npm - @simplewebauthn/server - Versions diffs - 7.4.0 → 8.0.0 - Mend

@simplewebauthn/server 7.4.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (343) hide show

package/{dist → script}/authentication/verifyAuthenticationResponse.js RENAMED Viewed

@@ -1,13 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyAuthenticationResponse = void 0;
-const decodeClientDataJSON_1 = require("../helpers/decodeClientDataJSON");
-const toHash_1 = require("../helpers/toHash");
-const verifySignature_1 = require("../helpers/verifySignature");
-const parseAuthenticatorData_1 = require("../helpers/parseAuthenticatorData");
-const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
-const matchExpectedRPID_1 = require("../helpers/matchExpectedRPID");
-const iso_1 = require("../helpers/iso");
+const decodeClientDataJSON_js_1 = require("../helpers/decodeClientDataJSON.js");
+const toHash_js_1 = require("../helpers/toHash.js");
+const verifySignature_js_1 = require("../helpers/verifySignature.js");
+const parseAuthenticatorData_js_1 = require("../helpers/parseAuthenticatorData.js");
+const parseBackupFlags_js_1 = require("../helpers/parseBackupFlags.js");
+const matchExpectedRPID_js_1 = require("../helpers/matchExpectedRPID.js");
+const index_js_1 = require("../helpers/iso/index.js");
 /**
  * Verify that the user has legitimately completed the login process
  *
@@ -45,10 +45,10 @@ async function verifyAuthenticationResponse(options) {
     if (!response) {
         throw new Error('Credential missing response');
     }
-    if (typeof (assertionResponse === null || assertionResponse === void 0 ? void 0 : assertionResponse.clientDataJSON) !== 'string') {
+    if (typeof assertionResponse?.clientDataJSON !== 'string') {
         throw new Error('Credential response clientDataJSON was not a string');
     }
-    const clientDataJSON = (0, decodeClientDataJSON_1.decodeClientDataJSON)(assertionResponse.clientDataJSON);
+    const clientDataJSON = (0, decodeClientDataJSON_js_1.decodeClientDataJSON)(assertionResponse.clientDataJSON);
     const { type, origin, challenge, tokenBinding } = clientDataJSON;
     // Make sure we're handling an authentication
     if (type !== 'webauthn.get') {
@@ -75,13 +75,14 @@ async function verifyAuthenticationResponse(options) {
             throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
         }
     }
-    if (!iso_1.isoBase64URL.isBase64url(assertionResponse.authenticatorData)) {
+    if (!index_js_1.isoBase64URL.isBase64url(assertionResponse.authenticatorData)) {
         throw new Error('Credential response authenticatorData was not a base64url string');
     }
-    if (!iso_1.isoBase64URL.isBase64url(assertionResponse.signature)) {
+    if (!index_js_1.isoBase64URL.isBase64url(assertionResponse.signature)) {
         throw new Error('Credential response signature was not a base64url string');
     }
-    if (assertionResponse.userHandle && typeof assertionResponse.userHandle !== 'string') {
+    if (assertionResponse.userHandle &&
+        typeof assertionResponse.userHandle !== 'string') {
         throw new Error('Credential response userHandle was not a string');
     }
     if (tokenBinding) {
@@ -92,8 +93,8 @@ async function verifyAuthenticationResponse(options) {
             throw new Error(`Unexpected tokenBinding status ${tokenBinding.status}`);
         }
     }
-    const authDataBuffer = iso_1.isoBase64URL.toBuffer(assertionResponse.authenticatorData);
-    const parsedAuthData = (0, parseAuthenticatorData_1.parseAuthenticatorData)(authDataBuffer);
+    const authDataBuffer = index_js_1.isoBase64URL.toBuffer(assertionResponse.authenticatorData);
+    const parsedAuthData = (0, parseAuthenticatorData_js_1.parseAuthenticatorData)(authDataBuffer);
     const { rpIdHash, flags, counter, extensionsData } = parsedAuthData;
     // Make sure the response's RP ID is ours
     let expectedRPIDs = [];
@@ -103,7 +104,7 @@ async function verifyAuthenticationResponse(options) {
     else {
         expectedRPIDs = expectedRPID;
     }
-    const matchedRPID = await (0, matchExpectedRPID_1.matchExpectedRPID)(rpIdHash, expectedRPIDs);
+    const matchedRPID = await (0, matchExpectedRPID_js_1.matchExpectedRPID)(rpIdHash, expectedRPIDs);
     if (advancedFIDOConfig !== undefined) {
         const { userVerification: fidoUserVerification } = advancedFIDOConfig;
         /**
@@ -115,7 +116,8 @@ async function verifyAuthenticationResponse(options) {
                 throw new Error('User verification required, but user could not be verified');
             }
         }
-        else if (fidoUserVerification === 'preferred' || fidoUserVerification === 'discouraged') {
+        else if (fidoUserVerification === 'preferred' ||
+            fidoUserVerification === 'discouraged') {
             // Ignore `flags.uv`
         }
     }
@@ -132,19 +134,20 @@ async function verifyAuthenticationResponse(options) {
             throw new Error('User verification required, but user could not be verified');
         }
     }
-    const clientDataHash = await (0, toHash_1.toHash)(iso_1.isoBase64URL.toBuffer(assertionResponse.clientDataJSON));
-    const signatureBase = iso_1.isoUint8Array.concat([authDataBuffer, clientDataHash]);
-    const signature = iso_1.isoBase64URL.toBuffer(assertionResponse.signature);
-    if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
+    const clientDataHash = await (0, toHash_js_1.toHash)(index_js_1.isoBase64URL.toBuffer(assertionResponse.clientDataJSON));
+    const signatureBase = index_js_1.isoUint8Array.concat([authDataBuffer, clientDataHash]);
+    const signature = index_js_1.isoBase64URL.toBuffer(assertionResponse.signature);
+    if ((counter > 0 || authenticator.counter > 0) &&
+        counter <= authenticator.counter) {
         // Error out when the counter in the DB is greater than or equal to the counter in the
         // dataStruct. It's related to how the authenticator maintains the number of times its been
         // used for this client. If this happens, then someone's somehow increased the counter
         // on the device without going through this site
         throw new Error(`Response counter value ${counter} was lower than expected ${authenticator.counter}`);
     }
-    const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
+    const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_js_1.parseBackupFlags)(flags);
     const toReturn = {
-        verified: await (0, verifySignature_1.verifySignature)({
+        verified: await (0, verifySignature_js_1.verifySignature)({
             signature,
             data: signatureBase,
             credentialPublicKey: authenticator.credentialPublicKey,
@@ -163,4 +166,3 @@ async function verifyAuthenticationResponse(options) {
     return toReturn;
 }
 exports.verifyAuthenticationResponse = verifyAuthenticationResponse;
-//# sourceMappingURL=verifyAuthenticationResponse.js.map

