@simplewebauthn/server 7.2.0 → 7.3.0

package/dist/helpers/convertPEMToBytes.js

@@ -9,7 +9,7 @@ function convertPEMToBytes(pem) {
     const certBase64 = pem
         .replace('-----BEGIN CERTIFICATE-----', '')
         .replace('-----END CERTIFICATE-----', '')
-        .replace(/\n/g, '');
+        .replace(/[\n ]/g, '');
     return iso_1.isoBase64URL.toBuffer(certBase64, 'base64');
 }
 exports.convertPEMToBytes = convertPEMToBytes;

package/dist/helpers/convertPEMToBytes.js.map

@@ -1 +1 @@
-{"version":3,"file":"convertPEMToBytes.js","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,UAAU,GAAG,GAAG;SACnB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,OAAO,kBAAY,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,CAAC;AAPD,8CAOC"}
+{"version":3,"file":"convertPEMToBytes.js","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,UAAU,GAAG,GAAG;SACnB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEzB,OAAO,kBAAY,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,CAAC;AAPD,8CAOC"}

package/dist/metadata/verifyJWT.d.ts

@@ -1,8 +1,7 @@
 /**
- * Lightweight verification for FIDO MDS JWTs.
+ * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
  *
- * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
- * needs to support more JWS algorithms, here's the list of them:
+ * If this ever needs to support more JWS algorithms, here's the list of them:
  *
  * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1
  *

package/dist/metadata/verifyJWT.js

@@ -5,11 +5,11 @@ const convertX509PublicKeyToCOSE_1 = require("../helpers/convertX509PublicKeyToC
 const iso_1 = require("../helpers/iso");
 const cose_1 = require("../helpers/cose");
 const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2");
+const verifyRSA_1 = require("../helpers/iso/isoCrypto/verifyRSA");
 /**
- * Lightweight verification for FIDO MDS JWTs.
+ * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
  *
- * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
- * needs to support more JWS algorithms, here's the list of them:
+ * If this ever needs to support more JWS algorithms, here's the list of them:
  *
  * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1
  *
@@ -18,14 +18,23 @@ const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2");
 async function verifyJWT(jwt, leafCert) {
     const [header, payload, signature] = jwt.split('.');
     const certCOSE = (0, convertX509PublicKeyToCOSE_1.convertX509PublicKeyToCOSE)(leafCert);
+    const data = iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`);
+    const signatureBytes = iso_1.isoBase64URL.toBuffer(signature);
     if ((0, cose_1.isCOSEPublicKeyEC2)(certCOSE)) {
         return (0, verifyEC2_1.verifyEC2)({
-            data: iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`),
-            signature: iso_1.isoBase64URL.toBuffer(signature),
+            data,
+            signature: signatureBytes,
             cosePublicKey: certCOSE,
             shaHashOverride: cose_1.COSEALG.ES256,
         });
     }
+    else if ((0, cose_1.isCOSEPublicKeyRSA)(certCOSE)) {
+        return (0, verifyRSA_1.verifyRSA)({
+            data,
+            signature: signatureBytes,
+            cosePublicKey: certCOSE,
+        });
+    }
     const kty = certCOSE.get(cose_1.COSEKEYS.kty);
     throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`);
 }

package/dist/metadata/verifyJWT.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyJWT.js","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":";;;AAAA,sFAAmF;AACnF,wCAA6D;AAC7D,0CAAwE;AACxE,kEAA+D;AAE/D;;;;;;;;;GASG;AACI,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,QAAoB;IAC/D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEpD,MAAM,QAAQ,GAAG,IAAA,uDAA0B,EAAC,QAAQ,CAAC,CAAC;IAEtD,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QAChC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI,EAAE,mBAAa,CAAC,cAAc,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;YAC1D,SAAS,EAAE,kBAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC3C,aAAa,EAAE,QAAQ;YACvB,eAAe,EAAE,cAAO,CAAC,KAAK;SAC/B,CAAC,CAAC;KACJ;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,KAAK,CACb,2CAA2C,GAAG,kCAAkC,CACjF,CAAC;AACJ,CAAC;AAlBD,8BAkBC"}
+{"version":3,"file":"verifyJWT.js","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":";;;AAAA,sFAAmF;AACnF,wCAA6D;AAC7D,0CAA4F;AAC5F,kEAA+D;AAC/D,kEAA+D;AAE/D;;;;;;;;GAQG;AACI,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,QAAoB;IAC/D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEpD,MAAM,QAAQ,GAAG,IAAA,uDAA0B,EAAC,QAAQ,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,mBAAa,CAAC,cAAc,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,kBAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAExD,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QAChC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI;YACJ,SAAS,EAAE,cAAc;YACzB,aAAa,EAAE,QAAQ;YACvB,eAAe,EAAE,cAAO,CAAC,KAAK;SAC/B,CAAC,CAAC;KACJ;SAAM,IAAI,IAAA,yBAAkB,EAAC,QAAQ,CAAC,EAAE;QACvC,OAAO,IAAA,qBAAS,EAAC;YACf,IAAI;YACJ,SAAS,EAAE,cAAc;YACzB,aAAa,EAAE,QAAQ;SACxB,CAAC,CAAA;KACH;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,KAAK,CACb,2CAA2C,GAAG,kCAAkC,CACjF,CAAC;AACJ,CAAC;AA1BD,8BA0BC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simplewebauthn/server",
-  "version": "7.2.0",
+  "version": "7.3.0",
   "description": "SimpleWebAuthn for Servers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -62,5 +62,5 @@
     "cross-fetch": "^3.1.5",
     "debug": "^4.3.2"
   },
-  "gitHead": "73630d7431abde0f13cabc601c7821135d95b18c"
+  "gitHead": "0ab19d8f8319ff6a36dbb53d14750bd345947eb8"
 }