@simplewebauthn/server 5.2.1 → 5.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.d.ts +1 -1
- package/dist/authentication/generateAuthenticationOptions.js +4 -3
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +5 -1
- package/dist/authentication/verifyAuthenticationResponse.js +19 -17
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertAAGUIDToString.d.ts +1 -1
- package/dist/helpers/convertAAGUIDToString.js +2 -1
- package/dist/helpers/convertAAGUIDToString.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.d.ts +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +2 -2
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.d.ts +1 -1
- package/dist/helpers/convertCertBufferToPEM.js +2 -1
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.d.ts +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +2 -1
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeAttestationObject.d.ts +1 -1
- package/dist/helpers/decodeAttestationObject.js +2 -1
- package/dist/helpers/decodeAttestationObject.js.map +1 -1
- package/dist/helpers/decodeAuthenticatorExtensions.d.ts +20 -0
- package/dist/helpers/decodeAuthenticatorExtensions.js +25 -0
- package/dist/helpers/decodeAuthenticatorExtensions.js.map +1 -0
- package/dist/helpers/decodeClientDataJSON.d.ts +1 -1
- package/dist/helpers/decodeClientDataJSON.js +2 -1
- package/dist/helpers/decodeClientDataJSON.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.d.ts +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +2 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/generateChallenge.d.ts +1 -1
- package/dist/helpers/generateChallenge.js +2 -1
- package/dist/helpers/generateChallenge.js.map +1 -1
- package/dist/helpers/getCertificateInfo.d.ts +1 -1
- package/dist/helpers/getCertificateInfo.js +2 -1
- package/dist/helpers/getCertificateInfo.js.map +1 -1
- package/dist/helpers/index.d.ts +15 -15
- package/dist/helpers/index.js +30 -33
- package/dist/helpers/index.js.map +1 -1
- package/dist/helpers/isBase64URLString.d.ts +1 -1
- package/dist/helpers/isBase64URLString.js +2 -1
- package/dist/helpers/isBase64URLString.js.map +1 -1
- package/dist/helpers/isCertRevoked.d.ts +1 -1
- package/dist/helpers/isCertRevoked.js +4 -3
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +3 -1
- package/dist/helpers/parseAuthenticatorData.js +12 -7
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.js.map +1 -1
- package/dist/helpers/toHash.d.ts +1 -1
- package/dist/helpers/toHash.js +2 -1
- package/dist/helpers/toHash.js.map +1 -1
- package/dist/helpers/validateCertificatePath.d.ts +1 -1
- package/dist/helpers/validateCertificatePath.js +4 -6
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/helpers/verifySignature.d.ts +1 -1
- package/dist/helpers/verifySignature.js +2 -1
- package/dist/helpers/verifySignature.js.map +1 -1
- package/dist/index.d.ts +6 -6
- package/dist/index.js +12 -15
- package/dist/index.js.map +1 -1
- package/dist/metadata/parseJWT.d.ts +1 -1
- package/dist/metadata/parseJWT.js +2 -1
- package/dist/metadata/parseJWT.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +9 -11
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.d.ts +1 -1
- package/dist/registration/generateRegistrationOptions.js +4 -4
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/constants.d.ts +30 -0
- package/dist/registration/verifications/tpm/constants.js +36 -2
- package/dist/registration/verifications/tpm/constants.js.map +1 -1
- package/dist/registration/verifications/tpm/parseCertInfo.d.ts +1 -1
- package/dist/registration/verifications/tpm/parseCertInfo.js +2 -1
- package/dist/registration/verifications/tpm/parseCertInfo.js.map +1 -1
- package/dist/registration/verifications/tpm/parsePubArea.d.ts +4 -1
- package/dist/registration/verifications/tpm/parsePubArea.js +23 -4
- package/dist/registration/verifications/tpm/parsePubArea.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyAttestationTPM.d.ts +2 -0
- package/dist/registration/verifications/tpm/{verifyTPM.js → verifyAttestationTPM.js} +28 -34
- package/dist/registration/verifications/tpm/verifyAttestationTPM.js.map +1 -0
- package/dist/registration/verifications/{verifyAndroidKey.d.ts → verifyAttestationAndroidKey.d.ts} +1 -1
- package/dist/registration/verifications/{verifyAndroidKey.js → verifyAttestationAndroidKey.js} +15 -40
- package/dist/registration/verifications/verifyAttestationAndroidKey.js.map +1 -0
- package/dist/registration/verifications/{verifyAndroidSafetyNet.d.ts → verifyAttestationAndroidSafetyNet.d.ts} +1 -1
- package/dist/registration/verifications/{verifyAndroidSafetyNet.js → verifyAttestationAndroidSafetyNet.js} +17 -16
- package/dist/registration/verifications/verifyAttestationAndroidSafetyNet.js.map +1 -0
- package/dist/registration/verifications/verifyAttestationApple.d.ts +2 -0
- package/dist/registration/verifications/{verifyApple.js → verifyAttestationApple.js} +11 -13
