@simplewebauthn/server 5.1.0 → 5.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.d.ts +2 -2
- package/dist/authentication/generateAuthenticationOptions.js +1 -1
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +8 -1
- package/dist/authentication/verifyAuthenticationResponse.js +13 -9
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +4 -3
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeCbor.js +10 -2
- package/dist/helpers/decodeCbor.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/isCertRevoked.js +2 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.js +1 -1
- package/dist/helpers/logging.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +2 -0
- package/dist/helpers/parseAuthenticatorData.js +10 -6
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.d.ts +16 -0
- package/dist/helpers/parseBackupFlags.js +30 -0
- package/dist/helpers/parseBackupFlags.js.map +1 -0
- package/dist/helpers/validateCertificatePath.js +3 -3
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +4 -3
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.d.ts +2 -2
- package/dist/registration/generateRegistrationOptions.js +1 -1
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyTPM.js +14 -12
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidKey.js +14 -8
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js +10 -8
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -1
- package/dist/registration/verifications/verifyApple.js +5 -4
- package/dist/registration/verifications/verifyApple.js.map +1 -1
- package/dist/registration/verifications/verifyFIDOU2F.js +6 -5
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -1
- package/dist/registration/verifications/verifyPacked.js +18 -12
- package/dist/registration/verifications/verifyPacked.js.map +1 -1
- package/dist/registration/verifyRegistrationResponse.d.ts +12 -5
- package/dist/registration/verifyRegistrationResponse.js +20 -16
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.js +5 -5
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.js +1 -1
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +6 -6
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import type { AuthenticationExtensionsClientInputs, PublicKeyCredentialRequestOptionsJSON,
|
|
2
|
+
import type { AuthenticationExtensionsClientInputs, PublicKeyCredentialRequestOptionsJSON, PublicKeyCredentialDescriptorFuture, UserVerificationRequirement } from '@simplewebauthn/typescript-types';
|
|
3
3
|
export declare type GenerateAuthenticationOptionsOpts = {
|
|
4
|
-
allowCredentials?:
|
|
4
|
+
allowCredentials?: PublicKeyCredentialDescriptorFuture[];
|
|
5
5
|
challenge?: string | Buffer;
|
|
6
6
|
timeout?: number;
|
|
7
7
|
userVerification?: UserVerificationRequirement;
|
|
@@ -19,7 +19,7 @@ const generateChallenge_1 = __importDefault(require("../helpers/generateChalleng
|
|
|
19
19
|
* @param rpID Valid domain name (after `https://`)
|
|
20
20
|
*/
|
|
21
21
|
function generateAuthenticationOptions(options = {}) {
|
|
22
|
-
const { allowCredentials, challenge = generateChallenge_1.default(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
22
|
+
const { allowCredentials, challenge = (0, generateChallenge_1.default)(), timeout = 60000, userVerification, extensions, rpID, } = options;
|
|
23
23
|
return {
|
|
24
24
|
challenge: base64url_1.default.encode(challenge),
|
|
25
25
|
allowCredentials: allowCredentials === null || allowCredentials === void 0 ? void 0 : allowCredentials.map(cred => ({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;;;AAMA,0DAAkC;AAElC,qFAA6D;AAW7D;;;;;;;;;;;;GAYG;AACH,SAAwB,6BAA6B,CACnD,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,EAChB,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AAvBD,gDAuBC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { AuthenticationCredentialJSON, AuthenticatorDevice } from '@simplewebauthn/typescript-types';
