@simplewebauthn/server 7.4.0 → 8.0.0

package/script/services/defaultRootCerts/android-safetynet.d.ts

@@ -0,0 +1,11 @@
+/**
+ * GlobalSign Root CA
+ *
+ * Downloaded from https://pki.goog/roots.pem
+ *
+ * Valid until 2028-01-28 @ 04:00 PST
+ *
+ * SHA256 Fingerprint
+ * EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
+ */
+export declare const GlobalSign_Root_CA = "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n";

package/{dist → script}/services/defaultRootCerts/android-safetynet.js

@@ -33,4 +33,3 @@ DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
 HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
 -----END CERTIFICATE-----
 `;
-//# sourceMappingURL=android-safetynet.js.map

package/script/services/defaultRootCerts/apple.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Apple WebAuthn Root CA
+ *
+ * Downloaded from https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
+ *
+ * Valid until 2045-03-14 @ 17:00 PST
+ *
+ * SHA256 Fingerprint
+ * 09:15:DD:5C:07:A2:8D:B5:49:D1:F6:77:BB:5A:75:D4:BF:BE:95:61:A7:73:42:43:27:76:2E:9E:02:F9:BB:29
+ */
+export declare const Apple_WebAuthn_Root_CA = "-----BEGIN CERTIFICATE-----\nMIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w\nHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ\nbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx\nNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG\nA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k\nxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/\npcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk\n2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3\njAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B\n1bWeT0vT\n-----END CERTIFICATE-----\n";

package/{dist → script}/services/defaultRootCerts/apple.js

@@ -26,4 +26,3 @@ jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
 1bWeT0vT
 -----END CERTIFICATE-----
 `;
-//# sourceMappingURL=apple.js.map

package/script/services/defaultRootCerts/mds.d.ts

@@ -0,0 +1,11 @@
+/**
+ * GlobalSign Root CA - R3
+ *
+ * Downloaded from https://valid.r3.roots.globalsign.com/
+ *
+ * Valid until 2029-03-18 @ 00:00 PST
+ *
+ * SHA256 Fingerprint
+ * CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B
+ */
+export declare const GlobalSign_Root_CA_R3 = "-----BEGIN CERTIFICATE-----\n MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\n A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\n Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\n MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\n A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\n RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\n gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\n KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\n QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\n XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\n DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\n LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\n RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\n jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\n mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\n Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n WD9f\n -----END CERTIFICATE-----\n ";

package/{dist → script}/services/defaultRootCerts/mds.js

@@ -33,4 +33,3 @@ exports.GlobalSign_Root_CA_R3 = `-----BEGIN CERTIFICATE-----
  WD9f
  -----END CERTIFICATE-----
  `;
-//# sourceMappingURL=mds.js.map

package/script/services/metadataService.d.ts

@@ -0,0 +1,53 @@
+import type { MetadataStatement } from '../metadata/mdsTypes.js';
+type VerificationMode = 'permissive' | 'strict';
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+export declare class BaseMetadataService {
+    private mdsCache;
+    private statementCache;
+    private state;
+    private verificationMode;
+    /**
+     * Prepare the service to handle remote MDS servers and/or cache local metadata statements.
+     *
+     * **Options:**
+     *
+     * @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
+     * (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
+     * @param opts.statements An array of local metadata statements
+     * @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
+     * `"strict"` which throws errors during registration response verification when an
+     * unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
+     * authenticators with unregistered AAGUIDs
+     */
+    initialize(opts?: {
+        mdsServers?: string[];
+        statements?: MetadataStatement[];
+        verificationMode?: VerificationMode;
+    }): Promise<void>;
+    /**
+     * Get a metadata statement for a given AAGUID.
+     *
+     * This method will coordinate updating the cache as per the `nextUpdate` property in the initial
+     * BLOB download.
+     */
+    getStatement(aaguid: string | Uint8Array): Promise<MetadataStatement | undefined>;
+    /**
+     * Download and process the latest BLOB from MDS
+     */
+    private downloadBlob;
+    /**
+     * A helper method to pause execution until the service is ready
+     */
+    private pauseUntilReady;
+    /**
+     * Report service status on change
+     */
+    private setState;
+}
+export declare const MetadataService: BaseMetadataService;
+export {};

