akey-electron-webauthn-macos 1.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/additional-objc/ASCPublicKeyCredentialDescriptor.d.ts +12 -0
  2. package/dist/create/authorization-controller.d.ts +10 -0
  3. package/dist/create/handler.d.ts +2 -0
  4. package/dist/create/internal-handler.d.ts +36 -0
  5. package/dist/get/authorization-controller.d.ts +5 -0
  6. package/dist/get/handler.d.ts +2 -0
  7. package/dist/get/internal-handler.d.ts +25 -0
  8. package/dist/helpers/client-data.d.ts +14 -0
  9. package/dist/helpers/index.d.ts +8 -0
  10. package/dist/helpers/origin.d.ts +19 -0
  11. package/dist/helpers/passkey-authorization.d.ts +13 -0
  12. package/dist/helpers/presentation.d.ts +1 -0
  13. package/dist/helpers/prf.d.ts +5 -0
  14. package/dist/helpers/public-key.d.ts +1 -0
  15. package/dist/helpers/rpid.d.ts +13 -0
  16. package/dist/helpers/types.d.ts +1 -0
  17. package/dist/helpers/validation.d.ts +3 -0
  18. package/dist/index.d.ts +4 -0
  19. package/dist/index.js +3587 -0
  20. package/dist/list/handler.d.ts +4 -0
  21. package/dist/list/support.d.ts +2 -0
  22. package/package.json +46 -0
package/dist/index.js ADDED
@@ -0,0 +1,3587 @@
1
+ // src/helpers/index.ts
2
+ function PromiseWithResolvers() {
3
+ let resolve;
4
+ let reject;
5
+ const promise = new Promise((res, rej) => {
6
+ resolve = res;
7
+ reject = rej;
8
+ });
9
+ return { promise, resolve, reject };
10
+ }
11
+ function bufferToBase64Url(buffer) {
12
+ const bytes = new Uint8Array(buffer);
13
+ let binary = "";
14
+ for (let i = 0;i < bytes.length; i++) {
15
+ binary += String.fromCharCode(bytes[i]);
16
+ }
17
+ return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
18
+ }
19
+ function base64UrlToBuffer(b64url) {
20
+ if (typeof b64url !== "string")
21
+ throw new TypeError("base64Url must be a string");
22
+ let b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
23
+ const pad = b64.length % 4;
24
+ if (pad === 2)
25
+ b64 += "==";
26
+ else if (pad === 3)
27
+ b64 += "=";
28
+ else if (pad !== 0)
29
+ throw new Error("Invalid base64url length");
30
+ return Buffer.from(b64, "base64");
31
+ }
32
+ function bufferSourceToBuffer(src) {
33
+ if (!src)
34
+ return null;
35
+ if (Buffer.isBuffer(src))
36
+ return src;
37
+ if (src instanceof ArrayBuffer || typeof SharedArrayBuffer !== "undefined" && src instanceof SharedArrayBuffer) {
38
+ return Buffer.from(src);
39
+ }
40
+ if (ArrayBuffer.isView(src)) {
41
+ return Buffer.from(src.buffer, src.byteOffset, src.byteLength);
42
+ }
43
+ return null;
44
+ }
45
+
46
+ // src/helpers/rpid.ts
47
+ import net from "node:net";
48
+ import { domainToASCII } from "node:url";
49
+ function isRpIdAllowedForOrigin(origin, rpIdInput, opts = {}) {
50
+ const allowInsecureLocalhost = opts.allowInsecureLocalhost ?? true;
51
+ let url;
52
+ try {
53
+ url = new URL(origin);
54
+ } catch {
55
+ return { ok: false, rpId: normalizeRpId(rpIdInput ?? ""), reason: "Invalid origin URL" };
56
+ }
57
+ const scheme = url.protocol.toLowerCase();
58
+ const originHost = normalizeHost(url.hostname);
59
+ if (!originHost)
60
+ return { ok: false, rpId: normalizeRpId(rpIdInput ?? ""), reason: "Origin has no hostname" };
61
+ const originIsIP = net.isIP(originHost) !== 0;
62
+ const originIsLocalhost = originHost === "localhost" || originIsIP;
63
+ const secureEnough = scheme === "https:" || scheme === "wss:" || allowInsecureLocalhost && scheme === "http:" && originIsLocalhost;
64
+ if (!secureEnough) {
65
+ return { ok: false, rpId: normalizeRpId(rpIdInput ?? originHost), reason: "Origin is not a secure context" };
66
+ }
67
+ const rpId = normalizeRpId(rpIdInput ?? originHost);
68
+ if (!rpId)
69
+ return { ok: false, rpId, reason: "rpId is empty" };
70
+ if (/[/:@]/.test(rpId)) {
71
+ return { ok: false, rpId, reason: "rpId must be a hostname only (no scheme/port/path/userinfo)" };
72
+ }
73
+ const rpIdIsIP = net.isIP(rpId) !== 0;
74
+ if (originIsIP) {
75
+ if (rpId !== originHost) {
76
+ return { ok: false, rpId, reason: "For IP origins, rpId must exactly match the IP" };
77
+ }
78
+ return { ok: true, rpId };
79
+ }
80
+ if (rpIdIsIP) {
81
+ return { ok: false, rpId, reason: "rpId cannot be an IP if origin host is a domain" };
82
+ }
83
+ if (!(rpId === originHost || originHost.endsWith("." + rpId))) {
84
+ return { ok: false, rpId, reason: "rpId is not equal to or a suffix of the origin hostname" };
85
+ }
86
+ if (opts.isPublicSuffix) {
87
+ if (opts.isPublicSuffix(rpId)) {
88
+ return { ok: false, rpId, reason: "rpId is a public suffix (eTLD), which is not allowed" };
89
+ }
90
+ } else {
91
+ if (!rpId.includes(".") && rpId !== "localhost") {
92
+ return { ok: false, rpId, reason: "rpId looks like a public suffix/single-label domain (no PSL check provided)" };
93
+ }
94
+ }
95
+ return { ok: true, rpId };
96
+ }
97
+ function normalizeHost(hostname) {
98
+ const h = (hostname ?? "").trim().toLowerCase().replace(/\.$/, "");
99
+ return domainToASCII(h) || "";
100
+ }
101
+ function normalizeRpId(rpId) {
102
+ return normalizeHost(rpId);
103
+ }
104
+
105
+ // src/helpers/validation.ts
106
+ function isString(value) {
107
+ return value && typeof value === "string";
108
+ }
109
+ function isNumber(value) {
110
+ return value && typeof value === "number";
111
+ }
112
+ function isObject(value) {
113
+ return value && typeof value === "object";
114
+ }
115
+
116
+ // src/get/authorization-controller.ts
117
+ import { NobjcClass, getPointer } from "objc-js";
118
+
119
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/Foundation/index.js
120
+ import { NobjcLibrary } from "objc-js";
121
+
122
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/bind.js
123
+ var _kindCache = new WeakMap;
124
+ function _isKindOfClass(obj, cls) {
125
+ if (typeof obj !== "object" || obj === null)
126
+ return false;
127
+ let m = _kindCache.get(obj);
128
+ if (m) {
129
+ const v = m.get(cls);
130
+ if (v !== undefined)
131
+ return v;
132
+ }
133
+ try {
134
+ if (!m) {
135
+ m = new Map;
136
+ _kindCache.set(obj, m);
137
+ }
138
+ const r = obj.isKindOfClass$(cls);
139
+ m.set(cls, r);
140
+ return r;
141
+ } catch {
142
+ return false;
143
+ }
144
+ }
145
+ function _bindClass(lib, name) {
146
+ const cls = lib[name];
147
+ if (!cls) {
148
+ return;
149
+ }
150
+ Object.defineProperty(cls, Symbol.hasInstance, {
151
+ value: (obj) => _isKindOfClass(obj, cls)
152
+ });
153
+ return cls;
154
+ }
155
+
156
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/Foundation/index.js
157
+ var Foundation = /* @__PURE__ */ new NobjcLibrary("/System/Library/Frameworks/Foundation.framework/Foundation");
158
+ var NSArray = /* @__PURE__ */ _bindClass(Foundation, "NSArray");
159
+ var NSData = /* @__PURE__ */ _bindClass(Foundation, "NSData");
160
+ var NSDictionary = /* @__PURE__ */ _bindClass(Foundation, "NSDictionary");
161
+ var NSNumber = /* @__PURE__ */ _bindClass(Foundation, "NSNumber");
162
+ var NSProcessInfo = /* @__PURE__ */ _bindClass(Foundation, "NSProcessInfo");
163
+ var NSString = /* @__PURE__ */ _bindClass(Foundation, "NSString");
164
+
165
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/helpers.js
166
+ function NSStringFromString(str) {
167
+ const nsString = NSString.stringWithUTF8String$(str);
168
+ if (!nsString) {
169
+ throw new Error(`Failed to create NSString from string: ${str}`);
170
+ }
171
+ return nsString;
172
+ }
173
+ function NSArrayFromObjects(objects) {
174
+ if (objects.length === 0) {
175
+ return NSArray.array();
176
+ }
177
+ let array = NSArray.arrayWithObject$(objects[0]);
178
+ for (let i = 1;i < objects.length; i++) {
179
+ array = array.arrayByAddingObject$(objects[i]);
180
+ }
181
+ return array;
182
+ }
183
+ function NSDictionaryFromKeysAndValues(keys, values) {
184
+ if (keys.length !== values.length) {
185
+ throw new Error("Keys and values arrays must have the same length");
186
+ }
187
+ const keysArray = NSArrayFromObjects(keys);
188
+ const valuesArray = NSArrayFromObjects(values);
189
+ return NSDictionary.dictionaryWithObjects$forKeys$(valuesArray, keysArray);
190
+ }
191
+
192
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/nsdata.js
193
+ function NSDataFromBuffer(buffer) {
194
+ return NSData.dataWithBytes$length$(buffer, buffer.length);
195
+ }
196
+ function bufferFromNSDataDirect(data) {
197
+ const nsData = data;
198
+ const length = nsData.length();
199
+ if (length === 0) {
200
+ return Buffer.alloc(0);
201
+ }
202
+ const buffer = Buffer.alloc(length);
203
+ nsData.getBytes$length$(buffer, length);
204
+ return buffer;
205
+ }
206
+
207
+ // src/get/authorization-controller.ts
208
+ var getControllerState = new Map;
209
+ function getObjectPointerString(self) {
210
+ return getPointer(self).toString("base64");
211
+ }
212
+ function setClientDataHash(self, clientDataHash) {
213
+ const selfPointer = getObjectPointerString(self);
214
+ getControllerState.set(selfPointer, clientDataHash);
215
+ }
216
+ function removeClientDataHash(self) {
217
+ const selfPointer = getObjectPointerString(self);
218
+ getControllerState.delete(selfPointer);
219
+ }
220
+ var WebauthnGetController = NobjcClass.define({
221
+ name: "WebauthnGetController",
222
+ superclass: "ASAuthorizationController",
223
+ methods: {
224
+ _requestContextWithRequests$error$: {
225
+ types: "@@:@^@",
226
+ implementation: (self, requests, outError) => {
227
+ const context = NobjcClass.super(self, "_requestContextWithRequests$error$", requests, outError);
228
+ const selfPointer = getObjectPointerString(self);
229
+ if (getControllerState.has(selfPointer)) {
230
+ let assertionOptions = context.platformKeyCredentialAssertionOptions();
231
+ if (!assertionOptions) {
232
+ assertionOptions = context.securityKeyCredentialAssertionOptions();
233
+ }
234
+ const clientDataHash = getControllerState.get(selfPointer);
235
+ assertionOptions.setClientDataHash$(NSDataFromBuffer(clientDataHash));
236
+ context.setPlatformKeyCredentialAssertionOptions$(assertionOptions.copyWithZone$(null));
237
+ }
238
+ return context;
239
+ }
240
+ }
241
+ }
242
+ });
243
+
244
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/index.js
245
+ import { NobjcLibrary as NobjcLibrary2 } from "objc-js";
246
+
247
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationPublicKeyCredentialAttachment.js
248
+ var ASAuthorizationPublicKeyCredentialAttachment = {
249
+ Platform: 0,
250
+ CrossPlatform: 1
251
+ };
252
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.js
253
+ var ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation = {
254
+ Read: 0,
255
+ Write: 1
256
+ };
257
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.js
258
+ var ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement = {
259
+ Required: 0,
260
+ Preferred: 1
261
+ };
262
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationWebBrowserPublicKeyCredentialManagerAuthorizationState.js
263
+ var ASAuthorizationWebBrowserPublicKeyCredentialManagerAuthorizationState = {
264
+ Authorized: 0,
265
+ Denied: 1,
266
+ NotDetermined: 2
267
+ };
268
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationPublicKeyCredentialAttestationKind.js
269
+ var ASAuthorizationPublicKeyCredentialAttestationKind = {
270
+ None: "none",
271
+ Direct: "direct",
272
+ Indirect: "indirect",
273
+ Enterprise: "enterprise"
274
+ };
275
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/ASAuthorizationPublicKeyCredentialUserVerificationPreference.js
276
+ var ASAuthorizationPublicKeyCredentialUserVerificationPreference = {
277
+ Preferred: "preferred",
278
+ Required: "required",
279
+ Discouraged: "discouraged"
280
+ };
281
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/index.js
282
+ var AuthenticationServices = /* @__PURE__ */ new NobjcLibrary2("/System/Library/Frameworks/AuthenticationServices.framework/AuthenticationServices");
283
+ var ASAuthorizationPlatformPublicKeyCredentialAssertion = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPlatformPublicKeyCredentialAssertion");
284
+ var ASAuthorizationPlatformPublicKeyCredentialDescriptor = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPlatformPublicKeyCredentialDescriptor");
285
+ var ASAuthorizationPlatformPublicKeyCredentialProvider = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPlatformPublicKeyCredentialProvider");
286
+ var ASAuthorizationPlatformPublicKeyCredentialRegistration = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPlatformPublicKeyCredentialRegistration");
287
+ var ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput");
288
+ var ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput");
289
+ var ASAuthorizationPublicKeyCredentialPRFAssertionInput = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialPRFAssertionInput");
290
+ var ASAuthorizationPublicKeyCredentialPRFAssertionInputValues = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialPRFAssertionInputValues");
291
+ var ASAuthorizationPublicKeyCredentialPRFRegistrationInput = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialPRFRegistrationInput");
292
+ var ASAuthorizationPublicKeyCredentialParameters = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationPublicKeyCredentialParameters");
293
+ var ASAuthorizationSecurityKeyPublicKeyCredentialAssertion = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationSecurityKeyPublicKeyCredentialAssertion");
294
+ var ASAuthorizationSecurityKeyPublicKeyCredentialProvider = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationSecurityKeyPublicKeyCredentialProvider");
295
+ var ASAuthorizationSecurityKeyPublicKeyCredentialRegistration = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationSecurityKeyPublicKeyCredentialRegistration");
296
+ var ASAuthorizationWebBrowserPublicKeyCredentialManager = /* @__PURE__ */ _bindClass(AuthenticationServices, "ASAuthorizationWebBrowserPublicKeyCredentialManager");
297
+
298
+ // src/helpers/prf.ts
299
+ function createPRFInput(prf) {
300
+ return ASAuthorizationPublicKeyCredentialPRFAssertionInputValues.alloc().initWithSaltInput1$saltInput2$(NSDataFromBuffer(prf.first), prf.second ? NSDataFromBuffer(prf.second) : null);
301
+ }
302
+
303
+ // src/helpers/client-data.ts
304
+ import { createHash } from "crypto";
305
+
306
+ // src/helpers/origin.ts
307
+ function serializeOrigin(origin) {
308
+ if (origin === "null" || !origin) {
309
+ return null;
310
+ }
311
+ try {
312
+ const url = new URL(origin);
313
+ let result = url.protocol;
314
+ if (!result.endsWith("://")) {
315
+ result = result.replace(/:$/, "") + "://";
316
+ }
317
+ result += url.hostname;
318
+ if (url.port) {
319
+ result += ":" + url.port;
320
+ }
321
+ return result;
322
+ } catch (error) {
323
+ return null;
324
+ }
325
+ }
326
+ var DEFAULT_PORT = {
327
+ http: 80,
328
+ https: 443,
329
+ ws: 80,
330
+ wss: 443,
331
+ ftp: 21
332
+ };
333
+ var TUPLE_SCHEMES = new Set(["http", "https", "ws", "wss", "ftp"]);
334
+ function computeOrigin(input) {
335
+ if (typeof input === "string" && input.trim().toLowerCase() === "null") {
336
+ return { type: "opaque", reason: "explicit 'null' origin string" };
337
+ }
338
+ const url = toURL(input);
339
+ if (!url)
340
+ return { type: "opaque", reason: "unparseable URL/origin string" };
341
+ const scheme = url.protocol.replace(/:$/, "").toLowerCase();
342
+ if (scheme === "blob") {
343
+ const embedded = url.href.slice("blob:".length);
344
+ const embeddedUrl = toURL(embedded);
345