|
|
2
|
+
import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
3
3
|
export declare type VerifyAuthenticationResponseOpts = {
|
|
4
4
|
credential: AuthenticationCredentialJSON;
|
|
5
5
|
expectedChallenge: string | ((challenge: string) => boolean);
|
|
@@ -33,11 +33,18 @@ export default function verifyAuthenticationResponse(options: VerifyAuthenticati
|
|
|
33
33
|
* @param authenticationInfo.newCounter The number of times the authenticator identified above
|
|
34
34
|
* reported it has been used. **Should be kept in a DB for later reference to help prevent replay
|
|
35
35
|
* attacks!**
|
|
36
|
+
* @param authenticationInfo.credentialDeviceType Whether this is a single-device or multi-device
|
|
37
|
+
* credential. **Should be kept in a DB for later reference!**
|
|
38
|
+
* @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been
|
|
39
|
+
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
|
|
40
|
+
* reference!**
|
|
36
41
|
*/
|
|
37
42
|
export declare type VerifiedAuthenticationResponse = {
|
|
38
43
|
verified: boolean;
|
|
39
44
|
authenticationInfo: {
|
|
40
45
|
credentialID: Buffer;
|
|
41
46
|
newCounter: number;
|
|
47
|
+
credentialDeviceType: CredentialDeviceType;
|
|
48
|
+
credentialBackedUp: boolean;
|
|
42
49
|
};
|
|
43
50
|
};
|
|
@@ -10,6 +10,7 @@ const convertPublicKeyToPEM_1 = __importDefault(require("../helpers/convertPubli
|
|
|
10
10
|
const verifySignature_1 = __importDefault(require("../helpers/verifySignature"));
|
|
11
11
|
const parseAuthenticatorData_1 = __importDefault(require("../helpers/parseAuthenticatorData"));
|
|
12
12
|
const isBase64URLString_1 = __importDefault(require("../helpers/isBase64URLString"));
|
|
13
|
+
const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
|
|
13
14
|
/**
|
|
14
15
|
* Verify that the user has legitimately completed the login process
|
|
15
16
|
*
|
|
@@ -45,7 +46,7 @@ function verifyAuthenticationResponse(options) {
|
|
|
45
46
|
if (typeof (response === null || response === void 0 ? void 0 : response.clientDataJSON) !== 'string') {
|
|
46
47
|
throw new Error('Credential response clientDataJSON was not a string');
|
|
47
48
|
}
|
|
48
|
-
const clientDataJSON = decodeClientDataJSON_1.default(response.clientDataJSON);
|
|
49
|
+
const clientDataJSON = (0, decodeClientDataJSON_1.default)(response.clientDataJSON);
|
|
49
50
|
const { type, origin, challenge, tokenBinding } = clientDataJSON;
|
|
50
51
|
// Make sure we're handling an authentication
|
|
51
52
|
if (type !== 'webauthn.get') {
|
|
@@ -72,10 +73,10 @@ function verifyAuthenticationResponse(options) {
|
|
|
72
73
|
throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
|
|
73
74
|
}
|
|
74
75
|
}
|
|
75
|
-
if (!isBase64URLString_1.default(response.authenticatorData)) {
|
|
76
|
+
if (!(0, isBase64URLString_1.default)(response.authenticatorData)) {
|
|
76
77
|
throw new Error('Credential response authenticatorData was not a base64url string');
|
|
77
78
|
}
|
|
78
|
-
if (!isBase64URLString_1.default(response.signature)) {
|
|
79
|
+
if (!(0, isBase64URLString_1.default)(response.signature)) {
|
|
79
80
|
throw new Error('Credential response signature was not a base64url string');
|
|
80
81
|
}
|
|
81
82
|
if (response.userHandle && typeof response.userHandle !== 'string') {
|
|
@@ -90,11 +91,11 @@ function verifyAuthenticationResponse(options) {
|
|
|
90
91
|
}
|
|
91
92
|
}
|
|
92
93
|
const authDataBuffer = base64url_1.default.toBuffer(response.authenticatorData);
