@simplewebauthn/server 7.0.1 → 7.3.0

package/dist/helpers/convertPEMToBytes.js

@@ -9,7 +9,7 @@ function convertPEMToBytes(pem) {
     const certBase64 = pem
         .replace('-----BEGIN CERTIFICATE-----', '')
         .replace('-----END CERTIFICATE-----', '')
-        .replace(/\n/g, '');
+        .replace(/[\n ]/g, '');
     return iso_1.isoBase64URL.toBuffer(certBase64, 'base64');
 }
 exports.convertPEMToBytes = convertPEMToBytes;

package/dist/helpers/convertPEMToBytes.js.map

@@ -1 +1 @@
-{"version":3,"file":"convertPEMToBytes.js","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,UAAU,GAAG,GAAG;SACnB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,OAAO,kBAAY,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,CAAC;AAPD,8CAOC"}
+{"version":3,"file":"convertPEMToBytes.js","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,UAAU,GAAG,GAAG;SACnB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEzB,OAAO,kBAAY,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,CAAC;AAPD,8CAOC"}

package/dist/metadata/verifyJWT.d.ts

@@ -1,8 +1,7 @@
 /**
- * Lightweight verification for FIDO MDS JWTs.
+ * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
  *
- * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
- * needs to support more JWS algorithms, here's the list of them:
+ * If this ever needs to support more JWS algorithms, here's the list of them:
  *
  * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1
  *

package/dist/metadata/verifyJWT.js

@@ -5,11 +5,11 @@ const convertX509PublicKeyToCOSE_1 = require("../helpers/convertX509PublicKeyToC
 const iso_1 = require("../helpers/iso");
 const cose_1 = require("../helpers/cose");
 const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2");
+const verifyRSA_1 = require("../helpers/iso/isoCrypto/verifyRSA");
 /**
- * Lightweight verification for FIDO MDS JWTs.
+ * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
  *
- * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
- * needs to support more JWS algorithms, here's the list of them:
+ * If this ever needs to support more JWS algorithms, here's the list of them:
  *
  * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1
  *
@@ -18,14 +18,23 @@ const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2");
 async function verifyJWT(jwt, leafCert) {
     const [header, payload, signature] = jwt.split('.');
     const certCOSE = (0, convertX509PublicKeyToCOSE_1.convertX509PublicKeyToCOSE)(leafCert);
+    const data = iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`);
+    const signatureBytes = iso_1.isoBase64URL.toBuffer(signature);
     if ((0, cose_1.isCOSEPublicKeyEC2)(certCOSE)) {
         return (0, verifyEC2_1.verifyEC2)({
-            data: iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`),
-            signature: iso_1.isoBase64URL.toBuffer(signature),
+            data,
+            signature: signatureBytes,
             cosePublicKey: certCOSE,
             shaHashOverride: cose_1.COSEALG.ES256,
         });
     }
+    else if ((0, cose_1.isCOSEPublicKeyRSA)(certCOSE)) {
+        return (0, verifyRSA_1.verifyRSA)({
+            data,
+            signature: signatureBytes,
+            cosePublicKey: certCOSE,
+        });
+    }
     const kty = certCOSE.get(cose_1.COSEKEYS.kty);
     throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`);
 }

package/dist/metadata/verifyJWT.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyJWT.js","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":";;;AAAA,sFAAmF;AACnF,wCAA6D;AAC7D,0CAAwE;AACxE,kEAA+D;AAE/D;;;;;;;;;GASG;AACI,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,QAAoB;IAC/D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEpD,MAAM,QAAQ,GAAG,IAAA,uDAA0B,EAAC,QAAQ,CAAC,CAAC;IAEtD,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QAChC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI,EAAE,mBAAa,CAAC,cAAc,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;YAC1D,SAAS,EAAE,kBAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC3C,aAAa,EAAE,QAAQ;YACvB,eAAe,EAAE,cAAO,CAAC,KAAK;SAC/B,CAAC,CAAC;KACJ;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,KAAK,CACb,2CAA2C,GAAG,kCAAkC,CACjF,CAAC;AACJ,CAAC;AAlBD,8BAkBC"}
+{"version":3,"file":"verifyJWT.js","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":";;;AAAA,sFAAmF;AACnF,wCAA6D;AAC7D,0CAA4F;AAC5F,kEAA+D;AAC/D,kEAA+D;AAE/D;;;;;;;;GAQG;AACI,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,QAAoB;IAC/D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEpD,MAAM,QAAQ,GAAG,IAAA,uDAA0B,EAAC,QAAQ,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,mBAAa,CAAC,cAAc,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,kBAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAExD,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QAChC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI;YACJ,SAAS,EAAE,cAAc;YACzB,aAAa,EAAE,QAAQ;YACvB,eAAe,EAAE,cAAO,CAAC,KAAK;SAC/B,CAAC,CAAC;KACJ;SAAM,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QACvC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI;YACJ,SAAS,EAAE,cAAc;YACzB,aAAa,EAAE,QAAQ;SACxB,CAAC,CAAA;KACH;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,KAAK,CACb,2CAA2C,GAAG,kCAAkC,CACjF,CAAC;AACJ,CAAC;AA1BD,8BA0BC"}

