@simplewebauthn/server 7.4.0 → 8.0.0

package/{dist → esm}/helpers/decodeClientDataJSON.d.ts

@@ -12,3 +12,6 @@ export type ClientDataJSON = {
         status: 'present' | 'supported' | 'not-supported';
     };
 };
+export declare const _decodeClientDataJSONInternals: {
+    stubThis: (value: ClientDataJSON) => ClientDataJSON;
+};

package/esm/helpers/decodeClientDataJSON.js

@@ -0,0 +1,13 @@
+import { isoBase64URL } from './iso/index.js';
+/**
+ * Decode an authenticator's base64url-encoded clientDataJSON to JSON
+ */
+export function decodeClientDataJSON(data) {
+    const toString = isoBase64URL.toString(data);
+    const clientData = JSON.parse(toString);
+    return _decodeClientDataJSONInternals.stubThis(clientData);
+}
+// Make it possible to stub the return value during testing
+export const _decodeClientDataJSONInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/decodeCredentialPublicKey.d.ts

@@ -0,0 +1,5 @@
+import { COSEPublicKey } from './cose.js';
+export declare function decodeCredentialPublicKey(publicKey: Uint8Array): COSEPublicKey;
+export declare const _decodeCredentialPublicKeyInternals: {
+    stubThis: (value: COSEPublicKey) => COSEPublicKey;
+};

package/esm/helpers/decodeCredentialPublicKey.js

@@ -0,0 +1,8 @@
+import { isoCBOR } from './iso/index.js';
+export function decodeCredentialPublicKey(publicKey) {
+    return _decodeCredentialPublicKeyInternals.stubThis(isoCBOR.decodeFirst(publicKey));
+}
+// Make it possible to stub the return value during testing
+export const _decodeCredentialPublicKeyInternals = {
+    stubThis: (value) => value,
+};

package/esm/helpers/fetch.d.ts

@@ -0,0 +1,8 @@
+/**
+ * A simple method for requesting data via standard `fetch`. Should work
+ * across multiple runtimes.
+ */
+export declare function fetch(url: string): Promise<Response>;
+export declare const _fetchInternals: {
+    stubThis: (url: string) => Promise<Response>;
+};

package/esm/helpers/fetch.js

@@ -0,0 +1,12 @@
+import { crossFetch } from '../deps.js';
+/**
+ * A simple method for requesting data via standard `fetch`. Should work
+ * across multiple runtimes.
+ */
+export function fetch(url) {
+    return _fetchInternals.stubThis(url);
+}
+// Make it possible to stub the return value during testing
+export const _fetchInternals = {
+    stubThis: (url) => crossFetch(url),
+};

package/esm/helpers/generateChallenge.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Generate a suitably random value to be used as an attestation or assertion challenge
+ */
+export declare function generateChallenge(): Promise<Uint8Array>;
+export declare const _generateChallengeInternals: {
+    stubThis: (value: Uint8Array) => Uint8Array;
+};

package/esm/helpers/generateChallenge.js

@@ -0,0 +1,21 @@
+import { isoCrypto } from './iso/index.js';
+/**
+ * Generate a suitably random value to be used as an attestation or assertion challenge
+ */
+export async function generateChallenge() {
+    /**
+     * WebAuthn spec says that 16 bytes is a good minimum:
+     *
+     * "In order to prevent replay attacks, the challenges MUST contain enough entropy to make
+     * guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long."
+     *
+     * Just in case, let's double it
+     */
+    const challenge = new Uint8Array(32);
+    await isoCrypto.getRandomValues(challenge);
+    return _generateChallengeInternals.stubThis(challenge);
+}
+// Make it possible to stub the return value during testing
+export const _generateChallengeInternals = {
+    stubThis: (value) => value,
+};