+ return embeddedUrl ? computeOrigin(embeddedUrl) : { type: "opaque", reason: "blob: with unparseable embedded URL" };
346
+ }
347
+ if (!TUPLE_SCHEMES.has(scheme)) {
348
+ return { type: "opaque", reason: `non-tuple scheme '${scheme}'` };
349
+ }
350
+ const host = url.hostname;
351
+ if (!host)
352
+ return { type: "opaque", reason: "missing hostname" };
353
+ const rawPort = url.port ? safeParsePort(url.port) : null;
354
+ const port = normalizePort(scheme, rawPort);
355
+ return { type: "tuple", scheme, host, port };
356
+ }
357
+ function normalizePort(scheme, port) {
358
+ if (port == null)
359
+ return null;
360
+ const def = DEFAULT_PORT[scheme];
361
+ if (def != null && port === def)
362
+ return null;
363
+ return port;
364
+ }
365
+ function safeParsePort(portStr) {
366
+ const n = Number(portStr);
367
+ if (!Number.isInteger(n) || n < 0 || n > 65535)
368
+ return null;
369
+ return n;
370
+ }
371
+ function toURL(input) {
372
+ if (input instanceof URL)
373
+ return input;
374
+ try {
375
+ return new URL(input);
376
+ } catch {
377
+ return null;
378
+ }
379
+ }
380
+ function isSameOrigin(a, b, opts = {}) {
381
+ const oa = computeOrigin(a);
382
+ const ob = computeOrigin(b);
383
+ if (oa.type === "tuple" && ob.type === "tuple") {
384
+ return oa.scheme === ob.scheme && oa.host === ob.host && oa.port === ob.port;
385
+ }
386
+ if (opts.allowOpaqueStringEquality) {
387
+ const sa = originString(a);
388
+ const sb = originString(b);
389
+ return sa != null && sb != null && sa === sb;
390
+ }
391
+ return false;
392
+ }
393
+ function originString(x) {
394
+ if (typeof x === "string") {
395
+ return serializeOrigin(x);
396
+ }
397
+ const url = toURL(x);
398
+ if (!url) {
399
+ return null;
400
+ }
401
+ const o = computeOrigin(url);
402
+ if (o.type === "opaque")
403
+ return null;
404
+ return `${o.scheme}://${o.host}${o.port == null ? "" : `:${o.port}`}`;
405
+ }
406
+
407
+ // src/helpers/client-data.ts
408
+ function generateWebauthnClientData(type, origin, challenge, topFrameOrigin) {
409
+ const serializedOrigin = serializeOrigin(origin);
410
+ const clientData = {
411
+ type,
412
+ challenge: bufferToBase64Url(challenge),
413
+ origin: serializedOrigin,
414
+ crossOrigin: false
415
+ };
416
+ if (topFrameOrigin) {
417
+ const sameOrigin = isSameOrigin(origin, topFrameOrigin);
418
+ if (!sameOrigin) {
419
+ const serializedTopFrameOrigin = serializeOrigin(topFrameOrigin);
420
+ clientData.topOrigin = serializedTopFrameOrigin;
421
+ clientData.crossOrigin = true;
422
+ }
423
+ }
424
+ return clientData;
425
+ }
426
+ function clientDataJsonBufferToHash(clientDataJSON) {
427
+ if (!Buffer.isBuffer(clientDataJSON)) {
428
+ throw new TypeError("clientDataJsonBufferToHash: clientDataJSON must be a Buffer");
429
+ }
430
+ if (clientDataJSON.length === 0) {
431
+ throw new RangeError("clientDataJsonBufferToHash: clientDataJSON is empty");
432
+ }
433
+ return createHash("sha256").update(clientDataJSON).digest();
434
+ }
435
+ function generateClientDataInfo(clientData) {
436
+ const clientDataJSON = JSON.stringify(clientData);
437
+ const clientDataBuffer = Buffer.from(clientDataJSON, "utf-8");
438
+ const clientDataHash = clientDataJsonBufferToHash(clientDataBuffer);
439
+ return { clientDataJSON, clientDataBuffer, clientDataHash };
440
+ }
441
+
442
+ // src/helpers/presentation.ts
443
+ import { fromPointer } from "objc-js";
444
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/delegates.js
445
+ import { NobjcProtocol } from "objc-js";
446
+ function createDelegate(protocolName, methods) {
447
+ return NobjcProtocol.implement(protocolName, methods);
448
+ }
449
+ // src/helpers/presentation.ts
450
+ function createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle) {
451
+ return createDelegate("ASAuthorizationControllerPresentationContextProviding", {
452
+ presentationAnchorForAuthorizationController$: () => {
453
+ const nsView = fromPointer(nativeWindowHandle);
454
+ const nsWindow = nsView.window();
455
+ return nsWindow;
456
+ }
457
+ });
458
+ }
459
+
460
+ // src/get/internal-handler.ts
461
+ function setupPublicKeyCredentialRequest(type, keyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions) {
462
+ if (userVerificationPreference === "preferred") {
463
+ keyRequest.setUserVerificationPreference$(NSStringFromString("preferred"));
464
+ } else if (userVerificationPreference === "required") {
465
+ keyRequest.setUserVerificationPreference$(NSStringFromString("required"));
466
+ } else if (userVerificationPreference === "discouraged") {
467
+ keyRequest.setUserVerificationPreference$(NSStringFromString("discouraged"));
468
+ }
469
+ if (type === "platform") {
470
+ const largeBlobRead = enabledExtensions.includes("largeBlobRead");
471
+ const largeBlobWrite = enabledExtensions.includes("largeBlobWrite");
472
+ if (largeBlobRead) {
473
+ const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Read;
474
+ const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.alloc().initWithOperation$(operation);
475
+ keyRequest.setLargeBlob$(largeBlobInput);
476
+ } else if (largeBlobWrite) {
477
+ if (additionalOptions.largeBlobDataToWrite) {
478
+ const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Write;
479
+ const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.alloc().initWithOperation$(operation);
480
+ largeBlobInput.setDataToWrite$(NSDataFromBuffer(additionalOptions.largeBlobDataToWrite));
481
+ keyRequest.setLargeBlob$(largeBlobInput);
482
+ } else {
483
+ console.warn("[electron-webauthn] largeBlobWrite is enabled but largeBlobDataToWrite is not provided, skipping large blob write");
484
+ }
485
+ }
486
+ }
487
+ if (type === "platform" && enabledExtensions.includes("prf")) {
488
+ if (additionalOptions.prf || additionalOptions.prfByCredential) {
489
+ let inputValues = null;
490
+ if (additionalOptions.prf) {
491
+ inputValues = createPRFInput(additionalOptions.prf);
492
+ }
493
+ let perCredentialInputValues = null;
494
+ if (additionalOptions.prfByCredential && allowedCredentialIds.length > 0) {
495
+ const keys = [];
496
+ const values = [];
497
+ for (const [credentialId, prfInput2] of Object.entries(additionalOptions.prfByCredential)) {
498
+ const credentialIdBuffer = base64UrlToBuffer(credentialId);
499
+ const credentialIdData = NSDataFromBuffer(credentialIdBuffer);
500
+ keys.push(credentialIdData);
501
+ values.push(createPRFInput(prfInput2));
502
+ }
503
+ perCredentialInputValues = NSDictionaryFromKeysAndValues(keys, values);
504
+ }
505
+ const prfInput = ASAuthorizationPublicKeyCredentialPRFAssertionInput.alloc().initWithInputValues$perCredentialInputValues$(inputValues, perCredentialInputValues);
506
+ keyRequest.setPrf$(prfInput);
507
+ } else {
508
+ console.warn("[electron-webauthn] prf is enabled but prf or prfByCredential is not provided, skipping PRF");
509
+ }
510
+ }
511
+ }
512
+ function getCredentialInternal(rpid, challenge, nativeWindowHandle, origin, timeout, enabledExtensions = [], allowedCredentialIds, userVerificationPreference, additionalOptions = {}) {
513
+ const { promise, resolve, reject } = PromiseWithResolvers();
514
+ const NS_rpID = NSStringFromString(rpid);
515
+ const NS_challenge = NSDataFromBuffer(challenge);
516
+ const platformProvider = ASAuthorizationPlatformPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
517
+ const platformKeyRequest = platformProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
518
+ setupPublicKeyCredentialRequest("platform", platformKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
519
+ const requestArrayInput = [platformKeyRequest];
520
+ if (additionalOptions.allowSecurityKeyRequests) {
521
+ const securityKeyProvider = ASAuthorizationSecurityKeyPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
522
+ const securityKeyRequest = securityKeyProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
523
+ setupPublicKeyCredentialRequest("security-key", securityKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
524
+ requestArrayInput.push(securityKeyRequest);
525
+ }
526
+ const requestsArray = NSArrayFromObjects(requestArrayInput);
527
+ const authController = WebauthnGetController.alloc().initWithAuthorizationRequests$(requestsArray);
528
+ const clientData = generateWebauthnClientData("webauthn.get", origin, challenge, additionalOptions.topFrameOrigin);
529
+ const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
530
+ setClientDataHash(authController, clientDataHash);
531
+ let isFinished = false;
532
+ let timeoutHandlerId = null;
533
+ const finished = (_success) => {
534
+ isFinished = true;
535
+ removeClientDataHash(authController);
536
+ if (timeoutHandlerId) {
537
+ clearTimeout(timeoutHandlerId);
538
+ timeoutHandlerId = null;
539
+ }
540
+ };
541
+ if (allowedCredentialIds.length > 0) {
542
+ const allowedCredentials = NSArrayFromObjects(allowedCredentialIds.map((id) => ASAuthorizationPlatformPublicKeyCredentialDescriptor.alloc().initWithCredentialID$(NSDataFromBuffer(id))));
543
+ platformKeyRequest.setAllowedCredentials$(allowedCredentials);
544
+ }
545
+ const delegate = createDelegate("ASAuthorizationControllerDelegate", {
546
+ authorizationController$didCompleteWithAuthorization$: (_, authorization) => {
547
+ const credential = authorization.credential();
548
+ const isPlatform = credential instanceof ASAuthorizationPlatformPublicKeyCredentialAssertion;
549
+ const isSecurityKey = credential instanceof ASAuthorizationSecurityKeyPublicKeyCredentialAssertion;
550
+ if (!isPlatform && !isSecurityKey) {
551
+ reject(new Error("Resulting credential is not a platform or security key credential"));
552
+ finished(false);
553
+ return;
554
+ }
555
+ const id_data = credential.credentialID();
556
+ const id = bufferFromNSDataDirect(id_data);
557
+ let authenticatorAttachment = "cross-platform";
558
+ if (isPlatform && credential.attachment() === ASAuthorizationPublicKeyCredentialAttachment.Platform) {
559
+ authenticatorAttachment = "platform";
560
+ }
561
+ const prf = credential.prf();
562
+ const prfFirst = prf?.first ? prf.first() : null;
563
+ const prfSecond = prf?.second ? prf.second() : null;
564
+ let largeBlobBuffer = null;
565
+ let largeBlobWritten = null;
566
+ if (credential.largeBlob()) {
567
+ const largeBlobData = credential.largeBlob().readData();
568
+ if (largeBlobData) {
569
+ largeBlobBuffer = bufferFromNSDataDirect(largeBlobData);
570
+ } else {
571
+ largeBlobWritten = credential.largeBlob().didWrite();
572
+ }
573
+ }
574
+ resolve({
575
+ id,
576
+ authenticatorAttachment,
577
+ clientDataJSON: clientDataBuffer,
578
+ authenticatorData: bufferFromNSDataDirect(credential.rawAuthenticatorData()),
579
+ signature: bufferFromNSDataDirect(credential.signature()),
580
+ userHandle: bufferFromNSDataDirect(credential.userID()),
581
+ prf: [
582
+ prfFirst ? bufferFromNSDataDirect(prfFirst) : null,
583
+ prfSecond ? bufferFromNSDataDirect(prfSecond) : null
584
+ ],
585
+ largeBlob: largeBlobBuffer,
586
+ largeBlobWritten
587
+ });
588
+ finished(true);
589
+ },
590
+ authorizationController$didCompleteWithError$: (_, error) => {
591
+ const errorMessage = error.localizedDescription().UTF8String();
592
+ reject(new Error(errorMessage));
593
+ finished(false);
594
+ }
595
+ });
596
+ authController.setDelegate$(delegate);
597
+ const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
598
+ authController.setPresentationContextProvider$(presentationContextProvider);
599
+ authController.performRequests();
600
+ timeoutHandlerId = setTimeout(() => {
601
+ if (isFinished)
602
+ return;
603
+ authController.cancel();
604
+ }, timeout);
605
+ return promise;
606
+ }
607
+
608
+ // src/get/handler.ts
609
+ function getExtensionsConfiguration(extensionsData) {
610
+ if (!(extensionsData && typeof extensionsData === "object")) {
611
+ return {
612
+ extensions: []
613
+ };
614
+ }
615
+ const extensions = [];
616
+ let largeBlobWriteBuffer;
617
+ if (extensionsData.largeBlob) {
618
+ const largeBlobConfig = extensionsData.largeBlob;
619
+ if (largeBlobConfig.read) {
620
+ extensions.push("largeBlobRead");
621
+ }
622
+ if (largeBlobConfig.write) {
623
+ extensions.push("largeBlobWrite");
624
+ largeBlobWriteBuffer = bufferSourceToBuffer(largeBlobConfig.write);
625
+ }
626
+ }
627
+ let prf;
628
+ let prfByCredential;
629
+ const prfExtension = extensionsData.prf;
630
+ if (prfExtension && (prfExtension.eval || prfExtension.evalByCredential)) {
631
+ extensions.push("prf");
632
+ if (prfExtension.eval) {
633
+ prf = {
634
+ first: bufferSourceToBuffer(prfExtension.eval.first),
635
+ second: prfExtension.eval.second ? bufferSourceToBuffer(prfExtension.eval.second) : undefined
636
+ };
637
+ }
638
+ if (prfExtension.evalByCredential) {
639
+ prfByCredential = {};
640
+ for (const [credId, value] of Object.entries(prfExtension.evalByCredential)) {
641
+ prfByCredential[credId] = {
642
+ first: bufferSourceToBuffer(value.first),
643
+ second: value.second ? bufferSourceToBuffer(value.second) : undefined
644
+ };
645
+ }
646
+ }
647
+ }
648
+ return {
649
+ extensions,
650
+ largeBlobWriteBuffer,
651
+ prf,
652
+ prfByCredential
653
+ };
654
+ }
655
+ async function getCredential(publicKeyOptions, additionalOptions) {
656
+ if (!publicKeyOptions) {
657
+ return null;
658
+ }
659
+ const rpId = publicKeyOptions.rpId;
660
+ if (!isString(rpId)) {
661
+ return { success: false, error: "TypeError" };
662
+ }
663
+ let timeout = publicKeyOptions.timeout;
664
+ if (!isNumber(timeout) || timeout <= 0) {
665
+ timeout = 10 * 60 * 1000;
666
+ } else if (timeout > 60 * 60 * 1000) {
667
+ timeout = 60 * 60 * 1000;
668
+ }
669
+ const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
670
+ if (!challenge) {
671
+ return { success: false, error: "TypeError" };
672
+ }
673
+ const userVerification = publicKeyOptions.userVerification;
674
+ if (userVerification && !isString(userVerification)) {
675
+ return { success: false, error: "TypeError" };
676
+ }
677
+ const allowedCredentialsArray = [];
678
+ const allowedCredentials = publicKeyOptions.allowCredentials;
679
+ if (allowedCredentials && Array.isArray(allowedCredentials)) {
680
+ for (const allowedCredential of allowedCredentials) {
681
+ if (!(allowedCredential && typeof allowedCredential === "object"))
682
+ continue;
683
+ if (allowedCredential.type !== "public-key")
684
+ continue;
685
+ const id = bufferSourceToBuffer(allowedCredential.id);
686
+ if (!id)
687
+ continue;
688
+ allowedCredentialsArray.push(id);
689
+ }
690
+ }
691
+ const {
692
+ extensions: enabledExtensions,
693
+ largeBlobWriteBuffer,
694
+ prf,
695
+ prfByCredential
696
+ } = getExtensionsConfiguration(publicKeyOptions.extensions);
697
+ const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
698
+ const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
699
+ isPublicSuffix
700
+ });
701
+ if (!isRpIdAllowed.ok) {
702
+ return { success: false, error: "NotAllowedError" };
703
+ }
704
+ let errorResult = null;
705
+ const result = await getCredentialInternal(rpId, challenge, nativeWindowHandle, currentOrigin, timeout, enabledExtensions, allowedCredentialsArray, userVerification, {
706
+ allowSecurityKeyRequests: additionalOptions.allowSecurityKeyRequests ?? false,
707
+ topFrameOrigin,
708
+ largeBlobDataToWrite: largeBlobWriteBuffer,
709
+ prf,
710
+ prfByCredential
711
+ }).catch((error) => {
712
+ errorResult = error;
713
+ if (error.message.startsWith("The operation couldn’t be completed.")) {
