npm - @simplewebauthn/server - Versions diffs - 7.4.0 → 8.0.0-alpha.0 - Mend

@simplewebauthn/server 7.4.0 → 8.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (343) hide show

package/script/helpers/decodeAttestationObject.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._decodeAttestationObjectInternals = exports.decodeAttestationObject = void 0;
+const index_js_1 = require("./iso/index.js");
+/**
+ * Convert an AttestationObject buffer to a proper object
+ *
+ * @param base64AttestationObject Attestation Object buffer
+ */
+function decodeAttestationObject(attestationObject) {
+    return exports._decodeAttestationObjectInternals.stubThis(index_js_1.isoCBOR.decodeFirst(attestationObject));
+}
+exports.decodeAttestationObject = decodeAttestationObject;
+// Make it possible to stub the return value during testing
+exports._decodeAttestationObjectInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/decodeAuthenticatorExtensions.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Convert authenticator extension data buffer to a proper object
+ *
+ * @param extensionData Authenticator Extension Data buffer
+ */
+export declare function decodeAuthenticatorExtensions(extensionData: Uint8Array): AuthenticationExtensionsAuthenticatorOutputs | undefined;
+export type AuthenticationExtensionsAuthenticatorOutputs = {
+    devicePubKey?: DevicePublicKeyAuthenticatorOutput;
+    uvm?: UVMAuthenticatorOutput;
+};
+export type DevicePublicKeyAuthenticatorOutput = {
+    dpk?: Uint8Array;
+    sig?: string;
+    nonce?: Uint8Array;
+    scope?: Uint8Array;
+    aaguid?: Uint8Array;
+};
+export type UVMAuthenticatorOutput = {
+    uvm?: Uint8Array[];
+};

package/{dist → script}/helpers/decodeAuthenticatorExtensions.js RENAMED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.decodeAuthenticatorExtensions = void 0;
-const iso_1 = require("./iso");
+const index_js_1 = require("./iso/index.js");
 /**
  * Convert authenticator extension data buffer to a proper object
  *
@@ -10,7 +10,7 @@ const iso_1 = require("./iso");
 function decodeAuthenticatorExtensions(extensionData) {
     let toCBOR;
     try {
-        toCBOR = iso_1.isoCBOR.decodeFirst(extensionData);
+        toCBOR = index_js_1.isoCBOR.decodeFirst(extensionData);
     }
     catch (err) {
         const _err = err;
@@ -36,4 +36,3 @@ function convertMapToObjectDeep(input) {
     }
     return mapped;
 }
-//# sourceMappingURL=decodeAuthenticatorExtensions.js.map

package/script/helpers/decodeClientDataJSON.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON
+ */
+export declare function decodeClientDataJSON(data: string): ClientDataJSON;
+export type ClientDataJSON = {
+    type: string;
+    challenge: string;
+    origin: string;
+    crossOrigin?: boolean;
+    tokenBinding?: {
+        id?: string;
+        status: 'present' | 'supported' | 'not-supported';
+    };
+};
+export declare const _decodeClientDataJSONInternals: {
+    stubThis: (value: ClientDataJSON) => ClientDataJSON;
+};

package/script/helpers/decodeClientDataJSON.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._decodeClientDataJSONInternals = exports.decodeClientDataJSON = void 0;
+const index_js_1 = require("./iso/index.js");
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON
+ */
+function decodeClientDataJSON(data) {
+    const toString = index_js_1.isoBase64URL.toString(data);
+    const clientData = JSON.parse(toString);
+    return exports._decodeClientDataJSONInternals.stubThis(clientData);
+}
+exports.decodeClientDataJSON = decodeClientDataJSON;
+// Make it possible to stub the return value during testing
+exports._decodeClientDataJSONInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/decodeCredentialPublicKey.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { COSEPublicKey } from './cose.js';
+export declare function decodeCredentialPublicKey(publicKey: Uint8Array): COSEPublicKey;
+export declare const _decodeCredentialPublicKeyInternals: {
+    stubThis: (value: COSEPublicKey) => COSEPublicKey;
+};