|
|
93
|
-
const parsedAuthData = parseAuthenticatorData_1.default(authDataBuffer);
|
|
94
|
+
const parsedAuthData = (0, parseAuthenticatorData_1.default)(authDataBuffer);
|
|
94
95
|
const { rpIdHash, flags, counter } = parsedAuthData;
|
|
95
96
|
// Make sure the response's RP ID is ours
|
|
96
97
|
if (typeof expectedRPID === 'string') {
|
|
97
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expectedRPID, 'ascii'));
|
|
98
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expectedRPID, 'ascii'));
|
|
98
99
|
if (!rpIdHash.equals(expectedRPIDHash)) {
|
|
99
100
|
throw new Error(`Unexpected RP ID hash`);
|
|
100
101
|
}
|
|
@@ -102,7 +103,7 @@ function verifyAuthenticationResponse(options) {
|
|
|
102
103
|
else {
|
|
103
104
|
// Go through each expected RP ID and try to find one that matches
|
|
104
105
|
const foundMatch = expectedRPID.some(expected => {
|
|
105
|
-
const expectedRPIDHash = toHash_1.default(Buffer.from(expected, 'ascii'));
|
|
106
|
+
const expectedRPIDHash = (0, toHash_1.default)(Buffer.from(expected, 'ascii'));
|
|
106
107
|
return rpIdHash.equals(expectedRPIDHash);
|
|
107
108
|
});
|
|
108
109
|
if (!foundMatch) {
|
|
@@ -117,9 +118,9 @@ function verifyAuthenticationResponse(options) {
|
|
|
117
118
|
if (requireUserVerification && !flags.uv) {
|
|
118
119
|
throw new Error('User verification required, but user could not be verified');
|
|
119
120
|
}
|
|
120
|
-
const clientDataHash = toHash_1.default(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
121
|
+
const clientDataHash = (0, toHash_1.default)(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
121
122
|
const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]);
|
|
122
|
-
const publicKey = convertPublicKeyToPEM_1.default(authenticator.credentialPublicKey);
|
|
123
|
+
const publicKey = (0, convertPublicKeyToPEM_1.default)(authenticator.credentialPublicKey);
|
|
123
124
|
const signature = base64url_1.default.toBuffer(response.signature);
|
|
124
125
|
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
|
|
125
126
|
// Error out when the counter in the DB is greater than or equal to the counter in the
|
|
@@ -128,11 +129,14 @@ function verifyAuthenticationResponse(options) {
|
|
|
128
129
|
// on the device without going through this site
|
|
129
130
|
throw new Error(`Response counter value ${counter} was lower than expected ${authenticator.counter}`);
|
|
130
131
|
}
|
|
132
|
+
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
|
|
131
133
|
const toReturn = {
|
|
132
|
-
verified: verifySignature_1.default(signature, signatureBase, publicKey),
|
|
134
|
+
verified: (0, verifySignature_1.default)(signature, signatureBase, publicKey),
|
|
133
135
|
authenticationInfo: {
|
|
134
136
|
newCounter: counter,
|
|
135
137
|
credentialID: authenticator.credentialID,
|
|
138
|
+
credentialDeviceType,
|
|
139
|
+
credentialBackedUp,
|
|
136
140
|
},
|
|
137
141
|
};
|
|
138
142
|
return toReturn;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;
|
|
1
|
+
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;AAAA,0DAAkC;AAOlC,2FAAmE;AACnE,+DAAuC;AACvC,6FAAqE;AACrE,iFAAyD;AACzD,+FAAuE;AACvE,qFAA6D;AAC7D,kEAA+D;AAW/D;;;;;;;;;;;;;GAaG;AACH,SAAwB,4BAA4B,CAClD,OAAyC;IAEzC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,GACxB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,IAAA,8BAAoB,EAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,IAAA,2BAAiB,EAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,IAAA,gCAAsB,EAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC;IAEpD,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,IAAA,gBAAM,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,wDAAwD;IACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC3D;IAED,wCAAwC;IACxC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,MAAM,cAAc,GAAG,IAAA,gBAAM,EAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,IAAA,+BAAqB,EAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,IAAA,yBAAe,EAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC;QAC9D,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,oBAAoB;YACpB,kBAAkB;SACnB;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AA7JD,+CA6JC"}