package/script/services/metadataService.js

@@ -0,0 +1,277 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MetadataService = exports.BaseMetadataService = void 0;
+const validateCertificatePath_js_1 = require("../helpers/validateCertificatePath.js");
+const convertCertBufferToPEM_js_1 = require("../helpers/convertCertBufferToPEM.js");
+const convertAAGUIDToString_js_1 = require("../helpers/convertAAGUIDToString.js");
+const settingsService_js_1 = require("./settingsService.js");
+const logging_js_1 = require("../helpers/logging.js");
+const convertPEMToBytes_js_1 = require("../helpers/convertPEMToBytes.js");
+const fetch_js_1 = require("../helpers/fetch.js");
+const parseJWT_js_1 = require("../metadata/parseJWT.js");
+const verifyJWT_js_1 = require("../metadata/verifyJWT.js");
+const defaultURLMDS = 'https://mds.fidoalliance.org/'; // v3
+var SERVICE_STATE;
+(function (SERVICE_STATE) {
+    SERVICE_STATE[SERVICE_STATE["DISABLED"] = 0] = "DISABLED";
+    SERVICE_STATE[SERVICE_STATE["REFRESHING"] = 1] = "REFRESHING";
+    SERVICE_STATE[SERVICE_STATE["READY"] = 2] = "READY";
+})(SERVICE_STATE || (SERVICE_STATE = {}));
+const log = (0, logging_js_1.getLogger)('MetadataService');
+/**
+ * A basic service for coordinating interactions with the FIDO Metadata Service. This includes BLOB
+ * download and parsing, and on-demand requesting and caching of individual metadata statements.
+ *
+ * https://fidoalliance.org/metadata/
+ */
+class BaseMetadataService {
+    constructor() {
+        Object.defineProperty(this, "mdsCache", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: {}
+        });
+        Object.defineProperty(this, "statementCache", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: {}
+        });
+        Object.defineProperty(this, "state", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: SERVICE_STATE.DISABLED
+        });
+        Object.defineProperty(this, "verificationMode", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'strict'
+        });
+    }
+    /**
+     * Prepare the service to handle remote MDS servers and/or cache local metadata statements.
+     *
+     * **Options:**
+     *
+     * @param opts.mdsServers An array of URLs to FIDO Alliance Metadata Service
+     * (version 3.0)-compatible servers. Defaults to the official FIDO MDS server
+     * @param opts.statements An array of local metadata statements
+     * @param opts.verificationMode How MetadataService will handle unregistered AAGUIDs. Defaults to
+     * `"strict"` which throws errors during registration response verification when an
+     * unregistered AAGUID is encountered. Set to `"permissive"` to allow registration by
+     * authenticators with unregistered AAGUIDs
+     */
+    async initialize(opts = {}) {
+        const { mdsServers = [defaultURLMDS], statements, verificationMode } = opts;
+        this.setState(SERVICE_STATE.REFRESHING);
+        // If metadata statements are provided, load them into the cache first
+        if (statements?.length) {
+            let statementsAdded = 0;
+            statements.forEach((statement) => {
+                // Only cache statements that are for FIDO2-compatible authenticators
+                if (statement.aaguid) {
+                    this.statementCache[statement.aaguid] = {
+                        entry: {
+                            metadataStatement: statement,
+                            statusReports: [],
+                            timeOfLastStatusChange: '1970-01-01',
+                        },
+                        url: '',
+                    };
+                    statementsAdded += 1;
+                }
+            });
+            log(`Cached ${statementsAdded} local statements`);
+        }
+        // If MDS servers are provided, then process them and add their statements to the cache
+        if (mdsServers?.length) {
+            // Get a current count so we know how many new statements we've added from MDS servers
+            const currentCacheCount = Object.keys(this.statementCache).length;
+            let numServers = mdsServers.length;
+            for (const url of mdsServers) {
+                try {
+                    await this.downloadBlob({
+                        url,
+                        no: 0,
+                        nextUpdate: new Date(0),
+                    });
+                }
+                catch (err) {
+                    // Notify of the error and move on
+                    log(`Could not download BLOB from ${url}:`, err);
+                    numServers -= 1;
+                }
+            }
+            // Calculate the difference to get the total number of new statements we successfully added
+            const newCacheCount = Object.keys(this.statementCache).length;
+            const cacheDiff = newCacheCount - currentCacheCount;
+            log(`Cached ${cacheDiff} statements from ${numServers} metadata server(s)`);
+        }
+        if (verificationMode) {
+            this.verificationMode = verificationMode;
+        }
+        this.setState(SERVICE_STATE.READY);
+    }
+    /**
+     * Get a metadata statement for a given AAGUID.
+     *
+     * This method will coordinate updating the cache as per the `nextUpdate` property in the initial
+     * BLOB download.
+     */
+    async getStatement(aaguid) {
+        if (this.state === SERVICE_STATE.DISABLED) {
+            return;
+        }
+        if (!aaguid) {
+            return;
+        }
+        if (aaguid instanceof Uint8Array) {
+            aaguid = (0, convertAAGUIDToString_js_1.convertAAGUIDToString)(aaguid);
+        }
+        // If a cache refresh is in progress then pause this until the service is ready
+        await this.pauseUntilReady();
+        // Try to grab a cached statement
+        const cachedStatement = this.statementCache[aaguid];
+        if (!cachedStatement) {
+            if (this.verificationMode === 'strict') {
