@simplewebauthn/server 5.1.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.js +1 -1
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +8 -1
- package/dist/authentication/verifyAuthenticationResponse.js +13 -9
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +4 -3
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeCbor.js +10 -2
- package/dist/helpers/decodeCbor.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/isCertRevoked.js +2 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.js +1 -1
- package/dist/helpers/logging.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +2 -0
- package/dist/helpers/parseAuthenticatorData.js +10 -6
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.d.ts +16 -0
- package/dist/helpers/parseBackupFlags.js +30 -0
- package/dist/helpers/parseBackupFlags.js.map +1 -0
- package/dist/helpers/validateCertificatePath.js +3 -3
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +4 -3
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.js +1 -1
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyTPM.js +14 -12
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidKey.js +14 -8
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js +10 -8
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -1
- package/dist/registration/verifications/verifyApple.js +5 -4
- package/dist/registration/verifications/verifyApple.js.map +1 -1
- package/dist/registration/verifications/verifyFIDOU2F.js +6 -5
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -1
- package/dist/registration/verifications/verifyPacked.js +18 -12
- package/dist/registration/verifications/verifyPacked.js.map +1 -1
- package/dist/registration/verifyRegistrationResponse.d.ts +12 -5
- package/dist/registration/verifyRegistrationResponse.js +20 -16
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.js +5 -5
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.js +1 -1
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +6 -6
|
@@ -19,7 +19,7 @@ const generateChallenge_1 = __importDefault(require("../helpers/generateChalleng
|
|
|
19
19
|
* @param rpID Valid domain name (after `https://`)
|
|
20
20
|
*/
|
|
21
21
|
function generateAuthenticationOptions(options = {}) {
|
|
22
|
-
const { allowCredentials, challenge = generateChallenge_1.default(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
22
|
+
const { allowCredentials, challenge = (0, generateChallenge_1.default)(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
23
23
|
return {
|
|
24
24
|
challenge: base64url_1.default.encode(challenge),
|
|
25
25
|
allowCredentials: allowCredentials === null || allowCredentials === void 0 ? void 0 : allowCredentials.map(cred => ({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,EAChB,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AAvBD,gDAuBC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { AuthenticationCredentialJSON, AuthenticatorDevice } from '@simplewebauthn/typescript-types';
|
|
2
|
+
import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
3
3
|
export declare type VerifyAuthenticationResponseOpts = {
|
|
4
4
|
credential: AuthenticationCredentialJSON;
|
|
5
5
|
expectedChallenge: string | ((challenge: string) => boolean);
|
|
@@ -33,11 +33,18 @@ export default function verifyAuthenticationResponse(options: VerifyAuthenticati
|
|
|
33
33
|
* @param authenticationInfo.newCounter The number of times the authenticator identified above
|
|
34
34
|
* reported it has been used. **Should be kept in a DB for later reference to help prevent replay
|
|
35
35
|
* attacks!**
|
|
36
|
+
* @param authenticationInfo.credentialDeviceType Whether this is a single-device or multi-device
|
|
37
|
+
* credential. **Should be kept in a DB for later reference!**
|
|
38
|
+
* @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been
|
|
39
|
+
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
|
|
40
|
+
* reference!**
|
|
36
41
|
*/
|
|
37
42
|
export declare type VerifiedAuthenticationResponse = {