package/script/helpers/decodeCredentialPublicKey.js ADDED Viewed

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._decodeCredentialPublicKeyInternals = exports.decodeCredentialPublicKey = void 0;
+const index_js_1 = require("./iso/index.js");
+function decodeCredentialPublicKey(publicKey) {
+    return exports._decodeCredentialPublicKeyInternals.stubThis(index_js_1.isoCBOR.decodeFirst(publicKey));
+}
+exports.decodeCredentialPublicKey = decodeCredentialPublicKey;
+// Make it possible to stub the return value during testing
+exports._decodeCredentialPublicKeyInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/fetch.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * A simple method for requesting data via standard `fetch`. Should work
+ * across multiple runtimes.
+ */
+export declare function fetch(url: string): Promise<Response>;
+export declare const _fetchInternals: {
+    stubThis: (url: string) => Promise<Response>;
+};

package/script/helpers/fetch.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._fetchInternals = exports.fetch = void 0;
+const deps_js_1 = require("../deps.js");
+/**
+ * A simple method for requesting data via standard `fetch`. Should work
+ * across multiple runtimes.
+ */
+function fetch(url) {
+    return exports._fetchInternals.stubThis(url);
+}
+exports.fetch = fetch;
+// Make it possible to stub the return value during testing
+exports._fetchInternals = {
+    stubThis: (url) => (0, deps_js_1.crossFetch)(url),
+};

package/script/helpers/generateChallenge.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Generate a suitably random value to be used as an attestation or assertion challenge
+ */
+export declare function generateChallenge(): Promise<Uint8Array>;
+export declare const _generateChallengeInternals: {
+    stubThis: (value: Uint8Array) => Uint8Array;
+};

package/{dist → script}/helpers/generateChallenge.js RENAMED Viewed

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateChallenge = void 0;
-const iso_1 = require("./iso");
+exports._generateChallengeInternals = exports.generateChallenge = void 0;
+const index_js_1 = require("./iso/index.js");
 /**
  * Generate a suitably random value to be used as an attestation or assertion challenge
  */
-function generateChallenge() {
+async function generateChallenge() {
     /**
      * WebAuthn spec says that 16 bytes is a good minimum:
      *
@@ -15,8 +15,11 @@ function generateChallenge() {
      * Just in case, let's double it
      */
     const challenge = new Uint8Array(32);
-    iso_1.isoCrypto.getRandomValues(challenge);
-    return challenge;
+    await index_js_1.isoCrypto.getRandomValues(challenge);
+    return exports._generateChallengeInternals.stubThis(challenge);
 }
 exports.generateChallenge = generateChallenge;
-//# sourceMappingURL=generateChallenge.js.map
+// Make it possible to stub the return value during testing
+exports._generateChallengeInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/getCertificateInfo.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { Certificate } from '../deps.js';
+export type CertificateInfo = {
+    issuer: Issuer;
+    subject: Subject;
+    version: number;
+    basicConstraintsCA: boolean;
+    notBefore: Date;
+    notAfter: Date;
+    parsedCertificate: Certificate;
+};
+type Issuer = {
+    C?: string;
+    O?: string;
+    OU?: string;
+    CN?: string;
+    combined: string;
+};
+type Subject = {
+    C?: string;
+    O?: string;
+    OU?: string;
+    CN?: string;
+    combined: string;
+};
+/**
+ * Extract PEM certificate info
+ *
+ * @param pemCertificate Result from call to `convertASN1toPEM(x5c[0])`
+ */
+export declare function getCertificateInfo(leafCertBuffer: Uint8Array): CertificateInfo;
+export {};

