@simplewebauthn/server 5.1.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.js +1 -1
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +8 -1
- package/dist/authentication/verifyAuthenticationResponse.js +13 -9
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +4 -3
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeCbor.js +10 -2
- package/dist/helpers/decodeCbor.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/isCertRevoked.js +2 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.js +1 -1
- package/dist/helpers/logging.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +2 -0
- package/dist/helpers/parseAuthenticatorData.js +10 -6
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.d.ts +16 -0
- package/dist/helpers/parseBackupFlags.js +30 -0
- package/dist/helpers/parseBackupFlags.js.map +1 -0
- package/dist/helpers/validateCertificatePath.js +3 -3
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +4 -3
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.js +1 -1
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyTPM.js +14 -12
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidKey.js +14 -8
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js +10 -8
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -1
- package/dist/registration/verifications/verifyApple.js +5 -4
- package/dist/registration/verifications/verifyApple.js.map +1 -1
- package/dist/registration/verifications/verifyFIDOU2F.js +6 -5
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -1
- package/dist/registration/verifications/verifyPacked.js +18 -12
- package/dist/registration/verifications/verifyPacked.js.map +1 -1
- package/dist/registration/verifyRegistrationResponse.d.ts +12 -5
- package/dist/registration/verifyRegistrationResponse.js +20 -16
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.js +5 -5
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.js +1 -1
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +6 -6
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyTPM.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyTPM.ts"],"names":[],"mappings":";;;;;AAAA,uDAAkD;AAClD,mDAO6B;AAI7B,2GAAmF;AACnF,0EAA2E;AAC3E,qEAA6C;AAC7C,qGAA6E;AAC7E,uGAA+E;AAC/E,6FAAqE;AACrE,uFAA+D;AAC/D,wFAAgE;AAChE,oHAA4F;AAE5F,2CAA+D;AAC/D,oEAA4C;AAC5C,kEAA0C;AAE3B,KAAK,UAAU,SAAS,CAAC,OAAsC;;IAC5E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1D;;OAEG;IACH,IAAI,GAAG,KAAK,KAAK,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,yBAAyB,CAAC,CAAC;KAClE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,aAAa,GAAG,sBAAY,
|
|
1
|
+
{"version":3,"file":"verifyTPM.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyTPM.ts"],"names":[],"mappings":";;;;;AAAA,uDAAkD;AAClD,mDAO6B;AAI7B,2GAAmF;AACnF,0EAA2E;AAC3E,qEAA6C;AAC7C,qGAA6E;AAC7E,uGAA+E;AAC/E,6FAAqE;AACrE,uFAA+D;AAC/D,wFAAgE;AAChE,oHAA4F;AAE5F,2CAA+D;AAC/D,oEAA4C;AAC5C,kEAA0C;AAE3B,KAAK,UAAU,SAAS,CAAC,OAAsC;;IAC5E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1D;;OAEG;IACH,IAAI,GAAG,KAAK,KAAK,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,yBAAyB,CAAC,CAAC;KAClE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,aAAa,GAAG,IAAA,sBAAY,EAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;IAE5D,yFAAyF;IACzF,2FAA2F;IAC3F,MAAM,aAAa,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;IAErE,IAAI,OAAO,KAAK,aAAa,EAAE;QAC7B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,OAAO,GAAG,CAAW,CAAC;QAC5B,8FAA8F;QAC9F,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEzD,4CAA4C;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,IAAI,eAAe,KAAK,IAAI,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,cAAc,eAAe,YAAY,CAAC,CAAC;SAC7F;KACF;SAAM,IAAI,OAAO,KAAK,aAAa,EAAE;QACpC;;;WAGG;QACH,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC,EAAE;YAC7D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9C,MAAM,aAAa,GAAG,yBAAa,CAAE,GAAc,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,cAAc,KAAK,aAAa,EAAE;YACpC,MAAM,IAAI,KAAK,CACb,mCAAmC,aAAa,gBAAgB,cAAc,aAAa,CAC5F,CAAC;SACH;KACF;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,CAAC,CAAC;KAC1D;IAED,MAAM,cAAc,GAAG,IAAA,uBAAa,EAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC;IAEtE,IAAI,KAAK,KAAK,UAAU,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,gCAAgC,CAAC,CAAC;KACnF;IAED,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,2CAA2C,CAAC,CAAC;KAC1F;IAED,mEAAmE;IACnE,MAAM,WAAW,GAAG,IAAA,gBAAM,EAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAE9E,uEAAuE;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,+DAA+D;IAC/D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;KAC1D;IAED,mEAAmE;IACnE,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,8FAA8F;IAC9F,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;IACnD,MAAM,iBAAiB,GAAG,IAAA,gBAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEzD,gEAAgE;IAChE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED;;OAEG;IACH,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC;IAEnF,IAAI,kBAAkB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,mEAAmE;IACnE,IAAI,OAAO,KAAK,CAAC,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,4CAA4C;IAC5C,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACrB,IAAI,SAAS,GAAG,GAAG,EAAE;QACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAChF;IAED,yCAAyC;IACzC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAC9E;IAED;;OAEG;IACH,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IAED,IAAI,qBAAyD,CAAC;IAC9D,IAAI,WAAyC,CAAC;IAC9C,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,gCAAoB,EAAE;YACvC,qBAAqB,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,kCAAsB,CAAC,CAAC;SAChF;aAAM,IAAI,GAAG,CAAC,MAAM,KAAK,6BAAiB,EAAE;YAC3C,WAAW,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,4BAAgB,CAAC,CAAC;SAChE;IACH,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,6FAA6F;IAC7F,SAAS;IACT,IAAI,CAAC,CAAA,MAAA,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,0CAAG,CAAC,EAAE,MAAM,CAAA,EAAE;QACvD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,MAAM,EAAE,oBAAoB,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,iBAAiB,CAChF,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,CACvC,CAAC;IAEF,IAAI,CAAC,oBAAoB,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;KACjF;IAED,yFAAyF;IACzF,IAAI,CAAC,6BAAiB,CAAC,oBAAoB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,qCAAqC,oBAAoB,SAAS,CAAC,CAAC;KACrF;IAED,wFAAwF;IACxF,4CAA4C;IAC5C,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE;QACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC;KAC9F;IAED,gGAAgG;IAChG,4DAA4D;IAE5D,wEAAwE;IACxE,MAAM,SAAS,GAAG,MAAM,yBAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,uCAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;SAC1E;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;IAED,qFAAqF;IACrF,4EAA4E;IAC5E,MAAM,WAAW,GAAG,IAAA,gCAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,OAAO,IAAA,yBAAe,EAAC,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AAC9D,CAAC;AAhQD,4BAgQC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAU;IAKnC,MAAM,eAAe,GAAG,cAAc,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC;IAChC,MAAM,UAAU,GAAG,cAAc,CAAC;IAElC,IAAI,oBAAwC,CAAC;IAC7C,IAAI,aAAiC,CAAC;IACtC,IAAI,eAAmC,CAAC;IAExC;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACrB,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACrB,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE;gBACjC,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aAC9C;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE;gBACjC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACvC;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE;gBACnC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACzC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,aAAa;QACb,eAAe;KAChB,CAAC;AACJ,CAAC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
3
|
if (k2 === undefined) k2 = k;
|
|
4
|
-
Object.