+                // FIDO conformance requires RP's to only support registered AAGUID's
+                throw new Error(`No metadata statement found for aaguid "${aaguid}"`);
+            }
+            // Allow registration verification to continue without using metadata
+            return;
+        }
+        // If the statement points to an MDS API, check the MDS' nextUpdate to see if we need to refresh
+        if (cachedStatement.url) {
+            const mds = this.mdsCache[cachedStatement.url];
+            const now = new Date();
+            if (now > mds.nextUpdate) {
+                try {
+                    this.setState(SERVICE_STATE.REFRESHING);
+                    await this.downloadBlob(mds);
+                }
+                finally {
+                    this.setState(SERVICE_STATE.READY);
+                }
+            }
+        }
+        const { entry } = cachedStatement;
+        // Check to see if the this aaguid has a status report with a "compromised" status
+        for (const report of entry.statusReports) {
+            const { status } = report;
+            if (status === 'USER_VERIFICATION_BYPASS' ||
+                status === 'ATTESTATION_KEY_COMPROMISE' ||
+                status === 'USER_KEY_REMOTE_COMPROMISE' ||
+                status === 'USER_KEY_PHYSICAL_COMPROMISE') {
+                throw new Error(`Detected compromised aaguid "${aaguid}"`);
+            }
+        }
+        return entry.metadataStatement;
+    }
+    /**
+     * Download and process the latest BLOB from MDS
+     */
+    async downloadBlob(mds) {
+        const { url, no } = mds;
+        // Get latest "BLOB" (FIDO's terminology, not mine)
+        const resp = await (0, fetch_js_1.fetch)(url);
+        const data = await resp.text();
+        // Parse the JWT
+        const parsedJWT = (0, parseJWT_js_1.parseJWT)(data);
+        const header = parsedJWT[0];
+        const payload = parsedJWT[1];
+        if (payload.no <= no) {
+            // From FIDO MDS docs: "also ignore the file if its number (no) is less or equal to the
+            // number of the last BLOB cached locally."
+            throw new Error(`Latest BLOB no. "${payload.no}" is not greater than previous ${no}`);
+        }
+        const headerCertsPEM = header.x5c.map(convertCertBufferToPEM_js_1.convertCertBufferToPEM);
+        try {
+            // Validate the certificate chain
+            const rootCerts = settingsService_js_1.SettingsService.getRootCertificates({
+                identifier: 'mds',
+            });
+            await (0, validateCertificatePath_js_1.validateCertificatePath)(headerCertsPEM, rootCerts);
+        }
+        catch (error) {
+            const _error = error;
+            // From FIDO MDS docs: "ignore the file if the chain cannot be verified or if one of the
+            // chain certificates is revoked"
+            throw new Error(`BLOB certificate path could not be validated: ${_error.message}`);
+        }
+        // Verify the BLOB JWT signature
+        const leafCert = headerCertsPEM[0];
+        const verified = await (0, verifyJWT_js_1.verifyJWT)(data, (0, convertPEMToBytes_js_1.convertPEMToBytes)(leafCert));
+        if (!verified) {
+            // From FIDO MDS docs: "The FIDO Server SHOULD ignore the file if the signature is invalid."
+            throw new Error('BLOB signature could not be verified');
+        }
+        // Cache statements for FIDO2 devices
+        for (const entry of payload.entries) {
+            // Only cache entries with an `aaguid`
+            if (entry.aaguid) {
+                this.statementCache[entry.aaguid] = { entry, url };
+            }
+        }
+        // Remember info about the server so we can refresh later
+        const [year, month, day] = payload.nextUpdate.split('-');
+        this.mdsCache[url] = {
+            ...mds,
+            // Store the payload `no` to make sure we're getting the next BLOB in the sequence
+            no: payload.no,
+            // Convert the nextUpdate property into a Date so we can determine when to re-download
+            nextUpdate: new Date(parseInt(year, 10), 
+            // Months need to be zero-indexed
+            parseInt(month, 10) - 1, parseInt(day, 10)),
+        };
+    }
+    /**
+     * A helper method to pause execution until the service is ready
+     */
+    pauseUntilReady() {
+        if (this.state === SERVICE_STATE.READY) {
+            return new Promise((resolve) => {
+                resolve();
+            });
+        }
+        // State isn't ready, so set up polling
+        const readyPromise = new Promise((resolve, reject) => {
+            const totalTimeoutMS = 70000;
+            const intervalMS = 100;
+            let iterations = totalTimeoutMS / intervalMS;
+            // Check service state every `intervalMS` milliseconds
+            const intervalID = globalThis.setInterval(() => {
+                if (iterations < 1) {
+                    clearInterval(intervalID);
+                    reject(`State did not become ready in ${totalTimeoutMS / 1000} seconds`);
+                }
+                else if (this.state === SERVICE_STATE.READY) {
+                    clearInterval(intervalID);
+                    resolve();
+                }
+                iterations -= 1;
+            }, intervalMS);
+        });
+        return readyPromise;
+    }
+    /**
+     * Report service status on change
+     */
+    setState(newState) {
+        this.state = newState;
+        if (newState === SERVICE_STATE.DISABLED) {
+            log('MetadataService is DISABLED');
+        }
+        else if (newState === SERVICE_STATE.REFRESHING) {
+            log('MetadataService is REFRESHING');
+        }
+        else if (newState === SERVICE_STATE.READY) {
+            log('MetadataService is READY');
+        }
+    }
+}
+exports.BaseMetadataService = BaseMetadataService;
+// Export a service singleton
+exports.MetadataService = new BaseMetadataService();