|
|
38
43
|
verified: boolean;
|
|
39
44
|
authenticationInfo: {
|
|
40
45
|
credentialID: Buffer;
|
|
41
46
|
newCounter: number;
|
|
47
|
+
credentialDeviceType: CredentialDeviceType;
|
|
48
|
+
credentialBackedUp: boolean;
|
|
42
49
|
};
|
|
43
50
|
};
|
|
@@ -10,6 +10,7 @@ const convertPublicKeyToPEM_1 = __importDefault(require("../helpers/convertPubli
|
|
|
10
10
|
const verifySignature_1 = __importDefault(require("../helpers/verifySignature"));
|
|
11
11
|
const parseAuthenticatorData_1 = __importDefault(require("../helpers/parseAuthenticatorData"));
|
|
12
12
|
const isBase64URLString_1 = __importDefault(require("../helpers/isBase64URLString"));
|
|
13
|
+
const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
|
|
13
14
|
/**
|
|
14
15
|
* Verify that the user has legitimately completed the login process
|
|
15
16
|
*
|
|
@@ -45,7 +46,7 @@ function verifyAuthenticationResponse(options) {
|
|
|
45
46
|
if (typeof (response === null || response === void 0 ? void 0 : response.clientDataJSON) !== 'string') {
|
|
46
47
|
throw new Error('Credential response clientDataJSON was not a string');
|
|
47
48
|
}
|
|
48
|
-
const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
|
|
49
|
+
const clientDataJSON = (0, decodeClientDataJSON_1.default)(response.clientDataJSON);
|
|
49
50
|
const { type, origin, challenge, tokenBinding } = clientDataJSON;
|
|
50
51
|
// Make sure we're handling an authentication
|
|
51
52
|
if (type !== 'webauthn.get') {
|
|
@@ -72,10 +73,10 @@ function verifyAuthenticationResponse(options) {
|
|
|
72
73
|
throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
|
|
73
74
|
}
|
|
74
75
|
}
|
|
75
|
-
if (!isBase64URLString_1.default(response.authenticatorData)) {
|
|
76
|
+
if (!(0, isBase64URLString_1.default)(response.authenticatorData)) {
|
|
76
77
|
throw new Error('Credential response authenticatorData was not a base64url string');
|
|
77
78
|
}
|
|
78
|
-
if (!isBase64URLString_1.default(response.signature)) {
|
|
79
|
+
if (!(0, isBase64URLString_1.default)(response.signature)) {
|
|
79
80
|
throw new Error('Credential response signature was not a base64url string');
|
|
80
81
|
}
|
|
81
82
|
if (response.userHandle && typeof response.userHandle !== 'string') {
|
|
@@ -90,11 +91,11 @@ function verifyAuthenticationResponse(options) {
|
|
|
90
91
|
}
|
|
91
92
|
}
|
|
92
93
|
const authDataBuffer = base64url_1.default.toBuffer(response.authenticatorData);
|
|
93
|
-
const parsedAuthData = parseAuthenticatorData_1.default(authDataBuffer);
|
|
94
|
+
const parsedAuthData = (0, parseAuthenticatorData_1.default)(authDataBuffer);
|
|
94
95
|
const { rpIdHash, flags, counter } = parsedAuthData;
|
|
95
96
|
// Make sure the response's RP ID is ours
|
|
96
97
|
if (typeof expectedRPID === 'string') {
|
|
97
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expectedRPID, 'ascii'));
|
|
98
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expectedRPID, 'ascii'));
|
|
98
99
|
if (!rpIdHash.equals(expectedRPIDHash)) {
|
|
99
100
|
throw new Error(`Unexpected RP ID hash`);
|
|
100
101
|
}
|
|
@@ -102,7 +103,7 @@ function verifyAuthenticationResponse(options) {
|
|
|
102
103
|
else {
|
|
103
104
|
// Go through each expected RP ID and try to find one that matches
|
|
104
105
|
const foundMatch = expectedRPID.some(expected => {
|
|
105
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expected, 'ascii'));
|
|
106
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expected, 'ascii'));
|
|
106
107
|
return rpIdHash.equals(expectedRPIDHash);
|
|
107
108
|
});
|
|
108
109
|
if (!foundMatch) {
|
|
@@ -117,9 +118,9 @@ function verifyAuthenticationResponse(options) {
|
|
|
117
118
|
if (requireUserVerification && !flags.uv) {
|
|
118
119
|
throw new Error('User verification required, but user could not be verified');
|
|
119
120
|
}
|
|
120
|
-
const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
121
|
+