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
5
9
|
}) : (function(o, m, k, k2) {
|
|
6
10
|
if (k2 === undefined) k2 = k;
|
|
7
11
|
o[k2] = m[k];
|
|
@@ -52,7 +56,7 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
52
56
|
const parsedCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
|
|
53
57
|
const parsedCertPubKey = Buffer.from(parsedCert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey);
|
|
54
58
|
// Convert the credentialPublicKey to PKCS
|
|
55
|
-
const credPubKeyPKCS = convertCOSEtoPKCS_1.default(credentialPublicKey);
|
|
59
|
+
const credPubKeyPKCS = (0, convertCOSEtoPKCS_1.default)(credentialPublicKey);
|
|
56
60
|
if (!credPubKeyPKCS.equals(parsedCertPubKey)) {
|
|
57
61
|
throw new Error('Credential public key does not equal leaf cert public key (AndroidKey)');
|
|
58
62
|
}
|
|
@@ -78,25 +82,27 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
78
82
|
const statement = await metadataService_1.default.getStatement(aaguid);
|
|
79
83
|
if (statement) {
|
|
80
84
|
try {
|
|
81
|
-
await verifyAttestationWithMetadata_1.default(statement, credentialPublicKey, x5c);
|
|
85
|
+
await (0, verifyAttestationWithMetadata_1.default)(statement, credentialPublicKey, x5c);
|
|
82
86
|
}
|
|
83
87
|
catch (err) {
|
|
84
|
-
|
|
88
|
+
const _err = err;
|
|
89
|
+
throw new Error(`${_err.message} (AndroidKey)`);
|
|
85
90
|
}
|
|
86
91
|
}
|
|
87
92
|
else {
|
|
88
93
|
try {
|
|
89
94
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
90
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
95
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
91
96
|
}
|
|
92
97
|
catch (err) {
|
|
93
|
-
|
|
98
|
+
const _err = err;
|
|
99
|
+
throw new Error(`${_err.message} (AndroidKey)`);
|
|
94
100
|
}
|
|
95
101
|
}
|
|
96
102
|
const signatureBase = Buffer.concat([authData, clientDataHash]);
|
|
97
|
-
const leafCertPEM = convertCertBufferToPEM_1.default(x5c[0]);
|
|
103
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.default)(x5c[0]);
|
|
98
104
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
99
|
-
return verifySignature_1.default(sig, signatureBase, leafCertPEM, hashAlg);
|
|
105
|
+
return (0, verifySignature_1.default)(sig, signatureBase, leafCertPEM, hashAlg);
|
|
100
106
|
}
|
|
101
107
|
exports.default = verifyAttestationAndroidKey;
|
|
102
108
|
//# sourceMappingURL=verifyAndroidKey.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAndroidKey.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAndroidKey.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifyAndroidKey.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAndroidKey.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAkD;AAClD,mDAAkD;AAClD,yDAA8E;AAI9E,kGAA0E;AAC1E,oGAA4E;AAC5E,oFAA4D;AAC5D,qFAAiF;AACjF,qFAA6D;AAC7D,iHAAyF;AAEzF;;GAEG;AACY,KAAK,UAAU,2BAA2B,CACvD,OAAsC;;IAEtC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;KAC9F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC5F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,uFAAuF;IACvF,kDAAkD;IAClD,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,UAAU,CAAC,cAAc,CAAC,oBAAoB,CAAC,gBAAgB,CAChE,CAAC;IAEF,0CAA0C;IAC1C,MAAM,cAAc,GAAG,IAAA,2BAAiB,EAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,cAAc,CAAC,UAAU,0CAAE,IAAI,CAC5D,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,mCAAoB,CAC3C,CAAC;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,iBAAiB,GAAG,uBAAS,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,6BAAc,CAAC,CAAC;IAEjF,4BAA4B;IAC5B,MAAM,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC;IAElF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;QACpE,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,4FAA4F;IAC5F,aAAa;IACb,IAAI,WAAW,CAAC,eAAe,KAAK,SAAS,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,IAAI,gBAAgB,CAAC,eAAe,KAAK,SAAS,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,MAAM,SAAS,GAAG,MAAM,yBAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,uCAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;SAC1E;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,IAAA,gCAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,+BAAW,CAAC,GAAa,CAAC,CAAC;IAE3C,OAAO,IAAA,yBAAe,EAAC,GAAG,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACnE,CAAC;AApFD,8CAoFC"}
|
|
@@ -47,7 +47,7 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
47
47
|
}
|
|
48
48
|
}
|
|
49
49
|
const nonceBase = Buffer.concat([authData, clientDataHash]);
|
|
50
|
-
const nonceBuffer = toHash_1.default(nonceBase);
|
|
50
|
+
const nonceBuffer = (0, toHash_1.default)(nonceBase);
|
|
51
51
|
const expectedNonce = nonceBuffer.toString('base64');
|
|
52
52
|
if (nonce !== expectedNonce) {
|
|
53
53
|
throw new Error('Could not verify payload nonce (SafetyNet)');
|
|
@@ -62,7 +62,7 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
62
62
|
* START Verify Header
|
|
63
63
|
*/
|
|
64
64
|
const leafCertBuffer = base64url_1.default.toBuffer(HEADER.x5c[0]);
|
|
65
|
-
const leafCertInfo = getCertificateInfo_1.default(leafCertBuffer);
|
|
65
|
+
const leafCertInfo = (0, getCertificateInfo_1.default)(leafCertBuffer);
|
|
66
66
|
const { subject } = leafCertInfo;
|
|
67
67
|
// Ensure the certificate was issued to this hostname
|
|
68
68
|
// See https://developer.android.com/training/safetynet/attestation#verify-attestation-response
|
|
@@ -72,19 +72,21 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
72
72
|
const statement = await metadataService_1.default.getStatement(aaguid);
|
|
73
73
|
if (statement) {
|
|
74
74
|
try {
|
|
75
|
-
await verifyAttestationWithMetadata_1.default(statement, credentialPublicKey, HEADER.x5c);
|
|
75
|
+
await (0, verifyAttestationWithMetadata_1.default)(statement, credentialPublicKey, HEADER.x5c);
|
|
76
76
|
}
|
|
77