package/script/services/settingsService.d.ts

@@ -0,0 +1,25 @@
+import { AttestationFormat } from '../helpers/decodeAttestationObject.js';
+type RootCertIdentifier = AttestationFormat | 'mds';
+declare class BaseSettingsService {
+    private pemCertificates;
+    constructor();
+    /**
+     * Set potential root certificates for attestation formats that use them. Root certs will be tried
+     * one-by-one when validating a certificate path.
+     *
+     * Certificates can be specified as a raw `Buffer`, or as a PEM-formatted string. If a
+     * `Buffer` is passed in it will be converted to PEM format.
+     */
+    setRootCertificates(opts: {
+        identifier: RootCertIdentifier;
+        certificates: (Uint8Array | string)[];
+    }): void;
+    /**
+     * Get any registered root certificates for the specified attestation format
+     */
+    getRootCertificates(opts: {
+        identifier: RootCertIdentifier;
+    }): string[];
+}
+export declare const SettingsService: BaseSettingsService;
+export {};

package/{dist → script}/services/settingsService.js

@@ -1,13 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SettingsService = void 0;
-const convertCertBufferToPEM_1 = require("../helpers/convertCertBufferToPEM");
-const android_safetynet_1 = require("./defaultRootCerts/android-safetynet");
-const android_key_1 = require("./defaultRootCerts/android-key");
-const apple_1 = require("./defaultRootCerts/apple");
-const mds_1 = require("./defaultRootCerts/mds");
+const convertCertBufferToPEM_js_1 = require("../helpers/convertCertBufferToPEM.js");
+const android_safetynet_js_1 = require("./defaultRootCerts/android-safetynet.js");
+const android_key_js_1 = require("./defaultRootCerts/android-key.js");
+const apple_js_1 = require("./defaultRootCerts/apple.js");
+const mds_js_1 = require("./defaultRootCerts/mds.js");
 class BaseSettingsService {
     constructor() {
+        // Certificates are stored as PEM-formatted strings
+        Object.defineProperty(this, "pemCertificates", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
         this.pemCertificates = new Map();
     }
     /**
@@ -22,7 +29,7 @@ class BaseSettingsService {
         const newCertificates = [];
         for (const cert of certificates) {
             if (cert instanceof Uint8Array) {
-                newCertificates.push((0, convertCertBufferToPEM_1.convertCertBufferToPEM)(cert));
+                newCertificates.push((0, convertCertBufferToPEM_js_1.convertCertBufferToPEM)(cert));
             }
             else {
                 newCertificates.push(cert);
@@ -34,27 +41,28 @@ class BaseSettingsService {
      * Get any registered root certificates for the specified attestation format
      */
     getRootCertificates(opts) {
-        var _a;
         const { identifier } = opts;
-        return (_a = this.pemCertificates.get(identifier)) !== null && _a !== void 0 ? _a : [];
+        return this.pemCertificates.get(identifier) ?? [];
     }
 }
 exports.SettingsService = new BaseSettingsService();
 // Initialize default certificates
 exports.SettingsService.setRootCertificates({
     identifier: 'android-key',
-    certificates: [android_key_1.Google_Hardware_Attestation_Root_1, android_key_1.Google_Hardware_Attestation_Root_2],
+    certificates: [
+        android_key_js_1.Google_Hardware_Attestation_Root_1,
+        android_key_js_1.Google_Hardware_Attestation_Root_2,
+    ],
 });
 exports.SettingsService.setRootCertificates({
     identifier: 'android-safetynet',
-    certificates: [android_safetynet_1.GlobalSign_Root_CA],
+    certificates: [android_safetynet_js_1.GlobalSign_Root_CA],
 });
 exports.SettingsService.setRootCertificates({
     identifier: 'apple',
-    certificates: [apple_1.Apple_WebAuthn_Root_CA],
+    certificates: [apple_js_1.Apple_WebAuthn_Root_CA],
 });
 exports.SettingsService.setRootCertificates({
     identifier: 'mds',
-    certificates: [mds_1.GlobalSign_Root_CA_R3],
+    certificates: [mds_js_1.GlobalSign_Root_CA_R3],
 });
-//# sourceMappingURL=settingsService.js.map