const clientDataHash = (0, toHash_1.default)(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
121
122
|
const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]);
|
|
122
|
-
const publicKey = convertPublicKeyToPEM_1.default(authenticator.credentialPublicKey);
|
|
123
|
+
const publicKey = (0, convertPublicKeyToPEM_1.default)(authenticator.credentialPublicKey);
|
|
123
124
|
const signature = base64url_1.default.toBuffer(response.signature);
|
|
124
125
|
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
|
|
125
126
|
// Error out when the counter in the DB is greater than or equal to the counter in the
|
|
@@ -128,11 +129,14 @@ function verifyAuthenticationResponse(options) {
|
|
|
128
129
|
// on the device without going through this site
|
|
129
130
|
throw new Error(`Response counter value ${counter} was lower than expected ${authenticator.counter}`);
|
|
130
131
|
}
|
|
132
|
+
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
|
|
131
133
|
const toReturn = {
|
|
132
|
-
verified: verifySignature_1.default(signature, signatureBase, publicKey),
|
|
134
|
+
verified: (0, verifySignature_1.default)(signature, signatureBase, publicKey),
|
|
133
135
|
authenticationInfo: {
|
|
134
136
|
newCounter: counter,
|
|
135
137
|
credentialID: authenticator.credentialID,
|
|
138
|
+
credentialDeviceType,
|
|
139
|
+
credentialBackedUp,
|
|
136
140
|
},
|
|
137
141
|
};
|
|
138
142
|
return toReturn;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;
|
|
1
|
+
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;AAC7D,kEAA+D;AAW/D;;;;;;;;;;;;;GAaG;AACH,SAAwB,4BAA4B,CAClD,OAAyC;IAEzC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,GACxB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,IAAA,8BAAoB,EAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,IAAA,gCAAsB,EAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC;IAEpD,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,wDAAwD;IACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC3D;IAED,wCAAwC;IACxC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,MAAM,cAAc,GAAG,IAAA,gBAAM,EAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,IAAA,+BAAqB,EAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,IAAA,yBAAe,EAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC;QAC9D,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,oBAAoB;YACpB,kBAAkB;SACnB;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AA7JD,+CA6JC"}
|
|
@@ -6,7 +6,7 @@ const decodeCbor_1 = require("./decodeCbor");
|
|
|
6
6
|
* Takes COSE-encoded public key and converts it to PKCS key
|
|
7
7
|
*/
|
|
8
8
|
function convertCOSEtoPKCS(cosePublicKey) {
|
|
9
|
-
const struct = decodeCbor_1.decodeCborFirst(cosePublicKey);
|
|
9
|
+
const struct = (0, decodeCbor_1.decodeCborFirst)(cosePublicKey);
|
|
10
10
|
const tag = Buffer.from([0x04]);
|
|
11
11
|
const x = struct.get(COSEKEYS.x);
|
|
12
12
|
const y = struct.get(COSEKEYS.y);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,4BAAe,
|
|
1
|
+
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,IAAA,4BAAe,EAAC,aAAa,CAAC,CAAC;IAE7D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,EAAE;QACL,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,CAAC,CAAC,CAAC;AAC3C,CAAC;AAhBD,oCAgBC;AAID,IAAY,QAQX;AARD,WAAY,QAAQ;IAClB,qCAAO,CAAA;IACP,qCAAO,CAAA;IACP,sCAAQ,CAAA;IACR,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;AACR,CAAC,EARW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAQnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAEY,QAAA,aAAa,GAAyC;IACjE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,YAAY;IACnB,KAAK,EAAE,YAAY;IACnB,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,0DAA0D;AAC7C,QAAA,OAAO,GAA8B;IAChD,UAAU;IACV,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,UAAU;IACV,CAAC,EAAE,SAAS;CACb,CAAC;AAEW,QAAA,WAAW,GAA8B;IACpD,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,MAAM;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,QAAQ;CAChB,CAAC"}
|
|
@@ -12,7 +12,8 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