package/{dist → script}/helpers/getCertificateInfo.js RENAMED Viewed

@@ -1,8 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCertificateInfo = void 0;
-const asn1_schema_1 = require("@peculiar/asn1-schema");
-const asn1_x509_1 = require("@peculiar/asn1-x509");
+const deps_js_1 = require("../deps.js");
 const issuerSubjectIDKey = {
     '2.5.4.6': 'C',
     '2.5.4.10': 'O',
@@ -15,7 +14,7 @@ const issuerSubjectIDKey = {
  * @param pemCertificate Result from call to `convertASN1toPEM(x5c[0])`
  */
 function getCertificateInfo(leafCertBuffer) {
-    const x509 = asn1_schema_1.AsnParser.parse(leafCertBuffer, asn1_x509_1.Certificate);
+    const x509 = deps_js_1.AsnParser.parse(leafCertBuffer, deps_js_1.Certificate);
     const parsedCert = x509.tbsCertificate;
     // Issuer
     const issuer = { combined: '' };
@@ -39,8 +38,8 @@ function getCertificateInfo(leafCertBuffer) {
     if (parsedCert.extensions) {
         // console.log(parsedCert.extensions);
         for (const ext of parsedCert.extensions) {
-            if (ext.extnID === asn1_x509_1.id_ce_basicConstraints) {
-                const basicConstraints = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.BasicConstraints);
+            if (ext.extnID === deps_js_1.id_ce_basicConstraints) {
+                const basicConstraints = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.BasicConstraints);
                 basicConstraintsCA = basicConstraints.cA;
             }
         }
@@ -79,4 +78,3 @@ function issuerSubjectToString(input) {
     }
     return parts.join(' : ');
 }
-//# sourceMappingURL=getCertificateInfo.js.map

package/script/helpers/index.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { convertAAGUIDToString } from './convertAAGUIDToString.js';
+import { convertCertBufferToPEM } from './convertCertBufferToPEM.js';
+import { convertCOSEtoPKCS } from './convertCOSEtoPKCS.js';
+import { decodeAttestationObject } from './decodeAttestationObject.js';
+import { decodeClientDataJSON } from './decodeClientDataJSON.js';
+import { decodeCredentialPublicKey } from './decodeCredentialPublicKey.js';
+import { generateChallenge } from './generateChallenge.js';
+import { getCertificateInfo } from './getCertificateInfo.js';
+import { isCertRevoked } from './isCertRevoked.js';
+import { parseAuthenticatorData } from './parseAuthenticatorData.js';
+import { toHash } from './toHash.js';
+import { validateCertificatePath } from './validateCertificatePath.js';
+import { verifySignature } from './verifySignature.js';
+import { isoBase64URL, isoCBOR, isoCrypto, isoUint8Array } from './iso/index.js';
+import * as cose from './cose.js';
+export { convertAAGUIDToString, convertCertBufferToPEM, convertCOSEtoPKCS, cose, decodeAttestationObject, decodeClientDataJSON, decodeCredentialPublicKey, generateChallenge, getCertificateInfo, isCertRevoked, isoBase64URL, isoCBOR, isoCrypto, isoUint8Array, parseAuthenticatorData, toHash, validateCertificatePath, verifySignature, };
+import type { AttestationFormat, AttestationObject, AttestationStatement } from './decodeAttestationObject.js';
+import type { CertificateInfo } from './getCertificateInfo.js';
+import type { ClientDataJSON } from './decodeClientDataJSON.js';
+import type { COSEPublicKey } from './cose.js';
+import type { ParsedAuthenticatorData } from './parseAuthenticatorData.js';
+export type { AttestationFormat, AttestationObject, AttestationStatement, CertificateInfo, ClientDataJSON, COSEPublicKey, ParsedAuthenticatorData, };