package/{dist → esm}/helpers/getCertificateInfo.d.ts

@@ -1,4 +1,4 @@
-import { Certificate } from '@peculiar/asn1-x509';
+import { Certificate } from '../deps.js';
 export type CertificateInfo = {
     issuer: Issuer;
     subject: Subject;

package/esm/helpers/getCertificateInfo.js

@@ -0,0 +1,76 @@
+import { AsnParser, BasicConstraints, Certificate, id_ce_basicConstraints } from '../deps.js';
+const issuerSubjectIDKey = {
+    '2.5.4.6': 'C',
+    '2.5.4.10': 'O',
+    '2.5.4.11': 'OU',
+    '2.5.4.3': 'CN',
+};
+/**
+ * Extract PEM certificate info
+ *
+ * @param pemCertificate Result from call to `convertASN1toPEM(x5c[0])`
+ */
+export function getCertificateInfo(leafCertBuffer) {
+    const x509 = AsnParser.parse(leafCertBuffer, Certificate);
+    const parsedCert = x509.tbsCertificate;
+    // Issuer
+    const issuer = { combined: '' };
+    parsedCert.issuer.forEach(([iss]) => {
+        const key = issuerSubjectIDKey[iss.type];
+        if (key) {
+            issuer[key] = iss.value.toString();
+        }
+    });
+    issuer.combined = issuerSubjectToString(issuer);
+    // Subject
+    const subject = { combined: '' };
+    parsedCert.subject.forEach(([iss]) => {
+        const key = issuerSubjectIDKey[iss.type];
+        if (key) {
+            subject[key] = iss.value.toString();
+        }
+    });
+    subject.combined = issuerSubjectToString(subject);
+    let basicConstraintsCA = false;
+    if (parsedCert.extensions) {
+        // console.log(parsedCert.extensions);
+        for (const ext of parsedCert.extensions) {
+            if (ext.extnID === id_ce_basicConstraints) {
+                const basicConstraints = AsnParser.parse(ext.extnValue, BasicConstraints);
+                basicConstraintsCA = basicConstraints.cA;
+            }
+        }
+    }
+    return {
+        issuer,
+        subject,
+        version: parsedCert.version,
+        basicConstraintsCA,
+        notBefore: parsedCert.validity.notBefore.getTime(),
+        notAfter: parsedCert.validity.notAfter.getTime(),
+        parsedCertificate: x509,
+    };
+}
+/**
+ * Stringify the parts of Issuer or Subject info for easier comparison of subject issuers with
+ * issuer subjects.
+ *
+ * The order might seem arbitrary, because it is. It should be enough that the two are stringified
+ * in the same order.
+ */
+function issuerSubjectToString(input) {
+    const parts = [];
+    if (input.C) {
+        parts.push(input.C);
+    }
+    if (input.O) {
+        parts.push(input.O);
+    }
+    if (input.OU) {
+        parts.push(input.OU);
+    }
+    if (input.CN) {
+        parts.push(input.CN);
+    }
+    return parts.join(' : ');
+}