12
12
|
struct = cbor_1.default.decodeAllSync(publicKey)[0];
|
|
13
13
|
}
|
|
14
14
|
catch (err) {
|
|
15
|
-
|
|
15
|
+
const _err = err;
|
|
16
|
+
throw new Error(`Error decoding public key while converting to PEM: ${_err.message}`);
|
|
16
17
|
}
|
|
17
18
|
const kty = struct.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
18
19
|
if (!kty) {
|
|
@@ -31,7 +32,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
31
32
|
if (!y) {
|
|
32
33
|
throw new Error('Public key was missing y (EC2)');
|
|
33
34
|
}
|
|
34
|
-
const ecPEM = jwk_to_pem_1.default({
|
|
35
|
+
const ecPEM = (0, jwk_to_pem_1.default)({
|
|
35
36
|
kty: 'EC',
|
|
36
37
|
// Specify curve as "P-256" from "p256"
|
|
37
38
|
crv: convertCOSEtoPKCS_1.COSECRV[crv].replace('p', 'P-'),
|
|
@@ -49,7 +50,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
49
50
|
if (!e) {
|
|
50
51
|
throw new Error('Public key was missing e (RSA)');
|
|
51
52
|
}
|
|
52
|
-
const rsaPEM = jwk_to_pem_1.default({
|
|
53
|
+
const rsaPEM = (0, jwk_to_pem_1.default)({
|
|
53
54
|
kty: 'RSA',
|
|
54
55
|
n: n.toString('base64'),
|
|
55
56
|
e: e.toString('base64'),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,sDAAsD,
|
|
1
|
+
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KACvF;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;KAC/C;IAED,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QACvB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;SACrD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,KAAK,GAAG,IAAA,oBAAQ,EAAC;YACrB,GAAG,EAAE,IAAI;YACT,uCAAuC;YACvC,GAAG,EAAE,2BAAO,CAAC,GAAa,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC;YAC9C,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;KACd;SAAM,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,MAAM,GAAG,IAAA,oBAAQ,EAAC;YACtB,GAAG,EAAE,KAAK;YACV,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;KACf;IAED,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,SAAS,CAAC,CAAC;AACrE,CAAC;AA/DD,wCA+DC"}
|
|
@@ -11,12 +11,20 @@ function decodeCborFirst(input) {
|
|
|
11
11
|
return cbor_1.default.decodeFirstSync(input);
|
|
12
12
|
}
|
|
13
13
|
catch (err) {
|
|
14
|
+
const _err = err;
|
|
14
15
|
// if the error was due to extra bytes, return the unpacked value
|
|
15
|
-
if (
|
|
16
|
-
return
|
|
16
|
+
if (_err.value) {
|
|
17
|
+
return _err.value;
|
|
17
18
|
}
|
|
18
19
|
throw err;
|
|
19
20
|
}
|
|
20
21
|
}
|
|
21
22
|
exports.decodeCborFirst = decodeCborFirst;
|
|
23
|
+
/**
|
|
24
|
+
* Intuited from a quick scan of `cbor.decodeFirstSync()` here:
|
|
25
|
+
*
|
|
26
|
+
* https://github.com/hildjj/node-cbor/blob/v5.1.0/lib/decoder.js#L189
|
|
27
|
+
*/
|
|
28
|
+
class CborDecoderError extends Error {
|
|
29
|
+
}
|
|
22
30
|
//# sourceMappingURL=decodeCbor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,iEAAiE;QACjE,IAAI,
|
|
1
|
+
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAuB,CAAC;QACrC,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE;YACd,OAAO,IAAI,CAAC,KAAK,CAAC;SACnB;QACD,MAAM,GAAG,CAAC;KACX;AACH,CAAC;AAZD,0CAYC;AAED;;;;GAIG;AACH,MAAM,gBAAiB,SAAQ,KAAK;CAEnC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const decodeCbor_1 = require("./decodeCbor");
|
|
4
4
|
function decodeCredentialPublicKey(publicKey) {
|
|
5
|
-
return decodeCbor_1.decodeCborFirst(publicKey);
|
|
5
|
+
return (0, decodeCbor_1.decodeCborFirst)(publicKey);
|
|
6
6
|
}
|
|
7
7
|
exports.default = decodeCredentialPublicKey;
|
|
8
8
|
//# sourceMappingURL=decodeCredentialPublicKey.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,4BAAe,
|
|
1
|
+
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,IAAA,4BAAe,EAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAFD,4CAEC"}
|
|
@@ -50,9 +50,9 @@ async function isCertRevoked(cert) {
|
|
|
50
50
|
// Download and read the CRL
|
|
51
51
|
const crlCert = new jsrsasign_1.X509();
|
|
52
52
|
try {
|
|
53
|
-
const respCRL = await node_fetch_1.default(crlURL[0]);
|
|
53
|
+