77
|
catch (err) {
|
|
78
|
-
|
|
78
|
+
const _err = err;
|
|
79
|
+
throw new Error(`${_err.message} (SafetyNet)`);
|
|
79
80
|
}
|
|
80
81
|
}
|
|
81
82
|
else {
|
|
82
83
|
try {
|
|
83
84
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
84
|
-
await validateCertificatePath_1.default(HEADER.x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
85
|
+
await (0, validateCertificatePath_1.default)(HEADER.x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
85
86
|
}
|
|
86
87
|
catch (err) {
|
|
87
|
-
|
|
88
|
+
const _err = err;
|
|
89
|
+
throw new Error(`${_err.message} (SafetyNet)`);
|
|
88
90
|
}
|
|
89
91
|
}
|
|
90
92
|
/**
|
|
@@ -95,8 +97,8 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
95
97
|
*/
|
|
96
98
|
const signatureBaseBuffer = Buffer.from(`${jwtParts[0]}.${jwtParts[1]}`);
|
|
97
99
|
const signatureBuffer = base64url_1.default.toBuffer(SIGNATURE);
|
|
98
|
-
const leafCertPEM = convertCertBufferToPEM_1.default(leafCertBuffer);
|
|
99
|
-
const verified = verifySignature_1.default(signatureBuffer, signatureBaseBuffer, leafCertPEM);
|
|
100
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.default)(leafCertBuffer);
|
|
101
|
+
const verified = (0, verifySignature_1.default)(signatureBuffer, signatureBaseBuffer, leafCertPEM);
|
|
100
102
|
/**
|
|
101
103
|
* END Verify Signature
|
|
102
104
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAndroidSafetyNet.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAndroidSafetyNet.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAIlC,kEAA0C;AAC1C,oFAA4D;AAC5D,0FAAkE;AAClE,oGAA4E;AAC5E,kGAA0E;AAC1E,qFAA6D;AAC7D,iHAAyF;AAEzF;;GAEG;AACY,KAAK,UAAU,iCAAiC,CAC7D,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,iBAAiB,GAAG,IAAI,EACxB,mBAAmB,GACpB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,MAAM,GAAuB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAwB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,SAAS,GAA0B,QAAQ,CAAC,CAAC,CAAC,CAAC;IAErD;;OAEG;IACH,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAExD,IAAI,iBAAiB,EAAE;QACrB,qCAAqC;QACrC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACrB,IAAI,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,WAAW,qBAAqB,GAAG,eAAe,CAAC,CAAC;SAC3F;QAED,+EAA+E;QAC/E,MAAM,kBAAkB,GAAG,WAAW,GAAG,EAAE,GAAG,IAAI,CAAC;QACnD,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjB,IAAI,kBAAkB,GAAG,GAAG,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,kBAAkB,2BAA2B,CAAC,CAAC;SACtF;KACF;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,gBAAM,
|
|
1
|
+
{"version":3,"file":"verifyAndroidSafetyNet.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAndroidSafetyNet.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAIlC,kEAA0C;AAC1C,oFAA4D;AAC5D,0FAAkE;AAClE,oGAA4E;AAC5E,kGAA0E;AAC1E,qFAA6D;AAC7D,iHAAyF;AAEzF;;GAEG;AACY,KAAK,UAAU,iCAAiC,CAC7D,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,iBAAiB,GAAG,IAAI,EACxB,mBAAmB,GACpB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,MAAM,GAAuB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAwB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,SAAS,GAA0B,QAAQ,CAAC,CAAC,CAAC,CAAC;IAErD;;OAEG;IACH,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAExD,IAAI,iBAAiB,EAAE;QACrB,qCAAqC;QACrC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACrB,IAAI,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,WAAW,qBAAqB,GAAG,eAAe,CAAC,CAAC;SAC3F;QAED,+EAA+E;QAC/E,MAAM,kBAAkB,GAAG,WAAW,GAAG,EAAE,GAAG,IAAI,CAAC;QACnD,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjB,IAAI,kBAAkB,GAAG,GAAG,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,kBAAkB,2BAA2B,CAAC,CAAC;SACtF;KACF;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,IAAA,gBAAM,EAAC,SAAS,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,KAAK,KAAK,aAAa,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IACD;;OAEG;IAEH;;OAEG;IACH,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,IAAA,4BAAkB,EAAC,cAAc,CAAC,CAAC;IAExD,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;IAEjC,qDAAqD;IACrD,+FAA+F;IAC/F,IAAI,OAAO,CAAC,EAAE,KAAK,oBAAoB,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,MAAM,SAAS,GAAG,MAAM,yBAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,uCAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;SACjF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,CAAC,CAAC;SAChD;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iCAAuB,EAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SACzF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,CAAC,CAAC;SAChD;KACF;IACD;;OAEG;IAEH;;OAEG;IACH,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACzE,MAAM,eAAe,GAAG,mBAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEtD,MAAM,WAAW,GAAG,IAAA,gCAAsB,EAAC,cAAc,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,IAAA,yBAAe,EAAC,eAAe,EAAE,mBAAmB,EAAE,WAAW,CAAC,CAAC;IACpF;;OAEG;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAjHD,oDAiHC"}
|
|
@@ -19,10 +19,11 @@ async function verifyApple(options) {
|
|
|
19
19
|
* Verify certificate path
|
|
20
20
|
*/
|
|
21
21
|
try {
|
|
22
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
22
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
23
23
|
}
|
|
24
24
|
catch (err) {
|
|
25
|
-
|
|
25
|
+
const _err = err;
|
|
26
|
+
throw new Error(`${_err.message} (Apple)`);
|
|
26
27
|
}
|
|
27
28
|
/**
|
|
28
29
|
* Compare nonce in certificate extension to computed nonce
|
|
@@ -37,7 +38,7 @@ async function verifyApple(options) {
|
|
|
37
38
|
throw new Error('credCert missing "1.2.840.113635.100.8.2" extension (Apple)');
|
|
38
39
|
}
|
|
39
40
|
const nonceToHash = Buffer.concat([authData, clientDataHash]);
|
|
40
|
-
const nonce = toHash_1.default(nonceToHash, 'SHA256');
|
|
41
|
+
const nonce = (0, toHash_1.default)(nonceToHash, 'SHA256');