714
+ return "NotAllowedError";
715
+ }
716
+ return "NotAllowedError";
717
+ });
718
+ if (typeof result === "string") {
719
+ return { success: false, error: result, errorObject: errorResult };
720
+ }
721
+ const data = {
722
+ credentialId: bufferToBase64Url(result.id),
723
+ clientDataJSON: bufferToBase64Url(result.clientDataJSON),
724
+ authenticatorData: bufferToBase64Url(result.authenticatorData),
725
+ signature: bufferToBase64Url(result.signature),
726
+ userHandle: bufferToBase64Url(result.userHandle),
727
+ extensions: {}
728
+ };
729
+ if (result.prf && (result.prf[0] || result.prf[1])) {
730
+ data.extensions.prf = {
731
+ results: {
732
+ first: bufferToBase64Url(result.prf[0]),
733
+ second: result.prf[1] ? bufferToBase64Url(result.prf[1]) : undefined
734
+ }
735
+ };
736
+ }
737
+ if (result.largeBlob || result.largeBlobWritten) {
738
+ data.extensions.largeBlob = {
739
+ blob: result.largeBlob ? bufferToBase64Url(result.largeBlob) : undefined,
740
+ written: result.largeBlobWritten !== null ? result.largeBlobWritten : undefined
741
+ };
742
+ }
743
+ return { success: true, data };
744
+ }
745
+ // src/helpers/public-key.ts
746
+ function encodeBigIntToBuffer(value, byteLength) {
747
+ const hex = value.toString(16).padStart(byteLength * 2, "0");
748
+ return Buffer.from(hex, "hex");
749
+ }
750
+ function encodeEC2PublicKeyToSPKI(x, y) {
751
+ const xBuffer = encodeBigIntToBuffer(x, 32);
752
+ const yBuffer = encodeBigIntToBuffer(y, 32);
753
+ const uncompressedPoint = Buffer.concat([
754
+ Buffer.from([4]),
755
+ xBuffer,
756
+ yBuffer
757
+ ]);
758
+ const bitString = Buffer.concat([
759
+ Buffer.from([3]),
760
+ Buffer.from([66]),
761
+ Buffer.from([0]),
762
+ uncompressedPoint
763
+ ]);
764
+ const algorithmIdentifier = Buffer.from([
765
+ 48,
766
+ 19,
767
+ 6,
768
+ 7,
769
+ 42,
770
+ 134,
771
+ 72,
772
+ 206,
773
+ 61,
774
+ 2,
775
+ 1,
776
+ 6,
777
+ 8,
778
+ 42,
779
+ 134,
780
+ 72,
781
+ 206,
782
+ 61,
783
+ 3,
784
+ 1,
785
+ 7
786
+ ]);
787
+ const spki = Buffer.concat([
788
+ Buffer.from([48]),
789
+ Buffer.from([89]),
790
+ algorithmIdentifier,
791
+ bitString
792
+ ]);
793
+ return spki;
794
+ }
795
+
796
+ // src/create/authorization-controller.ts
797
+ import { NobjcClass as NobjcClass2, getPointer as getPointer2 } from "objc-js";
798
+
799
+ // src/additional-objc/ASCPublicKeyCredentialDescriptor.ts
800
+ var ASCPublicKeyCredentialDescriptor = AuthenticationServices.ASCPublicKeyCredentialDescriptor;
801
+
802
+ // src/create/authorization-controller.ts
803
+ var createControllerState = new Map;
804
+ function getObjectPointerString2(self) {
805
+ return getPointer2(self).toString("base64");
806
+ }
807
+ function setControllerState(self, clientDataHash, pubKeyCredParams, residentKeyRequired, excludeCredentialIds) {
808
+ const selfPointer = getObjectPointerString2(self);
809
+ createControllerState.set(selfPointer, [
810
+ clientDataHash,
811
+ pubKeyCredParams,
812
+ residentKeyRequired,
813
+ excludeCredentialIds
814
+ ]);
815
+ }
816
+ function removeControllerState(self) {
817
+ const selfPointer = getObjectPointerString2(self);
818
+ createControllerState.delete(selfPointer);
819
+ }
820
+ var WebauthnCreateController = NobjcClass2.define({
821
+ name: "WebauthnCreateController",
822
+ superclass: "ASAuthorizationController",
823
+ methods: {
824
+ _requestContextWithRequests$error$: {
825
+ types: "@@:@^@",
826
+ implementation: (self, requests, outError) => {
827
+ const context = NobjcClass2.super(self, "_requestContextWithRequests$error$", requests, outError);
828
+ const selfPointer = getObjectPointerString2(self);
829
+ if (context && createControllerState.has(selfPointer)) {
830
+ let isSecurityKey = false;
831
+ let registrationOptions = context.platformKeyCredentialCreationOptions();
832
+ if (!registrationOptions) {
833
+ registrationOptions = context.securityKeyCredentialCreationOptions();
834
+ isSecurityKey = true;
835
+ }
836
+ const [
837
+ clientDataHash,
838
+ pubKeyCredParams,
839
+ residentKeyRequired,
840
+ excludeCredentials
841
+ ] = createControllerState.get(selfPointer);
842
+ registrationOptions.setClientDataHash$(NSDataFromBuffer(clientDataHash));
843
+ registrationOptions.setChallenge$(null);
844
+ const supportedAlgos = [];
845
+ for (const param of pubKeyCredParams) {
846
+ if (param.type === "public-key") {
847
+ const nsNum = NSNumber.numberWithInteger$(param.algorithm);
848
+ supportedAlgos.push(nsNum);
849
+ }
850
+ }
851
+ if (supportedAlgos.length > 0) {
852
+ registrationOptions.setSupportedAlgorithmIdentifiers$(NSArrayFromObjects(supportedAlgos));
853
+ }
854
+ if (!isSecurityKey) {
855
+ registrationOptions.setShouldRequireResidentKey$(residentKeyRequired);
856
+ }
857
+ const excludeList = [];
858
+ for (const cred of excludeCredentials) {
859
+ const transports = [];
860
+ if (cred.transports) {
861
+ for (const transport of cred.transports) {
862
+ transports.push(NSStringFromString(transport));
863
+ }
864
+ }
865
+ const credentialID = NSDataFromBuffer(cred.id);
866
+ const transportsArray = NSArrayFromObjects(transports);
867
+ const initializedDescriptor = ASCPublicKeyCredentialDescriptor.alloc().initWithCredentialID$transports$(credentialID, transportsArray);
868
+ excludeList.push(initializedDescriptor);
869
+ }
870
+ if (excludeList.length > 0) {
871
+ registrationOptions.setExcludedCredentials$(NSArrayFromObjects(excludeList));
872
+ }
873
+ }
874
+ return context;
875
+ }
876
+ }
877
+ }
878
+ });
879
+
880
+ // ../../node_modules/.bun/@oslojs+binary@1.0.0/node_modules/@oslojs/binary/dist/uint.js
881
+ class BigEndian {
882
+ uint8(data, offset) {
883
+ if (data.byteLength < offset + 1) {
884
+ throw new TypeError("Insufficient bytes");
885
+ }
886
+ return data[offset];
887
+ }
888
+ uint16(data, offset) {
889
+ if (data.byteLength < offset + 2) {
890
+ throw new TypeError("Insufficient bytes");
891
+ }
892
+ return data[offset] << 8 | data[offset + 1];
893
+ }
894
+ uint32(data, offset) {
895
+ if (data.byteLength < offset + 4) {
896
+ throw new TypeError("Insufficient bytes");
897
+ }
898
+ let result = 0;
899
+ for (let i = 0;i < 4; i++) {
900
+ result |= data[offset + i] << 24 - i * 8;
901
+ }
902
+ return result;
903
+ }
904
+ uint64(data, offset) {
905
+ if (data.byteLength < offset + 8) {
906
+ throw new TypeError("Insufficient bytes");
907
+ }
908
+ let result = 0n;
909
+ for (let i = 0;i < 8; i++) {
910
+ result |= BigInt(data[offset + i]) << BigInt(56 - i * 8);
911
+ }
912
+ return result;
913
+ }
914
+ putUint8(target, value, offset) {
915
+ if (target.length < offset + 1) {
916
+ throw new TypeError("Not enough space");
917
+ }
918
+ if (value < 0 || value > 255) {
919
+ throw new TypeError("Invalid uint8 value");
920
+ }
921
+ target[offset] = value;
922
+ }
923
+ putUint16(target, value, offset) {
924
+ if (target.length < offset + 2) {
925
+ throw new TypeError("Not enough space");
926
+ }
927
+ if (value < 0 || value > 65535) {
928
+ throw new TypeError("Invalid uint16 value");
929
+ }
930
+ target[offset] = value >> 8;
931
+ target[offset + 1] = value & 255;
932
+ }
933
+ putUint32(target, value, offset) {
934
+ if (target.length < offset + 4) {
935
+ throw new TypeError("Not enough space");
936
+ }
937
+ if (value < 0 || value > 4294967295) {
938
+ throw new TypeError("Invalid uint32 value");
939
+ }
940
+ for (let i = 0;i < 4; i++) {
941
+ target[offset + i] = value >> (3 - i) * 8 & 255;
942
+ }
943
+ }
944
+ putUint64(target, value, offset) {
945
+ if (target.length < offset + 8) {
946
+ throw new TypeError("Not enough space");
947
+ }
948
+ if (value < 0 || value > 18446744073709551615n) {
949
+ throw new TypeError("Invalid uint64 value");
950
+ }
951
+ for (let i = 0;i < 8; i++) {
952
+ target[offset + i] = Number(value >> BigInt((7 - i) * 8) & 0xffn);
953
+ }
954
+ }
955
+ }
956
+
957
+ class LittleEndian {
958
+ uint8(data, offset) {
959
+ if (data.byteLength < offset + 1) {
960
+ throw new TypeError("Insufficient bytes");
961
+ }
962
+ return data[offset];
963
+ }
964
+ uint16(data, offset) {
965
+ if (data.byteLength < offset + 2) {
966
+ throw new TypeError("Insufficient bytes");
967
+ }
968
+ return data[offset] | data[offset + 1] << 8;
969
+ }
970
+ uint32(data, offset) {
971
+ if (data.byteLength < offset + 4) {
972
+ throw new TypeError("Insufficient bytes");
973
+ }
974
+ let result = 0;
975
+ for (let i = 0;i < 4; i++) {
976
+ result |= data[offset + i] << i * 8;
977
+ }
978
+ return result;
979
+ }
980
+ uint64(data, offset) {
981
+ if (data.byteLength < offset + 8) {
982
+ throw new TypeError("Insufficient bytes");
983
+ }
984
+ let result = 0n;
985
+ for (let i = 0;i < 8; i++) {
986
+ result |= BigInt(data[offset + i]) << BigInt(i * 8);
987
+ }
988
+ return result;
989
+ }
990
+ putUint8(target, value, offset) {
991
+ if (target.length < 1 + offset) {
992
+ throw new TypeError("Insufficient space");
993
+ }
994
+ if (value < 0 || value > 255) {
995
+ throw new TypeError("Invalid uint8 value");
996
+ }
997
+ target[offset] = value;
998
+ }
999
+ putUint16(target, value, offset) {
1000
+ if (target.length < 2 + offset) {
1001
+ throw new TypeError("Insufficient space");
1002
+ }
1003
+ if (value < 0 || value > 65535) {
1004
+ throw new TypeError("Invalid uint16 value");
1005
+ }
1006
+ target[offset + 1] = value >> 8;
1007
+ target[offset] = value & 255;
1008
+ }
1009
+ putUint32(target, value, offset) {
1010
+ if (target.length < 4 + offset) {
1011
+ throw new TypeError("Insufficient space");
1012
+ }
1013
+ if (value < 0 || value > 4294967295) {
1014
+ throw new TypeError("Invalid uint32 value");
1015
+ }
1016
+ for (let i = 0;i < 4; i++) {
1017
+ target[offset + i] = value >> i * 8 & 255;
1018
+ }
1019
+ }
1020
+ putUint64(target, value, offset) {
1021
+ if (target.length < 8 + offset) {
1022
+ throw new TypeError("Insufficient space");
1023
+ }
1024
+ if (value < 0 || value > 18446744073709551615n) {
1025
+ throw new TypeError("Invalid uint64 value");
1026
+ }
1027
+ for (let i = 0;i < 8; i++) {
1028
+ target[offset + i] = Number(value >> BigInt(i * 8) & 0xffn);
1029
+ }
1030
+ }
1031
+ }
1032
+ var bigEndian = new BigEndian;
1033
+ var littleEndian = new LittleEndian;
1034
+ // ../../node_modules/.bun/@oslojs+binary@1.0.0/node_modules/@oslojs/binary/dist/bytes.js
1035
+ function compareBytes(a, b) {
1036
+ if (a.byteLength !== b.byteLength) {
1037
+ return false;
1038
+ }
1039
+ for (let i = 0;i < b.byteLength; i++) {
1040
+ if (a[i] !== b[i]) {
1041
+ return false;
1042
+ }
1043
+ }
1044
+ return true;
1045
+ }
1046
+ class DynamicBuffer {
1047
+ value;
1048
+ capacity;
1049
+ length = 0;
1050
+ constructor(capacity) {
1051
+ this.value = new Uint8Array(capacity);
1052
+ this.capacity = capacity = capacity;
1053
+ }
1054
+ write(bytes) {
1055
+ if (this.length + bytes.byteLength <= this.capacity) {
1056
+ this.value.set(bytes, this.length);
1057
+ this.length += bytes.byteLength;
1058
+ return;
1059
+ }
1060
+ while (this.length + bytes.byteLength > this.capacity) {
1061
+ if (this.capacity === 0) {
1062
+ this.capacity = 1;
1063
+ } else {
1064
+ this.capacity = this.capacity * 2;
1065
+ }
1066
+ }
1067
+ const newValue = new Uint8Array(this.capacity);
1068
+ newValue.set(this.value.subarray(0, this.length));
1069
+ newValue.set(bytes, this.length);
1070
+ this.value = newValue;
1071
+ this.length += bytes.byteLength;
1072
+ }
1073
+ writeByte(byte) {
1074
+ if (this.length + 1 <= this.capacity) {
1075
+ this.value[this.length] = byte;
1076
+ this.length += 1;
1077
+ return;
1078
+ }
1079
+ if (this.capacity === 0) {
1080
+ this.capacity = 1;
1081
+ } else {
1082
+ this.capacity = this.capacity * 2;
1083
+ }
1084
+ const newValue = new Uint8Array(this.capacity);
1085
+ newValue.set(this.value.subarray(0, this.length));
1086
+ newValue[this.length] = byte;
1087
+ this.value = newValue;
1088
+ this.length += 1;
1089
+ }
1090
+ readInto(target) {
1091
+ if (target.byteLength < this.length) {
1092
+ throw new TypeError("Not enough space");
1093
+ }
1094
+ target.set(this.value.subarray(0, this.length));
1095
+ }
1096
+ bytes() {
1097
+ return this.value.slice(0, this.length);
1098
+ }
1099
+ clear() {
1100
+ this.length = 0;
1101
+ }
1102
+ }
1103
+ // ../../node_modules/.bun/@oslojs+binary@1.0.0/node_modules/@oslojs/binary/dist/bits.js
1104
+ function rotr32(x, n) {
1105
+ return (x << 32 - n | x >>> n) >>> 0;
1106
+ }
1107
+ function rotr64(x, n) {
1108
+ return (x << BigInt(64 - n) | x >> BigInt(n)) & 0xffffffffffffffffn;
1109
+ }
1110
+ // ../../node_modules/.bun/@oslojs+binary@1.0.0/node_modules/@oslojs/binary/dist/big.js
1111
+ function bigIntFromBytes(bytes) {
1112
+ if (bytes.byteLength < 1) {
1113
+ throw new TypeError("Empty Uint8Array");
1114
+ }
1115
+ let decoded = 0n;
1116
+ for (let i = 0;i < bytes.byteLength; i++) {
1117
+ decoded += BigInt(bytes[i]) << BigInt((bytes.byteLength - 1 - i) * 8);
1118
+ }
1119
+ return decoded;
1120
+ }
1121
+ // ../../node_modules/.bun/@oslojs+cbor@1.0.0/node_modules/@oslojs/cbor/dist/float.js
1122
+ function toFloat16(data) {
1123
+ if (data.byteLength !== 2) {
1124
+ throw new TypeError;
1125
+ }
1126
+ const sign = (-1) ** (data[0] >> 7);
1127
+ let fraction = 0;
1128
+ fraction += 2 ** -1 * (data[0] >> 1 & 1);
1129
+ fraction += 2 ** -2 * (data[0] & 1);
1130
+ for (let i = 0;i < 8; i++) {
1131
+ if ((data[1] >> 7 - i & 1) === 1) {
1132
+ fraction += 2 ** -(3 + i);
1133
+ }
1134
+ }
1135
+ const exponent = data[0] >> 2 & 31;
1136
+ if (exponent === 0) {
1137
+ return sign * 2 ** -14 * fraction;
1138
+ }
1139
+ if (exponent === 31 && fraction === 0) {
1140
+ return sign * Infinity;
1141
+ }
1142
+ if (exponent === 31 && fraction !== 0) {
1143
+ return NaN;
1144
+ }
1145
+ return sign * 2 ** (exponent - 15) * (1 + fraction);
1146
+ }
1147
+ function toFloat32(data) {
1148
+ if (data.byteLength !== 4) {
1149
+ throw new TypeError;
1150
+ }
1151
+ const sign = (-1) ** (data[0] >> 7);
1152
+ const exponent = ((data[0] & 127) << 1) + (data[1] >> 7);
1153
+ let fractionPart = data[1] & 127;
1154
+ for (let i = 0;i < 3; i++) {
1155
+ fractionPart |= data[2 + i];
1156
+ }
1157
+ if (exponent === 255 && fractionPart === 0) {
1158
+ return sign * Infinity;
1159
+ }
1160
+ if (exponent === 255 && fractionPart !== 0) {
1161
+ return NaN;
1162
+ }
1163
+ let bias;
1164
+ let result;
1165
+ if (exponent === 0) {
1166
+ bias = 126;
1167
+ result = 0;
1168
+ } else {
1169
+ bias = 127;
1170
+ result = 2 ** (exponent - bias);
1171
+ }
1172
+ for (let i = 0;i < 7; i++) {
1173
+ if ((data[1] >> 6 - i & 1) === 1) {
1174
+ result += 2 ** (-1 - i + exponent - bias);
1175
+ }
1176
+ }
1177
+ for (let i = 0;i < 2; i++) {
1178
+ for (let j = 0;j < 8; j++) {
1179
+ if ((data[2 + i] >> 7 - j & 1) === 1) {
1180
+ const position = 8 + i * 8 + j;
1181
+ result += 2 ** (exponent - bias - position);
1182
+ }
1183
+ }
1184
+ }
1185
+ return sign * result;
1186
+ }
1187
+ function toFloat64(data) {
1188
+ if (data.byteLength !== 8) {
1189
+ throw new TypeError;
1190
+ }
1191
+ const sign = (-1) ** (data[0] >> 7);
1192
+ const exponent = ((data[0] & 127) << 4) + (data[1] >> 4);
1193
+ let fractionPart = data[1] & 15;
1194
+ for (let i = 0;i < 6; i++) {
1195
+ fractionPart |= data[2 + i];
1196
+ }
1197
+ if (exponent === 2047 && fractionPart === 0) {
1198
+ return sign * Infinity;
1199
+ }
1200
+ if (exponent === 2047 && fractionPart !== 0) {
1201
+ return NaN;
1202
+ }
1203
+ let bias;
1204