package/esm/helpers/index.d.ts

@@ -0,0 +1,22 @@
+import { convertAAGUIDToString } from './convertAAGUIDToString.js';
+import { convertCertBufferToPEM } from './convertCertBufferToPEM.js';
+import { convertCOSEtoPKCS } from './convertCOSEtoPKCS.js';
+import { decodeAttestationObject } from './decodeAttestationObject.js';
+import { decodeClientDataJSON } from './decodeClientDataJSON.js';
+import { decodeCredentialPublicKey } from './decodeCredentialPublicKey.js';
+import { generateChallenge } from './generateChallenge.js';
+import { getCertificateInfo } from './getCertificateInfo.js';
+import { isCertRevoked } from './isCertRevoked.js';
+import { parseAuthenticatorData } from './parseAuthenticatorData.js';
+import { toHash } from './toHash.js';
+import { validateCertificatePath } from './validateCertificatePath.js';
+import { verifySignature } from './verifySignature.js';
+import { isoBase64URL, isoCBOR, isoCrypto, isoUint8Array } from './iso/index.js';
+import * as cose from './cose.js';
+export { convertAAGUIDToString, convertCertBufferToPEM, convertCOSEtoPKCS, cose, decodeAttestationObject, decodeClientDataJSON, decodeCredentialPublicKey, generateChallenge, getCertificateInfo, isCertRevoked, isoBase64URL, isoCBOR, isoCrypto, isoUint8Array, parseAuthenticatorData, toHash, validateCertificatePath, verifySignature, };
+import type { AttestationFormat, AttestationObject, AttestationStatement } from './decodeAttestationObject.js';
+import type { CertificateInfo } from './getCertificateInfo.js';
+import type { ClientDataJSON } from './decodeClientDataJSON.js';
+import type { COSEPublicKey } from './cose.js';
+import type { ParsedAuthenticatorData } from './parseAuthenticatorData.js';
+export type { AttestationFormat, AttestationObject, AttestationStatement, CertificateInfo, ClientDataJSON, COSEPublicKey, ParsedAuthenticatorData, };

package/esm/helpers/index.js

@@ -0,0 +1,16 @@
+import { convertAAGUIDToString } from './convertAAGUIDToString.js';
+import { convertCertBufferToPEM } from './convertCertBufferToPEM.js';
+import { convertCOSEtoPKCS } from './convertCOSEtoPKCS.js';
+import { decodeAttestationObject } from './decodeAttestationObject.js';
+import { decodeClientDataJSON } from './decodeClientDataJSON.js';
+import { decodeCredentialPublicKey } from './decodeCredentialPublicKey.js';
+import { generateChallenge } from './generateChallenge.js';
+import { getCertificateInfo } from './getCertificateInfo.js';
+import { isCertRevoked } from './isCertRevoked.js';
+import { parseAuthenticatorData } from './parseAuthenticatorData.js';
+import { toHash } from './toHash.js';
+import { validateCertificatePath } from './validateCertificatePath.js';
+import { verifySignature } from './verifySignature.js';
+import { isoBase64URL, isoCBOR, isoCrypto, isoUint8Array } from './iso/index.js';
+import * as cose from './cose.js';
+export { convertAAGUIDToString, convertCertBufferToPEM, convertCOSEtoPKCS, cose, decodeAttestationObject, decodeClientDataJSON, decodeCredentialPublicKey, generateChallenge, getCertificateInfo, isCertRevoked, isoBase64URL, isoCBOR, isoCrypto, isoUint8Array, parseAuthenticatorData, toHash, validateCertificatePath, verifySignature, };

package/{dist → esm}/helpers/isCertRevoked.d.ts

@@ -1,4 +1,4 @@
-import { Certificate } from '@peculiar/asn1-x509';
+import { Certificate } from '../deps.js';
 /**
  * A method to pull a CRL from a certificate and compare its serial number to the list of revoked
  * certificate serial numbers within the CRL.