|
|
@@ -6,7 +6,7 @@ const decodeCbor_1 = require("./decodeCbor");
|
|
|
6
6
|
* Takes COSE-encoded public key and converts it to PKCS key
|
|
7
7
|
*/
|
|
8
8
|
function convertCOSEtoPKCS(cosePublicKey) {
|
|
9
|
-
const struct = decodeCbor_1.decodeCborFirst(cosePublicKey);
|
|
9
|
+
const struct = (0, decodeCbor_1.decodeCborFirst)(cosePublicKey);
|
|
10
10
|
const tag = Buffer.from([0x04]);
|
|
11
11
|
const x = struct.get(COSEKEYS.x);
|
|
12
12
|
const y = struct.get(COSEKEYS.y);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,4BAAe,
|
|
1
|
+
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAEA,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,iBAAiB,CAAC,aAAqB;IAC7D,MAAM,MAAM,GAAkB,IAAA,4BAAe,EAAC,aAAa,CAAC,CAAC;IAE7D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,EAAE;QACL,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,CAAC,CAAC,CAAC;AAC3C,CAAC;AAhBD,oCAgBC;AAID,IAAY,QAQX;AARD,WAAY,QAAQ;IAClB,qCAAO,CAAA;IACP,qCAAO,CAAA;IACP,sCAAQ,CAAA;IACR,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;AACR,CAAC,EARW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAQnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAEY,QAAA,aAAa,GAAyC;IACjE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,YAAY;IACnB,KAAK,EAAE,YAAY;IACnB,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,0DAA0D;AAC7C,QAAA,OAAO,GAA8B;IAChD,UAAU;IACV,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,UAAU;IACV,CAAC,EAAE,SAAS;CACb,CAAC;AAEW,QAAA,WAAW,GAA8B;IACpD,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,MAAM;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,QAAQ;IACd,KAAK,EAAE,QAAQ;CAChB,CAAC"}
|
|
@@ -12,7 +12,8 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
12
12
|
struct = cbor_1.default.decodeAllSync(publicKey)[0];
|
|
13
13
|
}
|
|
14
14
|
catch (err) {
|
|
15
|
-
|
|
15
|
+
const _err = err;
|
|
16
|
+
throw new Error(`Error decoding public key while converting to PEM: ${_err.message}`);
|
|
16
17
|
}
|
|
17
18
|
const kty = struct.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
18
19
|
if (!kty) {
|
|
@@ -31,7 +32,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
31
32
|
if (!y) {
|
|
32
33
|
throw new Error('Public key was missing y (EC2)');
|
|
33
34
|
}
|
|
34
|
-
const ecPEM = jwk_to_pem_1.default({
|
|
35
|
+
const ecPEM = (0, jwk_to_pem_1.default)({
|
|
35
36
|
kty: 'EC',
|
|
36
37
|
// Specify curve as "P-256" from "p256"
|
|
37
38
|
crv: convertCOSEtoPKCS_1.COSECRV[crv].replace('p', 'P-'),
|
|
@@ -49,7 +50,7 @@ function convertPublicKeyToPEM(publicKey) {
|
|
|
49
50
|
if (!e) {
|
|
50
51
|
throw new Error('Public key was missing e (RSA)');
|
|
51
52
|
}
|
|
52
|
-
const rsaPEM = jwk_to_pem_1.default({
|
|
53
|
+
const rsaPEM = (0, jwk_to_pem_1.default)({
|
|
53
54
|
kty: 'RSA',
|
|
54
55
|
n: n.toString('base64'),
|
|
55
56
|
e: e.toString('base64'),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,sDAAsD,
|
|
1
|
+