const respCRL = await (0, node_fetch_1.default)(crlURL[0]);
|
|
54
54
|
const dataCRL = await respCRL.buffer();
|
|
55
|
-
const dataPEM = convertCertBufferToPEM_1.default(dataCRL);
|
|
55
|
+
const dataPEM = (0, convertCertBufferToPEM_1.default)(dataCRL);
|
|
56
56
|
crlCert.readCertPEM(dataPEM);
|
|
57
57
|
}
|
|
58
58
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,oBAAK,
|
|
1
|
+
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAK,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,gCAAsB,EAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA5ED,gCA4EC"}
|
package/dist/helpers/logging.js
CHANGED
|
@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.getLogger = void 0;
|
|
7
7
|
const debug_1 = __importDefault(require("debug"));
|
|
8
|
-
const defaultLogger = debug_1.default('SimpleWebAuthn');
|
|
8
|
+
const defaultLogger = (0, debug_1.default)('SimpleWebAuthn');
|
|
9
9
|
/**
|
|
10
10
|
* Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
|
|
11
11
|
* consistent naming.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,eAAK,
|
|
1
|
+
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,IAAA,eAAK,EAAC,gBAAgB,CAAC,CAAC;AAE9C;;;;;;;;;;;;;GAaG;AACH,SAAgB,SAAS,CAAC,IAAY;IACpC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAFD,8BAEC"}
|
|
@@ -16,11 +16,15 @@ function parseAuthenticatorData(authData) {
|
|
|
16
16
|
const rpIdHash = authData.slice(pointer, (pointer += 32));
|
|
17
17
|
const flagsBuf = authData.slice(pointer, (pointer += 1));
|
|
18
18
|
const flagsInt = flagsBuf[0];
|
|
19
|
+
// Bit positions can be referenced here:
|
|
20
|
+
// https://www.w3.org/TR/webauthn-2/#flags
|
|
19
21
|
const flags = {
|
|
20
|
-
up: !!(flagsInt &
|
|
21
|
-
uv: !!(flagsInt &
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
up: !!(flagsInt & 1 << 0),
|
|
23
|
+
uv: !!(flagsInt & 1 << 2),
|
|
24
|
+
be: !!(flagsInt & 1 << 3),
|
|
25
|
+
bs: !!(flagsInt & 1 << 4),
|
|
26
|
+
at: !!(flagsInt & 1 << 6),
|
|
27
|
+
ed: !!(flagsInt & 1 << 7),
|
|
24
28
|
flagsInt,
|
|
25
29
|
};
|
|
26
30
|
const counterBuf = authData.slice(pointer, (pointer += 4));
|
|
@@ -34,14 +38,14 @@ function parseAuthenticatorData(authData) {
|
|
|
34
38
|
const credIDLen = credIDLenBuf.readUInt16BE(0);
|
|
35
39
|
credentialID = authData.slice(pointer, (pointer += credIDLen));
|
|
36
40
|
// Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
|
|
37
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
41
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
38
42
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
39
43
|
credentialPublicKey = firstEncoded;
|
|
40
44
|
pointer += firstEncoded.byteLength;
|
|
41
45
|
}
|
|
42
46
|
let extensionsDataBuffer = undefined;
|
|
43
47
|
if (flags.ed) {
|
|
44
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
48
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
45
49
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
46
50
|
extensionsDataBuffer = firstEncoded;
|
|
47
51
|
pointer += firstEncoded.byteLength;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,wCAAwC;IACxC,0CAA0C;IAC1C,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAElD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IACzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,2FAA2F;IAC3F,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AAxED,yCAwEC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
2
|
+
/**
|
|
3
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
4
|
+
*
|
|
5
|
+
* - Whether the credential can be used on multiple devices
|
|
6
|
+
* - Whether the credential is backed up or not
|
|
7
|
+
*
|
|
8
|
+
* Invalid configurations will raise an `Error`
|
|
9
|
+
*/
|
|
10
|
+
export declare function parseBackupFlags({ be, bs }: {
|
|
11
|
+
be: boolean;
|
|
12
|
+
bs: boolean;
|
|
13
|
+
}): {
|
|
14
|
+
credentialDeviceType: CredentialDeviceType;
|
|
15
|
+
credentialBackedUp: boolean;
|
|
16
|
+
};