+ let result;
1205
+ if (exponent === 0) {
1206
+ bias = 1022;
1207
+ result = 0;
1208
+ } else {
1209
+ bias = 1023;
1210
+ result = 2 ** (exponent - bias);
1211
+ }
1212
+ for (let i = 0;i < 4; i++) {
1213
+ if ((data[1] >> 3 - i & 1) === 1) {
1214
+ result += 2 ** (-1 - i + exponent - bias);
1215
+ }
1216
+ }
1217
+ for (let i = 0;i < 6; i++) {
1218
+ for (let j = 0;j < 8; j++) {
1219
+ if ((data[2 + i] >> 7 - j & 1) === 1) {
1220
+ const position = 5 + i * 8 + j;
1221
+ result += 2 ** (exponent - bias - position);
1222
+ }
1223
+ }
1224
+ }
1225
+ return sign * result;
1226
+ }
1227
+
1228
+ // ../../node_modules/.bun/@oslojs+cbor@1.0.0/node_modules/@oslojs/cbor/dist/cbor.js
1229
+ class CBORPositiveInteger {
1230
+ value;
1231
+ constructor(value) {
1232
+ if (value < 0) {
1233
+ throw new TypeError;
1234
+ }
1235
+ this.value = value;
1236
+ }
1237
+ isNumber() {
1238
+ return BigInt(Number(this.value)) === this.value;
1239
+ }
1240
+ }
1241
+
1242
+ class CBORNegativeInteger {
1243
+ value;
1244
+ constructor(value) {
1245
+ if (value > -1) {
1246
+ throw new TypeError;
1247
+ }
1248
+ this.value = value;
1249
+ }
1250
+ isNumber() {
1251
+ return BigInt(Number(this.value)) === this.value;
1252
+ }
1253
+ }
1254
+
1255
+ class CBORByteString {
1256
+ value;
1257
+ constructor(value) {
1258
+ this.value = value;
1259
+ }
1260
+ }
1261
+
1262
+ class CBORTextString {
1263
+ value;
1264
+ constructor(value) {
1265
+ this.value = value;
1266
+ }
1267
+ decodeText() {
1268
+ try {
1269
+ return new TextDecoder("utf-8", {
1270
+ fatal: true
1271
+ }).decode(this.value);
1272
+ } catch {
1273
+ throw new CBORInvalidError;
1274
+ }
1275
+ }
1276
+ }
1277
+
1278
+ class CBORArray {
1279
+ elements;
1280
+ constructor(elements) {
1281
+ this.elements = elements;
1282
+ }
1283
+ }
1284
+
1285
+ class CBORMap {
1286
+ entries;
1287
+ constructor(entries) {
1288
+ this.entries = entries;
1289
+ }
1290
+ has(key) {
1291
+ for (const [entryKey] of this.entries) {
1292
+ if (compareCBORValues(key, entryKey)) {
1293
+ return true;
1294
+ }
1295
+ }
1296
+ return false;
1297
+ }
1298
+ get(key) {
1299
+ for (const [entryKey, entryValue] of this.entries) {
1300
+ if (compareCBORValues(key, entryKey)) {
1301
+ return entryValue;
1302
+ }
1303
+ }
1304
+ return null;
1305
+ }
1306
+ getAll(key) {
1307
+ const result = [];
1308
+ for (const [entryKey, entryValue] of this.entries) {
1309
+ if (compareCBORValues(key, entryKey)) {
1310
+ result.push(entryValue);
1311
+ }
1312
+ }
1313
+ return result;
1314
+ }
1315
+ hasDuplicateKeys() {
1316
+ for (let i = 0;i < this.entries.length; i++) {
1317
+ for (let j = i + 1;j < this.entries.length; j++) {
1318
+ if (compareCBORValues(this.entries[i][0], this.entries[j][0])) {
1319
+ return true;
1320
+ }
1321
+ }
1322
+ }
1323
+ return false;
1324
+ }
1325
+ }
1326
+
1327
+ class CBORFloat16 {
1328
+ value;
1329
+ constructor(value) {
1330
+ if (value.byteLength !== 2) {
1331
+ throw new TypeError;
1332
+ }
1333
+ this.value = value;
1334
+ }
1335
+ toNumber() {
1336
+ return toFloat16(this.value);
1337
+ }
1338
+ }
1339
+
1340
+ class CBORFloat32 {
1341
+ value;
1342
+ constructor(value) {
1343
+ if (value.byteLength !== 4) {
1344
+ throw new TypeError;
1345
+ }
1346
+ this.value = value;
1347
+ }
1348
+ toNumber() {
1349
+ return toFloat32(this.value);
1350
+ }
1351
+ }
1352
+
1353
+ class CBORFloat64 {
1354
+ value;
1355
+ constructor(value) {
1356
+ if (value.byteLength !== 8) {
1357
+ throw new TypeError;
1358
+ }
1359
+ this.value = value;
1360
+ }
1361
+ toNumber() {
1362
+ return toFloat64(this.value);
1363
+ }
1364
+ }
1365
+
1366
+ class CBORTagged {
1367
+ tagNumber;
1368
+ value;
1369
+ constructor(tagNumber, value) {
1370
+ this.tagNumber = tagNumber;
1371
+ this.value = value;
1372
+ }
1373
+ }
1374
+
1375
+ class CBORSimple {
1376
+ value;
1377
+ constructor(value) {
1378
+ this.value = value;
1379
+ }
1380
+ }
1381
+
1382
+ class CBORBreak {
1383
+ value = null;
1384
+ }
1385
+ function compareCBORValues(a, b) {
1386
+ if (a instanceof CBORPositiveInteger && b instanceof CBORPositiveInteger) {
1387
+ return a.value === b.value;
1388
+ }
1389
+ if (a instanceof CBORNegativeInteger && b instanceof CBORNegativeInteger) {
1390
+ return a.value === b.value;
1391
+ }
1392
+ if (a instanceof CBORByteString && b instanceof CBORByteString) {
1393
+ return compareBytes(a.value, b.value);
1394
+ }
1395
+ if (a instanceof CBORTextString && b instanceof CBORTextString) {
1396
+ return a.value === b.value;
1397
+ }
1398
+ if (a instanceof CBORSimple && b instanceof CBORSimple) {
1399
+ return a.value === b.value;
1400
+ }
1401
+ if (a instanceof CBORTagged && b instanceof CBORTagged) {
1402
+ return a.tagNumber === b.tagNumber && compareCBORValues(a.value, b.value);
1403
+ }
1404
+ if (a instanceof CBORFloat16 && b instanceof CBORFloat16) {
1405
+ return compareBytes(a.value, b.value);
1406
+ }
1407
+ if (a instanceof CBORFloat32 && b instanceof CBORFloat32) {
1408
+ return compareBytes(a.value, b.value);
1409
+ }
1410
+ if (a instanceof CBORFloat64 && b instanceof CBORFloat64) {
1411
+ return compareBytes(a.value, b.value);
1412
+ }
1413
+ if (a instanceof CBORArray && b instanceof CBORArray) {
1414
+ if (a.elements.length !== b.elements.length) {
1415
+ return false;
1416
+ }
1417
+ for (let i = 0;i < a.elements.length; i++) {
1418
+ if (!compareCBORValues(a.elements[i], b.elements[i])) {
1419
+ return false;
1420
+ }
1421
+ }
1422
+ return true;
1423
+ }
1424
+ if (a instanceof CBORMap && b instanceof CBORMap) {
1425
+ if (a.entries.length !== b.entries.length) {
1426
+ return false;
1427
+ }
1428
+ const checkedIndexes = [];
1429
+ for (let i = 0;i < a.entries.length; i++) {
1430
+ for (let j = 0;j < b.entries.length; j++) {
1431
+ if (!checkedIndexes.includes(i)) {
1432
+ if (!compareCBORValues(a.entries[i][0], b.entries[j][0])) {
1433
+ continue;
1434
+ }
1435
+ if (!compareCBORValues(a.entries[i][1], b.entries[j][1])) {
1436
+ continue;
1437
+ }
1438
+ checkedIndexes.push(j);
1439
+ break;
1440
+ }
1441
+ }
1442
+ if (checkedIndexes.length !== i + 1) {
1443
+ return false;
1444
+ }
1445
+ }
1446
+ return true;
1447
+ }
1448
+ return false;
1449
+ }
1450
+
1451
+ class CBORNotWellFormedError extends Error {
1452
+ constructor() {
1453
+ super("CBOR is not well-formed");
1454
+ }
1455
+ }
1456
+
1457
+ class CBORLeftoverBytesError extends Error {
1458
+ constructor(count) {
1459
+ super(`Leftover bytes: ${count}`);
1460
+ }
1461
+ }
1462
+
1463
+ class CBORTooDeepError extends Error {
1464
+ constructor() {
1465
+ super("Exceeds maximum depth");
1466
+ }
1467
+ }
1468
+
1469
+ class CBORInvalidError extends Error {
1470
+ constructor() {
1471
+ super("Invalid CBOR");
1472
+ }
1473
+ }
1474
+ // ../../node_modules/.bun/@oslojs+cbor@1.0.0/node_modules/@oslojs/cbor/dist/transform.js
1475
+ function transformCBORValueToNative(cbor) {
1476
+ if (cbor instanceof CBORPositiveInteger || cbor instanceof CBORNegativeInteger) {
1477
+ if (cbor.isNumber()) {
1478
+ return Number(cbor.value);
1479
+ }
1480
+ return cbor.value;
1481
+ }
1482
+ if (cbor instanceof CBORTextString) {
1483
+ return cbor.decodeText();
1484
+ }
1485
+ if (cbor instanceof CBORByteString) {
1486
+ return cbor.value;
1487
+ }
1488
+ if (cbor instanceof CBORFloat16 || cbor instanceof CBORFloat32 || cbor instanceof CBORFloat64) {
1489
+ return cbor.toNumber();
1490
+ }
1491
+ if (cbor instanceof CBORSimple) {
1492
+ if (cbor.value === 20) {
1493
+ return false;
1494
+ }
1495
+ if (cbor.value === 21) {
1496
+ return true;
1497
+ }
1498
+ if (cbor.value === 22) {
1499
+ return null;
1500
+ }
1501
+ if (cbor.value === 23) {
1502
+ return;
1503
+ }
1504
+ throw new CBORInvalidError;
1505
+ }
1506
+ if (cbor instanceof CBORArray) {
1507
+ const result = new Array(cbor.elements.length);
1508
+ for (let i = 0;i < cbor.elements.length; i++) {
1509
+ result[i] = transformCBORValueToNative(cbor.elements[i]);
1510
+ }
1511
+ return result;
1512
+ }
1513
+ if (cbor instanceof CBORMap) {
1514
+ const result = {};
1515
+ for (let i = 0;i < cbor.entries.length; i++) {
1516
+ const [entryKey, entryValue] = cbor.entries[i];
1517
+ let stringifiedKey;
1518
+ if (entryKey instanceof CBORTextString) {
1519
+ stringifiedKey = entryKey.decodeText();
1520
+ } else if (entryKey instanceof CBORPositiveInteger || entryKey instanceof CBORNegativeInteger) {
1521
+ stringifiedKey = entryKey.value.toString();
1522
+ } else if (entryKey instanceof CBORFloat16 || entryKey instanceof CBORFloat32 || entryKey instanceof CBORFloat64) {
1523
+ const valueNumber = entryKey.toNumber();
1524
+ if (Number.isNaN(valueNumber)) {
1525
+ throw new CBORInvalidError;
1526
+ }
1527
+ stringifiedKey = valueNumber.toString();
1528
+ } else {
1529
+ throw new CBORInvalidError;
1530
+ }
1531
+ if (stringifiedKey === "__proto__") {
1532
+ throw new CBORInvalidError;
1533
+ }
1534
+ if (stringifiedKey in result) {
1535
+ throw new CBORInvalidError;
1536
+ }
1537
+ result[stringifiedKey] = transformCBORValueToNative(entryValue);
1538
+ }
1539
+ return result;
1540
+ }
1541
+ if (cbor instanceof CBORTagged) {
1542
+ return transformCBORValueToNative(cbor.value);
1543
+ }
1544
+ throw new CBORInvalidError;
1545
+ }
1546
+
1547
+ // ../../node_modules/.bun/@oslojs+cbor@1.0.0/node_modules/@oslojs/cbor/dist/decode.js
1548
+ function decodeCBORToNativeValueNoLeftoverBytes(data, maxDepth) {
1549
+ const decoded = decodeCBORNoLeftoverBytes(data, maxDepth);
1550
+ return transformCBORValueToNative(decoded);
1551
+ }
1552
+ function decodeCBORToNativeValue(data, maxDepth) {
1553
+ const [decoded, size] = decodeCBOR(data, maxDepth);
1554
+ return [transformCBORValueToNative(decoded), size];
1555
+ }
1556
+ function decodeCBORNoLeftoverBytes(data, maxDepth) {
1557
+ const [result, size] = decodeCBOR(data, maxDepth);
1558
+ if (size !== data.byteLength) {
1559
+ throw new CBORLeftoverBytesError(data.byteLength - size);
1560
+ }
1561
+ return result;
1562
+ }
1563
+ function decodeCBOR(data, maxDepth) {
1564
+ const [value, size] = decodeCBORIncludingBreaks(data, maxDepth, 0);
1565
+ if (value instanceof CBORBreak) {
1566
+ throw new CBORNotWellFormedError;
1567
+ }
1568
+ return [value, size];
1569
+ }
1570
+ function decodeCBORIncludingBreaks(data, maxDepth, currentDepth) {
1571
+ if (currentDepth > maxDepth) {
1572
+ throw new CBORTooDeepError;
1573
+ }
1574
+ if (data.byteLength < 1) {
1575
+ throw new CBORNotWellFormedError;
1576
+ }
1577
+ const majorType = data[0] >> 5;
1578
+ if (majorType === 0) {
1579
+ const additionalInformation = data[0] & 31;
1580
+ if (additionalInformation < 24) {
1581
+ return [new CBORPositiveInteger(BigInt(additionalInformation)), 1];
1582
+ }
1583
+ const argumentSize = getArgumentSize(additionalInformation);
1584
+ const value = getVariableUint(data, argumentSize, 1);
1585
+ return [new CBORPositiveInteger(value), 1 + argumentSize];
1586
+ }
1587
+ if (majorType === 1) {
1588
+ const additionalInformation = data[0] & 31;
1589
+ if (additionalInformation < 24) {
1590
+ return [new CBORNegativeInteger(BigInt(-1 - additionalInformation)), 1];
1591
+ }
1592
+ const argumentSize = getArgumentSize(additionalInformation);
1593
+ const value = getVariableUint(data, argumentSize, 1);
1594
+ return [new CBORNegativeInteger(-1n - BigInt(value)), 1 + argumentSize];
1595
+ }
1596
+ if (majorType === 2) {
1597
+ const additionalInformation = data[0] & 31;
1598
+ if (additionalInformation === 31) {
1599
+ let offset2 = 1;
1600
+ let size = offset2;
1601
+ const buffer = new DynamicBuffer(0);
1602
+ while (true) {
1603
+ if (data.byteLength < offset2 + 1) {
1604
+ throw new CBORNotWellFormedError;
1605
+ }
1606
+ const innerMajorType = data[offset2] >> 5;
1607
+ const innerAdditionalInformation = data[offset2] & 31;
1608
+ if (innerMajorType === 7 && innerAdditionalInformation === 31) {
1609
+ size += 1;
1610
+ break;
1611
+ }
1612
+ if (innerMajorType !== 2) {
1613
+ throw new CBORNotWellFormedError;
1614
+ }
1615
+ let innerByteSize;
1616
+ let innerOffset;
1617
+ if (innerAdditionalInformation < 24) {
1618
+ innerByteSize = innerAdditionalInformation;
1619
+ innerOffset = 1;
1620
+ } else {
1621
+ const innerArgumentSize = getArgumentSize(innerAdditionalInformation);
1622
+ innerByteSize = Number(getVariableUint(data, innerArgumentSize, offset2 + 1));
1623
+ innerOffset = 1 + innerArgumentSize;
1624
+ }
1625
+ if (data.byteLength < offset2 + innerByteSize) {
1626
+ throw new CBORNotWellFormedError;
1627
+ }
1628
+ buffer.write(data.subarray(offset2 + innerOffset, offset2 + innerOffset + innerByteSize));
1629
+ size += innerOffset + innerByteSize;
1630
+ offset2 += innerOffset + innerByteSize;
1631
+ }
1632
+ return [new CBORByteString(buffer.bytes()), size];
1633
+ }
1634
+ let offset;
1635
+ let byteSize;
1636
+ if (additionalInformation < 24) {
1637
+ byteSize = additionalInformation;
1638
+ offset = 1;
1639
+ } else {
1640
+ const argumentSize = getArgumentSize(additionalInformation);
1641
+ byteSize = Number(getVariableUint(data, argumentSize, 1));
1642
+ offset = 1 + argumentSize;
1643
+ }
1644
+ if (data.byteLength < offset + byteSize) {
1645
+ throw new CBORNotWellFormedError;
1646
+ }
1647
+ const value = data.slice(offset, offset + byteSize);
1648
+ return [new CBORByteString(value), offset + byteSize];
1649
+ }
1650
+ if (majorType === 3) {
1651
+ const additionalInformation = data[0] & 31;
1652
+ let offset;
1653
+ if (additionalInformation === 31) {
1654
+ offset = 1;
1655
+ let size = offset;
1656
+ const buffer = new DynamicBuffer(0);
1657
+ while (true) {
1658
+ if (data.byteLength < offset + 1) {
1659
+ throw new CBORNotWellFormedError;
1660
+ }
1661
+ const innerMajorType = data[offset] >> 5;
1662
+ const innerAdditionalInformation = data[offset] & 31;
1663
+ if (innerMajorType === 7 && innerAdditionalInformation === 31) {
1664
+ offset += 1;
1665
+ size += 1;
1666
+ break;
1667
+ }
1668
+ if (innerMajorType !== 3) {
1669
+ throw new CBORNotWellFormedError;
1670
+ }
1671
+ let innerByteSize;
1672
+ let innerOffset;
1673
+ if (innerAdditionalInformation < 24) {
1674
+ innerByteSize = innerAdditionalInformation;
1675
+ innerOffset = 1;
1676
+ } else {
1677
+ const innerArgumentSize = getArgumentSize(innerAdditionalInformation);
1678
+ innerByteSize = Number(getVariableUint(data, innerArgumentSize, offset + 1));
1679
+ innerOffset = 1 + innerArgumentSize;
1680
+ }
1681
+ if (data.byteLength < offset + innerByteSize) {
1682
+ throw new CBORNotWellFormedError;
1683
+ }
1684
+ buffer.write(data.subarray(offset + innerOffset, offset + innerOffset + innerByteSize));
1685
+ size += innerOffset + innerByteSize;
1686
+ offset += innerOffset + innerByteSize;
1687
+ }
1688
+ return [new CBORTextString(buffer.bytes()), size];
1689
+ }
1690
+ let byteSize;
1691
+ if (additionalInformation < 24) {
1692
+ byteSize = additionalInformation;
1693
+ offset = 1;
1694
+ } else {
1695
+ const argumentSize = getArgumentSize(additionalInformation);
1696
+ byteSize = Number(getVariableUint(data, argumentSize, 1));
1697
+ offset = 1 + argumentSize;
1698
+ }
1699
+ if (data.byteLength < offset + byteSize) {
1700
+ throw new CBORNotWellFormedError;
1701
+ }
1702
+ const value = data.slice(offset, offset + byteSize);
1703
+ return [new CBORTextString(value), offset + byteSize];
1704
+ }
1705
+ if (majorType === 4) {
1706
+ const additionalInformation = data[0] & 31;
1707
+ let offset = 1;
1708