package/esm/helpers/isCertRevoked.js

@@ -0,0 +1,98 @@
+import { AsnParser, AuthorityKeyIdentifier, CertificateList, CRLDistributionPoints, id_ce_authorityKeyIdentifier, id_ce_cRLDistributionPoints, id_ce_subjectKeyIdentifier, SubjectKeyIdentifier, } from '../deps.js';
+import { isoUint8Array } from './iso/index.js';
+import { fetch } from './fetch.js';
+const cacheRevokedCerts = {};
+/**
+ * A method to pull a CRL from a certificate and compare its serial number to the list of revoked
+ * certificate serial numbers within the CRL.
+ *
+ * CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
+ */
+export async function isCertRevoked(cert) {
+    const { extensions } = cert.tbsCertificate;
+    if (!extensions) {
+        return false;
+    }
+    let extAuthorityKeyID;
+    let extSubjectKeyID;
+    let extCRLDistributionPoints;
+    extensions.forEach((ext) => {
+        if (ext.extnID === id_ce_authorityKeyIdentifier) {
+            extAuthorityKeyID = AsnParser.parse(ext.extnValue, AuthorityKeyIdentifier);
+        }
+        else if (ext.extnID === id_ce_subjectKeyIdentifier) {
+            extSubjectKeyID = AsnParser.parse(ext.extnValue, SubjectKeyIdentifier);
+        }
+        else if (ext.extnID === id_ce_cRLDistributionPoints) {
+            extCRLDistributionPoints = AsnParser.parse(ext.extnValue, CRLDistributionPoints);
+        }
+    });
+    // Check to see if we've got cached info for the cert's CA
+    let keyIdentifier = undefined;
+    if (extAuthorityKeyID && extAuthorityKeyID.keyIdentifier) {
+        keyIdentifier = isoUint8Array.toHex(new Uint8Array(extAuthorityKeyID.keyIdentifier.buffer));
+    }
+    else if (extSubjectKeyID) {
+        /**
+         * We might be dealing with a self-signed root certificate. Check the
+         * Subject key Identifier extension next.
+         */
+        keyIdentifier = isoUint8Array.toHex(new Uint8Array(extSubjectKeyID.buffer));
+    }
+    const certSerialHex = isoUint8Array.toHex(new Uint8Array(cert.tbsCertificate.serialNumber));
+    if (keyIdentifier) {
+        const cached = cacheRevokedCerts[keyIdentifier];
+        if (cached) {
+            const now = new Date();
+            // If there's a nextUpdate then make sure we're before it
+            if (!cached.nextUpdate || cached.nextUpdate > now) {
+                return cached.revokedCerts.indexOf(certSerialHex) >= 0;
+            }
+        }
+    }
+    const crlURL = extCRLDistributionPoints?.[0].distributionPoint?.fullName?.[0]
+        .uniformResourceIdentifier;
+    // If no URL is provided then we have nothing to check
+    if (!crlURL) {
+        return false;
+    }
+    // Download and read the CRL
+    let certListBytes;
+    try {
+        const respCRL = await fetch(crlURL);
+        certListBytes = await respCRL.arrayBuffer();
+    }
+    catch (_err) {
+        return false;
+    }
+    let data;
+    try {
+        data = AsnParser.parse(certListBytes, CertificateList);
+    }
+    catch (_err) {
+        // Something was malformed with the CRL, so pass
+        return false;
+    }
+    const newCached = {
+        revokedCerts: [],
+        nextUpdate: undefined,
+    };
+    // nextUpdate
+    if (data.tbsCertList.nextUpdate) {
+        newCached.nextUpdate = data.tbsCertList.nextUpdate.getTime();
+    }
+    // revokedCertificates
+    const revokedCerts = data.tbsCertList.revokedCertificates;
+    if (revokedCerts) {
+        for (const cert of revokedCerts) {
+            const revokedHex = isoUint8Array.toHex(new Uint8Array(cert.userCertificate));
+            newCached.revokedCerts.push(revokedHex);
+        }
+        // Cache the results
+        if (keyIdentifier) {
+            cacheRevokedCerts[keyIdentifier] = newCached;
+        }
+        return newCached.revokedCerts.indexOf(certSerialHex) >= 0;
+    }
+    return false;
+}

package/{dist → esm}/helpers/iso/index.d.ts

@@ -5,7 +5,7 @@
  * with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
  * etc...), while also supporting execution in Node.
  */
-export * as isoBase64URL from './isoBase64URL';
-export * as isoCBOR from './isoCBOR';
-export * as isoCrypto from './isoCrypto';
-export * as isoUint8Array from './isoUint8Array';
+export * as isoBase64URL from './isoBase64URL.js';
+export * as isoCBOR from './isoCBOR.js';
+export * as isoCrypto from './isoCrypto/index.js';
+export * as isoUint8Array from './isoUint8Array.js';