- package/dist/registration/verifications/verifyAttestationApple.js.map +1 -0
- package/dist/registration/verifications/{verifyFIDOU2F.d.ts → verifyAttestationFIDOU2F.d.ts} +1 -1
- package/dist/registration/verifications/{verifyFIDOU2F.js → verifyAttestationFIDOU2F.js} +11 -13
- package/dist/registration/verifications/verifyAttestationFIDOU2F.js.map +1 -0
- package/dist/registration/verifications/{verifyPacked.d.ts → verifyAttestationPacked.d.ts} +1 -1
- package/dist/registration/verifications/{verifyPacked.js → verifyAttestationPacked.js} +22 -44
- package/dist/registration/verifications/verifyAttestationPacked.js.map +1 -0
- package/dist/registration/verifyRegistrationResponse.d.ts +6 -2
- package/dist/registration/verifyRegistrationResponse.js +32 -30
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.d.ts +2 -2
- package/dist/services/metadataService.js +13 -14
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.d.ts +3 -3
- package/dist/services/settingsService.js +9 -12
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +3 -3
- package/dist/registration/verifications/tpm/verifyTPM.d.ts +0 -2
- package/dist/registration/verifications/tpm/verifyTPM.js.map +0 -1
- package/dist/registration/verifications/verifyAndroidKey.js.map +0 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +0 -1
- package/dist/registration/verifications/verifyApple.d.ts +0 -2
- package/dist/registration/verifications/verifyApple.js.map +0 -1
- package/dist/registration/verifications/verifyFIDOU2F.js.map +0 -1
- package/dist/registration/verifications/verifyPacked.js.map +0 -1
package/dist/helpers/index.js
CHANGED
|
@@ -1,39 +1,36 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.verifySignature = exports.validateCertificatePath = exports.toHash = exports.parseAuthenticatorData = exports.isCertRevoked = exports.isBase64URLString = exports.getCertificateInfo = exports.generateChallenge = exports.decodeCredentialPublicKey = exports.decodeClientDataJSON = exports.decodeCborFirst = exports.decodeAttestationObject = exports.convertPublicKeyToPEM = exports.convertCOSEtoPKCS = exports.convertCertBufferToPEM = exports.convertAAGUIDToString = void 0;
|
|
7
|
-
const convertAAGUIDToString_1 =
|
|
8
|
-
exports
|
|
9
|
-
const convertCertBufferToPEM_1 =
|
|
10
|
-
exports
|
|
11
|
-
const convertCOSEtoPKCS_1 =
|
|
12
|
-
exports
|
|
13
|
-
const convertPublicKeyToPEM_1 =
|
|
14
|
-
exports
|
|
15
|
-
const decodeAttestationObject_1 =
|
|
16
|
-
exports
|
|
4
|
+
const convertAAGUIDToString_1 = require("./convertAAGUIDToString");
|
|
5
|
+
Object.defineProperty(exports, "convertAAGUIDToString", { enumerable: true, get: function () { return convertAAGUIDToString_1.convertAAGUIDToString; } });
|
|
6
|
+
const convertCertBufferToPEM_1 = require("./convertCertBufferToPEM");
|
|
7
|
+
Object.defineProperty(exports, "convertCertBufferToPEM", { enumerable: true, get: function () { return convertCertBufferToPEM_1.convertCertBufferToPEM; } });
|
|
8
|
+
const convertCOSEtoPKCS_1 = require("./convertCOSEtoPKCS");
|
|
9
|
+
Object.defineProperty(exports, "convertCOSEtoPKCS", { enumerable: true, get: function () { return convertCOSEtoPKCS_1.convertCOSEtoPKCS; } });
|
|
10
|
+
const convertPublicKeyToPEM_1 = require("./convertPublicKeyToPEM");
|
|
11
|
+
Object.defineProperty(exports, "convertPublicKeyToPEM", { enumerable: true, get: function () { return convertPublicKeyToPEM_1.convertPublicKeyToPEM; } });
|
|
12
|
+
const decodeAttestationObject_1 = require("./decodeAttestationObject");
|
|
13
|
+
Object.defineProperty(exports, "decodeAttestationObject", { enumerable: true, get: function () { return decodeAttestationObject_1.decodeAttestationObject; } });
|
|
17
14
|
const decodeCbor_1 = require("./decodeCbor");
|
|
18
15
|
Object.defineProperty(exports, "decodeCborFirst", { enumerable: true, get: function () { return decodeCbor_1.decodeCborFirst; } });
|
|
19
|
-
const decodeClientDataJSON_1 =
|
|
20
|
-
exports
|
|
21
|
-
const decodeCredentialPublicKey_1 =
|
|
22
|
-
exports
|
|
23
|
-
const generateChallenge_1 =
|
|
24
|
-
exports
|
|
25
|
-
const getCertificateInfo_1 =
|
|
26
|
-
exports
|
|
27
|
-
const isBase64URLString_1 =
|
|
28
|
-
exports
|
|
29
|
-
const isCertRevoked_1 =
|
|
30
|
-
exports
|
|
31
|
-
const parseAuthenticatorData_1 =
|
|
32
|
-
exports
|
|
33
|
-
const toHash_1 =
|
|
34
|
-
exports
|
|
35
|
-
const validateCertificatePath_1 =
|
|
36
|
-
exports
|
|
37
|
-
const verifySignature_1 =
|
|
38
|
-
exports
|
|
16
|
+
const decodeClientDataJSON_1 = require("./decodeClientDataJSON");
|
|
17
|
+
Object.defineProperty(exports, "decodeClientDataJSON", { enumerable: true, get: function () { return decodeClientDataJSON_1.decodeClientDataJSON; } });
|
|
18
|
+
const decodeCredentialPublicKey_1 = require("./decodeCredentialPublicKey");
|
|
19
|
+