|
|
41
42
|
/**
|
|
42
43
|
* Ignore the first six ASN.1 structure bytes that define the nonce as an OCTET STRING. Should
|
|
43
44
|
* trim off <Buffer 30 24 a1 22 04 20>
|
|
@@ -52,7 +53,7 @@ async function verifyApple(options) {
|
|
|
52
53
|
/**
|
|
53
54
|
* Verify credential public key matches the Subject Public Key of credCert
|
|
54
55
|
*/
|
|
55
|
-
const credPubKeyPKCS = convertCOSEtoPKCS_1.default(credentialPublicKey);
|
|
56
|
+
const credPubKeyPKCS = (0, convertCOSEtoPKCS_1.default)(credentialPublicKey);
|
|
56
57
|
const credCertSubjectPublicKey = Buffer.from(subjectPublicKeyInfo.subjectPublicKey);
|
|
57
58
|
if (!credPubKeyPKCS.equals(credCertSubjectPublicKey)) {
|
|
58
59
|
throw new Error('Credential public key does not equal credCert public key (Apple)');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyApple.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyApple.ts"],"names":[],"mappings":";;;;;AAAA,uDAAkD;AAClD,mDAAkD;AAIlD,oGAA4E;AAC5E,kGAA0E;AAC1E,kEAA0C;AAC1C,wFAAgE;AAEjD,KAAK,UAAU,WAAW,CACvC,OAAsC;IAEtC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAAC;IAC7F,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAExB,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED;;OAEG;IACH,IAAI;QACF,MAAM,iCAAuB,
|
|
1
|
+
{"version":3,"file":"verifyApple.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyApple.ts"],"names":[],"mappings":";;;;;AAAA,uDAAkD;AAClD,mDAAkD;AAIlD,oGAA4E;AAC5E,kGAA0E;AAC1E,kEAA0C;AAC1C,wFAAgE;AAEjD,KAAK,UAAU,WAAW,CACvC,OAAsC;IAEtC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAAC;IAC7F,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAExB,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED;;OAEG;IACH,IAAI;QACF,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;KAClF;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,UAAU,CAAC,CAAC;KAC5C;IAED;;OAEG;IACH,MAAM,cAAc,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IAC5D,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,GAAG,cAAc,CAAC,cAAc,CAAC;IAE3E,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;KACxD;IAED,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,wBAAwB,CAAC,CAAC;IAErF,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;KAChF;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,IAAA,gBAAM,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC5C;;;;;;OAMG;IACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IAED;;OAEG;IACH,MAAM,cAAc,GAAG,IAAA,2BAAiB,EAAC,mBAAmB,CAAC,CAAC;IAC9D,MAAM,wBAAwB,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;IAEpF,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,wBAAwB,CAAC,EAAE;QACpD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AA9DD,8BA8DC"}
|
|
@@ -13,7 +13,7 @@ const verifySignature_1 = __importDefault(require("../../helpers/verifySignature
|
|
|
13
13
|
async function verifyAttestationFIDOU2F(options) {
|
|
14
14
|
const { attStmt, clientDataHash, rpIdHash, credentialID, credentialPublicKey, aaguid = '', rootCertificates, } = options;
|
|
15
15
|
const reservedByte = Buffer.from([0x00]);
|
|
16
|
-
const publicKey = convertCOSEtoPKCS_1.default(credentialPublicKey);
|
|
16
|
+
const publicKey = (0, convertCOSEtoPKCS_1.default)(credentialPublicKey);
|
|
17
17
|
const signatureBase = Buffer.concat([
|
|
18
18
|
reservedByte,
|
|
19
19
|
rpIdHash,
|
|
@@ -35,13 +35,14 @@ async function verifyAttestationFIDOU2F(options) {
|
|
|
35
35
|
}
|
|
36
36
|
try {
|
|
37
37
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
38
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
38
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
39
39
|
}
|
|
40
40
|
catch (err) {
|
|
41
|
-
|
|
41
|
+
const _err = err;
|
|
42
|
+
throw new Error(`${_err.message} (FIDOU2F)`);
|
|
42
43
|
}
|
|
43
|
-
const leafCertPEM = convertCertBufferToPEM_1.default(x5c[0]);
|
|
44
|
-
return verifySignature_1.default(sig, signatureBase, leafCertPEM);
|
|
44
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.default)(x5c[0]);
|
|
45
|
+
return (0, verifySignature_1.default)(sig, signatureBase, leafCertPEM);
|
|
45
46
|
}
|
|
46
47
|
exports.default = verifyAttestationFIDOU2F;
|
|
47
48
|
//# sourceMappingURL=verifyFIDOU2F.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyFIDOU2F.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyFIDOU2F.ts"],"names":[],"mappings":";;;;;AAEA,wFAAgE;AAChE,kGAA0E;AAC1E,oGAA4E;AAC5E,oFAA4D;AAE5D;;GAEG;AACY,KAAK,UAAU,wBAAwB,CACpD,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,MAAM,GAAG,EAAE,EACX,gBAAgB,GACjB,GAAG,OAAO,CAAC;IAEZ,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"verifyFIDOU2F.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyFIDOU2F.ts"],"names":[],"mappings":";;;;;AAEA,wFAAgE;AAChE,kGAA0E;AAC1E,oGAA4E;AAC5E,oFAA4D;AAE5D;;GAEG;AACY,KAAK,UAAU,wBAAwB,CACpD,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,MAAM,GAAG,EAAE,EACX,gBAAgB,GACjB,GAAG,OAAO,CAAC;IAEZ,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAA,2BAAiB,EAAC,mBAAmB,CAAC,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;QAClC,YAAY;QACZ,QAAQ;QACR,cAAc;QACd,YAAY;QACZ,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,gEAAgE;IAChE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,WAAW,KAAK,IAAI,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,WAAW,WAAW,0BAA0B,CAAC,CAAC;KACnE;IAED,IAAI;QACF,0FAA0F;QAC1F,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;KAClF;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,YAAY,CAAC,CAAC;KAC9C;IAED,MAAM,WAAW,GAAG,IAAA,gCAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnD,OAAO,IAAA,yBAAe,EAAC,GAAG,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC;AAnDD,2CAmDC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
3
|
if (k2 === undefined) k2 = k;
|
|
4
|
-
Object.