package/dist/authentication/generateAuthenticationOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"generateAuthenticationOptions.js","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":";;;AAOA,wCAA6D;AAC7D,oEAAiE;AAWjE;;;;;;;;;;;;GAYG;AACH,SAAgB,6BAA6B,CAC3C,UAA6C,EAAE;IAE/C,MAAM,EACJ,gBAAgB,EAChB,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,OAAO,GAAG,KAAK,EACf,gBAAgB,GAAG,WAAW,EAC9B,UAAU,EACV,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,IAAI,UAAU,GAAG,SAAS,CAAC;IAC3B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,UAAU,GAAG,mBAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;KACvD;IAED,OAAO;QACL,SAAS,EAAE,kBAAY,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,gBAAgB,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/C,GAAG,IAAI;YACP,EAAE,EAAE,kBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAgB,CAAC;SACnD,CAAC,CAAC;QACH,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AA/BD,sEA+BC"}

package/dist/authentication/verifyAuthenticationResponse.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;AAOA,0EAAuE;AACvE,8CAA2C;AAC3C,gEAA6D;AAC7D,8EAA2E;AAC3E,kEAA+D;AAE/D,oEAAiE;AACjE,wCAA6D;AAc7D;;;;;;;;;;;;;;;;;;GAkBG;AACI,KAAK,UAAU,4BAA4B,CAChD,OAAyC;IAEzC,MAAM,EACJ,QAAQ,EACR,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,GAAG,IAAI,EAC9B,kBAAkB,GACnB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,QAAQ,CAAC;IAElF,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QACzD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,IAAA,2CAAoB,EAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;IAE9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,kBAAY,CAAC,WAAW,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,kBAAY,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;QAC1D,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,iBAAiB,CAAC,UAAU,IAAI,OAAO,iBAAiB,CAAC,UAAU,KAAK,QAAQ,EAAE;QACpF,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,kBAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,IAAA,+CAAsB,EAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,cAAc,CAAC;IAEpE,yCAAyC;IACzC,IAAI,aAAa,GAAa,EAAE,CAAC;IACjC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,aAAa,GAAG,CAAC,YAAY,CAAC,CAAC;KAChC;SAAM;QACL,aAAa,GAAG,YAAY,CAAC;KAC9B;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qCAAiB,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAErE,IAAI,kBAAkB,KAAK,SAAS,EAAE;QACpC,MAAM,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,kBAAkB,CAAC;QAEtE;;WAEG;QACH,IAAI,oBAAoB,KAAK,UAAU,EAAE;YACvC,0DAA0D;YAC1D,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;aAC/E;SACF;aAAM,IAAI,oBAAoB,KAAK,WAAW,IAAI,oBAAoB,KAAK,aAAa,EAAE;YACzF,oBAAoB;SACrB;KACF;SAAM;QACL;;WAEG;QACH,wDAAwD;QACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;SAC3D;QAED,wCAAwC;QACxC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;KACF;IAED,MAAM,cAAc,GAAG,MAAM,IAAA,eAAM,EAAC,kBAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7F,MAAM,aAAa,GAAG,mBAAa,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAE7E,MAAM,SAAS,GAAG,kBAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAErE,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAmC;QAC/C,QAAQ,EAAE,MAAM,IAAA,iCAAe,EAAC;YAC9B,SAAS;YACT,IAAI,EAAE,aAAa;YACnB,mBAAmB,EAAE,aAAa,CAAC,mBAAmB;SACvD,CAAC;QACF,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,YAAY,EAAE,KAAK,CAAC,EAAE;YACtB,oBAAoB;YACpB,kBAAkB;YAClB,6BAA6B,EAAE,cAAc;YAC7C,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,IAAI,EAAE,WAAW;SAClB;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAhLD,oEAgLC"}

package/dist/helpers/convertAAGUIDToString.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"convertAAGUIDToString.js","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":";;;AAAA,+BAAsC;AAEtC;;GAEG;AACH,SAAgB,qBAAqB,CAAC,MAAkB;IACtD,4CAA4C;IAC5C,MAAM,GAAG,GAAG,mBAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAa;QACzB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;QACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI;KACxB,CAAC;IAEF,kDAAkD;IAClD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAdD,sDAcC"}

package/dist/helpers/convertCOSEtoPKCS.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AAAA,+BAA+C;AAC/C,iCAAoD;AAEpD;;GAEG;AACH,SAAgB,iBAAiB,CAAC,aAAyB;IACzD,iGAAiG;IACjG,gGAAgG;IAChG,6DAA6D;IAC7D,MAAM,MAAM,GAAG,aAAO,CAAC,WAAW,CAAmB,aAAa,CAAC,CAAC;IAEpE,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,EAAE;QACL,OAAO,mBAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;KAC1C;IAED,OAAO,mBAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;AACxC,CAAC;AAnBD,8CAmBC"}