Object.defineProperty(exports, "decodeCredentialPublicKey", { enumerable: true, get: function () { return decodeCredentialPublicKey_1.decodeCredentialPublicKey; } });
|
|
20
|
+
const generateChallenge_1 = require("./generateChallenge");
|
|
21
|
+
Object.defineProperty(exports, "generateChallenge", { enumerable: true, get: function () { return generateChallenge_1.generateChallenge; } });
|
|
22
|
+
const getCertificateInfo_1 = require("./getCertificateInfo");
|
|
23
|
+
Object.defineProperty(exports, "getCertificateInfo", { enumerable: true, get: function () { return getCertificateInfo_1.getCertificateInfo; } });
|
|
24
|
+
const isBase64URLString_1 = require("./isBase64URLString");
|
|
25
|
+
Object.defineProperty(exports, "isBase64URLString", { enumerable: true, get: function () { return isBase64URLString_1.isBase64URLString; } });
|
|
26
|
+
const isCertRevoked_1 = require("./isCertRevoked");
|
|
27
|
+
Object.defineProperty(exports, "isCertRevoked", { enumerable: true, get: function () { return isCertRevoked_1.isCertRevoked; } });
|
|
28
|
+
const parseAuthenticatorData_1 = require("./parseAuthenticatorData");
|
|
29
|
+
Object.defineProperty(exports, "parseAuthenticatorData", { enumerable: true, get: function () { return parseAuthenticatorData_1.parseAuthenticatorData; } });
|
|
30
|
+
const toHash_1 = require("./toHash");
|
|
31
|
+
Object.defineProperty(exports, "toHash", { enumerable: true, get: function () { return toHash_1.toHash; } });
|
|
32
|
+
const validateCertificatePath_1 = require("./validateCertificatePath");
|
|
33
|
+
Object.defineProperty(exports, "validateCertificatePath", { enumerable: true, get: function () { return validateCertificatePath_1.validateCertificatePath; } });
|
|
34
|
+
const verifySignature_1 = require("./verifySignature");
|
|
35
|
+
Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return verifySignature_1.verifySignature; } });
|
|
39
36
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/helpers/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/helpers/index.ts"],"names":[],"mappings":";;;AAAA,mEAAgE;AAkB9D,sGAlBO,6CAAqB,OAkBP;AAjBvB,qEAAkE;AAkBhE,uGAlBO,+CAAsB,OAkBP;AAjBxB,2DAAwD;AAkBtD,kGAlBO,qCAAiB,OAkBP;AAjBnB,mEAAgE;AAkB9D,sGAlBO,6CAAqB,OAkBP;AAjBvB,uEAAoE;AAkBlE,wGAlBO,iDAAuB,OAkBP;AAjBzB,6CAA+C;AAkB7C,gGAlBO,4BAAe,OAkBP;AAjBjB,iEAA8D;AAkB5D,qGAlBO,2CAAoB,OAkBP;AAjBtB,2EAAwE;AAkBtE,0GAlBO,qDAAyB,OAkBP;AAjB3B,2DAAwD;AAkBtD,kGAlBO,qCAAiB,OAkBP;AAjBnB,6DAA0D;AAkBxD,mGAlBO,uCAAkB,OAkBP;AAjBpB,2DAAwD;AAkBtD,kGAlBO,qCAAiB,OAkBP;AAjBnB,mDAAgD;AAkB9C,8FAlBO,6BAAa,OAkBP;AAjBf,qEAAkE;AAkBhE,uGAlBO,+CAAsB,OAkBP;AAjBxB,qCAAkC;AAkBhC,uFAlBO,eAAM,OAkBP;AAjBR,uEAAoE;AAkBlE,wGAlBO,iDAAuB,OAkBP;AAjBzB,uDAAoD;AAkBlD,gGAlBO,iCAAe,OAkBP"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isBase64URLString = void 0;
|
|
3
4
|
// Base64URL, with optional padding
|
|
4
5
|
const base64urlRegEx = /^([0-9a-zA-Z-_]{4})*(([0-9a-zA-Z-_]{2}(==)?)|([0-9a-zA-Z-_]{3}=?))?$/;
|
|
5
6
|
/**
|
|
@@ -11,5 +12,5 @@ function isBase64URLString(value) {
|
|
|
11
12
|
}
|
|
12
13
|
return base64urlRegEx.test(value);
|
|
13
14
|
}
|
|
14
|
-
exports.
|
|
15
|
+
exports.isBase64URLString = isBase64URLString;
|
|
15
16
|
//# sourceMappingURL=isBase64URLString.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isBase64URLString.js","sourceRoot":"","sources":["../../src/helpers/isBase64URLString.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isBase64URLString.js","sourceRoot":"","sources":["../../src/helpers/isBase64URLString.ts"],"names":[],"mappings":";;;AAAA,mCAAmC;AACnC,MAAM,cAAc,GAAG,sEAAsE,CAAC;AAE9F;;GAEG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,KAAK,CAAC;KACd;IAED,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAND,8CAMC"}
|
|
@@ -5,4 +5,4 @@ import { X509 } from 'jsrsasign';
|
|
|
5
5
|
*
|
|
6
6
|
* CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
|
|
7
7
|
*/
|
|
8
|
-
export
|
|
8
|
+
export declare function isCertRevoked(cert: X509): Promise<boolean>;
|
|
@@ -3,11 +3,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.isCertRevoked = void 0;
|
|
6
7
|
const jsrsasign_1 = require("jsrsasign");
|
|
7
8
|
const node_fetch_1 = __importDefault(require("node-fetch"));
|
|
8
9
|
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
9
10
|
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
10
|
-
const convertCertBufferToPEM_1 =
|
|
11
|
+
const convertCertBufferToPEM_1 = require("./convertCertBufferToPEM");
|
|
11
12
|
const cacheRevokedCerts = {};
|
|
12
13
|
/**
|
|
13
14
|
* A method to pull a CRL from a certificate and compare its serial number to the list of revoked
|
|
@@ -52,7 +53,7 @@ async function isCertRevoked(cert) {
|
|
|
52
53
|
try {
|
|
53
54
|
const respCRL = await (0, node_fetch_1.default)(crlURL[0]);
|
|
54
55
|
const dataCRL = await respCRL.buffer();
|
|
55
|
-
const dataPEM = (0, convertCertBufferToPEM_1.