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
5
9
|
}) : (function(o, m, k, k2) {
|
|
6
10
|
if (k2 === undefined) k2 = k;
|
|
7
11
|
o[k2] = m[k];
|
|
@@ -47,10 +51,10 @@ async function verifyAttestationPacked(options) {
|
|
|
47
51
|
}
|
|
48
52
|
const signatureBase = Buffer.concat([authData, clientDataHash]);
|
|
49
53
|
let verified = false;
|
|
50
|
-
const pkcsPublicKey = convertCOSEtoPKCS_1.default(credentialPublicKey);
|
|
54
|
+
const pkcsPublicKey = (0, convertCOSEtoPKCS_1.default)(credentialPublicKey);
|
|
51
55
|
if (x5c) {
|
|
52
|
-
const leafCert = convertCertBufferToPEM_1.default(x5c[0]);
|
|
53
|
-
const { subject, basicConstraintsCA, version, notBefore, notAfter } = getCertificateInfo_1.default(x5c[0]);
|
|
56
|
+
const leafCert = (0, convertCertBufferToPEM_1.default)(x5c[0]);
|
|
57
|
+
const { subject, basicConstraintsCA, version, notBefore, notAfter } = (0, getCertificateInfo_1.default)(x5c[0]);
|
|
54
58
|
const { OU, CN, O, C } = subject;
|
|
55
59
|
if (OU !== 'Authenticator Attestation') {
|
|
56
60
|
throw new Error('Certificate OU was not "Authenticator Attestation" (Packed|Full)');
|
|
@@ -89,25 +93,27 @@ async function verifyAttestationPacked(options) {
|
|
|
89
93
|
throw new Error('Metadata does not indicate support for full attestations (Packed|Full)');
|
|
90
94
|
}
|
|
91
95
|
try {
|
|
92
|
-
await verifyAttestationWithMetadata_1.default(statement, credentialPublicKey, x5c);
|
|
96
|
+
await (0, verifyAttestationWithMetadata_1.default)(statement, credentialPublicKey, x5c);
|
|
93
97
|
}
|
|
94
98
|
catch (err) {
|
|
95
|
-
|
|
99
|
+
const _err = err;
|
|
100
|
+
throw new Error(`${_err.message} (Packed|Full)`);
|
|
96
101
|
}
|
|
97
102
|
}
|
|
98
103
|
else {
|
|
99
104
|
try {
|
|
100
105
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
101
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
106
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), rootCertificates);
|
|
102
107
|
}
|
|
103
108
|
catch (err) {
|
|
104
|
-
|
|
109
|
+
const _err = err;
|
|
110
|
+
throw new Error(`${_err.message} (Packed|Full)`);
|
|
105
111
|
}
|
|
106
112
|
}
|
|
107
|
-
verified = verifySignature_1.default(sig, signatureBase, leafCert);
|
|
113
|
+
verified = (0, verifySignature_1.default)(sig, signatureBase, leafCert);
|
|
108
114
|
}
|
|
109
115
|
else {
|
|
110
|
-
const cosePublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
116
|
+
const cosePublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
111
117
|
const kty = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
112
118
|
if (!kty) {
|
|
113
119
|
throw new Error('COSE public key was missing kty (Packed|Self)');
|
|
@@ -118,7 +124,7 @@ async function verifyAttestationPacked(options) {
|
|
|
118
124
|
if (!crv) {
|
|
119
125
|
throw new Error('COSE public key was missing kty crv (Packed|EC2)');
|
|
120
126
|
}
|
|
121
|
-
const signatureBaseHash = toHash_1.default(signatureBase, hashAlg);
|
|
127
|
+
const signatureBaseHash = (0, toHash_1.default)(signatureBase, hashAlg);
|
|
122
128
|
/**
|
|
123
129
|
* Instantiating the curve here is _very_ computationally heavy - a bit of profiling
|
|
124
130
|
* (in compiled JS, not TS) reported an average of ~125ms to execute this line. The elliptic
|
|
@@ -152,7 +158,7 @@ async function verifyAttestationPacked(options) {
|
|
|
152
158
|
if (!x) {
|
|
153
159
|
throw new Error('COSE public key was missing x (Packed|OKP)');
|
|
154
160
|
}
|
|
155
|
-
const signatureBaseHash = toHash_1.default(signatureBase, hashAlg);
|
|
161
|
+
const signatureBaseHash = (0, toHash_1.default)(signatureBase, hashAlg);
|
|
156
162
|
const key = new elliptic_1.default.eddsa('ed25519');
|
|
157
163
|
key.keyFromPublic(x);
|
|
158
164
|
// TODO: is `publicKey` right here?
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyPacked.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyPacked.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifyPacked.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyPacked.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAgC;AAChC,wDAA+B;AAI/B,qFAMyC;AACzC,kEAA0C;AAC1C,kGAA0E;AAC1E,oGAA4E;AAC5E,0FAAkE;AAClE,oFAA4D;AAC5D,wGAAgF;AAChF,qFAA6D;AAC7D,iHAAyF;AAEzF;;GAEG;AACY,KAAK,UAAU,uBAAuB,CACnD,OAAsC;IAEtC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IAEV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;KACxF;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,4BAA4B,CAAC,CAAC;KAChF;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAiB,EAAC,mBAAmB,CAAC,CAAC;IAE7D,IAAI,GAAG,EAAE;QACP,MAAM,QAAQ,GAAG,IAAA,gCAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,IAAA,4BAAkB,EACtF,GAAG,CAAC,CAAC,CAAC,CACP,CAAC;QAEF,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC;QAEjC,IAAI,EAAE,KAAK,2BAA2B,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,IAAI,CAAC,EAAE,EAAE;YACP,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;SAC3D;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;SACpF;QAED,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;SACnF;QAED,IAAI,OAAO,KAAK,CAAC,EAAE;YACjB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,SAAS,GAAG,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACxF;QAED,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACtF;QAED,gGAAgG;QAChG,4DAA4D;QAE5D,qFAAqF;QACrF,MAAM,SAAS,GAAG,MAAM,yBAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,SAAS,EAAE;YACb,yFAAyF;YACzF,gCAAgC;YAChC,IAAI,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;aAC3F;YAED,IAAI;gBACF,MAAM,IAAA,uCAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;aAC1E;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GAAG,GAAY,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAC;aAClD;SACF;aAAM;YACL,IAAI;gBACF,0FAA0F;gBAC1F,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;aAClF;