package/esm/helpers/iso/index.js

@@ -0,0 +1,11 @@
+/**
+ * A collection of methods for isomorphic manipulation of trickier data types
+ *
+ * The goal with these is to make it easier to replace dependencies later that might not play well
+ * with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
+ * etc...), while also supporting execution in Node.
+ */
+export * as isoBase64URL from './isoBase64URL.js';
+export * as isoCBOR from './isoCBOR.js';
+export * as isoCrypto from './isoCrypto/index.js';
+export * as isoUint8Array from './isoUint8Array.js';

package/esm/helpers/iso/isoBase64URL.js

@@ -0,0 +1,57 @@
+import { base64 } from '../../deps.js';
+/**
+ * Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a
+ * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
+ * excludeCredentials.
+ *
+ * @param buffer Value to decode from base64
+ * @param to (optional) The decoding to use, in case it's desirable to decode from base64 instead
+ */
+export function toBuffer(base64urlString, from = 'base64url') {
+    const _buffer = base64.toArrayBuffer(base64urlString, from === 'base64url');
+    return new Uint8Array(_buffer);
+}
+/**
+ * Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various
+ * credential response ArrayBuffers to string for sending back to the server as JSON.
+ *
+ * @param buffer Value to encode to base64
+ * @param to (optional) The encoding to use, in case it's desirable to encode to base64 instead
+ */
+export function fromBuffer(buffer, to = 'base64url') {
+    return base64.fromArrayBuffer(buffer, to === 'base64url');
+}
+/**
+ * Convert a base64url string into base64
+ */
+export function toBase64(base64urlString) {
+    const fromBase64Url = base64.toArrayBuffer(base64urlString, true);
+    const toBase64 = base64.fromArrayBuffer(fromBase64Url);
+    return toBase64;
+}
+/**
+ * Encode a string to base64url
+ */
+export function fromString(ascii) {
+    return base64.fromString(ascii, true);
+}
+/**
+ * Decode a base64url string into its original string
+ */
+export function toString(base64urlString) {
+    return base64.toString(base64urlString, true);
+}
+/**
+ * Confirm that the string is encoded into base64
+ */
+export function isBase64(input) {
+    return base64.validate(input, false);
+}
+/**
+ * Confirm that the string is encoded into base64url, with support for optional padding
+ */
+export function isBase64url(input) {
+    // Trim padding characters from the string if present
+    input = input.replace(/=/g, '');
+    return base64.validate(input, true);
+}

package/{dist → esm}/helpers/iso/isoCBOR.d.ts

@@ -9,4 +9,4 @@ export declare function decodeFirst<Type>(input: Uint8Array): Type;
 /**
  * Encode data to CBOR
  */
-export declare function encode(input: any): Uint8Array;
+export declare function encode(input: unknown): Uint8Array;

package/esm/helpers/iso/isoCBOR.js

@@ -0,0 +1,44 @@
+import { cborx } from '../../deps.js';
+/**
+ * This encoder should keep CBOR data the same length when data is re-encoded
+ *
+ * MOST CRITICALLY, this means the following needs to be true of whatever CBOR library we use:
+ * - CBOR Map type values MUST decode to JavaScript Maps
+ * - CBOR tag 64 (uint8 Typed Array) MUST NOT be used when encoding Uint8Arrays back to CBOR
+ *
+ * So long as these requirements are maintained, then CBOR sequences can be encoded and decoded
+ * freely while maintaining their lengths for the most accurate pointer movement across them.
+ */
+const encoder = new cborx.Encoder({
+    mapsAsObjects: false,
+    tagUint8Array: false,
+});
+/**
+ * Decode and return the first item in a sequence of CBOR-encoded values
+ *
+ * @param input The CBOR data to decode
+ * @param asObject (optional) Whether to convert any CBOR Maps into JavaScript Objects. Defaults to
+ * `false`
+ */
+export function decodeFirst(input) {
+    // Make a copy so we don't mutate the original
+    const _input = new Uint8Array(input);
+    const decoded = encoder.decodeMultiple(_input);
+    if (decoded === undefined) {
+        throw new Error('CBOR input data was empty');
+    }
+    /**
+     * Typing on `decoded` is `void | []` which causes TypeScript to think that it's an empty array,
+     * and thus you can't destructure it. I'm ignoring that because the code works fine in JS, and
+     * so this should be a valid operation.
+     */
+    // @ts-ignore 2493
+    const [first] = decoded;
+    return first;
+}
+/**
+ * Encode data to CBOR
+ */
+export function encode(input) {
+    return encoder.encode(input);
+}