package/dist/helpers/convertCertBufferToPEM.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"convertCertBufferToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":";;;AAEA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,sBAAsB,CAAC,UAAwC;IAC7E,IAAI,OAAe,CAAC;IAEpB;;OAEG;IACH,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,IAAI,kBAAY,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;YACxC,OAAO,GAAG,kBAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SAC7C;aAAM,IAAI,kBAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;YAC5C,OAAO,GAAG,UAAU,CAAC;SACtB;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;KACF;SAAM;QACL,OAAO,GAAG,kBAAY,CAAC,UAAU,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;KACzD;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE;QAC1D,MAAM,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;QAErB,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC;KAC5C;IAED,MAAM,GAAG,gCAAgC,MAAM,6BAA6B,CAAC;IAE7E,OAAO,MAAM,CAAC;AAChB,CAAC;AA5BD,wDA4BC"}

package/dist/helpers/convertPEMToBytes.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"convertPEMToBytes.js","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,UAAU,GAAG,GAAG;SACnB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEzB,OAAO,kBAAY,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,CAAC;AAPD,8CAOC"}

package/dist/helpers/convertX509PublicKeyToCOSE.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"convertX509PublicKeyToCOSE.js","sourceRoot":"","sources":["../../src/helpers/convertX509PublicKeyToCOSE.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAAkD;AAClD,iDAA8F;AAC9F,iDAAkD;AAElD,iCAOgB;AAChB,iFAA8E;AAE9E,SAAgB,0BAA0B,CAAC,eAA2B;IACpE,IAAI,aAAa,GAAkB,IAAI,GAAG,EAAE,CAAC;IAE7C;;OAEG;IACH,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,EAAE,uBAAW,CAAC,CAAC;IAE3D,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;IAChC,MAAM,EAAE,oBAAoB,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,cAAc,CAAC;IAE1E,MAAM,kBAAkB,GAAG,aAAa,CAAC,SAAS,CAAC;IACnD,MAAM,oBAAoB,GAAG,oBAAoB,CAAC,SAAS,CAAC,SAAS,CAAC;IAEtE,IAAI,oBAAoB,KAAK,yBAAc,EAAE;QAC3C;;WAEG;QACH,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,UAAU,EAAE;YAC9C,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;SACxE;QAED,MAAM,YAAY,GAAG,uBAAS,CAAC,KAAK,CAClC,IAAI,UAAU,CAAC,oBAAoB,CAAC,SAAS,CAAC,UAAU,CAAC,EACzD,uBAAY,CACb,CAAC;QAEF,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC;QACf,MAAM,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;QAEpC,IAAI,UAAU,KAAK,uBAAY,EAAE;YAC/B,GAAG,GAAG,cAAO,CAAC,IAAI,CAAC;SACpB;aAAM,IAAI,UAAU,KAAK,uBAAY,EAAE;YACtC,GAAG,GAAG,cAAO,CAAC,IAAI,CAAC;SACpB;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,0DAA0D,UAAU,QAAQ,CAAC,CAAC;SAC/F;QAED,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;QAE/E,IAAI,CAAa,CAAC;QAClB,IAAI,CAAa,CAAC;QAClB,IAAI,gBAAgB,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE;YAChC,oFAAoF;YACpF,IAAI,OAAO,GAAG,CAAC,CAAC;YAChB,MAAM,UAAU,GAAG,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACrD,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC;YAC7D,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;SACrC;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;SACpF;QAED,MAAM,aAAa,GAAqB,IAAI,GAAG,EAAE,CAAC;QAClD,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,EAAE,cAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,EAAE,IAAA,2DAA4B,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAClF,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrC,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjC,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEjC,aAAa,GAAG,aAAa,CAAC;KAC/B;SAAM,IAAI,oBAAoB,KAAK,sBAAsB,EAAE;QAC1D;;WAEG;QACH,MAAM,YAAY,GAAG,uBAAS,CAAC,KAAK,CAAC,oBAAoB,CAAC,gBAAgB,EAAE,uBAAY,CAAC,CAAC;QAE1F,MAAM,aAAa,GAAqB,IAAI,GAAG,EAAE,CAAC;QAClD,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,EAAE,cAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,GAAG,EAAE,IAAA,2DAA4B,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAClF,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,EAAE,IAAI,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;QACpE,aAAa,CAAC,GAAG,CAAC,eAAQ,CAAC,CAAC,EAAE,IAAI,UAAU,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAE3E,aAAa,GAAG,aAAa,CAAC;KAC/B;SAAM;QACL,MAAM,IAAI,KAAK,CACb,4DAA4D,oBAAoB,EAAE,CACnF,CAAC;KACH;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAhFD,gEAgFC"}