package/script/deps.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticationResponseJSON, AuthenticatorDevice, AuthenticatorSelectionCriteria, Base64URLString, COSEAlgorithmIdentifier, CredentialDeviceType, Crypto, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialDescriptorFuture, PublicKeyCredentialParameters, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON, UserVerificationRequirement, } from '@simplewebauthn/typescript-types';
+export * as cborx from 'cbor-x';
+export { default as base64 } from '@hexagon/base64';
+export { fetch as crossFetch } from 'cross-fetch';
+export { default as debug } from 'debug';
+export type { Debugger } from '@types/debug';
+export { AsnParser, AsnSerializer } from '@peculiar/asn1-schema';
+export { AuthorityKeyIdentifier, BasicConstraints, Certificate, CertificateList, CRLDistributionPoints, ExtendedKeyUsage, id_ce_authorityKeyIdentifier, id_ce_basicConstraints, id_ce_cRLDistributionPoints, id_ce_extKeyUsage, id_ce_subjectAltName, id_ce_subjectKeyIdentifier, Name, SubjectAlternativeName, SubjectKeyIdentifier, } from '@peculiar/asn1-x509';
+export { ECDSASigValue, ECParameters, id_ecPublicKey, id_secp256r1, id_secp384r1, } from '@peculiar/asn1-ecc';
+export { RSAPublicKey } from '@peculiar/asn1-rsa';
+export { id_ce_keyDescription, KeyDescription } from '@peculiar/asn1-android';