package/script/helpers/index.js ADDED Viewed

@@ -0,0 +1,59 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySignature = exports.validateCertificatePath = exports.toHash = exports.parseAuthenticatorData = exports.isoUint8Array = exports.isoCrypto = exports.isoCBOR = exports.isoBase64URL = exports.isCertRevoked = exports.getCertificateInfo = exports.generateChallenge = exports.decodeCredentialPublicKey = exports.decodeClientDataJSON = exports.decodeAttestationObject = exports.cose = exports.convertCOSEtoPKCS = exports.convertCertBufferToPEM = exports.convertAAGUIDToString = void 0;
+const convertAAGUIDToString_js_1 = require("./convertAAGUIDToString.js");
+Object.defineProperty(exports, "convertAAGUIDToString", { enumerable: true, get: function () { return convertAAGUIDToString_js_1.convertAAGUIDToString; } });
+const convertCertBufferToPEM_js_1 = require("./convertCertBufferToPEM.js");
+Object.defineProperty(exports, "convertCertBufferToPEM", { enumerable: true, get: function () { return convertCertBufferToPEM_js_1.convertCertBufferToPEM; } });
+const convertCOSEtoPKCS_js_1 = require("./convertCOSEtoPKCS.js");
+Object.defineProperty(exports, "convertCOSEtoPKCS", { enumerable: true, get: function () { return convertCOSEtoPKCS_js_1.convertCOSEtoPKCS; } });
+const decodeAttestationObject_js_1 = require("./decodeAttestationObject.js");
+Object.defineProperty(exports, "decodeAttestationObject", { enumerable: true, get: function () { return decodeAttestationObject_js_1.decodeAttestationObject; } });
+const decodeClientDataJSON_js_1 = require("./decodeClientDataJSON.js");
+Object.defineProperty(exports, "decodeClientDataJSON", { enumerable: true, get: function () { return decodeClientDataJSON_js_1.decodeClientDataJSON; } });
+const decodeCredentialPublicKey_js_1 = require("./decodeCredentialPublicKey.js");
+Object.defineProperty(exports, "decodeCredentialPublicKey", { enumerable: true, get: function () { return decodeCredentialPublicKey_js_1.decodeCredentialPublicKey; } });
+const generateChallenge_js_1 = require("./generateChallenge.js");
+Object.defineProperty(exports, "generateChallenge", { enumerable: true, get: function () { return generateChallenge_js_1.generateChallenge; } });
+const getCertificateInfo_js_1 = require("./getCertificateInfo.js");
+Object.defineProperty(exports, "getCertificateInfo", { enumerable: true, get: function () { return getCertificateInfo_js_1.getCertificateInfo; } });
+const isCertRevoked_js_1 = require("./isCertRevoked.js");
+Object.defineProperty(exports, "isCertRevoked", { enumerable: true, get: function () { return isCertRevoked_js_1.isCertRevoked; } });
+const parseAuthenticatorData_js_1 = require("./parseAuthenticatorData.js");
+Object.defineProperty(exports, "parseAuthenticatorData", { enumerable: true, get: function () { return parseAuthenticatorData_js_1.parseAuthenticatorData; } });
+const toHash_js_1 = require("./toHash.js");
+Object.defineProperty(exports, "toHash", { enumerable: true, get: function () { return toHash_js_1.toHash; } });
+const validateCertificatePath_js_1 = require("./validateCertificatePath.js");
+Object.defineProperty(exports, "validateCertificatePath", { enumerable: true, get: function () { return validateCertificatePath_js_1.validateCertificatePath; } });
+const verifySignature_js_1 = require("./verifySignature.js");
+Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return verifySignature_js_1.verifySignature; } });
+const index_js_1 = require("./iso/index.js");
+Object.defineProperty(exports, "isoBase64URL", { enumerable: true, get: function () { return index_js_1.isoBase64URL; } });
+Object.defineProperty(exports, "isoCBOR", { enumerable: true, get: function () { return index_js_1.isoCBOR; } });
+Object.defineProperty(exports, "isoCrypto", { enumerable: true, get: function () { return index_js_1.isoCrypto; } });
+Object.defineProperty(exports, "isoUint8Array", { enumerable: true, get: function () { return index_js_1.isoUint8Array; } });
+const cose = __importStar(require("./cose.js"));
+exports.cose = cose;

package/script/helpers/isCertRevoked.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { Certificate } from '../deps.js';
+/**
+ * A method to pull a CRL from a certificate and compare its serial number to the list of revoked
+ * certificate serial numbers within the CRL.
+ *
+ * CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
+ */
+export declare function isCertRevoked(cert: Certificate): Promise<boolean>;