package/{dist → esm}/helpers/iso/isoCrypto/digest.d.ts

@@ -1,4 +1,4 @@
-import { COSEALG } from '../../cose';
+import { COSEALG } from '../../cose.js';
 /**
  * Generate a digest of the provided data.
  *

package/esm/helpers/iso/isoCrypto/digest.js

@@ -0,0 +1,14 @@
+import { mapCoseAlgToWebCryptoAlg } from './mapCoseAlgToWebCryptoAlg.js';
+import { getWebCrypto } from './getWebCrypto.js';
+/**
+ * Generate a digest of the provided data.
+ *
+ * @param data The data to generate a digest of
+ * @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
+ */
+export async function digest(data, algorithm) {
+    const WebCrypto = await getWebCrypto();
+    const subtleAlgorithm = mapCoseAlgToWebCryptoAlg(algorithm);
+    const hashed = await WebCrypto.subtle.digest(subtleAlgorithm, data);
+    return new Uint8Array(hashed);
+}

package/{dist → esm}/helpers/iso/isoCrypto/getRandomValues.d.ts

@@ -3,4 +3,4 @@
  *
  * @returns the same bytes array passed into the method
  */
-export declare function getRandomValues(array: Uint8Array): Uint8Array;
+export declare function getRandomValues(array: Uint8Array): Promise<Uint8Array>;

package/esm/helpers/iso/isoCrypto/getRandomValues.js

@@ -0,0 +1,11 @@
+import { getWebCrypto } from './getWebCrypto.js';
+/**
+ * Fill up the provided bytes array with random bytes equal to its length.
+ *
+ * @returns the same bytes array passed into the method
+ */
+export async function getRandomValues(array) {
+    const WebCrypto = await getWebCrypto();
+    WebCrypto.getRandomValues(array);
+    return array;
+}

package/esm/helpers/iso/isoCrypto/getWebCrypto.d.ts

@@ -0,0 +1,6 @@
+import type { Crypto } from '../../../deps.js';
+/**
+ * Try to get an instance of the Crypto API from the current runtime. Should support Node,
+ * as well as others, like Deno, that implement Web APIs.
+ */
+export declare function getWebCrypto(): Promise<Crypto>;

package/esm/helpers/iso/isoCrypto/getWebCrypto.js

@@ -0,0 +1,40 @@
+let webCrypto = undefined;
+/**
+ * Try to get an instance of the Crypto API from the current runtime. Should support Node,
+ * as well as others, like Deno, that implement Web APIs.
+ */
+export async function getWebCrypto() {
+    if (webCrypto) {
+        return webCrypto;
+    }
+    try {
+        /**
+         * Naively attempt a Node import...
+         */
+        // @ts-ignore: We'll handle any errors...
+        // dnt-shim-ignore
+        const _crypto = await require('node:crypto');
+        webCrypto = _crypto.webcrypto;
+    }
+    catch (_err) {
+        /**
+         * Naively attempt to access Crypto as a global object, which popular alternative run-times
+         * support.
+         */
+        // @ts-ignore: ...right here.
+        const _crypto = globalThis.crypto;
+        if (!_crypto) {
+            // We tried to access it both in Node and globally, so bail out
+            throw new MissingWebCrypto();
+        }
+        webCrypto = _crypto;
+    }
+    return webCrypto;
+}
+class MissingWebCrypto extends Error {
+    constructor() {
+        const message = 'An instance of the Crypto API could not be located';
+        super(message);
+        this.name = 'MissingWebCrypto';
+    }
+}