package/script/deps.js ADDED Viewed

@@ -0,0 +1,71 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyDescription = exports.id_ce_keyDescription = exports.RSAPublicKey = exports.id_secp384r1 = exports.id_secp256r1 = exports.id_ecPublicKey = exports.ECParameters = exports.ECDSASigValue = exports.SubjectKeyIdentifier = exports.SubjectAlternativeName = exports.Name = exports.id_ce_subjectKeyIdentifier = exports.id_ce_subjectAltName = exports.id_ce_extKeyUsage = exports.id_ce_cRLDistributionPoints = exports.id_ce_basicConstraints = exports.id_ce_authorityKeyIdentifier = exports.ExtendedKeyUsage = exports.CRLDistributionPoints = exports.CertificateList = exports.Certificate = exports.BasicConstraints = exports.AuthorityKeyIdentifier = exports.AsnSerializer = exports.AsnParser = exports.debug = exports.crossFetch = exports.base64 = exports.cborx = void 0;
+// cbor (a.k.a. cbor-x in Node land)
+exports.cborx = __importStar(require("cbor-x"));
+// b64 (a.k.a. @hexagon/base64 in Node land)
+var base64_1 = require("@hexagon/base64");
+Object.defineProperty(exports, "base64", { enumerable: true, get: function () { return __importDefault(base64_1).default; } });
+// cross-fetch
+var cross_fetch_1 = require("cross-fetch");
+Object.defineProperty(exports, "crossFetch", { enumerable: true, get: function () { return cross_fetch_1.fetch; } });
+// debug
+var debug_1 = require("debug");
+Object.defineProperty(exports, "debug", { enumerable: true, get: function () { return __importDefault(debug_1).default; } });
+// @peculiar libraries
+var asn1_schema_1 = require("@peculiar/asn1-schema");
+Object.defineProperty(exports, "AsnParser", { enumerable: true, get: function () { return asn1_schema_1.AsnParser; } });
+Object.defineProperty(exports, "AsnSerializer", { enumerable: true, get: function () { return asn1_schema_1.AsnSerializer; } });
+var asn1_x509_1 = require("@peculiar/asn1-x509");
+Object.defineProperty(exports, "AuthorityKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.AuthorityKeyIdentifier; } });
+Object.defineProperty(exports, "BasicConstraints", { enumerable: true, get: function () { return asn1_x509_1.BasicConstraints; } });
+Object.defineProperty(exports, "Certificate", { enumerable: true, get: function () { return asn1_x509_1.Certificate; } });
+Object.defineProperty(exports, "CertificateList", { enumerable: true, get: function () { return asn1_x509_1.CertificateList; } });
+Object.defineProperty(exports, "CRLDistributionPoints", { enumerable: true, get: function () { return asn1_x509_1.CRLDistributionPoints; } });
+Object.defineProperty(exports, "ExtendedKeyUsage", { enumerable: true, get: function () { return asn1_x509_1.ExtendedKeyUsage; } });
+Object.defineProperty(exports, "id_ce_authorityKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.id_ce_authorityKeyIdentifier; } });
+Object.defineProperty(exports, "id_ce_basicConstraints", { enumerable: true, get: function () { return asn1_x509_1.id_ce_basicConstraints; } });
+Object.defineProperty(exports, "id_ce_cRLDistributionPoints", { enumerable: true, get: function () { return asn1_x509_1.id_ce_cRLDistributionPoints; } });
+Object.defineProperty(exports, "id_ce_extKeyUsage", { enumerable: true, get: function () { return asn1_x509_1.id_ce_extKeyUsage; } });
+Object.defineProperty(exports, "id_ce_subjectAltName", { enumerable: true, get: function () { return asn1_x509_1.id_ce_subjectAltName; } });
+Object.defineProperty(exports, "id_ce_subjectKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.id_ce_subjectKeyIdentifier; } });
+Object.defineProperty(exports, "Name", { enumerable: true, get: function () { return asn1_x509_1.Name; } });
+Object.defineProperty(exports, "SubjectAlternativeName", { enumerable: true, get: function () { return asn1_x509_1.SubjectAlternativeName; } });
+Object.defineProperty(exports, "SubjectKeyIdentifier", { enumerable: true, get: function () { return asn1_x509_1.SubjectKeyIdentifier; } });
+var asn1_ecc_1 = require("@peculiar/asn1-ecc");
+Object.defineProperty(exports, "ECDSASigValue", { enumerable: true, get: function () { return asn1_ecc_1.ECDSASigValue; } });
+Object.defineProperty(exports, "ECParameters", { enumerable: true, get: function () { return asn1_ecc_1.ECParameters; } });
+Object.defineProperty(exports, "id_ecPublicKey", { enumerable: true, get: function () { return asn1_ecc_1.id_ecPublicKey; } });
+Object.defineProperty(exports, "id_secp256r1", { enumerable: true, get: function () { return asn1_ecc_1.id_secp256r1; } });
+Object.defineProperty(exports, "id_secp384r1", { enumerable: true, get: function () { return asn1_ecc_1.id_secp384r1; } });
+var asn1_rsa_1 = require("@peculiar/asn1-rsa");
+Object.defineProperty(exports, "RSAPublicKey", { enumerable: true, get: function () { return asn1_rsa_1.RSAPublicKey; } });
+var asn1_android_1 = require("@peculiar/asn1-android");
+Object.defineProperty(exports, "id_ce_keyDescription", { enumerable: true, get: function () { return asn1_android_1.id_ce_keyDescription; } });
+Object.defineProperty(exports, "KeyDescription", { enumerable: true, get: function () { return asn1_android_1.KeyDescription; } });

