
17
|
}
|
|
17
18
|
const kty = struct.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
18
19
|
if (!kty) {
|
|
@@ -31,7 +32,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
31
32
|
if (!y) {
|
|
32
33
|
throw new Error('Public key was missing y (EC2)');
|
|
33
34
|
}
|
|
34
|
-
const ecPEM = jwk_to_pem_1.default({
|
|
35
|
+
const ecPEM = (0, jwk_to_pem_1.default)({
|
|
35
36
|
kty: 'EC',
|
|
36
37
|
// Specify curve as "P-256" from "p256"
|
|
37
38
|
crv: convertCOSEtoPKCS_1.COSECRV[crv].replace('p', 'P-'),
|
|
@@ -49,7 +50,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
49
50
|
if (!e) {
|
|
50
51
|
throw new Error('Public key was missing e (RSA)');
|
|
51
52
|
}
|
|
52
|
-
const rsaPEM = jwk_to_pem_1.default({
|
|
53
|
+
const rsaPEM = (0, jwk_to_pem_1.default)({
|
|
53
54
|
kty: 'RSA',
|
|
54
55
|
n: n.toString('base64'),
|
|
55
56
|
e: e.toString('base64'),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,sDAAsD,
|
|
1
|
+
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KACvF;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;KAC/C;IAED,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QACvB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;SACrD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,KAAK,GAAG,IAAA,oBAAQ,EAAC;YACrB,GAAG,EAAE,IAAI;YACT,uCAAuC;YACvC,GAAG,EAAE,2BAAO,CAAC,GAAa,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC;YAC9C,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;KACd;SAAM,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,MAAM,GAAG,IAAA,oBAAQ,EAAC;YACtB,GAAG,EAAE,KAAK;YACV,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;KACf;IAED,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,SAAS,CAAC,CAAC;AACrE,CAAC;AA/DD,wCA+DC"}
|
|
@@ -11,12 +11,20 @@ function decodeCborFirst(input) {
|
|
|
11
11
|
return cbor_1.default.decodeFirstSync(input);
|
|
12
12
|
}
|
|
13
13
|
catch (err) {
|
|
14
|
+
const _err = err;
|
|
14
15
|
// if the error was due to extra bytes, return the unpacked value
|
|
15
|
-
if (
|
|
16
|
-
return
|
|
16
|
+
if (_err.value) {
|
|
17
|
+
return _err.value;
|
|
17
18
|
}
|
|
18
19
|
throw err;
|
|
19
20
|
}
|
|
20
21
|
}
|
|
21
22
|
exports.decodeCborFirst = decodeCborFirst;
|
|
23
|
+
/**
|
|
24
|
+
* Intuited from a quick scan of `cbor.decodeFirstSync()` here:
|
|
25
|
+
*
|
|
26
|
+
* https://github.com/hildjj/node-cbor/blob/v5.1.0/lib/decoder.js#L189
|
|
27
|
+
*/
|
|
28
|
+
class CborDecoderError extends Error {
|
|
29
|
+
}
|
|
22
30
|
//# sourceMappingURL=decodeCbor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,iEAAiE;QACjE,IAAI,
|
|
1
|
+
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAuB,CAAC;QACrC,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE;YACd,OAAO,IAAI,CAAC,KAAK,CAAC;SACnB;QACD,MAAM,GAAG,CAAC;KACX;AACH,CAAC;AAZD,0CAYC;AAED;;;;GAIG;AACH,MAAM,gBAAiB,SAAQ,KAAK;CAEnC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const decodeCbor_1 = require("./decodeCbor");
|
|
4
4
|
function decodeCredentialPublicKey(publicKey) {
|
|
5
|
-
return decodeCbor_1.decodeCborFirst(publicKey);
|
|
5
|
+
return (0, decodeCbor_1.decodeCborFirst)(publicKey);
|
|
6
6
|
}
|
|
7
7
|
exports.default = decodeCredentialPublicKey;
|
|
8
8
|
//# sourceMappingURL=decodeCredentialPublicKey.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,4BAAe,
|
|
1
|
+
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,IAAA,4BAAe,EAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAFD,4CAEC"}
|
|
@@ -50,9 +50,9 @@ async function isCertRevoked(cert) {
|
|
|
50
50
|
// Download and read the CRL
|
|
51
51
|
const crlCert = new jsrsasign_1.X509();
|
|
52
52
|
try {
|
|
53
|
-
const respCRL = await node_fetch_1.default(crlURL[0]);
|
|
53
|
+
const respCRL = await (0, node_fetch_1.default)(crlURL[0]);
|
|
54
54
|
const dataCRL = await respCRL.buffer();
|
|
55
|
-
const dataPEM = convertCertBufferToPEM_1.default(dataCRL);
|
|
55
|
+
const dataPEM = (0, convertCertBufferToPEM_1.default)(dataCRL);
|
|
56
56
|
crlCert.readCertPEM(dataPEM);
|
|
57
57
|
}
|
|
58
58
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,oBAAK,
|
|
1
|
+
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAK,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,gCAAsB,EAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA5ED,gCA4EC"}
|
package/dist/helpers/logging.js
CHANGED
|
@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.getLogger = void 0;
|
|
7
7
|
const debug_1 = __importDefault(require("debug"));
|
|
8
|
-
const defaultLogger = debug_1.default('SimpleWebAuthn');