package/esm/helpers/iso/isoCrypto/importKey.js

@@ -0,0 +1,8 @@
+import { getWebCrypto } from './getWebCrypto.js';
+export async function importKey(opts) {
+    const WebCrypto = await getWebCrypto();
+    const { keyData, algorithm } = opts;
+    return WebCrypto.subtle.importKey('jwk', keyData, algorithm, false, [
+        'verify',
+    ]);
+}

package/esm/helpers/iso/isoCrypto/index.d.ts

@@ -0,0 +1,3 @@
+export { digest } from './digest.js';
+export { getRandomValues } from './getRandomValues.js';
+export { verify } from './verify.js';

package/esm/helpers/iso/isoCrypto/index.js

@@ -0,0 +1,3 @@
+export { digest } from './digest.js';
+export { getRandomValues } from './getRandomValues.js';
+export { verify } from './verify.js';

package/{dist → esm}/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts

@@ -1,5 +1,5 @@
-import { SubtleCryptoAlg } from './structs';
-import { COSEALG } from '../../cose';
+import { SubtleCryptoAlg } from './structs.js';
+import { COSEALG } from '../../cose.js';
 /**
  * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
  */

package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.js

@@ -0,0 +1,20 @@
+import { COSEALG } from '../../cose.js';
+/**
+ * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
+ */
+export function mapCoseAlgToWebCryptoAlg(alg) {
+    if ([COSEALG.RS1].indexOf(alg) >= 0) {
+        return 'SHA-1';
+    }
+    else if ([COSEALG.ES256, COSEALG.PS256, COSEALG.RS256].indexOf(alg) >= 0) {
+        return 'SHA-256';
+    }
+    else if ([COSEALG.ES384, COSEALG.PS384, COSEALG.RS384].indexOf(alg) >= 0) {
+        return 'SHA-384';
+    }
+    else if ([COSEALG.ES512, COSEALG.PS512, COSEALG.RS512, COSEALG.EdDSA].indexOf(alg) >=
+        0) {
+        return 'SHA-512';
+    }
+    throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto alg`);
+}

package/{dist → esm}/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts

@@ -1,5 +1,5 @@
-import { COSEALG } from '../../cose';
-import { SubtleCryptoKeyAlgName } from './structs';
+import { COSEALG } from '../../cose.js';
+import { SubtleCryptoKeyAlgName } from './structs.js';
 /**
  * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
  */

package/esm/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.js

@@ -0,0 +1,19 @@
+import { COSEALG } from '../../cose.js';
+/**
+ * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
+ */
+export function mapCoseAlgToWebCryptoKeyAlgName(alg) {
+    if ([COSEALG.EdDSA].indexOf(alg) >= 0) {
+        return 'Ed25519';
+    }
+    else if ([COSEALG.ES256, COSEALG.ES384, COSEALG.ES512, COSEALG.ES256K].indexOf(alg) >= 0) {
+        return 'ECDSA';
+    }
+    else if ([COSEALG.RS256, COSEALG.RS384, COSEALG.RS512, COSEALG.RS1].indexOf(alg) >= 0) {
+        return 'RSASSA-PKCS1-v1_5';
+    }
+    else if ([COSEALG.PS256, COSEALG.PS384, COSEALG.PS512].indexOf(alg) >= 0) {
+        return 'RSA-PSS';
+    }
+    throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto key alg name`);
+}

package/esm/helpers/iso/isoCrypto/structs.js

@@ -0,0 +1 @@
+export {};