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GAAG,GAAY,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAC;aAClD;SACF;QAED,QAAQ,GAAG,IAAA,yBAAe,EAAC,GAAG,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;KAC1D;SAAM;QACL,MAAM,aAAa,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;QAErE,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAE5C,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;QAEnD,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;YACvB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,CAAC,GAAG,EAAE;gBACR,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACrE;YAED,MAAM,iBAAiB,GAAG,IAAA,gBAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAEzD;;;;;;;;eAQG;YACH,MAAM,EAAE,GAAG,IAAI,kBAAQ,CAAC,EAAE,CAAC,2BAAO,CAAC,GAAa,CAAC,CAAC,CAAC;YACnD,MAAM,GAAG,GAAG,EAAE,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;YAE5C,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;SAC/C;aAAM,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;YAC9B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;YAExC,IAAI,CAAC,CAAC,EAAE;gBACN,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;aAC/D;YAED,MAAM,aAAa,GAAG,iCAAa,CAAC,GAAa,CAAC,CAAC;YAEnD,0BAA0B;YAC1B,MAAM,GAAG,GAAG,IAAI,kBAAO,EAAE,CAAC;YAC1B,GAAG,CAAC,UAAU,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;YAClC,GAAG,CAAC,SAAS,CACX;gBACE,CAAC,EAAE,CAAW;gBACd,CAAC,EAAE,KAAK;aACT,EACD,mBAAmB,CACpB,CAAC;YAEF,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;SAC3C;aAAM,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;YAC9B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;YAExC,IAAI,CAAC,CAAC,EAAE;gBACN,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;aAC/D;YAED,MAAM,iBAAiB,GAAG,IAAA,gBAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAEzD,MAAM,GAAG,GAAG,IAAI,kBAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1C,GAAG,CAAC,aAAa,CAAC,CAAW,CAAC,CAAC;YAE/B,mCAAmC;YACnC,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;SAC9D;KACF;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AApKD,0CAoKC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { RegistrationCredentialJSON, COSEAlgorithmIdentifier } from '@simplewebauthn/typescript-types';
|
|
2
|
+
import { RegistrationCredentialJSON, COSEAlgorithmIdentifier, CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
3
3
|
import { AttestationFormat, AttestationStatement } from '../helpers/decodeAttestationObject';
|
|
4
4
|
export declare type VerifyRegistrationResponseOpts = {
|
|
5
5
|
credential: RegistrationCredentialJSON;
|
|
@@ -31,7 +31,7 @@ export default function verifyRegistrationResponse(options: VerifyRegistrationRe
|
|
|
31
31
|
* @param verified If the assertion response could be verified
|
|
32
32
|
* @param registrationInfo.fmt Type of attestation
|
|
33
33
|
* @param registrationInfo.counter The number of times the authenticator reported it has been used.
|
|
34
|
-
* Should be kept in a DB for later reference to help prevent replay attacks
|
|
34
|
+
* **Should be kept in a DB for later reference to help prevent replay attacks!**
|
|
35
35
|
* @param registrationInfo.aaguid Authenticator's Attestation GUID indicating the type of the
|
|
36
36
|
* authenticator
|
|
37
37
|
* @param registrationInfo.credentialPublicKey The credential's public key
|
|
@@ -40,6 +40,11 @@ export default function verifyRegistrationResponse(options: VerifyRegistrationRe
|
|
|
40
40
|
* @param registrationInfo.userVerified Whether the user was uniquely identified during attestation
|
|
41
41
|
* @param registrationInfo.attestationObject The raw `response.attestationObject` Buffer returned by
|
|
42
42
|
* the authenticator
|
|
43
|
+
* @param registrationInfo.credentialDeviceType Whether this is a single-device or multi-device
|
|
44
|
+
* credential. **Should be kept in a DB for later reference!**
|
|
45
|
+
* @param registrationInfo.credentialBackedUp Whether or not the multi-device credential has been
|
|
46
|
+
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
|
|
47
|
+
* reference!**
|
|
43
48
|
*/
|
|
44
49
|
export declare type VerifiedRegistrationResponse = {
|
|
45
50
|
verified: boolean;
|
|
@@ -47,11 +52,13 @@ export declare type VerifiedRegistrationResponse = {
|
|
|
47
52
|
fmt: AttestationFormat;
|
|
48
53
|
counter: number;
|
|
49
54
|
aaguid: string;
|
|
50
|
-
credentialPublicKey: Buffer;
|
|
51
55
|
credentialID: Buffer;
|
|
52
|
-
|
|
53
|
-
|
|
56
|
+
credentialPublicKey: Buffer;
|
|
57
|
+
credentialType: "public-key";
|
|
54
58
|
attestationObject: Buffer;
|
|
59
|
+
userVerified: boolean;
|
|
60
|
+
credentialDeviceType: CredentialDeviceType;
|
|
61
|
+
credentialBackedUp: boolean;
|
|
55
62
|
};
|
|
56
63
|
};
|
|
57
64
|
/**
|
|
@@ -11,6 +11,7 @@ const toHash_1 = __importDefault(require("../helpers/toHash"));
|
|
|
11
11
|
const decodeCredentialPublicKey_1 = __importDefault(require("../helpers/decodeCredentialPublicKey"));
|
|
12
12
|
const convertCOSEtoPKCS_1 = require("../helpers/convertCOSEtoPKCS");
|
|
13
13
|
const convertAAGUIDToString_1 = __importDefault(require("../helpers/convertAAGUIDToString"));
|
|
14
|
+
const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
|
|
14
15
|
const settingsService_1 = __importDefault(require("../services/settingsService"));
|
|
15
16
|
const generateRegistrationOptions_1 = require("./generateRegistrationOptions");
|
|
16
17
|
const verifyFIDOU2F_1 = __importDefault(require("./verifications/verifyFIDOU2F"));
|
|
@@ -49,7 +50,7 @@ async function verifyRegistrationResponse(options) {
|
|
|
49
50
|
if (credentialType !== 'public-key') {
|
|
50
51
|
throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
|
|
51
52
|
}
|
|
52
|
-
const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
|
|
53
|
+
const clientDataJSON = (0, decodeClientDataJSON_1.default)(response.clientDataJSON);
|
|
53