|
|
8
|
+
const defaultLogger = (0, debug_1.default)('SimpleWebAuthn');
|
|
9
9
|
/**
|
|
10
10
|
* Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
|
|
11
11
|
* consistent naming.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,eAAK,
|
|
1
|
+
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,IAAA,eAAK,EAAC,gBAAgB,CAAC,CAAC;AAE9C;;;;;;;;;;;;;GAaG;AACH,SAAgB,SAAS,CAAC,IAAY;IACpC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAFD,8BAEC"}
|
|
@@ -16,11 +16,15 @@ function parseAuthenticatorData(authData) {
|
|
|
16
16
|
const rpIdHash = authData.slice(pointer, (pointer += 32));
|
|
17
17
|
const flagsBuf = authData.slice(pointer, (pointer += 1));
|
|
18
18
|
const flagsInt = flagsBuf[0];
|
|
19
|
+
// Bit positions can be referenced here:
|
|
20
|
+
// https://www.w3.org/TR/webauthn-2/#flags
|
|
19
21
|
const flags = {
|
|
20
|
-
up: !!(flagsInt &
|
|
21
|
-
uv: !!(flagsInt &
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
up: !!(flagsInt & 1 << 0),
|
|
23
|
+
uv: !!(flagsInt & 1 << 2),
|
|
24
|
+
be: !!(flagsInt & 1 << 3),
|
|
25
|
+
bs: !!(flagsInt & 1 << 4),
|
|
26
|
+
at: !!(flagsInt & 1 << 6),
|
|
27
|
+
ed: !!(flagsInt & 1 << 7),
|
|
24
28
|
flagsInt,
|
|
25
29
|
};
|
|
26
30
|
const counterBuf = authData.slice(pointer, (pointer += 4));
|
|
@@ -34,14 +38,14 @@ function parseAuthenticatorData(authData) {
|
|
|
34
38
|
const credIDLen = credIDLenBuf.readUInt16BE(0);
|
|
35
39
|
credentialID = authData.slice(pointer, (pointer += credIDLen));
|
|
36
40
|
// Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
|
|
37
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
41
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
38
42
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
39
43
|
credentialPublicKey = firstEncoded;
|
|
40
44
|
pointer += firstEncoded.byteLength;
|
|
41
45
|
}
|
|
42
46
|
let extensionsDataBuffer = undefined;
|
|
43
47
|
if (flags.ed) {
|
|
44
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
48
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
45
49
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
46
50
|
extensionsDataBuffer = firstEncoded;
|
|
47
51
|
pointer += firstEncoded.byteLength;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,wCAAwC;IACxC,0CAA0C;IAC1C,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAElD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IACzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,2FAA2F;IAC3F,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AAxED,yCAwEC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
2
|
+
/**
|
|
3
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
4
|
+
*
|
|
5
|
+
* - Whether the credential can be used on multiple devices
|
|
6
|
+
* - Whether the credential is backed up or not
|
|
7
|
+
*
|
|
8
|
+
* Invalid configurations will raise an `Error`
|
|
9
|
+
*/
|
|
10
|
+
export declare function parseBackupFlags({ be, bs }: {
|
|
11
|
+
be: boolean;
|
|
12
|
+
bs: boolean;
|
|
13
|
+
}): {
|
|
14
|
+
credentialDeviceType: CredentialDeviceType;
|
|
15
|
+
credentialBackedUp: boolean;
|
|
16
|
+
};
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.parseBackupFlags = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
6
|
+
*
|
|
7
|
+
* - Whether the credential can be used on multiple devices
|
|
8
|
+
* - Whether the credential is backed up or not
|
|
9
|
+
*
|
|
10
|
+
* Invalid configurations will raise an `Error`
|
|
11
|
+
*/
|
|
12
|
+
function parseBackupFlags({ be, bs }) {
|
|
13
|
+
const credentialBackedUp = bs;
|
|
14
|
+
let credentialDeviceType = 'singleDevice';
|
|
15
|
+
if (be) {
|
|
16
|
+
credentialDeviceType = 'multiDevice';
|
|
17
|
+
}
|
|
18
|
+
if (credentialDeviceType === 'singleDevice' && credentialBackedUp) {
|
|
19
|
+
throw new InvalidBackupFlags('Single-device credential indicated that it was backed up, which should be impossible.');
|
|
20
|
+
}
|
|
21
|
+
return { credentialDeviceType, credentialBackedUp };
|
|
22
|
+
}
|
|
23
|
+
exports.parseBackupFlags = parseBackupFlags;
|
|
24
|
+
class InvalidBackupFlags extends Error {
|
|
25
|
+
constructor(message) {
|
|
26
|
+
super(message);
|
|
27
|
+
this.name = 'InvalidBackupFlags';
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=parseBackupFlags.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parseBackupFlags.js","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAgC;IAIvE,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,IAAI,oBAAoB,GAAyB,cAAc,CAAC;IAEhE,IAAI,EAAE,EAAE;QACN,oBAAoB,GAAG,aAAa,CAAC;KACtC;IAED,IAAI,oBAAoB,KAAK,cAAc,IAAI,kBAAkB,EAAE;QACjE,MAAM,IAAI,kBAAkB,CAC1B,uFAAuF,CACxF,CAAA;KACF;IAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;AACtD,CAAC;AAlBD,4CAkBC;AAED,MAAM,kBAAmB,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF"}