package/{dist → script}/helpers/isCertRevoked.js RENAMED Viewed

@@ -1,13 +1,9 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCertRevoked = void 0;
-const cross_fetch_1 = __importDefault(require("cross-fetch"));
-const asn1_schema_1 = require("@peculiar/asn1-schema");
-const asn1_x509_1 = require("@peculiar/asn1-x509");
-const iso_1 = require("./iso");
+const deps_js_1 = require("../deps.js");
+const index_js_1 = require("./iso/index.js");
+const fetch_js_1 = require("./fetch.js");
 const cacheRevokedCerts = {};
 /**
  * A method to pull a CRL from a certificate and compare its serial number to the list of revoked
@@ -16,7 +12,6 @@ const cacheRevokedCerts = {};
  * CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
  */
 async function isCertRevoked(cert) {
-    var _a, _b;
     const { extensions } = cert.tbsCertificate;
     if (!extensions) {
         return false;
@@ -24,30 +19,30 @@ async function isCertRevoked(cert) {
     let extAuthorityKeyID;
     let extSubjectKeyID;
     let extCRLDistributionPoints;
-    extensions.forEach(ext => {
-        if (ext.extnID === asn1_x509_1.id_ce_authorityKeyIdentifier) {
-            extAuthorityKeyID = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.AuthorityKeyIdentifier);
+    extensions.forEach((ext) => {
+        if (ext.extnID === deps_js_1.id_ce_authorityKeyIdentifier) {
+            extAuthorityKeyID = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.AuthorityKeyIdentifier);
         }
-        else if (ext.extnID === asn1_x509_1.id_ce_subjectKeyIdentifier) {
-            extSubjectKeyID = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.SubjectKeyIdentifier);
+        else if (ext.extnID === deps_js_1.id_ce_subjectKeyIdentifier) {
+            extSubjectKeyID = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.SubjectKeyIdentifier);
         }
-        else if (ext.extnID === asn1_x509_1.id_ce_cRLDistributionPoints) {
-            extCRLDistributionPoints = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.CRLDistributionPoints);
+        else if (ext.extnID === deps_js_1.id_ce_cRLDistributionPoints) {
+            extCRLDistributionPoints = deps_js_1.AsnParser.parse(ext.extnValue, deps_js_1.CRLDistributionPoints);
         }
     });
     // Check to see if we've got cached info for the cert's CA
     let keyIdentifier = undefined;
     if (extAuthorityKeyID && extAuthorityKeyID.keyIdentifier) {
-        keyIdentifier = iso_1.isoUint8Array.toHex(new Uint8Array(extAuthorityKeyID.keyIdentifier.buffer));
+        keyIdentifier = index_js_1.isoUint8Array.toHex(new Uint8Array(extAuthorityKeyID.keyIdentifier.buffer));
     }
     else if (extSubjectKeyID) {
         /**
          * We might be dealing with a self-signed root certificate. Check the
          * Subject key Identifier extension next.
          */
-        keyIdentifier = iso_1.isoUint8Array.toHex(new Uint8Array(extSubjectKeyID.buffer));
+        keyIdentifier = index_js_1.isoUint8Array.toHex(new Uint8Array(extSubjectKeyID.buffer));
     }
-    const certSerialHex = iso_1.isoUint8Array.toHex(new Uint8Array(cert.tbsCertificate.serialNumber));
+    const certSerialHex = index_js_1.isoUint8Array.toHex(new Uint8Array(cert.tbsCertificate.serialNumber));
     if (keyIdentifier) {
         const cached = cacheRevokedCerts[keyIdentifier];
         if (cached) {
@@ -58,7 +53,8 @@ async function isCertRevoked(cert) {
             }
         }
     }
-    const crlURL = (_b = (_a = extCRLDistributionPoints === null || extCRLDistributionPoints === void 0 ? void 0 : extCRLDistributionPoints[0].distributionPoint) === null || _a === void 0 ? void 0 : _a.fullName) === null || _b === void 0 ? void 0 : _b[0].uniformResourceIdentifier;
+    const crlURL = extCRLDistributionPoints?.[0].distributionPoint?.fullName?.[0]
+        .uniformResourceIdentifier;
     // If no URL is provided then we have nothing to check
     if (!crlURL) {
         return false;
@@ -66,17 +62,17 @@ async function isCertRevoked(cert) {
     // Download and read the CRL
     let certListBytes;
     try {
-        const respCRL = await (0, cross_fetch_1.default)(crlURL);
+        const respCRL = await (0, fetch_js_1.fetch)(crlURL);
         certListBytes = await respCRL.arrayBuffer();
     }
-    catch (err) {
+    catch (_err) {
         return false;
     }
     let data;
     try {
-        data = asn1_schema_1.AsnParser.parse(certListBytes, asn1_x509_1.CertificateList);
+        data = deps_js_1.AsnParser.parse(certListBytes, deps_js_1.CertificateList);
     }
-    catch (err) {
+    catch (_err) {
         // Something was malformed with the CRL, so pass
         return false;
     }
@@ -92,7 +88,7 @@ async function isCertRevoked(cert) {
     const revokedCerts = data.tbsCertList.revokedCertificates;
     if (revokedCerts) {
         for (const cert of revokedCerts) {
-            const revokedHex = iso_1.isoUint8Array.toHex(new Uint8Array(cert.userCertificate));
+            const revokedHex = index_js_1.isoUint8Array.toHex(new Uint8Array(cert.userCertificate));
             newCached.revokedCerts.push(revokedHex);
         }
         // Cache the results
@@ -104,4 +100,3 @@ async function isCertRevoked(cert) {
     return false;
 }
 exports.isCertRevoked = isCertRevoked;
-//# sourceMappingURL=isCertRevoked.js.map