{"version":3,"file":"convertPublicKeyToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertPublicKeyToPEM.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,4DAAkC;AAElC,2DAAiE;AAEjE,SAAwB,qBAAqB,CAAC,SAAiB;IAC7D,IAAI,MAAM,CAAC;IACX,IAAI;QACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC3C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KACvF;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;KAC/C;IAED,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QACvB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;SACrD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,KAAK,GAAG,IAAA,oBAAQ,EAAC;YACrB,GAAG,EAAE,IAAI;YACT,uCAAuC;YACvC,GAAG,EAAE,2BAAO,CAAC,GAAa,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC;YAC9C,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;KACd;SAAM,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QAED,MAAM,MAAM,GAAG,IAAA,oBAAQ,EAAC;YACtB,GAAG,EAAE,KAAK;YACV,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnC,CAAC,EAAG,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;KACf;IAED,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,SAAS,CAAC,CAAC;AACrE,CAAC;AA/DD,wCA+DC"}
|
|
@@ -11,12 +11,20 @@ function decodeCborFirst(input) {
|
|
|
11
11
|
return cbor_1.default.decodeFirstSync(input);
|
|
12
12
|
}
|
|
13
13
|
catch (err) {
|
|
14
|
+
const _err = err;
|
|
14
15
|
// if the error was due to extra bytes, return the unpacked value
|
|
15
|
-
if (
|
|
16
|
-
return
|
|
16
|
+
if (_err.value) {
|
|
17
|
+
return _err.value;
|
|
17
18
|
}
|
|
18
19
|
throw err;
|
|
19
20
|
}
|
|
20
21
|
}
|
|
21
22
|
exports.decodeCborFirst = decodeCborFirst;
|
|
23
|
+
/**
|
|
24
|
+
* Intuited from a quick scan of `cbor.decodeFirstSync()` here:
|
|
25
|
+
*
|
|
26
|
+
* https://github.com/hildjj/node-cbor/blob/v5.1.0/lib/decoder.js#L189
|
|
27
|
+
*/
|
|
28
|
+
class CborDecoderError extends Error {
|
|
29
|
+
}
|
|
22
30
|
//# sourceMappingURL=decodeCbor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,iEAAiE;QACjE,IAAI,
|
|
1
|
+
{"version":3,"file":"decodeCbor.js","sourceRoot":"","sources":["../../src/helpers/decodeCbor.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AAExB,SAAgB,eAAe,CAAC,KAAwC;IACtE,IAAI;QACF,kCAAkC;QAClC,OAAO,cAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;KACpC;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAuB,CAAC;QACrC,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE;YACd,OAAO,IAAI,CAAC,KAAK,CAAC;SACnB;QACD,MAAM,GAAG,CAAC;KACX;AACH,CAAC;AAZD,0CAYC;AAED;;;;GAIG;AACH,MAAM,gBAAiB,SAAQ,KAAK;CAEnC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const decodeCbor_1 = require("./decodeCbor");
|
|
4
4
|
function decodeCredentialPublicKey(publicKey) {
|
|
5
|
-
return decodeCbor_1.decodeCborFirst(publicKey);
|
|
5
|
+
return (0, decodeCbor_1.decodeCborFirst)(publicKey);
|
|
6
6
|
}
|
|
7
7
|
exports.default = decodeCredentialPublicKey;
|
|
8
8
|
//# sourceMappingURL=decodeCredentialPublicKey.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,4BAAe,
|
|
1
|
+
{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;AACA,6CAA+C;AAE/C,SAAwB,yBAAyB,CAAC,SAAiB;IACjE,OAAO,IAAA,4BAAe,EAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAFD,4CAEC"}
|
|
@@ -50,9 +50,9 @@ async function isCertRevoked(cert) {
|
|
|
50
50
|
// Download and read the CRL
|
|
51
51
|
const crlCert = new jsrsasign_1.X509();
|
|
52
52
|
try {
|
|
53
|
-
const respCRL = await node_fetch_1.default(crlURL[0]);
|
|
53
|
+
const respCRL = await (0, node_fetch_1.default)(crlURL[0]);
|
|
54
54
|
const dataCRL = await respCRL.buffer();
|
|
55
|
-
const dataPEM = convertCertBufferToPEM_1.default(dataCRL);
|
|
55
|
+
const dataPEM = (0, convertCertBufferToPEM_1.default)(dataCRL);
|
|
56
56
|
crlCert.readCertPEM(dataPEM);
|
|
57
57
|
}
|
|
58
58
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,oBAAK,
|
|
1
|
+