54
|
const { type, origin, challenge, tokenBinding } = clientDataJSON;
|
|
54
55
|
// Make sure we're handling an registration
|
|
55
56
|
if (type !== 'webauthn.create') {
|
|
@@ -84,14 +85,14 @@ async function verifyRegistrationResponse(options) {
|
|
|
84
85
|
}
|
|
85
86
|
}
|
|
86
87
|
const attestationObject = base64url_1.default.toBuffer(response.attestationObject);
|
|
87
|
-
const decodedAttestationObject = decodeAttestationObject_1.default(attestationObject);
|
|
88
|
+
const decodedAttestationObject = (0, decodeAttestationObject_1.default)(attestationObject);
|
|
88
89
|
const { fmt, authData, attStmt } = decodedAttestationObject;
|
|
89
|
-
const parsedAuthData = parseAuthenticatorData_1.default(authData);
|
|
90
|
+
const parsedAuthData = (0, parseAuthenticatorData_1.default)(authData);
|
|
90
91
|
const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey } = parsedAuthData;
|
|
91
92
|
// Make sure the response's RP ID is ours
|
|
92
93
|
if (expectedRPID) {
|
|
93
94
|
if (typeof expectedRPID === 'string') {
|
|
94
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expectedRPID, 'ascii'));
|
|
95
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expectedRPID, 'ascii'));
|
|
95
96
|
if (!rpIdHash.equals(expectedRPIDHash)) {
|
|
96
97
|
throw new Error(`Unexpected RP ID hash`);
|
|
97
98
|
}
|
|
@@ -99,7 +100,7 @@ async function verifyRegistrationResponse(options) {
|
|
|
99
100
|
else {
|
|
100
101
|
// Go through each expected RP ID and try to find one that matches
|
|
101
102
|
const foundMatch = expectedRPID.some(expected => {
|
|
102
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expected, 'ascii'));
|
|
103
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expected, 'ascii'));
|
|
103
104
|
return rpIdHash.equals(expectedRPIDHash);
|
|
104
105
|
});
|
|
105
106
|
if (!foundMatch) {
|
|
@@ -124,7 +125,7 @@ async function verifyRegistrationResponse(options) {
|
|
|
124
125
|
if (!aaguid) {
|
|
125
126
|
throw new Error('No AAGUID was present during registration');
|
|
126
127
|
}
|
|
127
|
-
const decodedPublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
128
|
+
const decodedPublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
128
129
|
const alg = decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.alg);
|
|
129
130
|
if (typeof alg !== 'number') {
|
|
130
131
|
throw new Error('Credential public key was missing numeric alg');
|
|
@@ -134,7 +135,7 @@ async function verifyRegistrationResponse(options) {
|
|
|
134
135
|
const supported = supportedAlgorithmIDs.join(', ');
|
|
135
136
|
throw new Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`);
|
|
136
137
|
}
|
|
137
|
-
const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
138
|
+
const clientDataHash = (0, toHash_1.default)(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
138
139
|
const rootCertificates = settingsService_1.default.getRootCertificates({ identifier: fmt });
|
|
139
140
|
// Prepare arguments to pass to the relevant verification method
|
|
140
141
|
const verifierOpts = {
|
|
@@ -152,22 +153,22 @@ async function verifyRegistrationResponse(options) {
|
|
|
152
153
|
*/
|
|
153
154
|
let verified = false;
|
|
154
155
|
if (fmt === 'fido-u2f') {
|
|
155
|
-
verified = await verifyFIDOU2F_1.default(verifierOpts);
|
|
156
|
+
verified = await (0, verifyFIDOU2F_1.default)(verifierOpts);
|
|
156
157
|
}
|
|
157
158
|
else if (fmt === 'packed') {
|
|
158
|
-
verified = await verifyPacked_1.default(verifierOpts);
|
|
159
|
+
verified = await (0, verifyPacked_1.default)(verifierOpts);
|
|
159
160
|
}
|
|
160
161
|
else if (fmt === 'android-safetynet') {
|
|
161
|
-
verified = await verifyAndroidSafetyNet_1.default(verifierOpts);
|
|
162
|
+
verified = await (0, verifyAndroidSafetyNet_1.default)(verifierOpts);
|
|
162
163
|
}
|
|
163
164
|
else if (fmt === 'android-key') {
|
|
164
|
-
verified = await verifyAndroidKey_1.default(verifierOpts);
|
|
165
|
+
verified = await (0, verifyAndroidKey_1.default)(verifierOpts);
|
|
165
166
|
}
|
|
166
167
|
else if (fmt === 'tpm') {
|
|
167
|
-
verified = await verifyTPM_1.default(verifierOpts);
|
|
168
|
+
verified = await (0, verifyTPM_1.default)(verifierOpts);
|
|
168
169
|
}
|
|
169
170
|
else if (fmt === 'apple') {
|
|
170
|
-
verified = await verifyApple_1.default(verifierOpts);
|
|
171
|
+
verified = await (0, verifyApple_1.default)(verifierOpts);
|
|
171
172
|
}
|
|
172
173
|
else if (fmt === 'none') {
|
|
173
174
|
if (Object.keys(attStmt).length > 0) {
|
|
@@ -183,15 +184,18 @@ async function verifyRegistrationResponse(options) {
|
|
|
183
184
|
verified,
|
|
184
185
|
};
|
|
185
186
|
if (toReturn.verified) {
|
|
187
|
+
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
|
|
186
188
|
toReturn.registrationInfo = {
|
|
187
189
|
fmt,
|
|
188
190
|
counter,
|
|
189
|
-
aaguid: convertAAGUIDToString_1.default(aaguid),
|
|
190
|
-
credentialPublicKey,
|
|
191
|
+
aaguid: (0, convertAAGUIDToString_1.default)(aaguid),
|
|
191
192
|
credentialID,
|
|
193
|
+
credentialPublicKey,
|
|
192
194
|
credentialType,
|
|
193
|
-
userVerified: flags.uv,
|
|
194
195
|
attestationObject,
|
|
196
|
+
userVerified: flags.uv,
|
|
197
|
+
credentialDeviceType,
|
|
198
|
+
credentialBackedUp,
|
|
195
199
|
};
|
|
196
200
|
}
|
|
197
201
|
return toReturn;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyRegistrationResponse.js","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;
|
|
1
|
+