|
|
56
|
+
const dataPEM = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(dataCRL);
|
|
56
57
|
crlCert.readCertPEM(dataPEM);
|
|
57
58
|
}
|
|
58
59
|
catch (err) {
|
|
@@ -82,5 +83,5 @@ async function isCertRevoked(cert) {
|
|
|
82
83
|
}
|
|
83
84
|
return false;
|
|
84
85
|
}
|
|
85
|
-
exports.
|
|
86
|
+
exports.isCertRevoked = isCertRevoked;
|
|
86
87
|
//# sourceMappingURL=isCertRevoked.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isCertRevoked.js","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":";;;;;;AAAA,yCAAiC;AACjC,4DAA+B;AAC/B,uDAAkD;AAClD,mDAAsD;AAEtD,qEAAkE;AAWlE,MAAM,iBAAiB,GAAsD,EAAE,CAAC;AAEhF;;;;;GAKG;AACI,KAAK,UAAU,aAAa,CAAC,IAAU;IAC5C,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAEhD,0DAA0D;IAC1D,IAAI,aAAa,GAAoC,IAAI,CAAC;IAC1D,IAAI;QACF,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAqC,CAAC;KACxF;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,IAAI,aAAa,EAAE;QACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,yDAAyD;YACzD,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE;gBACjD,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;aACxD;SACF;KACF;IAED,IAAI,MAAM,GAAG,SAAS,CAAC;IACvB,IAAI;QACF,MAAM,GAAG,IAAI,CAAC,8BAA8B,EAAE,CAAC;KAChD;IAAC,OAAO,GAAG,EAAE;QACZ,4CAA4C;QAC5C,OAAO,KAAK,CAAC;KACd;IAED,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAC;KACd;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,gBAAI,EAAE,CAAC;IAC3B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAK,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KAC9B;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,2BAAe,CAAC,CAAC;IAE/E,MAAM,SAAS,GAAoB;QACjC,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,aAAa;IACb,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE;QAC/B,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;KAC9D;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAE1D,IAAI,YAAY,EAAE;QAChB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrE,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACzC;QAED,oBAAoB;QACpB,IAAI,aAAa,EAAE;YACjB,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;SACtD;QAED,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;KAC3D;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AA5ED,sCA4EC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
+
import { AuthenticationExtensionsAuthenticatorOutputs } from './decodeAuthenticatorExtensions';
|
|
2
3
|
/**
|
|
3
4
|
* Make sense of the authData buffer contained in an Attestation
|
|
4
5
|
*/
|
|
5
|
-
export
|
|
6
|
+
export declare function parseAuthenticatorData(authData: Buffer): ParsedAuthenticatorData;
|
|
6
7
|
export declare type ParsedAuthenticatorData = {
|
|
7
8
|
rpIdHash: Buffer;
|
|
8
9
|
flagsBuf: Buffer;
|
|
@@ -20,5 +21,6 @@ export declare type ParsedAuthenticatorData = {
|
|
|
20
21
|
aaguid?: Buffer;
|
|
21
22
|
credentialID?: Buffer;
|
|
22
23
|
credentialPublicKey?: Buffer;
|
|
24
|
+
extensionsData?: AuthenticationExtensionsAuthenticatorOutputs;
|
|
23
25
|
extensionsDataBuffer?: Buffer;
|
|
24
26
|
};
|
|
@@ -3,8 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.parseAuthenticatorData = void 0;
|
|
6
7
|
const cbor_1 = __importDefault(require("cbor"));
|
|
7
8
|
const decodeCbor_1 = require("./decodeCbor");
|
|
9
|
+
const decodeAuthenticatorExtensions_1 = require("./decodeAuthenticatorExtensions");
|
|
8
10
|
/**
|
|
9
11
|
* Make sense of the authData buffer contained in an Attestation
|
|
10
12
|
*/
|
|
@@ -19,12 +21,12 @@ function parseAuthenticatorData(authData) {
|
|
|
19
21
|
// Bit positions can be referenced here:
|
|
20
22
|
// https://www.w3.org/TR/webauthn-2/#flags
|
|
21
23
|
const flags = {
|
|
22
|
-
up: !!(flagsInt & 1 << 0),
|
|
23
|
-
uv: !!(flagsInt & 1 << 2),
|
|
24
|
-
be: !!(flagsInt & 1 << 3),
|
|
25
|
-
bs: !!(flagsInt & 1 << 4),
|
|
26
|
-
at: !!(flagsInt & 1 << 6),
|
|
27
|
-
ed: !!(flagsInt & 1 << 7),
|
|
24
|
+
up: !!(flagsInt & (1 << 0)),
|
|
25
|
+
uv: !!(flagsInt & (1 << 2)),
|
|
26
|
+
be: !!(flagsInt & (1 << 3)),
|
|
27
|
+
bs: !!(flagsInt & (1 << 4)),
|
|
28
|
+
at: !!(flagsInt & (1 << 6)),
|
|
29
|
+
ed: !!(flagsInt & (1 << 7)),
|
|
28
30
|
flagsInt,
|
|
29
31
|
};
|
|
30
32
|
const counterBuf = authData.slice(pointer, (pointer += 4));
|
|
@@ -43,11 +45,13 @@ function parseAuthenticatorData(authData) {
|
|
|
43
45
|
credentialPublicKey = firstEncoded;
|
|
44
46
|
pointer += firstEncoded.byteLength;
|
|
45
47
|
}
|
|
48
|
+
let extensionsData = undefined;
|
|
46
49
|
let extensionsDataBuffer = undefined;
|
|
47
50
|
if (flags.ed) {
|
|
48
51
|
const firstDecoded = (0, decodeCbor_1.decodeCborFirst)(authData.slice(pointer));
|
|
49
52
|
const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded));
|
|
50
53
|
extensionsDataBuffer = firstEncoded;
|
|
54
|
+
extensionsData = (0, decodeAuthenticatorExtensions_1.decodeAuthenticatorExtensions)(extensionsDataBuffer);
|
|
51
55
|
pointer += firstEncoded.byteLength;
|
|
52
56
|
}
|
|
53
57
|
// Pointer should be at the end of the authenticator data, otherwise too much data was sent
|
|
@@ -63,8 +67,9 @@ function parseAuthenticatorData(authData) {
|
|
|
63
67
|
aaguid,
|
|
64
68
|
credentialID,
|
|
65
69
|
credentialPublicKey,
|
|
70
|
+
extensionsData,
|
|
66
71
|
extensionsDataBuffer,
|
|
67
72
|
};
|
|
68
73
|
}
|
|
69
|
-
exports.