+ if (additionalInformation === 31) {
1709
+ let size2 = offset;
1710
+ const elements2 = [];
1711
+ while (true) {
1712
+ const [element, elementByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1713
+ size2 += elementByteSize;
1714
+ if (element instanceof CBORBreak) {
1715
+ break;
1716
+ }
1717
+ offset += elementByteSize;
1718
+ elements2.push(element);
1719
+ }
1720
+ return [new CBORArray(elements2), size2];
1721
+ }
1722
+ let arraySize;
1723
+ if (additionalInformation < 24) {
1724
+ arraySize = additionalInformation;
1725
+ } else {
1726
+ const argumentSize = getArgumentSize(additionalInformation);
1727
+ arraySize = Number(getVariableUint(data, argumentSize, 1));
1728
+ offset += argumentSize;
1729
+ }
1730
+ const elements = new Array(arraySize);
1731
+ let size = offset;
1732
+ for (let i = 0;i < arraySize; i++) {
1733
+ const [element, elementByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1734
+ if (element instanceof CBORBreak) {
1735
+ throw new CBORNotWellFormedError;
1736
+ }
1737
+ offset += elementByteSize;
1738
+ size += elementByteSize;
1739
+ elements[i] = element;
1740
+ }
1741
+ return [new CBORArray(elements), size];
1742
+ }
1743
+ if (majorType === 5) {
1744
+ const additionalInformation = data[0] & 31;
1745
+ let offset = 1;
1746
+ if (additionalInformation === 31) {
1747
+ let size2 = offset;
1748
+ const entries = [];
1749
+ while (true) {
1750
+ const [entryKey, keyByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1751
+ if (entryKey instanceof CBORBreak) {
1752
+ size2 += keyByteSize;
1753
+ break;
1754
+ }
1755
+ offset += keyByteSize;
1756
+ size2 += keyByteSize;
1757
+ const [entryValue, valueByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1758
+ if (entryValue instanceof CBORBreak) {
1759
+ throw new CBORNotWellFormedError;
1760
+ }
1761
+ entries.push([entryKey, entryValue]);
1762
+ offset += valueByteSize;
1763
+ size2 += valueByteSize;
1764
+ }
1765
+ return [new CBORMap(entries), size2];
1766
+ }
1767
+ let pairCount;
1768
+ if (additionalInformation < 24) {
1769
+ pairCount = additionalInformation;
1770
+ } else {
1771
+ const argumentSize = getArgumentSize(additionalInformation);
1772
+ pairCount = Number(getVariableUint(data, argumentSize, 1));
1773
+ offset += argumentSize;
1774
+ }
1775
+ if (pairCount > data.byteLength) {
1776
+ throw new CBORNotWellFormedError;
1777
+ }
1778
+ const value = new Array(pairCount);
1779
+ let size = offset;
1780
+ for (let i = 0;i < pairCount; i++) {
1781
+ const [entryKey, keyByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1782
+ if (entryKey instanceof CBORBreak) {
1783
+ throw new CBORNotWellFormedError;
1784
+ }
1785
+ offset += keyByteSize;
1786
+ size += keyByteSize;
1787
+ const [entryValue, valueByteSize] = decodeCBORIncludingBreaks(data.subarray(offset), maxDepth, currentDepth + 1);
1788
+ if (entryValue instanceof CBORBreak) {
1789
+ throw new CBORNotWellFormedError;
1790
+ }
1791
+ value[i] = [entryKey, entryValue];
1792
+ offset += valueByteSize;
1793
+ size += valueByteSize;
1794
+ }
1795
+ return [new CBORMap(value), size];
1796
+ }
1797
+ if (majorType === 6) {
1798
+ const additionalInformation = data[0] & 31;
1799
+ let tagNumber;
1800
+ let headSize;
1801
+ if (additionalInformation < 24) {
1802
+ tagNumber = BigInt(additionalInformation);
1803
+ headSize = 1;
1804
+ } else {
1805
+ const argumentSize = getArgumentSize(additionalInformation);
1806
+ tagNumber = getVariableUint(data, argumentSize, 1);
1807
+ headSize = 1 + argumentSize;
1808
+ }
1809
+ const [value, valueSize] = decodeCBORIncludingBreaks(data.subarray(headSize), maxDepth, currentDepth + 1);
1810
+ return [new CBORTagged(tagNumber, value), headSize + valueSize];
1811
+ }
1812
+ if (majorType === 7) {
1813
+ const additionalInformation = data[0] & 31;
1814
+ if (additionalInformation < 24) {
1815
+ return [new CBORSimple(additionalInformation), 1];
1816
+ }
1817
+ if (additionalInformation === 24) {
1818
+ if (data.byteLength < 2) {
1819
+ throw new CBORNotWellFormedError;
1820
+ }
1821
+ if (data[1] < 24) {
1822
+ throw new CBORNotWellFormedError;
1823
+ }
1824
+ return [new CBORSimple(data[1]), 2];
1825
+ }
1826
+ if (additionalInformation === 25) {
1827
+ if (data.byteLength < 2) {
1828
+ throw new CBORNotWellFormedError;
1829
+ }
1830
+ return [new CBORFloat16(data.subarray(1, 3)), 3];
1831
+ }
1832
+ if (additionalInformation === 26) {
1833
+ if (data.byteLength < 4) {
1834
+ throw new CBORNotWellFormedError;
1835
+ }
1836
+ return [new CBORFloat32(data.subarray(1, 5)), 5];
1837
+ }
1838
+ if (additionalInformation === 27) {
1839
+ if (data.byteLength < 8) {
1840
+ throw new CBORNotWellFormedError;
1841
+ }
1842
+ return [new CBORFloat64(data.subarray(1, 9)), 9];
1843
+ }
1844
+ if (additionalInformation === 31) {
1845
+ return [new CBORBreak, 1];
1846
+ }
1847
+ throw new CBORNotWellFormedError;
1848
+ }
1849
+ throw new CBORNotWellFormedError;
1850
+ }
1851
+ function getArgumentSize(additionalInformation) {
1852
+ if (additionalInformation === 24) {
1853
+ return 1;
1854
+ } else if (additionalInformation === 25) {
1855
+ return 2;
1856
+ } else if (additionalInformation === 26) {
1857
+ return 4;
1858
+ } else if (additionalInformation === 27) {
1859
+ return 8;
1860
+ } else {
1861
+ throw new CBORNotWellFormedError;
1862
+ }
1863
+ }
1864
+ function getVariableUint(data, size, offset) {
1865
+ if (data.byteLength < size + offset) {
1866
+ throw new Error;
1867
+ }
1868
+ if (size === 1) {
1869
+ return BigInt(data[offset]);
1870
+ }
1871
+ if (size === 2) {
1872
+ return BigInt(bigEndian.uint16(data, offset));
1873
+ }
1874
+ if (size === 4) {
1875
+ return BigInt(bigEndian.uint32(data, offset));
1876
+ }
1877
+ if (size === 8) {
1878
+ return bigEndian.uint64(data, offset);
1879
+ }
1880
+ throw new TypeError("Invalid size");
1881
+ }
1882
+ // ../../node_modules/.bun/@oslojs+encoding@1.0.0/node_modules/@oslojs/encoding/dist/base32.js
1883
+ var EncodingPadding;
1884
+ (function(EncodingPadding2) {
1885
+ EncodingPadding2[EncodingPadding2["Include"] = 0] = "Include";
1886
+ EncodingPadding2[EncodingPadding2["None"] = 1] = "None";
1887
+ })(EncodingPadding || (EncodingPadding = {}));
1888
+ var DecodingPadding;
1889
+ (function(DecodingPadding2) {
1890
+ DecodingPadding2[DecodingPadding2["Required"] = 0] = "Required";
1891
+ DecodingPadding2[DecodingPadding2["Ignore"] = 1] = "Ignore";
1892
+ })(DecodingPadding || (DecodingPadding = {}));
1893
+ // ../../node_modules/.bun/@oslojs+encoding@1.0.0/node_modules/@oslojs/encoding/dist/base64.js
1894
+ var EncodingPadding2;
1895
+ (function(EncodingPadding3) {
1896
+ EncodingPadding3[EncodingPadding3["Include"] = 0] = "Include";
1897
+ EncodingPadding3[EncodingPadding3["None"] = 1] = "None";
1898
+ })(EncodingPadding2 || (EncodingPadding2 = {}));
1899
+ var DecodingPadding2;
1900
+ (function(DecodingPadding3) {
1901
+ DecodingPadding3[DecodingPadding3["Required"] = 0] = "Required";
1902
+ DecodingPadding3[DecodingPadding3["Ignore"] = 1] = "Ignore";
1903
+ })(DecodingPadding2 || (DecodingPadding2 = {}));
1904
+ // ../../node_modules/.bun/@oslojs+webauthn@1.0.0/node_modules/@oslojs/webauthn/dist/cose.js
1905
+ function decodeCOSEPublicKey(data) {
1906
+ let decoded;
1907
+ let size;
1908
+ try {
1909
+ [decoded, size] = decodeCBORToNativeValue(data, 4);
1910
+ } catch {
1911
+ throw new Error("Failed to decode CBOR");
1912
+ }
1913
+ if (typeof decoded !== "object" || decoded === null) {
1914
+ throw new Error("Invalid CBOR map");
1915
+ }
1916
+ return [new COSEPublicKey(decoded), size];
1917
+ }
1918
+
1919
+ class COSEPublicKey {
1920
+ decoded;
1921
+ constructor(decoded) {
1922
+ this.decoded = decoded;
1923
+ }
1924
+ type() {
1925
+ if (!(1 in this.decoded) || typeof this.decoded[1] !== "number") {
1926
+ throw new Error("Invalid or missing parameter 'kty'");
1927
+ }
1928
+ const typeId = this.decoded[1];
1929
+ if (typeId in COSE_KEY_ID_MAP) {
1930
+ return COSE_KEY_ID_MAP[typeId];
1931
+ }
1932
+ throw new Error(`Unknown 'kty' value '${typeId}'`);
1933
+ }
1934
+ isAlgorithmDefined() {
1935
+ if (!(3 in this.decoded)) {
1936
+ return false;
1937
+ }
1938
+ if (typeof this.decoded[3] !== "number") {
1939
+ throw new Error("Invalid parameter 'alg'");
1940
+ }
1941
+ return true;
1942
+ }
1943
+ algorithm() {
1944
+ if (!(3 in this.decoded) || typeof this.decoded[3] !== "number") {
1945
+ throw new Error("Invalid or missing parameter 'alg'");
1946
+ }
1947
+ return this.decoded[3];
1948
+ }
1949
+ ec2() {
1950
+ if (this.type() !== COSEKeyType.EC2) {
1951
+ throw new Error("Expected an elliptic curve public key");
1952
+ }
1953
+ if (!("-1" in this.decoded) || typeof this.decoded["-1"] !== "number") {
1954
+ throw new Error("Invalid or missing parameter 'crv'");
1955
+ }
1956
+ const curve = this.decoded["-1"];
1957
+ if (!("-2" in this.decoded) || !(this.decoded["-2"] instanceof Uint8Array)) {
1958
+ throw new Error("Invalid or missing parameter 'x'");
1959
+ }
1960
+ const xBytes = this.decoded["-2"];
1961
+ if (xBytes.byteLength !== 32) {
1962
+ throw new Error("Invalid or missing parameter 'x'");
1963
+ }
1964
+ if (!("-3" in this.decoded) || !(this.decoded["-3"] instanceof Uint8Array)) {
1965
+ throw new Error("Invalid or missing parameter 'y'");
1966
+ }
1967
+ const yBytes = this.decoded["-3"];
1968
+ if (yBytes.byteLength !== 32) {
1969
+ throw new Error("Invalid or missing parameter 'y'");
1970
+ }
1971
+ const publicKey = {
1972
+ curve,
1973
+ x: bigIntFromBytes(xBytes),
1974
+ y: bigIntFromBytes(yBytes)
1975
+ };
1976
+ return publicKey;
1977
+ }
1978
+ rsa() {
1979
+ if (this.type() !== COSEKeyType.RSA) {
1980
+ throw new Error("Expected an RSA public key");
1981
+ }
1982
+ if (!("-1" in this.decoded) || !(this.decoded["-1"] instanceof Uint8Array)) {
1983
+ throw new Error("Invalid or missing parameter 'n'");
1984
+ }
1985
+ const nBytes = this.decoded["-1"];
1986
+ if (nBytes.byteLength !== 256) {
1987
+ throw new Error("Invalid or missing parameter 'n'");
1988
+ }
1989
+ if (!("-2" in this.decoded) || !(this.decoded["-2"] instanceof Uint8Array)) {
1990
+ throw new Error("Invalid or missing parameter 'e'");
1991
+ }
1992
+ const eBytes = this.decoded["-2"];
1993
+ if (eBytes.byteLength !== 3) {
1994
+ throw new Error("Invalid or missing parameter 'e'");
1995
+ }
1996
+ const publicKey = {
1997
+ n: bigIntFromBytes(nBytes),
1998
+ e: bigIntFromBytes(eBytes)
1999
+ };
2000
+ return publicKey;
2001
+ }
2002
+ okp() {
2003
+ if (this.type() !== COSEKeyType.OKP) {
2004
+ throw new Error("Expected an octet key pair public key");
2005
+ }
2006
+ if (!("-1" in this.decoded) || typeof this.decoded["-1"] !== "number") {
2007
+ throw new Error("Invalid or missing parameter 'curve'");
2008
+ }
2009
+ const curve = this.decoded["-1"];
2010
+ if (!("-2" in this.decoded) || !(this.decoded["-2"] instanceof Uint8Array)) {
2011
+ throw new Error("Invalid or missing parameter 'x'");
2012
+ }
2013
+ const x = this.decoded["-2"];
2014
+ if ("-4" in this.decoded) {
2015
+ throw new Error("Unexpected parameter 'd'");
2016
+ }
2017
+ const publicKey = {
2018
+ curve,
2019
+ x
2020
+ };
2021
+ return publicKey;
2022
+ }
2023
+ symmetric() {
2024
+ if (this.type() !== COSEKeyType.Symmetric) {
2025
+ throw new Error("Expected an symmetric key");
2026
+ }
2027
+ if (!("-1" in this.decoded) || !(this.decoded["-1"] instanceof Uint8Array)) {
2028
+ throw new Error("Invalid or missing parameter 'k'");
2029
+ }
2030
+ const k = this.decoded["-1"];
2031
+ return k;
2032
+ }
2033
+ }
2034
+ var COSEKeyType;
2035
+ (function(COSEKeyType2) {
2036
+ COSEKeyType2[COSEKeyType2["OKP"] = 0] = "OKP";
2037
+ COSEKeyType2[COSEKeyType2["EC2"] = 1] = "EC2";
2038
+ COSEKeyType2[COSEKeyType2["RSA"] = 2] = "RSA";
2039
+ COSEKeyType2[COSEKeyType2["Symmetric"] = 3] = "Symmetric";
2040
+ COSEKeyType2[COSEKeyType2["HSSLMS"] = 4] = "HSSLMS";
2041
+ COSEKeyType2[COSEKeyType2["WalnutDSA"] = 5] = "WalnutDSA";
2042
+ })(COSEKeyType || (COSEKeyType = {}));
2043
+ var COSE_KEY_ID_MAP = {
2044
+ 1: COSEKeyType.OKP,
2045
+ 2: COSEKeyType.EC2,
2046
+ 3: COSEKeyType.RSA,
2047
+ 4: COSEKeyType.Symmetric,
2048
+ 5: COSEKeyType.HSSLMS,
2049
+ 6: COSEKeyType.WalnutDSA
2050
+ };
2051
+
2052
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha224.js
2053
+ class SHA224 {
2054
+ blockSize = 64;
2055
+ size = 32;
2056
+ blocks = new Uint8Array(64);
2057
+ currentBlockSize = 0;
2058
+ H = new Uint32Array([
2059
+ 3238371032,
2060
+ 914150663,
2061
+ 812702999,
2062
+ 4144912697,
2063
+ 4290775857,
2064
+ 1750603025,
2065
+ 1694076839,
2066
+ 3204075428
2067
+ ]);
2068
+ l = 0n;
2069
+ w = new Uint32Array(64);
2070
+ update(data) {
2071
+ this.l += BigInt(data.byteLength) * 8n;
2072
+ if (this.currentBlockSize + data.byteLength < 64) {
2073
+ this.blocks.set(data, this.currentBlockSize);
2074
+ this.currentBlockSize += data.byteLength;
2075
+ return;
2076
+ }
2077
+ let processed = 0;
2078
+ if (this.currentBlockSize > 0) {
2079
+ const next = data.slice(0, 64 - this.currentBlockSize);
2080
+ this.blocks.set(next, this.currentBlockSize);
2081
+ this.process();
2082
+ processed += next.byteLength;
2083
+ this.currentBlockSize = 0;
2084
+ }
2085
+ while (processed + 64 <= data.byteLength) {
2086
+ const next = data.slice(processed, processed + 64);
2087
+ this.blocks.set(next);
2088
+ this.process();
2089
+ processed += 64;
2090
+ }
2091
+ if (data.byteLength - processed > 0) {
2092
+ const remaining = data.slice(processed);
2093
+ this.blocks.set(remaining);
2094
+ this.currentBlockSize = remaining.byteLength;
2095
+ }
2096
+ }
2097
+ digest() {
2098
+ this.blocks[this.currentBlockSize] = 128;
2099
+ this.currentBlockSize += 1;
2100
+ if (64 - this.currentBlockSize < 8) {
2101
+ this.blocks.fill(0, this.currentBlockSize);
2102
+ this.process();
2103
+ this.currentBlockSize = 0;
2104
+ }
2105
+ this.blocks.fill(0, this.currentBlockSize);
2106
+ bigEndian.putUint64(this.blocks, this.l, this.blockSize - 8);
2107
+ this.process();
2108
+ const result = new Uint8Array(28);
2109
+ for (let i = 0;i < 7; i++) {
2110
+ bigEndian.putUint32(result, this.H[i], i * 4);
2111
+ }
2112
+ return result;
2113
+ }
2114
+ process() {
2115
+ for (let t = 0;t < 16; t++) {
2116
+ this.w[t] = (this.blocks[t * 4] << 24 | this.blocks[t * 4 + 1] << 16 | this.blocks[t * 4 + 2] << 8 | this.blocks[t * 4 + 3]) >>> 0;
2117
+ }
2118
+ for (let t = 16;t < 64; t++) {
2119
+ const sigma1 = (rotr32(this.w[t - 2], 17) ^ rotr32(this.w[t - 2], 19) ^ this.w[t - 2] >>> 10) >>> 0;
2120
+ const sigma0 = (rotr32(this.w[t - 15], 7) ^ rotr32(this.w[t - 15], 18) ^ this.w[t - 15] >>> 3) >>> 0;
2121
+ this.w[t] = sigma1 + this.w[t - 7] + sigma0 + this.w[t - 16] | 0;
2122
+ }
2123
+ let a = this.H[0];
2124
+ let b = this.H[1];
2125
+ let c = this.H[2];
2126
+ let d = this.H[3];
2127
+ let e = this.H[4];
2128
+ let f = this.H[5];
2129
+ let g = this.H[6];
2130
+ let h = this.H[7];
2131
+ for (let t = 0;t < 64; t++) {
2132
+ const sigma1 = (rotr32(e, 6) ^ rotr32(e, 11) ^ rotr32(e, 25)) >>> 0;
2133
+ const ch = (e & f ^ ~e & g) >>> 0;
2134
+ const t1 = h + sigma1 + ch + K[t] + this.w[t] | 0;
2135
+ const sigma0 = (rotr32(a, 2) ^ rotr32(a, 13) ^ rotr32(a, 22)) >>> 0;
2136
+ const maj = (a & b ^ a & c ^ b & c) >>> 0;
2137
+ const t2 = sigma0 + maj | 0;
2138
+ h = g;
2139
+ g = f;
2140
+ f = e;
2141
+ e = d + t1 | 0;
2142
+ d = c;
2143
+ c = b;
2144
+ b = a;
2145
+ a = t1 + t2 | 0;
2146
+ }
2147
+ this.H[0] = a + this.H[0] | 0;