package/script/helpers/convertAAGUIDToString.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * Convert the aaguid buffer in authData into a UUID string
+ */
+export declare function convertAAGUIDToString(aaguid: Uint8Array): string;

package/{dist → script}/helpers/convertAAGUIDToString.js RENAMED Viewed

@@ -1,13 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertAAGUIDToString = void 0;
-const iso_1 = require("./iso");
+const index_js_1 = require("./iso/index.js");
 /**
  * Convert the aaguid buffer in authData into a UUID string
  */
 function convertAAGUIDToString(aaguid) {
     // Raw Hex: adce000235bcc60a648b0b25f1f05503
-    const hex = iso_1.isoUint8Array.toHex(aaguid);
+    const hex = index_js_1.isoUint8Array.toHex(aaguid);
     const segments = [
         hex.slice(0, 8),
         hex.slice(8, 12),
@@ -19,4 +19,3 @@ function convertAAGUIDToString(aaguid) {
     return segments.join('-');
 }
 exports.convertAAGUIDToString = convertAAGUIDToString;
-//# sourceMappingURL=convertAAGUIDToString.js.map

package/script/helpers/convertCOSEtoPKCS.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * Takes COSE-encoded public key and converts it to PKCS key
+ */
+export declare function convertCOSEtoPKCS(cosePublicKey: Uint8Array): Uint8Array;

package/{dist → script}/helpers/convertCOSEtoPKCS.js RENAMED Viewed

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertCOSEtoPKCS = void 0;
-const iso_1 = require("./iso");
-const cose_1 = require("./cose");
+const index_js_1 = require("./iso/index.js");
+const cose_js_1 = require("./cose.js");
 /**
  * Takes COSE-encoded public key and converts it to PKCS key
  */
@@ -10,17 +10,16 @@ function convertCOSEtoPKCS(cosePublicKey) {
     // This is a little sloppy, I'm using COSEPublicKeyEC2 since it could have both x and y, but when
     // there's no y it means it's probably better typed as COSEPublicKeyOKP. I'll leave this for now
     // and revisit it later if it ever becomes an actual problem.
-    const struct = iso_1.isoCBOR.decodeFirst(cosePublicKey);
+    const struct = index_js_1.isoCBOR.decodeFirst(cosePublicKey);
     const tag = Uint8Array.from([0x04]);
-    const x = struct.get(cose_1.COSEKEYS.x);
-    const y = struct.get(cose_1.COSEKEYS.y);
+    const x = struct.get(cose_js_1.COSEKEYS.x);
+    const y = struct.get(cose_js_1.COSEKEYS.y);
     if (!x) {
         throw new Error('COSE public key was missing x');
     }
     if (y) {
-        return iso_1.isoUint8Array.concat([tag, x, y]);
+        return index_js_1.isoUint8Array.concat([tag, x, y]);
     }
-    return iso_1.isoUint8Array.concat([tag, x]);
+    return index_js_1.isoUint8Array.concat([tag, x]);
 }
 exports.convertCOSEtoPKCS = convertCOSEtoPKCS;
-//# sourceMappingURL=convertCOSEtoPKCS.js.map

package/script/helpers/convertCertBufferToPEM.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { Base64URLString } from '../deps.js';
+/**
+ * Convert buffer to an OpenSSL-compatible PEM text format.
+ */
+export declare function convertCertBufferToPEM(certBuffer: Uint8Array | Base64URLString): string;