|
|
74
|
+
exports.parseAuthenticatorData = parseAuthenticatorData;
|
|
70
75
|
//# sourceMappingURL=parseAuthenticatorData.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parseAuthenticatorData.js","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,6CAA+C;AAC/C,mFAGyC;AAEzC;;GAEG;AACH,SAAgB,sBAAsB,CAAC,QAAgB;IACrD,IAAI,QAAQ,CAAC,UAAU,GAAG,EAAE,EAAE;QAC5B,MAAM,IAAI,KAAK,CACb,0BAA0B,QAAQ,CAAC,UAAU,oCAAoC,CAClF,CAAC;KACH;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE7B,wCAAwC;IACxC,0CAA0C;IAC1C,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3B,QAAQ;KACT,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAE3C,IAAI,MAAM,GAAuB,SAAS,CAAC;IAC3C,IAAI,YAAY,GAAuB,SAAS,CAAC;IACjD,IAAI,mBAAmB,GAAuB,SAAS,CAAC;IAExD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAElD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE/C,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,mBAAmB,GAAG,YAAY,CAAC;QACnC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,IAAI,cAAc,GAA6D,SAAS,CAAC;IACzF,IAAI,oBAAoB,GAAuB,SAAS,CAAC;IAEzD,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,MAAM,YAAY,GAAG,IAAA,4BAAe,EAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,YAAY,CAAgB,CAAC,CAAC;QAC3E,oBAAoB,GAAG,YAAY,CAAC;QACpC,cAAc,GAAG,IAAA,6DAA6B,EAAC,oBAAoB,CAAC,CAAC;QACrE,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC;KACpC;IAED,2FAA2F;IAC3F,IAAI,QAAQ,CAAC,UAAU,GAAG,OAAO,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,KAAK;QACL,OAAO;QACP,UAAU;QACV,MAAM;QACN,YAAY;QACZ,mBAAmB;QACnB,cAAc;QACd,oBAAoB;KACrB,CAAC;AACJ,CAAC;AA5ED,wDA4EC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseBackupFlags.js","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAgC;IAIvE,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,IAAI,oBAAoB,GAAyB,cAAc,CAAC;IAEhE,IAAI,EAAE,EAAE;QACN,oBAAoB,GAAG,aAAa,CAAC;KACtC;IAED,IAAI,oBAAoB,KAAK,cAAc,IAAI,kBAAkB,EAAE;QACjE,MAAM,IAAI,kBAAkB,CAC1B,uFAAuF,CACxF,
|
|
1
|
+
{"version":3,"file":"parseBackupFlags.js","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAgC;IAIvE,MAAM,kBAAkB,GAAG,EAAE,CAAC;IAC9B,IAAI,oBAAoB,GAAyB,cAAc,CAAC;IAEhE,IAAI,EAAE,EAAE;QACN,oBAAoB,GAAG,aAAa,CAAC;KACtC;IAED,IAAI,oBAAoB,KAAK,cAAc,IAAI,kBAAkB,EAAE;QACjE,MAAM,IAAI,kBAAkB,CAC1B,uFAAuF,CACxF,CAAC;KACH;IAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;AACtD,CAAC;AAlBD,4CAkBC;AAED,MAAM,kBAAmB,SAAQ,KAAK;IACpC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF"}
|
package/dist/helpers/toHash.d.ts
CHANGED
package/dist/helpers/toHash.js
CHANGED
|
@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.toHash = void 0;
|
|
6
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
7
8
|
/**
|
|
8
9
|
* Returns hash digest of the given data using the given algorithm.
|
|
@@ -12,5 +13,5 @@ const crypto_1 = __importDefault(require("crypto"));
|
|
|
12
13
|
function toHash(data, algo = 'SHA256') {
|
|
13
14
|
return crypto_1.default.createHash(algo).update(data).digest();
|
|
14
15
|
}
|
|
15
|
-
exports.
|
|
16
|
+
exports.toHash = toHash;
|
|
16
17
|
//# sourceMappingURL=toHash.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"toHash.js","sourceRoot":"","sources":["../../src/helpers/toHash.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"toHash.js","sourceRoot":"","sources":["../../src/helpers/toHash.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B;;;;GAIG;AACH,SAAgB,MAAM,CAAC,IAAqB,EAAE,IAAI,GAAG,QAAQ;IAC3D,OAAO,gBAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;AACvD,CAAC;AAFD,wBAEC"}
|
|
@@ -3,4 +3,4 @@
|
|
|
3
3
|
* @param certificates Typically the result of `x5c.map(convertASN1toPEM)`
|
|
4
4
|
* @param rootCertificates Possible root certificates to complete the path
|
|
5
5
|
*/
|
|
6
|
-
export
|
|
6
|
+
export declare function validateCertificatePath(certificates: string[], rootCertificates?: string[]): Promise<boolean>;
|
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.validateCertificatePath = void 0;
|
|
6
4
|
/* eslint-disable @typescript-eslint/ban-ts-comment */
|
|
7
5
|
// `ASN1HEX` exists in the lib but not in its typings
|
|
8
6
|
// @ts-ignore 2305
|
|
9
7
|
const jsrsasign_1 = require("jsrsasign");
|
|
10
|
-
const isCertRevoked_1 =
|
|
8
|
+
const isCertRevoked_1 = require("./isCertRevoked");
|
|
11
9
|
const { crypto } = jsrsasign_1.KJUR;
|
|
12
10
|
/**
|
|
13
11
|
* Traverse an array of PEM certificates and ensure they form a proper chain
|
|
@@ -53,7 +51,7 @@ async function validateCertificatePath(certificates, rootCertificates = []) {
|
|
|
53
51
|
}
|
|
54
52
|
return true;
|
|
55
53
|
}
|
|
56
|
-
exports.