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,sFAA8D;AAW9D,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACY,KAAK,UAAU,aAAa,CAAC,IAAU;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAK,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,gCAAsB,EAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA5ED,gCA4EC"}
|
package/dist/helpers/logging.js
CHANGED
|
@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.getLogger = void 0;
|
|
7
7
|
const debug_1 = __importDefault(require("debug"));
|
|
8
|
-
const defaultLogger = debug_1.default('SimpleWebAuthn');
|
|
8
|
+
const defaultLogger = (0, debug_1.default)('SimpleWebAuthn');
|
|
9
9
|
/**
|
|
10
10
|
* Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for
|
|
11
11
|
* consistent naming.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,eAAK,
|
|
1
|
+
{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAwC;AAExC,MAAM,aAAa,GAAG,IAAA,eAAK,EAAC,gBAAgB,CAAC,CAAC;AAE9C;;;;;;;;;;;;;GAaG;AACH,SAAgB,SAAS,CAAC,IAAY;IACpC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAFD,8BAEC"}
|
|
@@ -16,11 +16,15 @@ function parseAuthenticatorData(authData) {
|
|
|
16
16
|
const rpIdHash = authData.slice(pointer, (pointer += 32));
|
|
17
17
|
const flagsBuf = authData.slice(pointer, (pointer += 1));
|
|
18
18
|
const flagsInt = flagsBuf[0];
|
|
19
|
+
// Bit positions can be referenced here:
|
|
20
|
+
// https://www.w3.org/TR/webauthn-2/#flags
|
|
19
21
|
const flags = {
|
|
20
|
-
up: !!(flagsInt &
|
|
21
|
-
uv: !!(flagsInt &
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
up: !!(flagsInt & 1 << 0),
|
|
23
|
+
uv: !!(flagsInt & 1 << 2),
|
|
24
|
+
be: !!(flagsInt & 1 << 3),
|
|
25
|
+
bs: !!(flagsInt & 1 << 4),
|
|
26
|
+
at: !!(flagsInt & 1 << 6),
|
|
27
|
+
ed: !!(flagsInt & 1 << 7),
|
|
24
28
|
flagsInt,
|
|
25
29
|
};
|
|
26
30
|
const counterBuf = authData.slice(pointer, (pointer += 4));
|
|
@@ -34,14 +38,14 @@ function parseAuthenticatorData(authData) {
|
|
|
34
38
|
const credIDLen = credIDLenBuf.readUInt16BE(0);
|
|
35
39
|
credentialID = authData.slice(pointer, (pointer += credIDLen));
|
|
36
40
|
// Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
|
|
37
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
41
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
38
42
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
39
43
|
credentialPublicKey = firstEncoded;
|
|
40
44
|
pointer += firstEncoded.byteLength;
|
|
41
45
|
}
|
|
42
46
|
let extensionsDataBuffer = undefined;
|
|
43
47
|
if (flags.ed) {
|
|
44
|
-
const firstDecoded = decodeCbor_1.decodeCborFirst(authData.slice(pointer));
|
|
48
|
+
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
45
49
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
46
50
|
extensionsDataBuffer = firstEncoded;
|
|
47
51
|
pointer += firstEncoded.byteLength;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAE/C;;GAEG;AACH,SAAwB,sBAAsB,CAAC,QAAgB;IAC7D,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,wCAAwC;IACxC,0CAA0C;IAC1C,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC;QACzB,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAElD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IACzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,2FAA2F;IAC3F,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,oBAAoB;KACrB,CAAC;AACJ,CAAC;AAxED,yCAwEC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
2
|
+
/**
|
|
3
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
4
|
+
*
|
|
5
|
+
* - Whether the credential can be used on multiple devices
|
|
6
|
+
* - Whether the credential is backed up or not
|
|
7
|
+
*
|
|
8
|
+
* Invalid configurations will raise an `Error`
|
|
9
|
+
*/
|
|
10
|
+
export declare function parseBackupFlags({ be, bs }: {