package/{dist → script}/helpers/convertCertBufferToPEM.js RENAMED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertCertBufferToPEM = void 0;
-const iso_1 = require("./iso");
+const index_js_1 = require("./iso/index.js");
 /**
  * Convert buffer to an OpenSSL-compatible PEM text format.
  */
@@ -11,10 +11,10 @@ function convertCertBufferToPEM(certBuffer) {
      * Get certBuffer to a base64 representation
      */
     if (typeof certBuffer === 'string') {
-        if (iso_1.isoBase64URL.isBase64url(certBuffer)) {
-            b64cert = iso_1.isoBase64URL.toBase64(certBuffer);
+        if (index_js_1.isoBase64URL.isBase64url(certBuffer)) {
+            b64cert = index_js_1.isoBase64URL.toBase64(certBuffer);
         }
-        else if (iso_1.isoBase64URL.isBase64(certBuffer)) {
+        else if (index_js_1.isoBase64URL.isBase64(certBuffer)) {
             b64cert = certBuffer;
         }
         else {
@@ -22,7 +22,7 @@ function convertCertBufferToPEM(certBuffer) {
         }
     }
     else {
-        b64cert = iso_1.isoBase64URL.fromBuffer(certBuffer, 'base64');
+        b64cert = index_js_1.isoBase64URL.fromBuffer(certBuffer, 'base64');
     }
     let PEMKey = '';
     for (let i = 0; i < Math.ceil(b64cert.length / 64); i += 1) {
@@ -33,4 +33,3 @@ function convertCertBufferToPEM(certBuffer) {
     return PEMKey;
 }
 exports.convertCertBufferToPEM = convertCertBufferToPEM;
-//# sourceMappingURL=convertCertBufferToPEM.js.map

package/script/helpers/convertPEMToBytes.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * Take a certificate in PEM format and convert it to bytes
+ */
+export declare function convertPEMToBytes(pem: string): Uint8Array;

package/{dist → script}/helpers/convertPEMToBytes.js RENAMED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertPEMToBytes = void 0;
-const iso_1 = require("./iso");
+const index_js_1 = require("./iso/index.js");
 /**
  * Take a certificate in PEM format and convert it to bytes
  */
@@ -10,7 +10,6 @@ function convertPEMToBytes(pem) {
         .replace('-----BEGIN CERTIFICATE-----', '')
         .replace('-----END CERTIFICATE-----', '')
         .replace(/[\n ]/g, '');
-    return iso_1.isoBase64URL.toBuffer(certBase64, 'base64');
+    return index_js_1.isoBase64URL.toBuffer(certBase64, 'base64');
 }
 exports.convertPEMToBytes = convertPEMToBytes;
-//# sourceMappingURL=convertPEMToBytes.js.map

package/script/helpers/convertX509PublicKeyToCOSE.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { COSEPublicKey } from './cose.js';
2	+ export declare function convertX509PublicKeyToCOSE(x509Certificate: Uint8Array): COSEPublicKey;