|
|
54
|
+
exports.validateCertificatePath = validateCertificatePath;
|
|
57
55
|
async function _validatePath(certificates) {
|
|
58
56
|
if (new Set(certificates).size !== certificates.length) {
|
|
59
57
|
throw new Error('Invalid certificate path: found duplicate certificates');
|
|
@@ -75,7 +73,7 @@ async function _validatePath(certificates) {
|
|
|
75
73
|
const issuerCert = new jsrsasign_1.X509();
|
|
76
74
|
issuerCert.readCertPEM(issuerPem);
|
|
77
75
|
// Check for certificate revocation
|
|
78
|
-
const subjectCertRevoked = await (0, isCertRevoked_1.
|
|
76
|
+
const subjectCertRevoked = await (0, isCertRevoked_1.isCertRevoked)(subjectCert);
|
|
79
77
|
if (subjectCertRevoked) {
|
|
80
78
|
throw new Error(`Found revoked certificate in certificate path`);
|
|
81
79
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,mDAAgD;AAEhD,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACI,KAAK,UAAU,uBAAuB,CAC3C,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,IAAI,2CAA2C,GAAG,SAAS,CAAC;IAC5D,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,2FAA2F;YAC3F,uDAAuD;YACvD,4BAA4B,GAAG,KAAK,CAAC;YACrC,2CAA2C,GAAG,SAAS,CAAC;YACxD,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM,IAAI,GAAG,YAAY,+BAA+B,EAAE;gBACzD,2CAA2C,GAAG,GAAG,CAAC,OAAO,CAAC;aAC3D;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;SAAM,IAAI,2CAA2C,EAAE;QACtD,MAAM,IAAI,+BAA+B,CAAC,2CAA2C,CAAC,CAAC;KACxF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAxCD,0DAwCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC;QAEhD,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,EAAE;YACd,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,IAAA,6BAAa,EAAC,WAAW,CAAC,CAAC;QAE5D,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,sEAAsE;QACtE,MAAM,SAAS,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAA,sBAAU,EAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,GAAG,GAAG,IAAI,QAAQ,GAAG,GAAG,EAAE;YACrC,IAAI,UAAU,EAAE;gBACd,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM,IAAI,UAAU,EAAE;gBACrB,MAAM,IAAI,+BAA+B,CACvC,iDAAiD,SAAS,EAAE,CAC7D,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,+BAA+B,CACvC,yDAAyD,SAAS,EAAE,CACrE,CAAC;aACH;SACF;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,EAAE;YACnE,MAAM,IAAI,uBAAuB,EAAE,CAAC;SACrC;QAED,MAAM,iBAAiB,GAAG,mBAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,0BAA0B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,SAAS,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAEvC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+CAA+C;AAC/C,MAAM,uBAAwB,SAAQ,KAAK;IACzC;QACE,MAAM,OAAO,GAAG,6CAA6C,CAAC;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,+BAAgC,SAAQ,KAAK;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -7,4 +7,4 @@
|
|
|
7
7
|
* @param publicKey Authenticator's public key as a PEM certificate
|
|
8
8
|
* @param algo Which algorithm to use to verify the signature (default: `'sha256'`)
|
|
9
9
|
*/
|
|
10
|
-
export
|
|
10
|
+
export declare function verifySignature(signature: Buffer, signatureBase: Buffer, publicKey: string, algo?: string): boolean;
|
|
@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.verifySignature = void 0;
|
|
6
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
7
8
|
/**
|
|
8
9
|
* Verify an authenticator's signature
|
|
@@ -15,5 +16,5 @@ const crypto_1 = __importDefault(require("crypto"));
|
|
|
15
16
|
function verifySignature(signature, signatureBase, publicKey, algo = 'sha256') {
|
|
16
17
|
return crypto_1.default.createVerify(algo).update(signatureBase).verify(publicKey, signature);
|
|
17
18
|
}
|
|
18
|
-
exports.