|
|
11
|
+
be: boolean;
|
|
12
|
+
bs: boolean;
|
|
13
|
+
}): {
|
|
14
|
+
credentialDeviceType: CredentialDeviceType;
|
|
15
|
+
credentialBackedUp: boolean;
|
|
16
|
+
};
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.parseBackupFlags = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Make sense of Bits 3 and 4 in authenticator indicating:
|
|
6
|
+
*
|
|
7
|
+
* - Whether the credential can be used on multiple devices
|
|
8
|
+
* - Whether the credential is backed up or not
|
|
9
|
+
*
|
|
10
|
+
* Invalid configurations will raise an `Error`
|
|
11
|
+
*/
|
|
12
|
+
function parseBackupFlags({ be, bs }) {
|
|
13
|
+
const credentialBackedUp = bs;
|
|
14
|
+
let credentialDeviceType = 'singleDevice';
|
|
15
|
+
if (be) {
|
|
16
|
+
credentialDeviceType = 'multiDevice';
|
|
17
|
+
}
|
|
18
|
+
if (credentialDeviceType === 'singleDevice' && credentialBackedUp) {
|
|
19
|
+
throw new InvalidBackupFlags('Single-device credential indicated that it was backed up, which should be impossible.');
|
|
20
|
+
}
|
|
21
|
+
return { credentialDeviceType, credentialBackedUp };
|
|
22
|
+
}
|
|
23
|
+
exports.parseBackupFlags = parseBackupFlags;
|
|
24
|
+
class InvalidBackupFlags extends Error {
|
|
25
|
+
constructor(message) {
|
|
26
|
+
super(message);
|
|
27
|
+
this.name = 'InvalidBackupFlags';
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=parseBackupFlags.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parseBackupFlags.js","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAgC;IAIvE,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,IAAI,oBAAoB,GAAyB,cAAc,CAAC;IAEhE,IAAI,EAAE,EAAE;QACN,oBAAoB,GAAG,aAAa,CAAC;KACtC;IAED,IAAI,oBAAoB,KAAK,cAAc,IAAI,kBAAkB,EAAE;QACjE,MAAM,IAAI,kBAAkB,CAC1B,uFAAuF,CACxF,CAAA;KACF;IAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;AACtD,CAAC;AAlBD,4CAkBC;AAED,MAAM,kBAAmB,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF"}
|
|
@@ -75,13 +75,13 @@ async function _validatePath(certificates) {
|
|
|
75
75
|
const issuerCert = new jsrsasign_1.X509();
|
|
76
76
|
issuerCert.readCertPEM(issuerPem);
|
|
77
77
|
// Check for certificate revocation
|
|
78
|
-
const subjectCertRevoked = await isCertRevoked_1.default(subjectCert);
|
|
78
|
+
const subjectCertRevoked = await (0, isCertRevoked_1.default)(subjectCert);
|
|
79
79
|
if (subjectCertRevoked) {
|
|
80
80
|
throw new Error(`Found revoked certificate in certificate path`);
|
|
81
81
|
}
|
|
82
82
|
// Check that intermediate certificate is within its valid time window
|
|
83
|
-
const notBefore = jsrsasign_1.zulutodate(issuerCert.getNotBefore());
|
|
84
|
-
const notAfter = jsrsasign_1.zulutodate(issuerCert.getNotAfter());
|
|
83
|
+
const notBefore = (0, jsrsasign_1.zulutodate)(issuerCert.getNotBefore());
|
|
84
|
+
const notAfter = (0, jsrsasign_1.zulutodate)(issuerCert.getNotAfter());
|
|
85
85
|
const now = new Date(Date.now());
|
|
86
86
|
if (notBefore > now || notAfter < now) {
|
|
87
87
|
if (isLeafCert) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,uBAAa,
|
|
1
|
+
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0CAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAW,CAAC,CAAC;QAE5D,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,sEAAsE;QACtE,MAAM,SAAS,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,GAAG,GAAG,IAAI,QAAQ,GAAG,GAAG,EAAE;YACrC,IAAI,UAAU,EAAE;gBACd,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM,IAAI,UAAU,EAAE;gBACrB,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,+BAA+B,CACvC,yDAAyD,SAAS,EAAE,CACrE,CAAC;aACH;SACF;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,EAAE;YACnE,MAAM,IAAI,uBAAuB,EAAE,CAAC;SACrC;QAED,MAAM,iBAAiB,GAAG,mBAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,0BAA0B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,SAAS,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAEvC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+CAA+C;AAC/C,MAAM,uBAAwB,SAAQ,KAAK;IACzC;QACE,MAAM,OAAO,GAAG,6CAA6C,CAAC;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,+BAAgC,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -22,7 +22,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