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.parseBackupFlags = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
6
|
+
*
|
|
7
|
+
* - Whether the credential can be used on multiple devices
|
|
8
|
+
* - Whether the credential is backed up or not
|
|
9
|
+
*
|
|
10
|
+
* Invalid configurations will raise an `Error`
|
|
11
|
+
*/
|
|
12
|
+
function parseBackupFlags({ be, bs }) {
|
|
13
|
+
const credentialBackedUp = bs;
|
|
14
|
+
let credentialDeviceType = 'singleDevice';
|
|
15
|
+
if (be) {
|
|
16
|
+
credentialDeviceType = 'multiDevice';
|
|
17
|
+
}
|
|
18
|
+
if (credentialDeviceType === 'singleDevice' && credentialBackedUp) {
|
|
19
|
+
throw new InvalidBackupFlags('Single-device credential indicated that it was backed up, which should be impossible.');
|
|
20
|
+
}
|
|
21
|
+
return { credentialDeviceType, credentialBackedUp };
|
|
22
|
+
}
|
|
23
|
+
exports.parseBackupFlags = parseBackupFlags;
|
|
24
|
+
class InvalidBackupFlags extends Error {
|
|
25
|
+
constructor(message) {
|
|
26
|
+
super(message);
|
|
27
|
+
this.name = 'InvalidBackupFlags';
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=parseBackupFlags.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parseBackupFlags.js","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAgC;IAIvE,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,IAAI,oBAAoB,GAAyB,cAAc,CAAC;IAEhE,IAAI,EAAE,EAAE;QACN,oBAAoB,GAAG,aAAa,CAAC;KACtC;IAED,IAAI,oBAAoB,KAAK,cAAc,IAAI,kBAAkB,EAAE;QACjE,MAAM,IAAI,kBAAkB,CAC1B,uFAAuF,CACxF,CAAA;KACF;IAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;AACtD,CAAC;AAlBD,4CAkBC;AAED,MAAM,kBAAmB,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF"}
|
|
@@ -75,13 +75,13 @@ async function _validatePath(certificates) {
|
|
|
75
75
|
const issuerCert = new jsrsasign_1.X509();
|
|
76
76
|
issuerCert.readCertPEM(issuerPem);
|
|
77
77
|
// Check for certificate revocation
|
|
78
|
-
const subjectCertRevoked = await isCertRevoked_1.default(subjectCert);
|
|
78
|
+
const subjectCertRevoked = await (0, isCertRevoked_1.default)(subjectCert);
|
|
79
79
|
if (subjectCertRevoked) {
|
|
80
80
|
throw new Error(`Found revoked certificate in certificate path`);
|
|
81
81
|
}
|
|
82
82
|
// Check that intermediate certificate is within its valid time window
|
|
83
|
-
const notBefore = jsrsasign_1.zulutodate(issuerCert.getNotBefore());
|
|
84
|
-
const notAfter = jsrsasign_1.zulutodate(issuerCert.getNotAfter());
|
|
83
|
+
const notBefore = (0, jsrsasign_1.zulutodate)(issuerCert.getNotBefore());
|
|
84
|
+
const notAfter = (0, jsrsasign_1.zulutodate)(issuerCert.getNotAfter());
|
|
85
85
|
const now = new Date(Date.now());
|
|
86
86
|
if (notBefore > now || notAfter < now) {
|
|
87
87
|
if (isLeafCert) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,uBAAa,
|
|
1
|
+
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAW,CAAC,CAAC;QAE5D,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,sEAAsE;QACtE,MAAM,SAAS,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,GAAG,GAAG,IAAI,QAAQ,GAAG,GAAG,EAAE;YACrC,IAAI,UAAU,EAAE;gBACd,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM,IAAI,UAAU,EAAE;gBACrB,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,+BAA+B,CACvC,yDAAyD,SAAS,EAAE,CACrE,CAAC;aACH;SACF;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,EAAE;YACnE,MAAM,IAAI,uBAAuB,EAAE,CAAC;SACrC;QAED,MAAM,iBAAiB,GAAG,mBAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,0BAA0B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,SAAS,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAEvC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+CAA+C;AAC/C,MAAM,uBAAwB,SAAQ,KAAK;IACzC;QACE,MAAM,OAAO,GAAG,6CAA6C,CAAC;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,+BAAgC,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -22,7 +22,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
22
22
|
}
|
|
23
23
|
});
|
|
24
24
|
// Extract the public key's COSE info for comparison
|
|
25
|
-
const decodedPublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