package/{dist → script}/helpers/convertX509PublicKeyToCOSE.js RENAMED Viewed

@@ -1,37 +1,34 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertX509PublicKeyToCOSE = void 0;
-const asn1_schema_1 = require("@peculiar/asn1-schema");
-const asn1_x509_1 = require("@peculiar/asn1-x509");
-const asn1_ecc_1 = require("@peculiar/asn1-ecc");
-const asn1_rsa_1 = require("@peculiar/asn1-rsa");
-const cose_1 = require("./cose");
-const mapX509SignatureAlgToCOSEAlg_1 = require("./mapX509SignatureAlgToCOSEAlg");
+const deps_js_1 = require("../deps.js");
+const cose_js_1 = require("./cose.js");
+const mapX509SignatureAlgToCOSEAlg_js_1 = require("./mapX509SignatureAlgToCOSEAlg.js");
 function convertX509PublicKeyToCOSE(x509Certificate) {
     let cosePublicKey = new Map();
     /**
      * Time to extract the public key from an X.509 certificate
      */
-    const x509 = asn1_schema_1.AsnParser.parse(x509Certificate, asn1_x509_1.Certificate);
+    const x509 = deps_js_1.AsnParser.parse(x509Certificate, deps_js_1.Certificate);
     const { tbsCertificate } = x509;
     const { subjectPublicKeyInfo, signature: _tbsSignature } = tbsCertificate;
     const signatureAlgorithm = _tbsSignature.algorithm;
     const publicKeyAlgorithmID = subjectPublicKeyInfo.algorithm.algorithm;
-    if (publicKeyAlgorithmID === asn1_ecc_1.id_ecPublicKey) {
+    if (publicKeyAlgorithmID === deps_js_1.id_ecPublicKey) {
         /**
          * EC2 Public Key
          */
         if (!subjectPublicKeyInfo.algorithm.parameters) {
             throw new Error('Certificate public key was missing parameters (EC2)');
         }
-        const ecParameters = asn1_schema_1.AsnParser.parse(new Uint8Array(subjectPublicKeyInfo.algorithm.parameters), asn1_ecc_1.ECParameters);
+        const ecParameters = deps_js_1.AsnParser.parse(new Uint8Array(subjectPublicKeyInfo.algorithm.parameters), deps_js_1.ECParameters);
         let crv = -999;
         const { namedCurve } = ecParameters;
-        if (namedCurve === asn1_ecc_1.id_secp256r1) {
-            crv = cose_1.COSECRV.P256;
+        if (namedCurve === deps_js_1.id_secp256r1) {
+            crv = cose_js_1.COSECRV.P256;
         }
-        else if (namedCurve === asn1_ecc_1.id_secp384r1) {
-            crv = cose_1.COSECRV.P384;
+        else if (namedCurve === deps_js_1.id_secp384r1) {
+            crv = cose_js_1.COSECRV.P384;
         }
         else {
             throw new Error(`Certificate public key contained unexpected namedCurve ${namedCurve} (EC2)`);
@@ -43,30 +40,30 @@ function convertX509PublicKeyToCOSE(x509Certificate) {
             // Public key is in "uncompressed form", so we can split the remaining bytes in half
             let pointer = 1;
             const halfLength = (subjectPublicKey.length - 1) / 2;
-            x = subjectPublicKey.slice(pointer, (pointer += halfLength));
+            x = subjectPublicKey.slice(pointer, pointer += halfLength);
             y = subjectPublicKey.slice(pointer);
         }
         else {
             throw new Error('TODO: Figure out how to handle public keys in "compressed form"');
         }
         const coseEC2PubKey = new Map();
-        coseEC2PubKey.set(cose_1.COSEKEYS.kty, cose_1.COSEKTY.EC2);
-        coseEC2PubKey.set(cose_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
-        coseEC2PubKey.set(cose_1.COSEKEYS.crv, crv);
-        coseEC2PubKey.set(cose_1.COSEKEYS.x, x);
-        coseEC2PubKey.set(cose_1.COSEKEYS.y, y);
+        coseEC2PubKey.set(cose_js_1.COSEKEYS.kty, cose_js_1.COSEKTY.EC2);
+        coseEC2PubKey.set(cose_js_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_js_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
+        coseEC2PubKey.set(cose_js_1.COSEKEYS.crv, crv);
+        coseEC2PubKey.set(cose_js_1.COSEKEYS.x, x);
+        coseEC2PubKey.set(cose_js_1.COSEKEYS.y, y);
         cosePublicKey = coseEC2PubKey;
     }
     else if (publicKeyAlgorithmID === '1.2.840.113549.1.1.1') {
         /**
          * RSA public key
          */
-        const rsaPublicKey = asn1_schema_1.AsnParser.parse(subjectPublicKeyInfo.subjectPublicKey, asn1_rsa_1.RSAPublicKey);
+        const rsaPublicKey = deps_js_1.AsnParser.parse(subjectPublicKeyInfo.subjectPublicKey, deps_js_1.RSAPublicKey);
         const coseRSAPubKey = new Map();
-        coseRSAPubKey.set(cose_1.COSEKEYS.kty, cose_1.COSEKTY.RSA);
-        coseRSAPubKey.set(cose_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
-        coseRSAPubKey.set(cose_1.COSEKEYS.n, new Uint8Array(rsaPublicKey.modulus));
-        coseRSAPubKey.set(cose_1.COSEKEYS.e, new Uint8Array(rsaPublicKey.publicExponent));
+        coseRSAPubKey.set(cose_js_1.COSEKEYS.kty, cose_js_1.COSEKTY.RSA);
+        coseRSAPubKey.set(cose_js_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_js_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
+        coseRSAPubKey.set(cose_js_1.COSEKEYS.n, new Uint8Array(rsaPublicKey.modulus));
+        coseRSAPubKey.set(cose_js_1.COSEKEYS.e, new Uint8Array(rsaPublicKey.publicExponent));
         cosePublicKey = coseRSAPubKey;
     }
     else {
@@ -75,4 +72,3 @@ function convertX509PublicKeyToCOSE(x509Certificate) {
     return cosePublicKey;
 }
 exports.convertX509PublicKeyToCOSE = convertX509PublicKeyToCOSE;
-//# sourceMappingURL=convertX509PublicKeyToCOSE.js.map