22
22
|
}
|
|
23
23
|
});
|
|
24
24
|
// Extract the public key's COSE info for comparison
|
|
25
|
-
const decodedPublicKey = decodeCredentialPublicKey_1.default(credentialPublicKey);
|
|
25
|
+
const decodedPublicKey = (0, decodeCredentialPublicKey_1.default)(credentialPublicKey);
|
|
26
26
|
// Assume everything is a number because these values should be
|
|
27
27
|
const publicKeyCOSEInfo = {
|
|
28
28
|
kty: decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty),
|
|
@@ -60,10 +60,11 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
60
60
|
throw new Error(`Public key algorithm ${publicKeyCOSEInfo} did not match any metadata algorithms [${debugAlgs}]`);
|
|
61
61
|
}
|
|
62
62
|
try {
|
|
63
|
-
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
63
|
+
await (0, validateCertificatePath_1.default)(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
64
64
|
}
|
|
65
65
|
catch (err) {
|
|
66
|
-
|
|
66
|
+
const _err = err;
|
|
67
|
+
throw new Error(`Could not validate certificate path with any metadata root certificates: ${_err.message}`);
|
|
67
68
|
}
|
|
68
69
|
return true;
|
|
69
70
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,mCAAyB,
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AACzE,qGAA6E;AAC7E,oEAAiE;AAEjE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,mCAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;mBAC/D,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAC3C;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,wBAAwB,iBAAiB,2CAA2C,SAAS,GAAG,CAAC,CAAC;KACnH;IAED,IAAI;QACF,MAAM,IAAA,iCAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,gCAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7G;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAtED,gDAsEC;AAQD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,8FAA8F;QAC9F,sBAAsB;QACtB,eAAe;QACf,oCAAoC;QACpC,oCAAoC;QACpC,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON,
|
|
2
|
+
import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialDescriptorFuture } from '@simplewebauthn/typescript-types';
|
|
3
3
|
export declare type GenerateRegistrationOptionsOpts = {
|
|
4
4
|
rpName: string;
|
|
5
5
|
rpID: string;
|
|
@@ -9,7 +9,7 @@ export declare type GenerateRegistrationOptionsOpts = {
|
|
|
9
9
|
userDisplayName?: string;
|
|
10
10
|
timeout?: number;
|
|
11
11
|
attestationType?: AttestationConveyancePreference;
|
|
12
|
-
excludeCredentials?:
|
|
12
|
+
excludeCredentials?: PublicKeyCredentialDescriptorFuture[];
|
|
13
13
|
authenticatorSelection?: AuthenticatorSelectionCriteria;
|
|
14
14
|
extensions?: AuthenticationExtensionsClientInputs;
|
|
15
15
|
supportedAlgorithmIDs?: COSEAlgorithmIdentifier[];
|
|
@@ -71,7 +71,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
73
|
function generateRegistrationOptions(options) {
|
|
74
|
-
const { rpName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
74
|
+
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.default)(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
77
77
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,2BAAiB,
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,2BAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,8CA2DC"}
|