|
|
19
|
+
exports.verifySignature = verifySignature;
|
|
19
20
|
//# sourceMappingURL=verifySignature.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifySignature.js","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifySignature.js","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B;;;;;;;GAOG;AACH,SAAgB,eAAe,CAC7B,SAAiB,EACjB,aAAqB,EACrB,SAAiB,EACjB,IAAI,GAAG,QAAQ;IAEf,OAAO,gBAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;AACtF,CAAC;AAPD,0CAOC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
* @packageDocumentation
|
|
3
3
|
* @module @simplewebauthn/server
|
|
4
4
|
*/
|
|
5
|
-
import generateRegistrationOptions from './registration/generateRegistrationOptions';
|
|
6
|
-
import verifyRegistrationResponse from './registration/verifyRegistrationResponse';
|
|
7
|
-
import generateAuthenticationOptions from './authentication/generateAuthenticationOptions';
|
|
8
|
-
import verifyAuthenticationResponse from './authentication/verifyAuthenticationResponse';
|
|
9
|
-
import MetadataService from './services/metadataService';
|
|
10
|
-
import SettingsService from './services/settingsService';
|
|
5
|
+
import { generateRegistrationOptions } from './registration/generateRegistrationOptions';
|
|
6
|
+
import { verifyRegistrationResponse } from './registration/verifyRegistrationResponse';
|
|
7
|
+
import { generateAuthenticationOptions } from './authentication/generateAuthenticationOptions';
|
|
8
|
+
import { verifyAuthenticationResponse } from './authentication/verifyAuthenticationResponse';
|
|
9
|
+
import { MetadataService } from './services/metadataService';
|
|
10
|
+
import { SettingsService } from './services/settingsService';
|
|
11
11
|
export { generateRegistrationOptions, verifyRegistrationResponse, generateAuthenticationOptions as generateAuthenticationOptions, verifyAuthenticationResponse, MetadataService, SettingsService, };
|
|
12
12
|
import type { GenerateRegistrationOptionsOpts } from './registration/generateRegistrationOptions';
|
|
13
13
|
import type { GenerateAuthenticationOptionsOpts } from './authentication/generateAuthenticationOptions';
|
package/dist/index.js
CHANGED
|
@@ -1,23 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.SettingsService = exports.MetadataService = exports.verifyAuthenticationResponse = exports.generateAuthenticationOptions = exports.verifyRegistrationResponse = exports.generateRegistrationOptions = void 0;
|
|
7
4
|
/**
|
|
8
5
|
* @packageDocumentation
|
|
9
6
|
* @module @simplewebauthn/server
|
|
10
7
|
*/
|
|
11
|
-
const generateRegistrationOptions_1 =
|
|
12
|
-
exports
|
|
13
|
-
const verifyRegistrationResponse_1 =
|
|
14
|
-
exports
|
|
15
|
-
const generateAuthenticationOptions_1 =
|
|
16
|
-
exports
|
|
17
|
-
const verifyAuthenticationResponse_1 =
|
|
18
|
-
exports
|
|
19
|
-
const metadataService_1 =
|
|
20
|
-
exports
|
|
21
|
-
const settingsService_1 =
|
|
22
|
-
exports
|
|
8
|
+
const generateRegistrationOptions_1 = require("./registration/generateRegistrationOptions");
|
|
9
|
+
Object.defineProperty(exports, "generateRegistrationOptions", { enumerable: true, get: function () { return generateRegistrationOptions_1.generateRegistrationOptions; } });
|
|
10
|
+
const verifyRegistrationResponse_1 = require("./registration/verifyRegistrationResponse");
|
|
11
|
+
Object.defineProperty(exports, "verifyRegistrationResponse", { enumerable: true, get: function () { return verifyRegistrationResponse_1.verifyRegistrationResponse; } });
|
|
12
|
+
const generateAuthenticationOptions_1 = require("./authentication/generateAuthenticationOptions");
|
|
13
|
+
Object.defineProperty(exports, "generateAuthenticationOptions", { enumerable: true, get: function () { return generateAuthenticationOptions_1.generateAuthenticationOptions; } });
|
|
14
|
+
const verifyAuthenticationResponse_1 = require("./authentication/verifyAuthenticationResponse");
|
|
15
|
+
Object.defineProperty(exports, "verifyAuthenticationResponse", { enumerable: true, get: function () { return verifyAuthenticationResponse_1.verifyAuthenticationResponse; } });
|
|
16
|
+
const metadataService_1 = require("./services/metadataService");
|
|
17
|
+
Object.defineProperty(exports, "MetadataService", { enumerable: true, get: function () { return metadataService_1.MetadataService; } });
|
|
18
|
+
const settingsService_1 = require("./services/settingsService");
|
|
19
|
+
Object.defineProperty(exports, "SettingsService", { enumerable: true, get: function () { return settingsService_1.SettingsService; } });
|
|
23
20
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,4FAAyF;AAQvF,4GARO,yDAA2B,OAQP;AAP7B,0FAAuF;AAQrF,2GARO,uDAA0B,OAQP;AAP5B,kGAA+F;AAQ5D,8GAR1B,6DAA6B,OAQ0B;AAPhE,gGAA6F;AAQ3F,6GARO,2DAA4B,OAQP;AAP9B,gEAA6D;AAQ3D,gGARO,iCAAe,OAQP;AAPjB,gEAA6D;AAQ3D,gGARO,iCAAe,OAQP"}
|
|
@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.parseJWT = void 0;
|
|
6
7
|
const base64url_1 = __importDefault(require("base64url"));
|
|
7
8
|
/**
|
|
8
9
|
* Process a JWT into Javascript-friendly data structures
|
|
@@ -15,5 +16,5 @@ function parseJWT(jwt) {
|
|
|
15
16
|
parts[2],
|
|
16
17
|
];
|
|
17
18
|
}
|
|
18
|
-
exports.