{"version":3,"file":"verifyRegistrationResponse.js","sourceRoot":"","sources":["../../src/registration/verifyRegistrationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,iGAG4C;AAC5C,2FAAmE;AACnE,+FAAuE;AACvE,+DAAuC;AACvC,qGAA6E;AAC7E,oEAAwD;AACxD,6FAAqE;AACrE,kEAA+D;AAC/D,kFAA0D;AAE1D,+EAAkF;AAClF,kFAA0D;AAC1D,gFAAwD;AACxD,oGAA4E;AAC5E,8EAAsD;AACtD,wFAAgE;AAChE,8EAAsD;AAWtD;;;;;;;;;;;;;;GAcG;AACY,KAAK,UAAU,0BAA0B,CACtD,OAAuC;IAEvC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,uBAAuB,GAAG,KAAK,EAC/B,qBAAqB,GAAG,+DAAiC,GAC1D,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,MAAM,cAAc,GAAG,IAAA,8BAAoB,EAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,2CAA2C;IAC3C,IAAI,IAAI,KAAK,iBAAiB,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,EAAE,CAAC,CAAC;KACnE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,+CAA+C,SAAS,gBAAgB,iBAAiB,GAAG,CAC7F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,uBAAuB,cAAc,CAAC,IAAI,CAC1F,IAAI,CACL,EAAE,CACJ,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,gBAAgB,cAAc,GAAG,CACpF,CAAC;SACH;KACF;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,GAAG,CAAC,CAAC;SACxE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC9E,MAAM,IAAI,KAAK,CAAC,4CAA4C,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;SACrF;KACF;IAED,MAAM,iBAAiB,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACzE,MAAM,wBAAwB,GAAG,IAAA,iCAAuB,EAAC,iBAAiB,CAAC,CAAC;IAC5E,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,wBAAwB,CAAC;IAE5D,MAAM,cAAc,GAAG,IAAA,gCAAsB,EAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,mBAAmB,EAAE,GAAG,cAAc,CAAC;IAE/F,yCAAyC;IACzC,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;gBACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;aAC1C;SACF;aAAM;YACL,kEAAkE;YAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAC9C,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,EAAE;gBACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;aAC1C;SACF;KACF;IAED,2CAA2C;IAC3C,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;KACzD;IAED,yCAAyC;IACzC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;KACnE;IAED,IAAI,CAAC,mBAAmB,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IAED,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;IAED,MAAM,gBAAgB,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;IAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IAED,kFAAkF;IAClF,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,GAAa,CAAC,EAAE;QAClD,MAAM,SAAS,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,uBAAuB,SAAS,GAAG,CAAC,CAAC;KACvF;IAED,MAAM,cAAc,GAAG,IAAA,gBAAM,EAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,yBAAe,CAAC,mBAAmB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IAElF,gEAAgE;IAChE,MAAM,YAAY,GAAkC;QAClD,MAAM;QACN,OAAO;QACP,QAAQ;QACR,cAAc;QACd,YAAY;QACZ,mBAAmB;QACnB,gBAAgB;QAChB,QAAQ;KACT,CAAC;IAEF;;OAEG;IACH,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,GAAG,KAAK,UAAU,EAAE;QACtB,QAAQ,GAAG,MAAM,IAAA,uBAAa,EAAC,YAAY,CAAC,CAAC;KAC9C;SAAM,IAAI,GAAG,KAAK,QAAQ,EAAE;QAC3B,QAAQ,GAAG,MAAM,IAAA,sBAAY,EAAC,YAAY,CAAC,CAAC;KAC7C;SAAM,IAAI,GAAG,KAAK,mBAAmB,EAAE;QACtC,QAAQ,GAAG,MAAM,IAAA,gCAAsB,EAAC,YAAY,CAAC,CAAC;KACvD;SAAM,IAAI,GAAG,KAAK,aAAa,EAAE;QAChC,QAAQ,GAAG,MAAM,IAAA,0BAAgB,EAAC,YAAY,CAAC,CAAC;KACjD;SAAM,IAAI,GAAG,KAAK,KAAK,EAAE;QACxB,QAAQ,GAAG,MAAM,IAAA,mBAAS,EAAC,YAAY,CAAC,CAAC;KAC1C;SAAM,IAAI,GAAG,KAAK,OAAO,EAAE;QAC1B,QAAQ,GAAG,MAAM,IAAA,qBAAW,EAAC,YAAY,CAAC,CAAC;KAC5C;SAAM,IAAI,GAAG,KAAK,MAAM,EAAE;QACzB,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;QACD,kFAAkF;QAClF,QAAQ,GAAG,IAAI,CAAC;KACjB;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;KAC3D;IAED,MAAM,QAAQ,GAAiC;QAC7C,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,CAAC,QAAQ,EAAE;QACrB,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;QAE7E,QAAQ,CAAC,gBAAgB,GAAG;YAC1B,GAAG;YACH,OAAO;YACP,MAAM,EAAE,IAAA,+BAAqB,EAAC,MAAM,CAAC;YACrC,YAAY;YACZ,mBAAmB;YACnB,cAAc;YACd,iBAAiB;YACjB,YAAY,EAAE,KAAK,CAAC,EAAE;YACtB,oBAAoB;YACpB,kBAAkB;SACnB,CAAC;KACH;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AA1MD,6CA0MC"}
|
|
@@ -19,7 +19,7 @@ var SERVICE_STATE;
|
|
|
19
19
|
SERVICE_STATE[SERVICE_STATE["REFRESHING"] = 1] = "REFRESHING";
|
|
20
20
|
SERVICE_STATE[SERVICE_STATE["READY"] = 2] = "READY";
|
|
21
21
|
})(SERVICE_STATE || (SERVICE_STATE = {}));
|
|
22
|
-
const log = logging_1.getLogger('MetadataService');
|
|
22
|
+
const log = (0, logging_1.getLogger)('MetadataService');
|
|
23
23
|
/**
|
|
24
24
|
* A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
|
|
25
25
|
* download and parsing, and on-demand requesting and caching of individual metadata statements.
|
|
@@ -111,7 +111,7 @@ class BaseMetadataService {
|
|
|
111
111
|
return;
|
|
112
112
|
}
|
|
113
113
|
if (aaguid instanceof Buffer) {
|
|
114
|
-
aaguid = convertAAGUIDToString_1.default(aaguid);
|
|
114
|
+
aaguid = (0, convertAAGUIDToString_1.default)(aaguid);
|
|
115
115
|
}
|
|
116
116
|
// If a cache refresh is in progress then pause this until the service is ready
|
|
117
117
|
await this.pauseUntilReady();
|
|
@@ -158,10 +158,10 @@ class BaseMetadataService {
|
|
|
158
158
|
async downloadBlob(mds) {
|
|
159
159
|
const { url, no } = mds;
|
|
160
160
|
// Get latest "BLOB" (FIDO's terminology, not mine)
|
|
161
|
-
const resp = await node_fetch_1.default(url);
|
|
161
|
+
const resp = await (0, node_fetch_1.default)(url);
|
|
162
162
|
const data = await resp.text();
|
|
163
163
|
// Parse the JWT
|
|
164
|
-
const parsedJWT = parseJWT_1.default(data);
|
|
164
|
+
const parsedJWT = (0, parseJWT_1.default)(data);
|
|
165
165
|
const header = parsedJWT[0];
|
|
166
166
|
const payload = parsedJWT[1];
|
|
167
167
|
if (payload.no <= no) {
|
|
@@ -173,7 +173,7 @@ class BaseMetadataService {
|
|
|
173
173
|
try {
|
|
174
174
|
// Validate the certificate chain
|
|
175
175
|
const rootCerts = settingsService_1.default.getRootCertificates({ identifier: 'mds' });
|
|
176
|
-
await validateCertificatePath_1.default(headerCertsPEM, rootCerts);
|
|
176
|
+
await (0, validateCertificatePath_1.default)(headerCertsPEM, rootCerts);
|
|
177
177
|
}
|
|
178
178
|
catch (error) {
|
|
179
179
|
const _error = error;
|