package/script/helpers/cose.d.ts ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Fundamental values that are needed to discern the more specific COSE public key types below.
+ *
+ * The use of `Maps` here is due to CBOR encoding being used with public keys, and the CBOR "Map"
+ * type is being decoded to JavaScript's `Map` type instead of, say, a basic Object as us JS
+ * developers might prefer.
+ *
+ * These types are an unorthodox way of saying "these Maps should involve these discrete lists of
+ * keys", but it works.
+ */
+export type COSEPublicKey = {
+    get(key: COSEKEYS.kty): COSEKTY | undefined;
+    get(key: COSEKEYS.alg): COSEALG | undefined;
+    set(key: COSEKEYS.kty, value: COSEKTY): void;
+    set(key: COSEKEYS.alg, value: COSEALG): void;
+};
+export type COSEPublicKeyOKP = COSEPublicKey & {
+    get(key: COSEKEYS.crv): number | undefined;
+    get(key: COSEKEYS.x): Uint8Array | undefined;
+    set(key: COSEKEYS.crv, value: number): void;
+    set(key: COSEKEYS.x, value: Uint8Array): void;
+};
+export type COSEPublicKeyEC2 = COSEPublicKey & {
+    get(key: COSEKEYS.crv): number | undefined;
+    get(key: COSEKEYS.x): Uint8Array | undefined;
+    get(key: COSEKEYS.y): Uint8Array | undefined;
+    set(key: COSEKEYS.crv, value: number): void;
+    set(key: COSEKEYS.x, value: Uint8Array): void;
+    set(key: COSEKEYS.y, value: Uint8Array): void;
+};
+export type COSEPublicKeyRSA = COSEPublicKey & {
+    get(key: COSEKEYS.n): Uint8Array | undefined;
+    get(key: COSEKEYS.e): Uint8Array | undefined;
+    set(key: COSEKEYS.n, value: Uint8Array): void;
+    set(key: COSEKEYS.e, value: Uint8Array): void;
+};
+export declare function isCOSEPublicKeyOKP(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyOKP;
+export declare function isCOSEPublicKeyEC2(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyEC2;
+export declare function isCOSEPublicKeyRSA(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyRSA;
+/**
+ * COSE Keys
+ *
+ * https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
+ * https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters
+ */
+export declare enum COSEKEYS {
+    kty = 1,
+    alg = 3,
+    crv = -1,
+    x = -2,
+    y = -3,
+    n = -1,
+    e = -2
+}
+/**
+ * COSE Key Types
+ *
+ * https://www.iana.org/assignments/cose/cose.xhtml#key-type
+ */
+export declare enum COSEKTY {
+    OKP = 1,
+    EC2 = 2,
+    RSA = 3
+}
+export declare function isCOSEKty(kty: number | undefined): kty is COSEKTY;
+/**
+ * COSE Curves
+ *
+ * https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
+ */
+export declare enum COSECRV {
+    P256 = 1,
+    P384 = 2,
+    P521 = 3,
+    ED25519 = 6,
+    SECP256K1 = 8
+}
+export declare function isCOSECrv(crv: number | undefined): crv is COSECRV;
+/**
+ * COSE Algorithms
+ *
+ * https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ */
+export declare enum COSEALG {
+    ES256 = -7,
+    EdDSA = -8,
+    ES384 = -35,
+    ES512 = -36,
+    PS256 = -37,
+    PS384 = -38,
+    PS512 = -39,
+    ES256K = -47,
+    RS256 = -257,
+    RS384 = -258,
+    RS512 = -259,
+    RS1 = -65535
+}
+export declare function isCOSEAlg(alg: number | undefined): alg is COSEALG;