2148
+ this.H[1] = b + this.H[1] | 0;
2149
+ this.H[2] = c + this.H[2] | 0;
2150
+ this.H[3] = d + this.H[3] | 0;
2151
+ this.H[4] = e + this.H[4] | 0;
2152
+ this.H[5] = f + this.H[5] | 0;
2153
+ this.H[6] = g + this.H[6] | 0;
2154
+ this.H[7] = h + this.H[7] | 0;
2155
+ }
2156
+ }
2157
+ var K = new Uint32Array([
2158
+ 1116352408,
2159
+ 1899447441,
2160
+ 3049323471,
2161
+ 3921009573,
2162
+ 961987163,
2163
+ 1508970993,
2164
+ 2453635748,
2165
+ 2870763221,
2166
+ 3624381080,
2167
+ 310598401,
2168
+ 607225278,
2169
+ 1426881987,
2170
+ 1925078388,
2171
+ 2162078206,
2172
+ 2614888103,
2173
+ 3248222580,
2174
+ 3835390401,
2175
+ 4022224774,
2176
+ 264347078,
2177
+ 604807628,
2178
+ 770255983,
2179
+ 1249150122,
2180
+ 1555081692,
2181
+ 1996064986,
2182
+ 2554220882,
2183
+ 2821834349,
2184
+ 2952996808,
2185
+ 3210313671,
2186
+ 3336571891,
2187
+ 3584528711,
2188
+ 113926993,
2189
+ 338241895,
2190
+ 666307205,
2191
+ 773529912,
2192
+ 1294757372,
2193
+ 1396182291,
2194
+ 1695183700,
2195
+ 1986661051,
2196
+ 2177026350,
2197
+ 2456956037,
2198
+ 2730485921,
2199
+ 2820302411,
2200
+ 3259730800,
2201
+ 3345764771,
2202
+ 3516065817,
2203
+ 3600352804,
2204
+ 4094571909,
2205
+ 275423344,
2206
+ 430227734,
2207
+ 506948616,
2208
+ 659060556,
2209
+ 883997877,
2210
+ 958139571,
2211
+ 1322822218,
2212
+ 1537002063,
2213
+ 1747873779,
2214
+ 1955562222,
2215
+ 2024104815,
2216
+ 2227730452,
2217
+ 2361852424,
2218
+ 2428436474,
2219
+ 2756734187,
2220
+ 3204031479,
2221
+ 3329325298
2222
+ ]);
2223
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha256.js
2224
+ function sha256(data) {
2225
+ const hash = new SHA256;
2226
+ hash.update(data);
2227
+ return hash.digest();
2228
+ }
2229
+
2230
+ class SHA256 {
2231
+ blockSize = 64;
2232
+ size = 32;
2233
+ blocks = new Uint8Array(64);
2234
+ currentBlockSize = 0;
2235
+ H = new Uint32Array([
2236
+ 1779033703,
2237
+ 3144134277,
2238
+ 1013904242,
2239
+ 2773480762,
2240
+ 1359893119,
2241
+ 2600822924,
2242
+ 528734635,
2243
+ 1541459225
2244
+ ]);
2245
+ l = 0n;
2246
+ w = new Uint32Array(64);
2247
+ update(data) {
2248
+ this.l += BigInt(data.byteLength) * 8n;
2249
+ if (this.currentBlockSize + data.byteLength < 64) {
2250
+ this.blocks.set(data, this.currentBlockSize);
2251
+ this.currentBlockSize += data.byteLength;
2252
+ return;
2253
+ }
2254
+ let processed = 0;
2255
+ if (this.currentBlockSize > 0) {
2256
+ const next = data.slice(0, 64 - this.currentBlockSize);
2257
+ this.blocks.set(next, this.currentBlockSize);
2258
+ this.process();
2259
+ processed += next.byteLength;
2260
+ this.currentBlockSize = 0;
2261
+ }
2262
+ while (processed + 64 <= data.byteLength) {
2263
+ const next = data.slice(processed, processed + 64);
2264
+ this.blocks.set(next);
2265
+ this.process();
2266
+ processed += 64;
2267
+ }
2268
+ if (data.byteLength - processed > 0) {
2269
+ const remaining = data.slice(processed);
2270
+ this.blocks.set(remaining);
2271
+ this.currentBlockSize = remaining.byteLength;
2272
+ }
2273
+ }
2274
+ digest() {
2275
+ this.blocks[this.currentBlockSize] = 128;
2276
+ this.currentBlockSize += 1;
2277
+ if (64 - this.currentBlockSize < 8) {
2278
+ this.blocks.fill(0, this.currentBlockSize);
2279
+ this.process();
2280
+ this.currentBlockSize = 0;
2281
+ }
2282
+ this.blocks.fill(0, this.currentBlockSize);
2283
+ bigEndian.putUint64(this.blocks, this.l, this.blockSize - 8);
2284
+ this.process();
2285
+ const result = new Uint8Array(32);
2286
+ for (let i = 0;i < 8; i++) {
2287
+ bigEndian.putUint32(result, this.H[i], i * 4);
2288
+ }
2289
+ return result;
2290
+ }
2291
+ process() {
2292
+ for (let t = 0;t < 16; t++) {
2293
+ this.w[t] = (this.blocks[t * 4] << 24 | this.blocks[t * 4 + 1] << 16 | this.blocks[t * 4 + 2] << 8 | this.blocks[t * 4 + 3]) >>> 0;
2294
+ }
2295
+ for (let t = 16;t < 64; t++) {
2296
+ const sigma1 = (rotr32(this.w[t - 2], 17) ^ rotr32(this.w[t - 2], 19) ^ this.w[t - 2] >>> 10) >>> 0;
2297
+ const sigma0 = (rotr32(this.w[t - 15], 7) ^ rotr32(this.w[t - 15], 18) ^ this.w[t - 15] >>> 3) >>> 0;
2298
+ this.w[t] = sigma1 + this.w[t - 7] + sigma0 + this.w[t - 16] | 0;
2299
+ }
2300
+ let a = this.H[0];
2301
+ let b = this.H[1];
2302
+ let c = this.H[2];
2303
+ let d = this.H[3];
2304
+ let e = this.H[4];
2305
+ let f = this.H[5];
2306
+ let g = this.H[6];
2307
+ let h = this.H[7];
2308
+ for (let t = 0;t < 64; t++) {
2309
+ const sigma1 = (rotr32(e, 6) ^ rotr32(e, 11) ^ rotr32(e, 25)) >>> 0;
2310
+ const ch = (e & f ^ ~e & g) >>> 0;
2311
+ const t1 = h + sigma1 + ch + K2[t] + this.w[t] | 0;
2312
+ const sigma0 = (rotr32(a, 2) ^ rotr32(a, 13) ^ rotr32(a, 22)) >>> 0;
2313
+ const maj = (a & b ^ a & c ^ b & c) >>> 0;
2314
+ const t2 = sigma0 + maj | 0;
2315
+ h = g;
2316
+ g = f;
2317
+ f = e;
2318
+ e = d + t1 | 0;
2319
+ d = c;
2320
+ c = b;
2321
+ b = a;
2322
+ a = t1 + t2 | 0;
2323
+ }
2324
+ this.H[0] = a + this.H[0] | 0;
2325
+ this.H[1] = b + this.H[1] | 0;
2326
+ this.H[2] = c + this.H[2] | 0;
2327
+ this.H[3] = d + this.H[3] | 0;
2328
+ this.H[4] = e + this.H[4] | 0;
2329
+ this.H[5] = f + this.H[5] | 0;
2330
+ this.H[6] = g + this.H[6] | 0;
2331
+ this.H[7] = h + this.H[7] | 0;
2332
+ }
2333
+ }
2334
+ var K2 = new Uint32Array([
2335
+ 1116352408,
2336
+ 1899447441,
2337
+ 3049323471,
2338
+ 3921009573,
2339
+ 961987163,
2340
+ 1508970993,
2341
+ 2453635748,
2342
+ 2870763221,
2343
+ 3624381080,
2344
+ 310598401,
2345
+ 607225278,
2346
+ 1426881987,
2347
+ 1925078388,
2348
+ 2162078206,
2349
+ 2614888103,
2350
+ 3248222580,
2351
+ 3835390401,
2352
+ 4022224774,
2353
+ 264347078,
2354
+ 604807628,
2355
+ 770255983,
2356
+ 1249150122,
2357
+ 1555081692,
2358
+ 1996064986,
2359
+ 2554220882,
2360
+ 2821834349,
2361
+ 2952996808,
2362
+ 3210313671,
2363
+ 3336571891,
2364
+ 3584528711,
2365
+ 113926993,
2366
+ 338241895,
2367
+ 666307205,
2368
+ 773529912,
2369
+ 1294757372,
2370
+ 1396182291,
2371
+ 1695183700,
2372
+ 1986661051,
2373
+ 2177026350,
2374
+ 2456956037,
2375
+ 2730485921,
2376
+ 2820302411,
2377
+ 3259730800,
2378
+ 3345764771,
2379
+ 3516065817,
2380
+ 3600352804,
2381
+ 4094571909,
2382
+ 275423344,
2383
+ 430227734,
2384
+ 506948616,
2385
+ 659060556,
2386
+ 883997877,
2387
+ 958139571,
2388
+ 1322822218,
2389
+ 1537002063,
2390
+ 1747873779,
2391
+ 1955562222,
2392
+ 2024104815,
2393
+ 2227730452,
2394
+ 2361852424,
2395
+ 2428436474,
2396
+ 2756734187,
2397
+ 3204031479,
2398
+ 3329325298
2399
+ ]);
2400
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha512.js
2401
+ class SharedSHA512 {
2402
+ blockSize = 128;
2403
+ size = 64;
2404
+ blocks = new Uint8Array(128);
2405
+ currentBlockSize = 0;
2406
+ l = 0n;
2407
+ w = new BigUint64Array(80);
2408
+ H;
2409
+ constructor(H) {
2410
+ if (H.byteLength !== 64) {
2411
+ throw new TypeError;
2412
+ }
2413
+ this.H = H;
2414
+ }
2415
+ update(data) {
2416
+ this.l += BigInt(data.byteLength) * 8n;
2417
+ if (this.currentBlockSize + data.byteLength < 128) {
2418
+ this.blocks.set(data, this.currentBlockSize);
2419
+ this.currentBlockSize += data.byteLength;
2420
+ return;
2421
+ }
2422
+ let processed = 0;
2423
+ if (this.currentBlockSize > 0) {
2424
+ const next = data.slice(0, 128 - this.currentBlockSize);
2425
+ this.blocks.set(next, this.currentBlockSize);
2426
+ this.process();
2427
+ processed += next.byteLength;
2428
+ this.currentBlockSize = 0;
2429
+ }
2430
+ while (processed + 128 <= data.byteLength) {
2431
+ const next = data.slice(processed, processed + 128);
2432
+ this.blocks.set(next);
2433
+ this.process();
2434
+ processed += 128;
2435
+ this.currentBlockSize = 0;
2436
+ }
2437
+ if (data.byteLength - processed > 0) {
2438
+ const remaining = data.slice(processed);
2439
+ this.blocks.set(remaining);
2440
+ this.currentBlockSize = remaining.byteLength;
2441
+ }
2442
+ }
2443
+ putDigest(result) {
2444
+ if (result.byteLength > 64 || result.byteLength % 8 !== 0) {
2445
+ throw new TypeError;
2446
+ }
2447
+ this.blocks[this.currentBlockSize] = 128;
2448
+ this.currentBlockSize += 1;
2449
+ if (128 - this.currentBlockSize < 16) {
2450
+ this.blocks.fill(0, this.currentBlockSize);
2451
+ this.process();
2452
+ this.currentBlockSize = 0;
2453
+ }
2454
+ this.blocks.fill(0, this.currentBlockSize);
2455
+ bigEndian.putUint64(this.blocks, this.l, this.blockSize - 8);
2456
+ this.process();
2457
+ for (let i = 0;i < result.byteLength / 8; i++) {
2458
+ bigEndian.putUint64(result, this.H[i], i * 8);
2459
+ }
2460
+ }
2461
+ process() {
2462
+ for (let t = 0;t < 16; t++) {
2463
+ this.w[t] = BigInt(this.blocks[t * 8]) << 56n | BigInt(this.blocks[t * 8 + 1]) << 48n | BigInt(this.blocks[t * 8 + 2]) << 40n | BigInt(this.blocks[t * 8 + 3]) << 32n | BigInt(this.blocks[t * 8 + 4]) << 24n | BigInt(this.blocks[t * 8 + 5]) << 16n | BigInt(this.blocks[t * 8 + 6]) << 8n | BigInt(this.blocks[t * 8 + 7]);
2464
+ }
2465
+ for (let t = 16;t < 80; t++) {
2466
+ const sigma1 = (rotr64(this.w[t - 2], 19) ^ rotr64(this.w[t - 2], 61) ^ this.w[t - 2] >> 6n) & 0xffffffffffffffffn;
2467
+ const sigma0 = (rotr64(this.w[t - 15], 1) ^ rotr64(this.w[t - 15], 8) ^ this.w[t - 15] >> 7n) & 0xffffffffffffffffn;
2468
+ this.w[t] = sigma1 + this.w[t - 7] + sigma0 + this.w[t - 16] & 0xffffffffffffffffn;
2469
+ }
2470
+ let a = this.H[0];
2471
+ let b = this.H[1];
2472
+ let c = this.H[2];
2473
+ let d = this.H[3];
2474
+ let e = this.H[4];
2475
+ let f = this.H[5];
2476
+ let g = this.H[6];
2477
+ let h = this.H[7];
2478
+ for (let t = 0;t < 80; t++) {
2479
+ const sigma1 = (rotr64(e, 14) ^ rotr64(e, 18) ^ rotr64(e, 41)) & 0xffffffffffffffffn;
2480
+ const ch = (e & f ^ ~e & g) & 0xffffffffffffffffn;
2481
+ const t1 = h + sigma1 + ch + K3[t] + this.w[t] & 0xffffffffffffffffn;
2482
+ const sigma0 = (rotr64(a, 28) ^ rotr64(a, 34) ^ rotr64(a, 39)) & 0xffffffffffffffffn;
2483
+ const maj = (a & b ^ a & c ^ b & c) & 0xffffffffffffffffn;
2484
+ const t2 = sigma0 + maj & 0xffffffffffffffffn;
2485
+ h = g;
2486
+ g = f;
2487
+ f = e;
2488
+ e = d + t1 & 0xffffffffffffffffn;
2489
+ d = c;
2490
+ c = b;
2491
+ b = a;
2492
+ a = t1 + t2 & 0xffffffffffffffffn;
2493
+ }
2494
+ this.H[0] = a + this.H[0] & 0xffffffffffffffffn;
2495
+ this.H[1] = b + this.H[1] & 0xffffffffffffffffn;
2496
+ this.H[2] = c + this.H[2] & 0xffffffffffffffffn;
2497
+ this.H[3] = d + this.H[3] & 0xffffffffffffffffn;
2498
+ this.H[4] = e + this.H[4] & 0xffffffffffffffffn;
2499
+ this.H[5] = f + this.H[5] & 0xffffffffffffffffn;
2500
+ this.H[6] = g + this.H[6] & 0xffffffffffffffffn;
2501
+ this.H[7] = h + this.H[7] & 0xffffffffffffffffn;
2502
+ }
2503
+ }
2504
+
2505
+ class SHA512 {
2506
+ blockSize = 128;
2507
+ size = 64;
2508
+ sha512 = new SharedSHA512(new BigUint64Array([
2509
+ 0x6a09e667f3bcc908n,
2510
+ 0xbb67ae8584caa73bn,
2511
+ 0x3c6ef372fe94f82bn,
2512
+ 0xa54ff53a5f1d36f1n,
2513
+ 0x510e527fade682d1n,
2514
+ 0x9b05688c2b3e6c1fn,
2515
+ 0x1f83d9abfb41bd6bn,
2516
+ 0x5be0cd19137e2179n
2517
+ ]));
2518
+ update(data) {
2519
+ this.sha512.update(data);
2520
+ }
2521
+ digest() {
2522
+ const result = new Uint8Array(64);
2523
+ this.sha512.putDigest(result);
2524
+ return result;
2525
+ }
2526
+ }
2527
+ var K3 = new BigUint64Array([
2528
+ 0x428a2f98d728ae22n,
2529
+ 0x7137449123ef65cdn,
2530
+ 0xb5c0fbcfec4d3b2fn,
2531
+ 0xe9b5dba58189dbbcn,
2532
+ 0x3956c25bf348b538n,
2533
+ 0x59f111f1b605d019n,
2534
+ 0x923f82a4af194f9bn,
2535
+ 0xab1c5ed5da6d8118n,
2536
+ 0xd807aa98a3030242n,
2537
+ 0x12835b0145706fben,
2538
+ 0x243185be4ee4b28cn,
2539
+ 0x550c7dc3d5ffb4e2n,
2540
+ 0x72be5d74f27b896fn,
2541
+ 0x80deb1fe3b1696b1n,
2542
+ 0x9bdc06a725c71235n,
2543
+ 0xc19bf174cf692694n,
2544
+ 0xe49b69c19ef14ad2n,
2545
+ 0xefbe4786384f25e3n,
2546
+ 0x0fc19dc68b8cd5b5n,
2547
+ 0x240ca1cc77ac9c65n,
2548
+ 0x2de92c6f592b0275n,
2549
+ 0x4a7484aa6ea6e483n,
2550
+ 0x5cb0a9dcbd41fbd4n,
2551
+ 0x76f988da831153b5n,
2552
+ 0x983e5152ee66dfabn,
2553
+ 0xa831c66d2db43210n,
2554
+ 0xb00327c898fb213fn,
2555
+ 0xbf597fc7beef0ee4n,
2556
+ 0xc6e00bf33da88fc2n,
2557
+ 0xd5a79147930aa725n,
2558
+ 0x06ca6351e003826fn,
2559
+ 0x142929670a0e6e70n,
2560
+ 0x27b70a8546d22ffcn,
2561
+ 0x2e1b21385c26c926n,
2562
+ 0x4d2c6dfc5ac42aedn,
2563
+ 0x53380d139d95b3dfn,
2564
+ 0x650a73548baf63den,
2565
+ 0x766a0abb3c77b2a8n,
2566
+ 0x81c2c92e47edaee6n,
2567
+ 0x92722c851482353bn,
2568
+ 0xa2bfe8a14cf10364n,
2569
+ 0xa81a664bbc423001n,
2570
+ 0xc24b8b70d0f89791n,
2571
+ 0xc76c51a30654be30n,
2572
+ 0xd192e819d6ef5218n,
2573
+ 0xd69906245565a910n,
2574
+ 0xf40e35855771202an,
2575
+ 0x106aa07032bbd1b8n,
2576
+ 0x19a4c116b8d2d0c8n,
2577
+ 0x1e376c085141ab53n,
2578
+ 0x2748774cdf8eeb99n,
2579
+ 0x34b0bcb5e19b48a8n,
2580
+ 0x391c0cb3c5c95a63n,
2581
+ 0x4ed8aa4ae3418acbn,
2582
+ 0x5b9cca4f7763e373n,
2583
+ 0x682e6ff3d6b2b8a3n,
2584
+ 0x748f82ee5defb2fcn,
2585
+ 0x78a5636f43172f60n,
2586
+ 0x84c87814a1f0ab72n,
2587
+ 0x8cc702081a6439ecn,
2588
+ 0x90befffa23631e28n,
2589
+ 0xa4506cebde82bde9n,
2590
+ 0xbef9a3f7b2c67915n,
2591
+ 0xc67178f2e372532bn,
2592
+ 0xca273eceea26619cn,
2593
+ 0xd186b8c721c0c207n,
2594
+ 0xeada7dd6cde0eb1en,
2595
+ 0xf57d4f7fee6ed178n,
2596
+ 0x06f067aa72176fban,
2597
+ 0x0a637dc5a2c898a6n,
2598
+ 0x113f9804bef90daen,
2599
+ 0x1b710b35131c471bn,
2600
+ 0x28db77f523047d84n,
2601
+ 0x32caab7b40c72493n,
2602
+ 0x3c9ebe0a15c9bebcn,
2603
+ 0x431d67c49c100d4cn,
2604
+ 0x4cc5d4becb3e42b6n,
2605
+ 0x597f299cfc657e2an,
2606
+ 0x5fcb6fab3ad6faecn,
2607
+ 0x6c44198c4a475817n
2608
+ ]);
2609
+
2610
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha384.js
2611
+ class SHA384 {
2612
+ blockSize = 128;
2613
+ size = 48;
2614
+ sha512 = new SharedSHA512(new BigUint64Array([
2615
+ 0xcbbb9d5dc1059ed8n,
2616
+ 0x629a292a367cd507n,
2617
+ 0x9159015a3070dd17n,
2618
+ 0x152fecd8f70e5939n,
2619
+ 0x67332667ffc00b31n,
2620
+ 0x8eb44a8768581511n,
2621
+ 0xdb0c2e0d64f98fa7n,
2622
+ 0x47b5481dbefa4fa4n
2623
+ ]));
2624
+ update(data) {
2625
+ this.sha512.update(data);
2626
+ }
2627
+ digest() {
2628
+ const result = new Uint8Array(48);
2629
+ this.sha512.putDigest(result);
2630
+ return result;
2631
+ }
2632
+ }
2633
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha512_224.js
2634
+ class SHA512_224 {
2635
+ blockSize = 128;
2636
+ size = 28;
2637
+ sha512 = new SharedSHA512(new BigUint64Array([
2638
+ 0x8c3d37c819544da2n,
2639
+ 0x73e1996689dcd4d6n,
2640
+ 0x1dfab7ae32ff9c82n,
2641
+ 0x679dd514582f9fcfn,
2642
+ 0x0f6d2b697bd44da8n,
2643
+ 0x77e36f7304c48942n,
2644
+ 0x3f9d85a86a1d36c8n,
2645
+ 0x1112e6ad91d692a1n
2646
+ ]));
2647
+ update(data) {
2648
+ this.sha512.update(data);
2649
+ }
2650
+ digest() {
2651
+ const result = new Uint8Array(32);
2652
+ this.sha512.putDigest(result);
2653
+ return result.slice(0, 28);
2654
+ }
2655
+ }
2656
+ // ../../node_modules/.bun/@oslojs+crypto@1.0.0/node_modules/@oslojs/crypto/dist/sha2/sha512_256.js
2657
+ class SHA512_256 {
2658
+ blockSize = 128;
2659
+ size = 28;
2660
+ sha512 = new SharedSHA512(new BigUint64Array([
2661
+ 0x22312194fc2bf72cn,
2662
+ 0x9f555fa3c84c64c2n,
2663
+ 0x2393b86b6f53b151n,
2664
+ 0x963877195940eabdn,
2665
+ 0x96283ee2a88effe3n,
2666
+ 0xbe5e1e2553863992n,
2667
+ 0x2b0199fc2c85b8aan,
2668
+ 0x0eb72ddc81c52ca2n
2669
+ ]));
2670
+ update(data) {
2671
+ this.sha512.update(data);
2672
+ }
2673
+ digest() {
2674
+ const result = new Uint8Array(32);
2675
+ this.sha512.putDigest(result);
2676
+ return result;
2677
+ }
2678
+ }
2679
+ // ../../node_modules/.bun/@oslojs+webauthn@1.0.0/node_modules/@oslojs/webauthn/dist/auth.js