|
|
@@ -75,13 +75,13 @@ async function _validatePath(certificates) {
|
|
|
75
75
|
const issuerCert = new jsrsasign_1.X509();
|
|
76
76
|
issuerCert.readCertPEM(issuerPem);
|
|
77
77
|
// Check for certificate revocation
|
|
78
|
-
const subjectCertRevoked = await isCertRevoked_1.default(subjectCert);
|
|
78
|
+
const subjectCertRevoked = await (0, isCertRevoked_1.default)(subjectCert);
|
|
79
79
|
if (subjectCertRevoked) {
|
|
80
80
|
throw new Error(`Found revoked certificate in certificate path`);
|
|
81
81
|
}
|
|
82
82
|
// Check that intermediate certificate is within its valid time window
|
|
83
|
-
const notBefore = jsrsasign_1.zulutodate(issuerCert.getNotBefore());
|
|
84
|
-
const notAfter = jsrsasign_1.zulutodate(issuerCert.getNotAfter());
|
|
83
|
+
const notBefore = (0, jsrsasign_1.zulutodate)(issuerCert.getNotBefore());
|
|
84
|
+
const notAfter = (0, jsrsasign_1.zulutodate)(issuerCert.getNotAfter());
|
|
85
85
|
const now = new Date(Date.now());
|
|
86
86
|
if (notBefore > now || notAfter < now) {
|
|
87
87
|
if (isLeafCert) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,uBAAa,
|
|
1
|
+
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAW,CAAC,CAAC;QAE5D,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,sEAAsE;QACtE,MAAM,SAAS,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,GAAG,GAAG,IAAI,QAAQ,GAAG,GAAG,EAAE;YACrC,IAAI,UAAU,EAAE;gBACd,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM,IAAI,UAAU,EAAE;gBACrB,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,+BAA+B,CACvC,yDAAyD,SAAS,EAAE,CACrE,CAAC;aACH;SACF;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,EAAE;YACnE,MAAM,IAAI,uBAAuB,EAAE,CAAC;SACrC;QAED,MAAM,iBAAiB,GAAG,mBAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,0BAA0B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,SAAS,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAEvC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+CAA+C;AAC/C,MAAM,uBAAwB,SAAQ,KAAK;IACzC;QACE,MAAM,OAAO,GAAG,6CAA6C,CAAC;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,+BAAgC,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -22,7 +22,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
22
22
|
}
|
|
23
23
|
});
|
|
24
24
|
// Extract the public key's COSE info for comparison
|
|
25
|
-
const decodedPublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
25
|
+
const decodedPublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
26
26
|
// Assume everything is a number because these values should be
|
|
27
27
|
const publicKeyCOSEInfo = {
|
|
28
28
|
kty: decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty),
|
|
@@ -60,10 +60,11 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
60
60
|
throw new Error(`Public key algorithm ${publicKeyCOSEInfo} did not match any metadata algorithms [${debugAlgs}]`);
|
|
61
61
|
}
|
|
62
62
|
try {
|
|
63
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
63
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
64
64
|
}
|
|
65
65
|
catch (err) {
|
|
66
|
-
|
|
66
|
+
const _err = err;
|
|
67
|
+
throw new Error(`Could not validate certificate path with any metadata root certificates: ${_err.message}`);
|
|
67
68
|
}
|
|
68
69
|
return true;
|
|
69
70
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,mCAAyB,
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;mBAC/D,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAC3C;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,wBAAwB,iBAAiB,2CAA2C,SAAS,GAAG,CAAC,CAAC;KACnH;IAED,IAAI;QACF,MAAM,IAAA,iCAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,gCAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7G;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAtED,gDAsEC;AAQD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,8FAA8F;QAC9F,sBAAsB;QACtB,eAAe;QACf,oCAAoC;QACpC,oCAAoC;QACpC,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
|
|
@@ -71,7 +71,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
73
|
function generateRegistrationOptions(options) {
|
|
74
|
-
const { rpName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
74
|
+
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.default)(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
77
77
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,8CA2DC"}
|