package/script/helpers/iso/index.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * A collection of methods for isomorphic manipulation of trickier data types
+ *
+ * The goal with these is to make it easier to replace dependencies later that might not play well
+ * with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
+ * etc...), while also supporting execution in Node.
+ */
+export * as isoBase64URL from './isoBase64URL.js';
+export * as isoCBOR from './isoCBOR.js';
+export * as isoCrypto from './isoCrypto/index.js';
+export * as isoUint8Array from './isoUint8Array.js';

package/{dist → script}/helpers/iso/index.js RENAMED Viewed

@@ -31,8 +31,7 @@ exports.isoUint8Array = exports.isoCrypto = exports.isoCBOR = exports.isoBase64U
  * with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
  * etc...), while also supporting execution in Node.
  */
-exports.isoBase64URL = __importStar(require("./isoBase64URL"));
-exports.isoCBOR = __importStar(require("./isoCBOR"));
-exports.isoCrypto = __importStar(require("./isoCrypto"));
-exports.isoUint8Array = __importStar(require("./isoUint8Array"));
-//# sourceMappingURL=index.js.map
+exports.isoBase64URL = __importStar(require("./isoBase64URL.js"));
+exports.isoCBOR = __importStar(require("./isoCBOR.js"));
+exports.isoCrypto = __importStar(require("./isoCrypto/index.js"));
+exports.isoUint8Array = __importStar(require("./isoUint8Array.js"));

package/script/helpers/iso/isoBase64URL.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials.
+ *
+ * @param buffer Value to decode from base64
+ * @param to (optional) The decoding to use, in case it's desirable to decode from base64 instead
+ */
+export declare function toBuffer(base64urlString: string, from?: 'base64' | 'base64url'): Uint8Array;
+/**
+ * Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * @param buffer Value to encode to base64
+ * @param to (optional) The encoding to use, in case it's desirable to encode to base64 instead
+ */
+export declare function fromBuffer(buffer: Uint8Array, to?: 'base64' | 'base64url'): string;
+/**
+ * Convert a base64url string into base64
+ */
+export declare function toBase64(base64urlString: string): string;
+/**
+ * Encode a string to base64url
+ */
+export declare function fromString(ascii: string): string;
+/**
+ * Decode a base64url string into its original string
+ */
+export declare function toString(base64urlString: string): string;
+/**
+ * Confirm that the string is encoded into base64
+ */
+export declare function isBase64(input: string): boolean;
+/**
+ * Confirm that the string is encoded into base64url, with support for optional padding
+ */
+export declare function isBase64url(input: string): boolean;