|
|
19
|
+
exports.parseJWT = parseJWT;
|
|
19
20
|
//# sourceMappingURL=parseJWT.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseJWT.js","sourceRoot":"","sources":["../../src/metadata/parseJWT.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parseJWT.js","sourceRoot":"","sources":["../../src/metadata/parseJWT.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAElC;;GAEG;AACH,SAAgB,QAAQ,CAAS,GAAW;IAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO;QACL,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAO;QAC5C,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAO;QAC5C,KAAK,CAAC,CAAC,CAAC;KACT,CAAC;AACJ,CAAC;AAPD,4BAOC"}
|
|
@@ -5,4 +5,4 @@ import { MetadataStatement } from '../metadata/mdsTypes';
|
|
|
5
5
|
* Match properties of the authenticator's attestation statement against expected values as
|
|
6
6
|
* registered with the FIDO Alliance Metadata Service
|
|
7
7
|
*/
|
|
8
|
-
export
|
|
8
|
+
export declare function verifyAttestationWithMetadata(statement: MetadataStatement, credentialPublicKey: Buffer, x5c: Buffer[] | Base64URLString[]): Promise<boolean>;
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
|
|
7
|
-
const
|
|
8
|
-
const
|
|
3
|
+
exports.verifyAttestationWithMetadata = void 0;
|
|
4
|
+
const convertCertBufferToPEM_1 = require("../helpers/convertCertBufferToPEM");
|
|
5
|
+
const validateCertificatePath_1 = require("../helpers/validateCertificatePath");
|
|
6
|
+
const decodeCredentialPublicKey_1 = require("../helpers/decodeCredentialPublicKey");
|
|
9
7
|
const convertCOSEtoPKCS_1 = require("../helpers/convertCOSEtoPKCS");
|
|
10
8
|
/**
|
|
11
9
|
* Match properties of the authenticator's attestation statement against expected values as
|
|
@@ -22,7 +20,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
22
20
|
}
|
|
23
21
|
});
|
|
24
22
|
// Extract the public key's COSE info for comparison
|
|
25
|
-
const decodedPublicKey = (0, decodeCredentialPublicKey_1.
|
|
23
|
+
const decodedPublicKey = (0, decodeCredentialPublicKey_1.decodeCredentialPublicKey)(credentialPublicKey);
|
|
26
24
|
// Assume everything is a number because these values should be
|
|
27
25
|
const publicKeyCOSEInfo = {
|
|
28
26
|
kty: decodedPublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty),
|
|
@@ -41,8 +39,8 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
41
39
|
// Make sure algorithm and key type match
|
|
42
40
|
if (keypairAlg.alg === publicKeyCOSEInfo.alg && keypairAlg.kty === publicKeyCOSEInfo.kty) {
|
|
43
41
|
// If not an RSA keypair then make sure curve numbers match too
|
|
44
|
-
if ((keypairAlg.kty === convertCOSEtoPKCS_1.COSEKTY.EC2 || keypairAlg.kty === convertCOSEtoPKCS_1.COSEKTY.OKP)
|
|
45
|
-
|
|
42
|
+
if ((keypairAlg.kty === convertCOSEtoPKCS_1.COSEKTY.EC2 || keypairAlg.kty === convertCOSEtoPKCS_1.COSEKTY.OKP) &&
|
|
43
|
+
keypairAlg.crv === publicKeyCOSEInfo.crv) {
|
|
46
44
|
foundMatch = true;
|
|
47
45
|
}
|
|
48
46
|
else {
|
|
@@ -60,7 +58,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
60
58
|
throw new Error(`Public key algorithm ${publicKeyCOSEInfo} did not match any metadata algorithms [${debugAlgs}]`);
|
|
61
59
|
}
|
|
62
60
|
try {
|
|
63
|
-
await (0, validateCertificatePath_1.
|
|
61
|
+
await (0, validateCertificatePath_1.validateCertificatePath)(x5c.map(convertCertBufferToPEM_1.convertCertBufferToPEM), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.convertCertBufferToPEM));
|
|
64
62
|
}
|
|
65
63
|
catch (err) {
|
|
66
64
|
const _err = err;
|
|
@@ -68,7 +66,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
68
66
|
}
|
|
69
67
|
return true;
|
|
70
68
|
}
|
|
71
|
-
exports.
|
|
69
|
+
exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
|
|
72
70
|
/**
|
|
73
71
|
* Convert ALG_SIGN values to COSE info
|
|
74
72
|
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;AAGA,8EAA2E;AAC3E,gFAA6E;AAC7E,oFAAiF;AACjF,oEAAiE;AAEjE;;;GAGG;AACI,KAAK,UAAU,6BAA6B,CACjD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;gBAClE,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EACxC;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CACb,wBAAwB,iBAAiB,2CAA2C,SAAS,GAAG,CACjG,CAAC;KACH;IAED,IAAI;QACF,MAAM,IAAA,iDAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,+CAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAC3F,CAAC;KACH;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AA1ED,sEA0EC;AAQD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,8FAA8F;QAC9F,sBAAsB;QACtB,eAAe;QACf,oCAAoC;QACpC,oCAAoC;QACpC,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
|
|
@@ -41,4 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
|
|
|
41
41
|
* @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
|
|
42
42
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
43
43
|
*/
|
|
44
|
-
export
|
|
44
|
+
export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): PublicKeyCredentialCreationOptionsJSON;
|
|
@@ -3,9 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.supportedCOSEAlgorithmIdentifiers = void 0;
|
|
6
|
+
exports.generateRegistrationOptions = exports.supportedCOSEAlgorithmIdentifiers = void 0;
|
|
7
7
|
const base64url_1 = __importDefault(require("base64url"));
|
|
8
|
-
const generateChallenge_1 =
|
|
8
|
+
const generateChallenge_1 = require("../helpers/generateChallenge");
|
|
9
9
|
/**
|
|
10
10
|
* Supported crypto algo identifiers
|
|
11
11
|
* See https://w3c.github.io/webauthn/#sctn-alg-identifier
|
|
@@ -71,7 +71,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
73
|
function generateRegistrationOptions(options) {
|
|
74
|
-
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.
|
|
74
|
+
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.generateChallenge)(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
77
77
|
*/
|
|
@@ -113,5 +113,5 @@ function generateRegistrationOptions(options) {
|
|
|
113
113
|
extensions,
|
|
114
114
|
};
|
|
115
115
|
}
|
|
116
|
-
exports.
|
|
116
|
+
exports.generateRegistrationOptions = generateRegistrationOptions;
|
|
117
117
|
//# sourceMappingURL=generateRegistrationOptions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,oEAAiE;AAiBjE;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,2BAA2B,CACzC,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,kEA2DC"}
|