2680
+ var ClientDataType;
2681
+ (function(ClientDataType2) {
2682
+ ClientDataType2[ClientDataType2["Get"] = 0] = "Get";
2683
+ ClientDataType2[ClientDataType2["Create"] = 1] = "Create";
2684
+ })(ClientDataType || (ClientDataType = {}));
2685
+ var TokenBindingStatus;
2686
+ (function(TokenBindingStatus2) {
2687
+ TokenBindingStatus2[TokenBindingStatus2["Supported"] = 0] = "Supported";
2688
+ TokenBindingStatus2[TokenBindingStatus2["Present"] = 1] = "Present";
2689
+ })(TokenBindingStatus || (TokenBindingStatus = {}));
2690
+ function parseAuthenticatorData(encoded) {
2691
+ if (encoded.byteLength < 37) {
2692
+ throw new AuthenticatorDataParseError("Insufficient bytes");
2693
+ }
2694
+ const relyingPartyIdHash = encoded.slice(0, 32);
2695
+ const flags = {
2696
+ userPresent: (encoded[32] & 1) === 1,
2697
+ userVerified: (encoded[32] >> 2 & 1) === 1
2698
+ };
2699
+ const signatureCounter = bigEndian.uint32(encoded, 33);
2700
+ const includesAttestedCredentialData = (encoded[32] >> 6 & 1) === 1;
2701
+ let credential = null;
2702
+ if (includesAttestedCredentialData) {
2703
+ if (encoded.byteLength < 37 + 18) {
2704
+ throw new AuthenticatorDataParseError("Invalid credential data");
2705
+ }
2706
+ const aaguid = encoded.slice(37, 53);
2707
+ const credentialIdLength = bigEndian.uint16(encoded, 53);
2708
+ if (encoded.byteLength < 37 + 18 + credentialIdLength) {
2709
+ throw new AuthenticatorDataParseError("Insufficient bytes");
2710
+ }
2711
+ const credentialId = encoded.slice(55, 55 + credentialIdLength);
2712
+ let credentialPublicKey;
2713
+ try {
2714
+ [credentialPublicKey] = decodeCOSEPublicKey(encoded.slice(55 + credentialIdLength));
2715
+ } catch (e) {
2716
+ throw new AuthenticatorDataParseError("Failed to parse public key");
2717
+ }
2718
+ credential = {
2719
+ authenticatorAAGUID: aaguid,
2720
+ id: credentialId,
2721
+ publicKey: credentialPublicKey
2722
+ };
2723
+ }
2724
+ const authenticatorData = new AuthenticatorData(relyingPartyIdHash, flags, signatureCounter, credential, null);
2725
+ return authenticatorData;
2726
+ }
2727
+
2728
+ class AuthenticatorData {
2729
+ relyingPartyIdHash;
2730
+ userPresent;
2731
+ userVerified;
2732
+ signatureCounter;
2733
+ credential;
2734
+ extensions;
2735
+ constructor(relyingPartyIdHash, flags, signatureCounter, credential, extensions) {
2736
+ this.relyingPartyIdHash = relyingPartyIdHash;
2737
+ this.userPresent = flags.userPresent;
2738
+ this.userVerified = flags.userVerified;
2739
+ this.signatureCounter = signatureCounter;
2740
+ this.credential = credential;
2741
+ this.extensions = extensions;
2742
+ }
2743
+ verifyRelyingPartyIdHash(relyingPartyId) {
2744
+ const relyingPartyIdHash = sha256(new TextEncoder().encode(relyingPartyId));
2745
+ return compareBytes(this.relyingPartyIdHash, relyingPartyIdHash);
2746
+ }
2747
+ }
2748
+
2749
+ class AuthenticatorDataParseError extends Error {
2750
+ constructor(message) {
2751
+ super(`Failed to parse authenticator data: ${message}`);
2752
+ }
2753
+ }
2754
+
2755
+ // ../../node_modules/.bun/@oslojs+webauthn@1.0.0/node_modules/@oslojs/webauthn/dist/attestation.js
2756
+ function parseAttestationObject(encoded) {
2757
+ let decoded;
2758
+ try {
2759
+ decoded = decodeCBORToNativeValueNoLeftoverBytes(encoded, 4);
2760
+ } catch {
2761
+ throw new AttestationObjectParseError("Invalid CBOR data");
2762
+ }
2763
+ if (typeof decoded !== "object" || decoded === null) {
2764
+ throw new AttestationObjectParseError("Invalid CBOR data");
2765
+ }
2766
+ if (!("fmt" in decoded) || typeof decoded.fmt !== "string") {
2767
+ throw new AttestationObjectParseError("Invalid or missing property 'fmt'");
2768
+ }
2769
+ if (!("attStmt" in decoded) || typeof decoded.attStmt !== "object" || decoded.attStmt === null) {
2770
+ throw new AttestationObjectParseError("Invalid or missing property 'attStmt'");
2771
+ }
2772
+ if (!("authData" in decoded) || !(decoded.authData instanceof Uint8Array)) {
2773
+ throw new AttestationObjectParseError("Invalid or missing property 'authData'");
2774
+ }
2775
+ let attestationFormat;
2776
+ if (decoded.fmt === "packed") {
2777
+ attestationFormat = AttestationStatementFormat.Packed;
2778
+ } else if (decoded.fmt === "tpm") {
2779
+ attestationFormat = AttestationStatementFormat.TPM;
2780
+ } else if (decoded.fmt === "android-key") {
2781
+ attestationFormat = AttestationStatementFormat.AndroidKey;
2782
+ } else if (decoded.fmt === "android-safetynet") {
2783
+ attestationFormat = AttestationStatementFormat.AndroidSafetyNet;
2784
+ } else if (decoded.fmt === "fido-u2f") {
2785
+ attestationFormat = AttestationStatementFormat.FIDOU2F;
2786
+ } else if (decoded.fmt === "none") {
2787
+ attestationFormat = AttestationStatementFormat.None;
2788
+ } else if (decoded.fmt === "apple") {
2789
+ attestationFormat = AttestationStatementFormat.AppleAnonymous;
2790
+ } else {
2791
+ throw new AttestationObjectParseError(`Unsupported attestation statement format '${decoded.fmt}'`);
2792
+ }
2793
+ const attestationObject = {
2794
+ authenticatorData: parseAuthenticatorData(decoded.authData),
2795
+ attestationStatement: new AttestationStatement(attestationFormat, decoded.attStmt)
2796
+ };
2797
+ return attestationObject;
2798
+ }
2799
+
2800
+ class AttestationObjectParseError extends Error {
2801
+ constructor(message) {
2802
+ super(`Failed to parse attestation object: ${message}`);
2803
+ }
2804
+ }
2805
+
2806
+ class AttestationStatement {
2807
+ format;
2808
+ decoded;
2809
+ constructor(format, decoded) {
2810
+ this.format = format;
2811
+ this.decoded = decoded;
2812
+ }
2813
+ packed() {
2814
+ if (this.format !== AttestationStatementFormat.Packed) {
2815
+ throw new Error("Invalid format");
2816
+ }
2817
+ if (!("alg" in this.decoded) || typeof this.decoded.alg !== "number") {
2818
+ throw new Error("Invalid or missing property 'alg'");
2819
+ }
2820
+ if (!("sig" in this.decoded) || !(this.decoded.sig instanceof Uint8Array)) {
2821
+ throw new Error("Invalid or missing property 'sig'");
2822
+ }
2823
+ let certificates = null;
2824
+ if ("x5c" in this.decoded) {
2825
+ if (!Array.isArray(this.decoded.x5c)) {
2826
+ throw new Error("Invalid property 'x5c'");
2827
+ }
2828
+ if (this.decoded.x5c.length < 1) {
2829
+ throw new Error("Invalid property 'x5c'");
2830
+ }
2831
+ certificates = [];
2832
+ for (const certificate of this.decoded.x5c) {
2833
+ if (!(certificate instanceof Uint8Array)) {
2834
+ throw new Error("Invalid property 'x5c'");
2835
+ }
2836
+ certificates.push(certificate);
2837
+ }
2838
+ }
2839
+ const statement = {
2840
+ algorithm: this.decoded.alg,
2841
+ signature: this.decoded.sig,
2842
+ certificates
2843
+ };
2844
+ return statement;
2845
+ }
2846
+ tpm() {
2847
+ if (this.format !== AttestationStatementFormat.TPM) {
2848
+ throw new Error("Invalid format");
2849
+ }
2850
+ if (!("alg" in this.decoded) || typeof this.decoded.alg !== "number") {
2851
+ throw new Error("Invalid or missing property 'alg'");
2852
+ }
2853
+ if (!("sig" in this.decoded) || !(this.decoded.sig instanceof Uint8Array)) {
2854
+ throw new Error("Invalid or missing property 'sig'");
2855
+ }
2856
+ if (!("x5c" in this.decoded) || !Array.isArray(this.decoded.x5c)) {
2857
+ throw new Error("Invalid or missing property 'x5c'");
2858
+ }
2859
+ if (this.decoded.x5c.length < 1) {
2860
+ throw new Error("Invalid or missing property 'x5c'");
2861
+ }
2862
+ const certificates = [];
2863
+ for (const certificate of this.decoded.x5c) {
2864
+ if (!(certificate instanceof Uint8Array)) {
2865
+ throw new Error("Invalid or missing property 'x5c'");
2866
+ }
2867
+ certificates.push(certificate);
2868
+ }
2869
+ if (!("certInfo" in this.decoded) || !(this.decoded.certInfo instanceof Uint8Array)) {
2870
+ throw new Error("Invalid or missing property 'certInfo'");
2871
+ }
2872
+ if (!("pubArea" in this.decoded) || !(this.decoded.pubArea instanceof Uint8Array)) {
2873
+ throw new Error("Invalid or missing property 'pubArea'");
2874
+ }
2875
+ const statement = {
2876
+ algorithm: this.decoded.alg,
2877
+ signature: this.decoded.sig,
2878
+ certificates,
2879
+ attestation: this.decoded.certInfo,
2880
+ publicKey: this.decoded.pubArea
2881
+ };
2882
+ return statement;
2883
+ }
2884
+ androidKey() {
2885
+ if (this.format !== AttestationStatementFormat.AndroidKey) {
2886
+ throw new Error("Invalid format");
2887
+ }
2888
+ if (!("alg" in this.decoded) || typeof this.decoded.alg !== "number") {
2889
+ throw new Error("Invalid or missing property 'alg'");
2890
+ }
2891
+ if (!("sig" in this.decoded) || !(this.decoded.sig instanceof Uint8Array)) {
2892
+ throw new Error("Invalid or missing property 'sig'");
2893
+ }
2894
+ if (!("x5c" in this.decoded) || !Array.isArray(this.decoded.x5c)) {
2895
+ throw new Error("Invalid or missing property 'x5c'");
2896
+ }
2897
+ if (this.decoded.x5c.length < 1) {
2898
+ throw new Error("Invalid or missing property 'x5c'");
2899
+ }
2900
+ const certificates = [];
2901
+ for (const certificate of this.decoded.x5c) {
2902
+ if (!(certificate instanceof Uint8Array)) {
2903
+ throw new Error("Invalid or missing property 'x5c'");
2904
+ }
2905
+ certificates.push(certificate);
2906
+ }
2907
+ const statement = {
2908
+ algorithm: this.decoded.alg,
2909
+ signature: this.decoded.sig,
2910
+ certificates
2911
+ };
2912
+ return statement;
2913
+ }
2914
+ androidSafetyNet() {
2915
+ if (this.format !== AttestationStatementFormat.AndroidKey) {
2916
+ throw new Error("Invalid format");
2917
+ }
2918
+ if (!("ver" in this.decoded) || typeof this.decoded.ver !== "string") {
2919
+ throw new Error("Invalid or missing property 'ver'");
2920
+ }
2921
+ if (!("response" in this.decoded) || !(this.decoded.response instanceof Uint8Array)) {
2922
+ throw new Error("Invalid or missing property 'response'");
2923
+ }
2924
+ const statement = {
2925
+ version: this.decoded.ver,
2926
+ response: this.decoded.response
2927
+ };
2928
+ return statement;
2929
+ }
2930
+ fidoU2F() {
2931
+ if (this.format !== AttestationStatementFormat.FIDOU2F) {
2932
+ throw new Error("Invalid format");
2933
+ }
2934
+ if (!("sig" in this.decoded) || !(this.decoded.sig instanceof Uint8Array)) {
2935
+ throw new Error("Invalid or missing property 'sig'");
2936
+ }
2937
+ if (!("x5c" in this.decoded) || !Array.isArray(this.decoded.x5c)) {
2938
+ throw new Error("Invalid or missing property 'x5c'");
2939
+ }
2940
+ if (this.decoded.x5c.length !== 1) {
2941
+ throw new Error("Invalid or missing property 'x5c'");
2942
+ }
2943
+ const certificate = this.decoded.x5c[0];
2944
+ if (!(certificate instanceof Uint8Array)) {
2945
+ throw new Error("Invalid or missing property 'x5c'");
2946
+ }
2947
+ const statement = {
2948
+ signature: this.decoded.sig,
2949
+ certificate
2950
+ };
2951
+ return statement;
2952
+ }
2953
+ appleAnonymous() {
2954
+ if (this.format !== AttestationStatementFormat.AppleAnonymous) {
2955
+ throw new Error("Invalid format");
2956
+ }
2957
+ if (!("x5c" in this.decoded) || !Array.isArray(this.decoded.x5c)) {
2958
+ throw new Error("Invalid or missing property 'x5c'");
2959
+ }
2960
+ if (this.decoded.x5c.length < 1) {
2961
+ throw new Error("Invalid or missing property 'x5c'");
2962
+ }
2963
+ const certificates = [];
2964
+ for (const certificate of this.decoded.x5c) {
2965
+ if (!(certificate instanceof Uint8Array)) {
2966
+ throw new Error("Invalid or missing property 'x5c'");
2967
+ }
2968
+ certificates.push(certificate);
2969
+ }
2970
+ const statement = { certificates };
2971
+ return statement;
2972
+ }
2973
+ }
2974
+ var AttestationStatementFormat;
2975
+ (function(AttestationStatementFormat2) {
2976
+ AttestationStatementFormat2[AttestationStatementFormat2["Packed"] = 0] = "Packed";
2977
+ AttestationStatementFormat2[AttestationStatementFormat2["TPM"] = 1] = "TPM";
2978
+ AttestationStatementFormat2[AttestationStatementFormat2["AndroidKey"] = 2] = "AndroidKey";
2979
+ AttestationStatementFormat2[AttestationStatementFormat2["AndroidSafetyNet"] = 3] = "AndroidSafetyNet";
2980
+ AttestationStatementFormat2[AttestationStatementFormat2["FIDOU2F"] = 4] = "FIDOU2F";
2981
+ AttestationStatementFormat2[AttestationStatementFormat2["AppleAnonymous"] = 5] = "AppleAnonymous";
2982
+ AttestationStatementFormat2[AttestationStatementFormat2["None"] = 6] = "None";
2983
+ })(AttestationStatementFormat || (AttestationStatementFormat = {}));
2984
+ // src/create/internal-handler.ts
2985
+ function setupPublicKeyCredentialRegistrationRequest(type, keyRequest, attestation, enabledExtensions, userVerification, pubKeyCredParams, additionalOptions) {
2986
+ if (type === "platform" && enabledExtensions.includes("largeBlob")) {
2987
+ let supportMode;
2988
+ const largeBlobSupport = additionalOptions.largeBlobSupport;
2989
+ if (largeBlobSupport === "required") {
2990
+ supportMode = ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Required;
2991
+ } else if (largeBlobSupport === "preferred") {
2992
+ supportMode = ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Preferred;
2993
+ } else {
2994
+ console.warn("[electron-webauthn] largeBlobSupport is enabled but largeBlobSupport is not provided, skipping large blob support");
2995
+ }
2996
+ if (supportMode) {
2997
+ const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput.alloc().initWithSupportRequirement$(supportMode);
2998
+ keyRequest.setLargeBlob$(largeBlobInput);
2999
+ }
3000
+ }
3001
+ let attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.None;
3002
+ if (type === "security-key") {
3003
+ if (attestation === "direct") {
3004
+ attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.Direct;
3005
+ } else if (attestation === "enterprise") {
3006
+ attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.Enterprise;
3007
+ } else if (attestation === "indirect") {
3008
+ attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.Indirect;
3009
+ }
3010
+ }
3011
+ keyRequest.setAttestationPreference$(NSStringFromString(attestationPreference));
3012
+ let userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Preferred;
3013
+ if (userVerification === "required") {
3014
+ userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Required;
3015
+ } else if (userVerification === "discouraged") {
3016
+ userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Discouraged;
3017
+ }
3018
+ keyRequest.setUserVerificationPreference$(NSStringFromString(userVerificationPreference));
3019
+ if (type === "platform" && additionalOptions.userDisplayName) {
3020
+ const userDisplayName = NSStringFromString(additionalOptions.userDisplayName);
3021
+ keyRequest.setDisplayName$(userDisplayName);
3022
+ }
3023
+ if (type === "security-key") {
3024
+ const credentialParameters = [];
3025
+ for (const param of pubKeyCredParams) {
3026
+ if (param.type === "public-key" && param.algorithm === -7) {
3027
+ const paramObj = ASAuthorizationPublicKeyCredentialParameters.alloc().initWithAlgorithm$(param.algorithm);
3028
+ credentialParameters.push(paramObj);
3029
+ }
3030
+ }
3031
+ const nsCredentialParameters = NSArrayFromObjects(credentialParameters);
3032
+ keyRequest.setCredentialParameters$(nsCredentialParameters);
3033
+ }
3034
+ if (type === "platform" && enabledExtensions.includes("prf")) {
3035
+ if (additionalOptions.prf) {
3036
+ const inputValues = createPRFInput(additionalOptions.prf);
3037
+ const prfInput = ASAuthorizationPublicKeyCredentialPRFRegistrationInput.alloc().initWithInputValues$(inputValues);