package/dist/registration/generateRegistrationOptions.js

@@ -42,10 +42,12 @@ const defaultAuthenticatorSelection = {
     userVerification: 'preferred',
 };
 /**
- * Filter out known bad/deprecated/etc... algorithm ID's so they're not used for new attestations.
- * See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ * Use the most commonly-supported algorithms
+ * See the following:
+ *   - https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ *   - https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams
  */
-const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.filter(id => id !== -65535);
+const defaultSupportedAlgorithmIDs = [-8, -7, -257];
 /**
  * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration"
  *

package/dist/registration/generateRegistrationOptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;AAUA,oEAAiE;AACjE,wCAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,+EAA+E;IAC/E,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,WAAW,EAAE,WAAW;IACxB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,2BAA2B,CACzC,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;OAGG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,SAAS,EAAE;QACpD;;;;;WAKG;QACH,IAAI,sBAAsB,CAAC,kBAAkB,EAAE;YAC7C,sBAAsB,CAAC,WAAW,GAAG,UAAU,CAAC;SACjD;aAAM;YACL;;;eAGG;YACH,sDAAsD;SACvD;KACF;SAAM;QACL;;;;;;;WAOG;QACH,sBAAsB,CAAC,kBAAkB,GAAG,sBAAsB,CAAC,WAAW,KAAK,UAAU,CAAC;KAC/F;IAED;;OAEG;IACH,IAAI,UAAU,GAAG,SAAS,CAAC;IAC3B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,UAAU,GAAG,mBAAa,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;KACxD;IAED,OAAO;QACL,SAAS,EAAE,kBAAY,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,kBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAgB,CAAC;SACnD,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU,EAAE;YACV,GAAG,UAAU;YACb,SAAS,EAAE,IAAI;SAChB;KACF,CAAC;AACJ,CAAC;AA1FD,kEA0FC"}
+{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;AAUA,oEAAiE;AACjE,wCAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,+EAA+E;IAC/E,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,WAAW,EAAE,WAAW;IACxB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;;;GAKG;AACH,MAAM,4BAA4B,GAA8B,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;AAE/E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,2BAA2B,CACzC,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;OAGG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,SAAS,EAAE;QACpD;;;;;WAKG;QACH,IAAI,sBAAsB,CAAC,kBAAkB,EAAE;YAC7C,sBAAsB,CAAC,WAAW,GAAG,UAAU,CAAC;SACjD;aAAM;YACL;;;eAGG;YACH,sDAAsD;SACvD;KACF;SAAM;QACL;;;;;;;WAOG;QACH,sBAAsB,CAAC,kBAAkB,GAAG,sBAAsB,CAAC,WAAW,KAAK,UAAU,CAAC;KAC/F;IAED;;OAEG;IACH,IAAI,UAAU,GAAG,SAAS,CAAC;IAC3B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,UAAU,GAAG,mBAAa,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;KACxD;IAED,OAAO;QACL,SAAS,EAAE,kBAAY,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,kBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAgB,CAAC;SACnD,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU,EAAE;YACV,GAAG,UAAU;YACb,SAAS,EAAE,IAAI;SAChB;KACF,CAAC;AACJ,CAAC;AA1FD,kEA0FC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simplewebauthn/server",
-  "version": "7.0.1",
+  "version": "7.3.0",
   "description": "SimpleWebAuthn for Servers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -54,15 +54,13 @@
     "@peculiar/asn1-rsa": "^2.3.4",
     "@peculiar/asn1-schema": "^2.3.3",
     "@peculiar/asn1-x509": "^2.3.4",
-    "@simplewebauthn/iso-webcrypto": "^7.0.1",
+    "@simplewebauthn/iso-webcrypto": "^7.2.0",
+    "@simplewebauthn/typescript-types": "*",
+    "@types/debug": "^4.1.7",
+    "@types/node": "^18.11.9",
     "cbor-x": "^1.4.1",
     "cross-fetch": "^3.1.5",
     "debug": "^4.3.2"
   },
-  "gitHead": "f86a831139bc63254816e0f1fe44b05c0c784800",
-  "devDependencies": {
-    "@simplewebauthn/typescript-types": "*",
-    "@types/debug": "^4.1.7",
-    "@types/node": "^18.11.9"
-  }
+  "gitHead": "0ab19d8f8319ff6a36dbb53d14750bd345947eb8"
 }