package/dist/helpers/cose.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cose.js","sourceRoot":"","sources":["../../src/helpers/cose.ts"],"names":[],"mappings":";;;AAgDA,SAAgB,kBAAkB,CAChC,aAA4B;IAE5B,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC;AAC/C,CAAC;AALD,gDAKC;AAED,SAAgB,kBAAkB,CAChC,aAA4B;IAE5B,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC;AAC/C,CAAC;AALD,gDAKC;AAED,SAAgB,kBAAkB,CAChC,aAA4B;IAE5B,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC;AAC/C,CAAC;AALD,gDAKC;AAED;;;;;GAKG;AACH,IAAY,QAQX;AARD,WAAY,QAAQ;IAClB,qCAAO,CAAA;IACP,qCAAO,CAAA;IACP,sCAAQ,CAAA;IACR,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;AACR,CAAC,EARW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAQnB;AAED;;;;GAIG;AACH,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAED,SAAgB,SAAS,CAAC,GAAuB;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAc,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC;AAFD,8BAEC;AAED;;;;GAIG;AACH,IAAY,OAKX;AALD,WAAY,OAAO;IACjB,qCAAQ,CAAA;IACR,qCAAQ,CAAA;IACR,qCAAQ,CAAA;IACR,2CAAW,CAAA;AACb,CAAC,EALW,OAAO,GAAP,eAAO,KAAP,eAAO,QAKlB;AAED,SAAgB,SAAS,CAAC,GAAuB;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAc,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC;AAFD,8BAEC;AAED;;;;GAIG;AACH,IAAY,OAaX;AAbD,WAAY,OAAO;IACjB,wCAAU,CAAA;IACV,wCAAU,CAAA;IACV,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,yCAAW,CAAA;IACX,2CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,0CAAY,CAAA;IACZ,wCAAY,CAAA;AACd,CAAC,EAbW,OAAO,GAAP,eAAO,KAAP,eAAO,QAalB;AAED,SAAgB,SAAS,CAAC,GAAuB;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAc,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC;AAFD,8BAEC"}

package/dist/helpers/decodeAttestationObject.js

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodeAttestationObject = void 0;
-const iso_1 = require("./iso");
-/**
- * Convert an AttestationObject buffer to a proper object
- *
- * @param base64AttestationObject Attestation Object buffer
- */
-function decodeAttestationObject(attestationObject) {
-    return iso_1.isoCBOR.decodeFirst(attestationObject);
-}
-exports.decodeAttestationObject = decodeAttestationObject;
-//# sourceMappingURL=decodeAttestationObject.js.map

package/dist/helpers/decodeAttestationObject.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decodeAttestationObject.js","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":";;;AAAA,+BAAgC;AAEhC;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,iBAA6B;IACnE,OAAO,aAAO,CAAC,WAAW,CAAoB,iBAAiB,CAAC,CAAC;AACnE,CAAC;AAFD,0DAEC"}

package/dist/helpers/decodeAuthenticatorExtensions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decodeAuthenticatorExtensions.js","sourceRoot":"","sources":["../../src/helpers/decodeAuthenticatorExtensions.ts"],"names":[],"mappings":";;;AAAA,+BAAgC;AAEhC;;;;GAIG;AACH,SAAgB,6BAA6B,CAC3C,aAAyB;IAEzB,IAAI,MAA4B,CAAC;IACjC,IAAI;QACF,MAAM,GAAG,aAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;KAC7C;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7E;IAED,OAAO,sBAAsB,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC;AAZD,sEAYC;AAqBD;;;;GAIG;AACH,SAAS,sBAAsB,CAAC,KAA2B;IACzD,MAAM,MAAM,GAA+B,EAAE,CAAC;IAE9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,KAAK,EAAE;QAChC,IAAI,KAAK,YAAY,GAAG,EAAE;YACxB,MAAM,CAAC,GAAG,CAAC,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;SAC7C;aAAM;YACL,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;SACrB;KACF;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/helpers/decodeClientDataJSON.js

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodeClientDataJSON = void 0;
-const iso_1 = require("./iso");
-/**
- * Decode an authenticator's base64url-encoded clientDataJSON to JSON
- */
-function decodeClientDataJSON(data) {
-    const toString = iso_1.isoBase64URL.toString(data);
-    const clientData = JSON.parse(toString);
-    return clientData;
-}
-exports.decodeClientDataJSON = decodeClientDataJSON;
-//# sourceMappingURL=decodeClientDataJSON.js.map

package/dist/helpers/decodeClientDataJSON.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decodeClientDataJSON.js","sourceRoot":"","sources":["../../src/helpers/decodeClientDataJSON.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAErC;;GAEG;AACH,SAAgB,oBAAoB,CAAC,IAAY;IAC/C,MAAM,QAAQ,GAAG,kBAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAmB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,UAAU,CAAC;AACpB,CAAC;AALD,oDAKC"}

package/dist/helpers/decodeCredentialPublicKey.d.ts

@@ -1,2 +0,0 @@
-import { COSEPublicKey } from './cose';
-export declare function decodeCredentialPublicKey(publicKey: Uint8Array): COSEPublicKey;

package/dist/helpers/decodeCredentialPublicKey.js

@@ -1,9 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodeCredentialPublicKey = void 0;
-const iso_1 = require("./iso");
-function decodeCredentialPublicKey(publicKey) {
-    return iso_1.isoCBOR.decodeFirst(publicKey);
-}
-exports.decodeCredentialPublicKey = decodeCredentialPublicKey;
-//# sourceMappingURL=decodeCredentialPublicKey.js.map