package/{dist → script}/helpers/cose.js RENAMED Viewed

@@ -58,6 +58,7 @@ var COSECRV;
     COSECRV[COSECRV["P384"] = 2] = "P384";
     COSECRV[COSECRV["P521"] = 3] = "P521";
     COSECRV[COSECRV["ED25519"] = 6] = "ED25519";
+    COSECRV[COSECRV["SECP256K1"] = 8] = "SECP256K1";
 })(COSECRV = exports.COSECRV || (exports.COSECRV = {}));
 function isCOSECrv(crv) {
     return Object.values(COSECRV).indexOf(crv) >= 0;
@@ -87,4 +88,3 @@ function isCOSEAlg(alg) {
     return Object.values(COSEALG).indexOf(alg) >= 0;
 }
 exports.isCOSEAlg = isCOSEAlg;
-//# sourceMappingURL=cose.js.map

package/script/helpers/decodeAttestationObject.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Convert an AttestationObject buffer to a proper object
+ *
+ * @param base64AttestationObject Attestation Object buffer
+ */
+export declare function decodeAttestationObject(attestationObject: Uint8Array): AttestationObject;
+export type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
+export type AttestationObject = {
+    get(key: 'fmt'): AttestationFormat;
+    get(key: 'attStmt'): AttestationStatement;
+    get(key: 'authData'): Uint8Array;
+};
+/**
+ * `AttestationStatement` will be an instance of `Map`, but these keys help make finite the list of
+ * possible values within it.
+ */
+export type AttestationStatement = {
+    get(key: 'sig'): Uint8Array | undefined;
+    get(key: 'x5c'): Uint8Array[] | undefined;
+    get(key: 'response'): Uint8Array | undefined;
+    get(key: 'alg'): number | undefined;
+    get(key: 'ver'): string | undefined;
+    get(key: 'certInfo'): Uint8Array | undefined;
+    get(key: 'pubArea'): Uint8Array | undefined;
+    readonly size: number;
+};
+export declare const _decodeAttestationObjectInternals: {
+    stubThis: (value: AttestationObject) => AttestationObject;
+};

package/script/helpers/decodeAttestationObject.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._decodeAttestationObjectInternals = exports.decodeAttestationObject = void 0;
+const index_js_1 = require("./iso/index.js");
+/**
+ * Convert an AttestationObject buffer to a proper object
+ *
+ * @param base64AttestationObject Attestation Object buffer
+ */
+function decodeAttestationObject(attestationObject) {
+    return exports._decodeAttestationObjectInternals.stubThis(index_js_1.isoCBOR.decodeFirst(attestationObject));
+}
+exports.decodeAttestationObject = decodeAttestationObject;
+// Make it possible to stub the return value during testing
+exports._decodeAttestationObjectInternals = {
+    stubThis: (value) => value,
+};

package/script/helpers/decodeAuthenticatorExtensions.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Convert authenticator extension data buffer to a proper object
+ *
+ * @param extensionData Authenticator Extension Data buffer
+ */
+export declare function decodeAuthenticatorExtensions(extensionData: Uint8Array): AuthenticationExtensionsAuthenticatorOutputs | undefined;
+export type AuthenticationExtensionsAuthenticatorOutputs = {
+    devicePubKey?: DevicePublicKeyAuthenticatorOutput;
+    uvm?: UVMAuthenticatorOutput;
+};
+export type DevicePublicKeyAuthenticatorOutput = {
+    dpk?: Uint8Array;
+    sig?: string;
+    nonce?: Uint8Array;
+    scope?: Uint8Array;
+    aaguid?: Uint8Array;
+};
+export type UVMAuthenticatorOutput = {
+    uvm?: Uint8Array[];
+};

package/{dist → script}/helpers/decodeAuthenticatorExtensions.js RENAMED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.decodeAuthenticatorExtensions = void 0;
-const iso_1 = require("./iso");
+const index_js_1 = require("./iso/index.js");
 /**
  * Convert authenticator extension data buffer to a proper object
  *
@@ -10,7 +10,7 @@ const iso_1 = require("./iso");
 function decodeAuthenticatorExtensions(extensionData) {
     let toCBOR;
     try {
-        toCBOR = iso_1.isoCBOR.decodeFirst(extensionData);
+        toCBOR = index_js_1.isoCBOR.decodeFirst(extensionData);
     }
     catch (err) {
         const _err = err;
@@ -36,4 +36,3 @@ function convertMapToObjectDeep(input) {
     }
     return mapped;
 }
-//# sourceMappingURL=decodeAuthenticatorExtensions.js.map