package/{dist → script}/helpers/iso/isoBase64URL.js RENAMED Viewed

@@ -68,4 +68,3 @@ function isBase64url(input) {
     return base64_1.default.validate(input, true);
 }
 exports.isBase64url = isBase64url;
-//# sourceMappingURL=isoBase64URL.js.map

package/script/helpers/iso/isoCBOR.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Decode and return the first item in a sequence of CBOR-encoded values
+ *
+ * @param input The CBOR data to decode
+ * @param asObject (optional) Whether to convert any CBOR Maps into JavaScript Objects. Defaults to
+ * `false`
+ */
+export declare function decodeFirst<Type>(input: Uint8Array): Type;
+/**
+ * Encode data to CBOR
+ */
+export declare function encode(input: unknown): Uint8Array;

package/{dist → script}/helpers/iso/isoCBOR.js RENAMED Viewed

@@ -1,31 +1,7 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.encode = exports.decodeFirst = void 0;
-/* eslint-disable @typescript-eslint/ban-ts-comment */
-const cborx = __importStar(require("cbor-x"));
+const deps_js_1 = require("../../deps.js");
 /**
  * This encoder should keep CBOR data the same length when data is re-encoded
  *
@@ -36,7 +12,10 @@ const cborx = __importStar(require("cbor-x"));
  * So long as these requirements are maintained, then CBOR sequences can be encoded and decoded
  * freely while maintaining their lengths for the most accurate pointer movement across them.
  */
-const encoder = new cborx.Encoder({ mapsAsObjects: false, tagUint8Array: false });
+const encoder = new deps_js_1.cborx.Encoder({
+    mapsAsObjects: false,
+    tagUint8Array: false,
+});
 /**
  * Decode and return the first item in a sequence of CBOR-encoded values
  *
@@ -45,7 +24,9 @@ const encoder = new cborx.Encoder({ mapsAsObjects: false, tagUint8Array: false }
  * `false`
  */
 function decodeFirst(input) {
-    const decoded = encoder.decodeMultiple(input);
+    // Make a copy so we don't mutate the original
+    const _input = new Uint8Array(input);
+    const decoded = encoder.decodeMultiple(_input);
     if (decoded === undefined) {
         throw new Error('CBOR input data was empty');
     }
@@ -66,4 +47,3 @@ function encode(input) {
     return encoder.encode(input);
 }
 exports.encode = encode;
-//# sourceMappingURL=isoCBOR.js.map

package/script/helpers/iso/isoCrypto/digest.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { COSEALG } from '../../cose.js';
+/**
+ * Generate a digest of the provided data.
+ *
+ * @param data The data to generate a digest of
+ * @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
+ */
+export declare function digest(data: Uint8Array, algorithm: COSEALG): Promise<Uint8Array>;

package/script/helpers/iso/isoCrypto/digest.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.digest = void 0;
+const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
+/**
+ * Generate a digest of the provided data.
+ *
+ * @param data The data to generate a digest of
+ * @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
+ */
+async function digest(data, algorithm) {
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
+    const subtleAlgorithm = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(algorithm);
+    const hashed = await WebCrypto.subtle.digest(subtleAlgorithm, data);
+    return new Uint8Array(hashed);
+}
+exports.digest = digest;

package/script/helpers/iso/isoCrypto/getRandomValues.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Fill up the provided bytes array with random bytes equal to its length.
+ *
+ * @returns the same bytes array passed into the method
+ */
+export declare function getRandomValues(array: Uint8Array): Promise<Uint8Array>;