package/dist/helpers/decodeCredentialPublicKey.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decodeCredentialPublicKey.js","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":";;;AACA,+BAAgC;AAEhC,SAAgB,yBAAyB,CAAC,SAAqB;IAC7D,OAAO,aAAO,CAAC,WAAW,CAAgB,SAAS,CAAC,CAAC;AACvD,CAAC;AAFD,8DAEC"}

package/dist/helpers/generateChallenge.d.ts

@@ -1,4 +0,0 @@
-/**
- * Generate a suitably random value to be used as an attestation or assertion challenge
- */
-export declare function generateChallenge(): Uint8Array;

package/dist/helpers/generateChallenge.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"generateChallenge.js","sourceRoot":"","sources":["../../src/helpers/generateChallenge.ts"],"names":[],"mappings":";;;AAAA,+BAAkC;AAElC;;GAEG;AACH,SAAgB,iBAAiB;IAC/B;;;;;;;OAOG;IACH,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAErC,eAAS,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAErC,OAAO,SAAS,CAAC;AACnB,CAAC;AAdD,8CAcC"}

package/dist/helpers/getCertificateInfo.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"getCertificateInfo.js","sourceRoot":"","sources":["../../src/helpers/getCertificateInfo.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAA4F;AA4B5F,MAAM,kBAAkB,GAA+C;IACrE,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;CAChB,CAAC;AAEF;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,cAA0B;IAC3D,MAAM,IAAI,GAAG,uBAAS,CAAC,KAAK,CAAC,cAAc,EAAE,uBAAW,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC;IAEvC,SAAS;IACT,MAAM,MAAM,GAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACxC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE;QAClC,MAAM,GAAG,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;SACpC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,QAAQ,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAEhD,UAAU;IACV,MAAM,OAAO,GAAY,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE;QACnC,MAAM,GAAG,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE;YACP,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;SACrC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAElD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,UAAU,CAAC,UAAU,EAAE;QACzB,sCAAsC;QACtC,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE;YACvC,IAAI,GAAG,CAAC,MAAM,KAAK,kCAAsB,EAAE;gBACzC,MAAM,gBAAgB,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,4BAAgB,CAAC,CAAC;gBAC1E,kBAAkB,GAAG,gBAAgB,CAAC,EAAE,CAAC;aAC1C;SACF;KACF;IAED,OAAO;QACL,MAAM;QACN,OAAO;QACP,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,kBAAkB;QAClB,SAAS,EAAE,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;QAClD,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE;QAChD,iBAAiB,EAAE,IAAI;KACxB,CAAC;AACJ,CAAC;AA5CD,gDA4CC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,KAAuB;IACpD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,KAAK,CAAC,CAAC,EAAE;QACX,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KACrB;IAED,IAAI,KAAK,CAAC,CAAC,EAAE;QACX,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KACrB;IAED,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;KACtB;IAED,IAAI,KAAK,CAAC,EAAE,EAAE;QACZ,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;KACtB;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/helpers/index.d.ts

@@ -1,22 +0,0 @@
-import { convertAAGUIDToString } from './convertAAGUIDToString';
-import { convertCertBufferToPEM } from './convertCertBufferToPEM';
-import { convertCOSEtoPKCS } from './convertCOSEtoPKCS';
-import { decodeAttestationObject } from './decodeAttestationObject';
-import { decodeClientDataJSON } from './decodeClientDataJSON';
-import { decodeCredentialPublicKey } from './decodeCredentialPublicKey';
-import { generateChallenge } from './generateChallenge';
-import { getCertificateInfo } from './getCertificateInfo';
-import { isCertRevoked } from './isCertRevoked';
-import { parseAuthenticatorData } from './parseAuthenticatorData';
-import { toHash } from './toHash';
-import { validateCertificatePath } from './validateCertificatePath';
-import { verifySignature } from './verifySignature';
-import { isoCBOR, isoBase64URL, isoUint8Array, isoCrypto } from './iso';
-import * as cose from './cose';
-export { convertAAGUIDToString, convertCertBufferToPEM, convertCOSEtoPKCS, decodeAttestationObject, decodeClientDataJSON, decodeCredentialPublicKey, generateChallenge, getCertificateInfo, isCertRevoked, parseAuthenticatorData, toHash, validateCertificatePath, verifySignature, isoCBOR, isoCrypto, isoBase64URL, isoUint8Array, cose, };
-import type { AttestationFormat, AttestationObject, AttestationStatement } from './decodeAttestationObject';
-import type { CertificateInfo } from './getCertificateInfo';
-import type { ClientDataJSON } from './decodeClientDataJSON';
-import type { COSEPublicKey } from './cose';
-import type { ParsedAuthenticatorData } from './parseAuthenticatorData';
-export type { AttestationFormat, AttestationObject, AttestationStatement, CertificateInfo, ClientDataJSON, COSEPublicKey, ParsedAuthenticatorData, };