25
|
+
const decodedPublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
26
26
|
// Assume everything is a number because these values should be
|
|
27
27
|
const publicKeyCOSEInfo = {
|
|
28
28
|
kty: decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty),
|
|
@@ -60,10 +60,11 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
60
60
|
throw new Error(`Public key algorithm ${publicKeyCOSEInfo} did not match any metadata algorithms [${debugAlgs}]`);
|
|
61
61
|
}
|
|
62
62
|
try {
|
|
63
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
63
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
64
64
|
}
|
|
65
65
|
catch (err) {
|
|
66
|
-
|
|
66
|
+
const _err = err;
|
|
67
|
+
throw new Error(`Could not validate certificate path with any metadata root certificates: ${_err.message}`);
|
|
67
68
|
}
|
|
68
69
|
return true;
|
|
69
70
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,mCAAyB,
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;mBAC/D,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAC3C;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,wBAAwB,iBAAiB,2CAA2C,SAAS,GAAG,CAAC,CAAC;KACnH;IAED,IAAI;QACF,MAAM,IAAA,iCAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,gCAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7G;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAtED,gDAsEC;AAQD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,8FAA8F;QAC9F,sBAAsB;QACtB,eAAe;QACf,oCAAoC;QACpC,oCAAoC;QACpC,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
|
|
@@ -71,7 +71,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
73
|
function generateRegistrationOptions(options) {
|
|
74
|
-
const { rpName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
74
|
+
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.default)(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
77
77
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,8CA2DC"}
|
|
@@ -42,11 +42,11 @@ async function verifyTPM(options) {
|
|
|
42
42
|
if (!certInfo) {
|
|
43
43
|
throw new Error('Attestation statement did not contain certInfo (TPM)');
|
|
44
44
|
}
|
|
45
|
-
const parsedPubArea = parsePubArea_1.default(pubArea);
|
|
45
|
+
const parsedPubArea = (0, parsePubArea_1.default)(pubArea);
|
|
46
46
|
const { unique, type: pubType, parameters } = parsedPubArea;
|
|
47
47
|
// Verify that the public key specified by the parameters and unique fields of pubArea is
|
|
48
48
|
// identical to the credentialPublicKey in the attestedCredentialData in authenticatorData.
|
|
49
|
-
const cosePublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
49
|
+
const cosePublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
50
50
|
if (pubType === 'TPM_ALG_RSA') {
|
|
51
51
|
const n = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.n);
|
|
52
52
|
const e = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.e);
|
|
@@ -103,7 +103,7 @@ async function verifyTPM(options) {
|
|
|
103
103
|
else {
|
|
104
104
|
throw new Error(`Unsupported pubArea.type "${pubType}"`);
|
|
105
105
|
}
|
|
106
|
-
const parsedCertInfo = parseCertInfo_1.default(certInfo);
|
|
106
|
+
const parsedCertInfo = (0, parseCertInfo_1.default)(certInfo);
|
|
107
107
|
const { magic, type: certType, attested, extraData } = parsedCertInfo;
|
|
108
108
|
if (magic !== 0xff544347) {
|
|
109
109
|
throw new Error(`Unexpected magic value "${magic}", expected "0xff544347" (TPM)`);
|
|
@@ -112,7 +112,7 @@ async function verifyTPM(options) {
|
|
|
112
112
|
throw new Error(`Unexpected type "${certType}", expected "TPM_ST_ATTEST_CERTIFY" (TPM)`);
|
|
113
113
|
}
|
|
114
114
|
// Hash pubArea to create pubAreaHash using the nameAlg in attested
|
|
115
|
-
const pubAreaHash = toHash_1.default(pubArea, attested.nameAlg.replace('TPM_ALG_', ''));
|
|
115
|
+
const pubAreaHash = (0, toHash_1.default)(pubArea, attested.nameAlg.replace('TPM_ALG_', ''));
|
|
116
116
|
// Concatenate attested.nameAlg and pubAreaHash to create attestedName.
|
|
117
117
|
const attestedName = Buffer.concat([attested.nameAlgBuffer, pubAreaHash]);
|
|
118
118
|
// Check that certInfo.attested.name is equals to attestedName.
|
|
@@ -123,7 +123,7 @@ async function verifyTPM(options) {
|
|
|
123
123
|
const attToBeSigned = Buffer.concat([authData, clientDataHash]);
|
|
124
124
|
// Hash attToBeSigned using the algorithm specified in attStmt.alg to create attToBeSignedHash
|
|
125
125
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
126
|
-
const attToBeSignedHash = toHash_1.default(attToBeSigned, hashAlg);
|
|
126
|
+
const attToBeSignedHash = (0, toHash_1.default)(attToBeSigned, hashAlg);
|
|
127
127
|
// Check that certInfo.extraData is equals to attToBeSignedHash.
|
|
128
128
|
if (!extraData.equals(attToBeSignedHash)) {
|
|
129
129
|
throw new Error('CertInfo extra data did not equal hashed attestation (TPM)');
|
|
@@ -135,7 +135,7 @@ async function verifyTPM(options) {
|
|
|
135
135
|
throw new Error('No certificates present in x5c array (TPM)');
|
|
136
136
|
}
|
|
137
137
|
// Pick a leaf AIK certificate of the x5c array and parse it.
|
|
138
|
-
const leafCertInfo = getCertificateInfo_1.default(x5c[0]);
|
|
138
|
+
const leafCertInfo = (0, getCertificateInfo_1.default)(x5c[0]);
|
|
139
139
|
const { basicConstraintsCA, version, subject, notAfter, notBefore } = leafCertInfo;
|
|
140
140
|
if (basicConstraintsCA) {
|
|
141
141
|
throw new Error('Certificate basic constraints CA was not `false` (TPM)');
|
|
@@ -206,25 +206,27 @@ async function verifyTPM(options) {
|
|
|
206
206
|
const statement = await metadataService_1.default.getStatement(aaguid);
|
|
207
207
|
if (statement) {
|
|
208
208
|
try {
|
|
209
|
-
await verifyAttestationWithMetadata_1.default(statement, credentialPublicKey, x5c);
|
|
209
|
+
await (0, verifyAttestationWithMetadata_1.default)(statement, credentialPublicKey, x5c);
|
|
210
210
|
}
|
|
211
211
|
catch (err) {
|
|
212
|
-
|
|
212
|
+
const _err = err;
|
|
213
|
+
throw new Error(`${_err.message} (TPM)`);
|
|
213
214
|
}
|
|
214
215
|
}
|
|
215
216
|
else {
|
|
216
217
|
try {
|
|
217
218
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
218
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
219
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
219
220
|
}
|
|
220
221
|
catch (err) {
|
|
221
|
-
|
|
222
|
+
const _err = err;
|
|
223
|
+
throw new Error(`${_err.message} (TPM)`);
|
|
222
224
|
}
|
|
223
225
|
}
|
|
224
226
|
// Verify signature over certInfo with the public key extracted from AIK certificate.
|
|
225
227
|
// In the wise words of Yuriy Ackermann: "Get Martini friend, you are done!"
|
|
226
|
-
const leafCertPEM = convertCertBufferToPEM_1.default(x5c[0]);
|
|
227
|
-
return verifySignature_1.default(sig, certInfo, leafCertPEM, hashAlg);
|
|
228
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.default)(x5c[0]);
|
|
229
|
+
return (0, verifySignature_1.default)(sig, certInfo, leafCertPEM, hashAlg);
|
|
228
230
|
}
|
|
229
231
|
exports.default = verifyTPM;
|
|
230
232
|
/**
|