3038
+ keyRequest.setPrf$(prfInput);
3039
+ } else {
3040
+ keyRequest.setPrf$(ASAuthorizationPublicKeyCredentialPRFRegistrationInput.checkForSupport());
3041
+ }
3042
+ }
3043
+ }
3044
+ function createCredentialInternal(rpid, challenge, username, userID, nativeWindowHandle, origin, timeout, enabledExtensions, attestation = "none", supportedAlgorithmIdentifiers = [], excludeCredentials, residentKeyRequired = false, preferredAuthenticatorAttachment = "all", userVerification = "preferred", additionalOptions = {}) {
3045
+ const { promise, resolve, reject } = PromiseWithResolvers();
3046
+ const NS_rpID = NSStringFromString(rpid);
3047
+ const NS_challenge = NSDataFromBuffer(challenge);
3048
+ const NS_username = NSStringFromString(username);
3049
+ const NS_userID = NSDataFromBuffer(userID);
3050
+ const requestArrayInput = [];
3051
+ const allowSecurityKeyRequests = additionalOptions.allowSecurityKeyRequests ?? false;
3052
+ const resolvedAuthenticatorAttachment = allowSecurityKeyRequests ? preferredAuthenticatorAttachment : "platform";
3053
+ if (resolvedAuthenticatorAttachment === "all" || resolvedAuthenticatorAttachment === "platform") {
3054
+ const platformProvider = ASAuthorizationPlatformPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
3055
+ const platformKeyRequest = platformProvider.createCredentialRegistrationRequestWithChallenge$name$userID$(NS_challenge, NS_username, NS_userID);
3056
+ setupPublicKeyCredentialRegistrationRequest("platform", platformKeyRequest, attestation, enabledExtensions, userVerification, supportedAlgorithmIdentifiers, additionalOptions);
3057
+ requestArrayInput.push(platformKeyRequest);
3058
+ }
3059
+ if (resolvedAuthenticatorAttachment === "all" || resolvedAuthenticatorAttachment === "cross-platform") {
3060
+ const securityKeyProvider = ASAuthorizationSecurityKeyPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
3061
+ const securityKeyRequest = securityKeyProvider.createCredentialRegistrationRequestWithChallenge$displayName$name$userID$(NS_challenge, NSStringFromString(additionalOptions.userDisplayName || username), NS_username, NS_userID);
3062
+ setupPublicKeyCredentialRegistrationRequest("security-key", securityKeyRequest, attestation, enabledExtensions, userVerification, supportedAlgorithmIdentifiers, additionalOptions);
3063
+ requestArrayInput.push(securityKeyRequest);
3064
+ }
3065
+ const requestsArray = NSArrayFromObjects(requestArrayInput);
3066
+ const authController = WebauthnCreateController.alloc().initWithAuthorizationRequests$(requestsArray);
3067
+ const clientData = generateWebauthnClientData("webauthn.create", origin, challenge, additionalOptions.topFrameOrigin);
3068
+ const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
3069
+ setControllerState(authController, clientDataHash, supportedAlgorithmIdentifiers, residentKeyRequired, excludeCredentials);
3070
+ let isFinished = false;
3071
+ let timeoutHandlerId = null;
3072
+ const finished = (_success) => {
3073
+ isFinished = true;
3074
+ removeControllerState(authController);
3075
+ if (timeoutHandlerId) {
3076
+ clearTimeout(timeoutHandlerId);
3077
+ timeoutHandlerId = null;
3078
+ }
3079
+ };
3080
+ const delegate = createDelegate("ASAuthorizationControllerDelegate", {
3081
+ authorizationController$didCompleteWithAuthorization$: (_, authorization) => {
3082
+ const credential = authorization.credential();
3083
+ console.log("Authorization succeeded:", credential);
3084
+ const isPlatform = credential instanceof ASAuthorizationPlatformPublicKeyCredentialRegistration;
3085
+ const isSecurityKey = credential instanceof ASAuthorizationSecurityKeyPublicKeyCredentialRegistration;
3086
+ if (!isPlatform && !isSecurityKey) {
3087
+ reject(new Error("Resulting credential is not a platform or security key credential"));
3088
+ finished(false);
3089
+ return;
3090
+ }
3091
+ const credentialIdBuffer = bufferFromNSDataDirect(credential.credentialID());
3092
+ const attestationObjectBuffer = bufferFromNSDataDirect(credential.rawAttestationObject());
3093
+ const attestation2 = parseAttestationObject(attestationObjectBuffer);
3094
+ const publicKey = attestation2.authenticatorData.credential.publicKey;
3095
+ const ec2Key = publicKey.ec2();
3096
+ const publicKeySPKI = encodeEC2PublicKeyToSPKI(ec2Key.x, ec2Key.y);
3097
+ const authenticatorData = Buffer.from(JSON.stringify(attestation2.authenticatorData));
3098
+ let authenticatorAttachment = "cross-platform";
3099
+ if (isPlatform && credential.attachment() === ASAuthorizationPublicKeyCredentialAttachment.Platform) {
3100
+ authenticatorAttachment = "platform";
3101
+ }
3102
+ let isLargeBlobSupported = null;
3103
+ if (enabledExtensions.includes("largeBlob")) {
3104
+ const largeBlobOutput = credential.largeBlob();
3105
+ if (largeBlobOutput) {
3106
+ isLargeBlobSupported = largeBlobOutput.isSupported();
3107
+ }
3108
+ }
3109
+ let prfFirst = null;
3110
+ let prfSecond = null;
3111
+ let isPRFSupported = null;
3112
+ if (enabledExtensions.includes("prf")) {
3113
+ const prfOutput = credential.prf();
3114
+ if (prfOutput) {
3115
+ const prfFirstData = prfOutput.first();
3116
+ const prfSecondData = prfOutput.second();
3117
+ if (prfFirstData) {
3118
+ prfFirst = bufferFromNSDataDirect(prfFirstData);
3119
+ }
3120
+ if (prfSecondData) {
3121
+ prfSecond = bufferFromNSDataDirect(prfSecondData);
3122
+ }
3123
+ isPRFSupported = prfOutput.isSupported();
3124
+ }
3125
+ }
3126
+ const data = {
3127
+ credentialId: credentialIdBuffer,
3128
+ clientDataJSON: clientDataBuffer,
3129
+ attestationObject: attestationObjectBuffer,
3130
+ authenticatorData,
3131
+ attachment: authenticatorAttachment,
3132
+ transports: ["hybrid", "internal"],
3133
+ isResidentKey: true,
3134
+ publicKeyAlgorithm: publicKey.algorithm(),
3135
+ publicKey: publicKeySPKI,
3136
+ isLargeBlobSupported,
3137
+ isPRFSupported,
3138
+ prfFirst,
3139
+ prfSecond
3140
+ };
3141
+ resolve(data);
3142
+ finished(true);
3143
+ },
3144
+ authorizationController$didCompleteWithError$: (_, error) => {
3145
+ const errorMessage = error.localizedDescription().UTF8String();
3146
+ reject(new Error(errorMessage));
3147
+ finished(false);
3148
+ }
3149
+ });
3150
+ authController.setDelegate$(delegate);
3151
+ const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
3152
+ authController.setPresentationContextProvider$(presentationContextProvider);
3153
+ authController.performRequests();
3154
+ timeoutHandlerId = setTimeout(() => {
3155
+ if (isFinished)
3156
+ return;
3157
+ authController.cancel();
3158
+ }, timeout);
3159
+ return promise;
3160
+ }
3161
+
3162
+ // src/create/handler.ts
3163
+ function getExtensionsConfiguration2(extensionsData) {
3164
+ if (!(extensionsData && typeof extensionsData === "object")) {
3165
+ return {
3166
+ extensions: []
3167
+ };
3168
+ }
3169
+ const extensions = [];
3170
+ let largeBlobSupport;
3171
+ if (isObject(extensionsData.largeBlob)) {
3172
+ extensions.push("largeBlob");
3173
+ const largeBlobConfig = extensionsData.largeBlob;
3174
+ if (largeBlobConfig.support === "required") {
3175
+ largeBlobSupport = "required";
3176
+ } else if (largeBlobConfig.support === "preferred") {
3177
+ largeBlobSupport = "preferred";
3178
+ }
3179
+ }
3180
+ let prf;
3181
+ if (isObject(extensionsData.prf)) {
3182
+ const prfEval = extensionsData.prf.eval;
3183
+ if (prfEval) {
3184
+ const first = bufferSourceToBuffer(prfEval.first);
3185
+ const second = bufferSourceToBuffer(prfEval.second);
3186
+ if (first) {
3187
+ prf = {
3188
+ first: first ? first : null,
3189
+ second: second ? second : undefined
3190
+ };
3191
+ } else {
3192
+ console.warn("[electron-webauthn] prf is enabled but prf.first is not valid, skipping PRF evaluation");
3193
+ }
3194
+ }
3195
+ }
3196
+ return {
3197
+ extensions,
3198
+ largeBlobSupport,
3199
+ prf
3200
+ };
3201
+ }
3202
+ async function createCredential(publicKeyOptions, additionalOptions) {
3203
+ if (!publicKeyOptions) {
3204
+ return null;
3205
+ }
3206
+ const rpInfo = publicKeyOptions.rp;
3207
+ if (!isObject(rpInfo)) {
3208
+ return { success: false, error: "TypeError" };
3209
+ }
3210
+ let rpId = rpInfo.id;
3211
+ if (!rpId) {
3212
+ try {
3213
+ const url = new URL(additionalOptions.currentOrigin);
3214
+ rpId = url.hostname;
3215
+ } catch {}
3216
+ }
3217
+ if (!isString(rpId)) {
3218
+ return { success: false, error: "TypeError" };
3219
+ }
3220
+ let timeout = publicKeyOptions.timeout;
3221
+ if (!isNumber(timeout) || timeout <= 0) {
3222
+ timeout = 10 * 60 * 1000;
3223
+ } else if (timeout > 60 * 60 * 1000) {
3224
+ timeout = 60 * 60 * 1000;
3225
+ }
3226
+ const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
3227
+ if (!challenge) {
3228
+ return { success: false, error: "TypeError" };
3229
+ }
3230
+ if (!isObject(publicKeyOptions.user)) {
3231
+ return { success: false, error: "TypeError" };
3232
+ }
3233
+ const userName = publicKeyOptions.user.name;
3234
+ const userDisplayName = publicKeyOptions.user.displayName;
3235
+ if (!isString(userName) || !isString(userDisplayName)) {
3236
+ return { success: false, error: "TypeError" };
3237
+ }
3238
+ const userID = bufferSourceToBuffer(publicKeyOptions.user.id);
3239
+ if (!userID) {
3240
+ return { success: false, error: "TypeError" };
3241
+ }
3242
+ const attestationPreference = publicKeyOptions.attestation;
3243
+ if (attestationPreference && !isString(attestationPreference)) {
3244
+ return { success: false, error: "TypeError" };
3245
+ }
3246
+ const pubKeyCredParams = publicKeyOptions.pubKeyCredParams;
3247
+ const supportedAlgorithmIdentifiers = [];
3248
+ if (pubKeyCredParams) {
3249
+ if (Array.isArray(pubKeyCredParams)) {
3250
+ for (const param of pubKeyCredParams) {
3251
+ if (!isObject(param))
3252
+ continue;
3253
+ if (!isNumber(param.alg))
3254
+ continue;
3255
+ supportedAlgorithmIdentifiers.push({
3256
+ type: "public-key",
3257
+ algorithm: param.alg
3258
+ });
3259
+ }
3260
+ } else {
3261
+ return { success: false, error: "TypeError" };
3262
+ }
3263
+ }
3264
+ if (supportedAlgorithmIdentifiers.length === 0) {
3265
+ supportedAlgorithmIdentifiers.push({
3266
+ type: "public-key",
3267
+ algorithm: -7
3268
+ });
3269
+ supportedAlgorithmIdentifiers.push({
3270
+ type: "public-key",
3271
+ algorithm: -257
3272
+ });
3273
+ }
3274
+ const excludeCredentials = [];
3275
+ if (publicKeyOptions.excludeCredentials && Array.isArray(publicKeyOptions.excludeCredentials)) {
3276
+ for (const excludeCredential of publicKeyOptions.excludeCredentials) {
3277
+ if (!isObject(excludeCredential))
3278
+ continue;
3279
+ if (excludeCredential.type !== "public-key")
3280
+ continue;
3281
+ const idBuffer = bufferSourceToBuffer(excludeCredential.id);
3282
+ if (!idBuffer)
3283
+ continue;
3284
+ excludeCredentials.push({
3285
+ id: idBuffer,
3286
+ transports: excludeCredential.transports
3287
+ });
3288
+ }
3289
+ }
3290
+ const { extensions, largeBlobSupport, prf } = getExtensionsConfiguration2(publicKeyOptions.extensions);
3291
+ let residentKeyRequired = false;
3292
+ let userVerificationPreference = "preferred";
3293
+ let preferredAuthenticatorAttachment = "all";
3294
+ if (publicKeyOptions.authenticatorSelection) {
3295
+ if (publicKeyOptions.authenticatorSelection.residentKey === "required") {
3296
+ residentKeyRequired = true;
3297
+ } else if (publicKeyOptions.authenticatorSelection.requireResidentKey) {
3298
+ residentKeyRequired = true;
3299
+ }
3300
+ const userVerifyParam = publicKeyOptions.authenticatorSelection.userVerification;
3301
+ if (userVerifyParam === "required") {
3302
+ userVerificationPreference = "required";
3303
+ } else if (userVerifyParam === "discouraged") {
3304
+ userVerificationPreference = "discouraged";
3305
+ } else {
3306
+ userVerificationPreference = "preferred";
3307
+ }
3308
+ const attachment = publicKeyOptions.authenticatorSelection.authenticatorAttachment;
3309
+ if (attachment === "cross-platform") {
3310
+ preferredAuthenticatorAttachment = "cross-platform";
3311
+ } else if (attachment === "platform") {
3312
+ preferredAuthenticatorAttachment = "platform";
3313
+ }
3314
+ }
3315
+ const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
3316
+ const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
3317
+ isPublicSuffix
3318
+ });
3319
+ if (!isRpIdAllowed.ok) {
3320
+ return { success: false, error: "NotAllowedError" };
3321
+ }
3322
+ let errorResult = null;
3323
+ const result = await createCredentialInternal(rpId, challenge, userName, userID, nativeWindowHandle, currentOrigin, timeout, extensions, attestationPreference, supportedAlgorithmIdentifiers, excludeCredentials, residentKeyRequired, preferredAuthenticatorAttachment, userVerificationPreference, {
3324
+ allowSecurityKeyRequests: additionalOptions.allowSecurityKeyRequests ?? false,
3325
+ topFrameOrigin,
3326
+ largeBlobSupport,
3327
+ prf
3328
+ }).catch((error) => {
3329
+ errorResult = error;
3330
+ if (error.message.includes("(com.apple.AuthenticationServices.AuthorizationError error 1006.)")) {
3331
+ return "InvalidStateError";
3332
+ }
3333
+ if (error.message.startsWith("The operation couldn’t be completed.")) {
3334
+ return "NotAllowedError";
3335
+ }
3336
+ return null;
3337
+ });
3338
+ if (typeof result === "string") {
3339
+ return { success: false, error: result, errorObject: errorResult };
3340
+ }
3341
+ const data = {
3342
+ credentialId: bufferToBase64Url(result.credentialId),
3343
+ clientDataJSON: bufferToBase64Url(result.clientDataJSON),
3344
+ attestationObject: bufferToBase64Url(result.attestationObject),
3345
+ authData: bufferToBase64Url(result.authenticatorData),
3346
+ publicKey: bufferToBase64Url(result.publicKey),
3347
+ publicKeyAlgorithm: result.publicKeyAlgorithm,
3348
+ transports: result.transports,
3349
+ extensions: {}
3350
+ };
3351
+ if (publicKeyOptions.extensions?.credProps) {
3352
+ data.extensions.credProps = {
3353
+ rk: result.isResidentKey
3354
+ };
3355
+ }
3356
+ if (result.isLargeBlobSupported !== null) {
3357
+ data.extensions.largeBlob = {
3358
+ supported: result.isLargeBlobSupported
3359
+ };
3360
+ }
3361
+ if (result.isPRFSupported !== null) {
3362
+ const prfFirst = result.prfFirst;
3363
+ const prfSecond = result.prfSecond;
3364
+ data.extensions.prf = {
3365
+ enabled: result.isPRFSupported,
3366
+ results: {
3367
+ first: prfFirst ? bufferToBase64Url(prfFirst) : undefined,
3368
+ second: prfSecond ? bufferToBase64Url(prfSecond) : undefined
3369
+ }
3370
+ };
3371
+ }
3372
+ return { success: true, data };
3373
+ }
3374
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/AuthenticationServices/blocks.js
3375
+ import { typedBlock } from "objc-js";
3376
+ function platformCredentialsForRelyingParty$completionHandler$Block(fn) {
3377
+ return typedBlock("@?<v@?@>", fn);
3378
+ }
3379
+ function requestAuthorizationForPublicKeyCredentials$Block(fn) {
3380
+ return typedBlock("@?<v@?q>", fn);
3381
+ }
3382
+
3383
+ // src/helpers/passkey-authorization.ts
3384
+ function defaultPasskeyAuthorizationManagerFactory() {
3385
+ return ASAuthorizationWebBrowserPublicKeyCredentialManager.alloc().init();
3386
+ }
3387
+ var passkeyAuthorizationManagerFactory = defaultPasskeyAuthorizationManagerFactory;
3388
+ function createPasskeyAuthorizationManager() {
3389
+ return passkeyAuthorizationManagerFactory();
3390
+ }
3391
+ function normalizeAuthorizationStatus(rawState) {
3392
+ switch (rawState) {
3393
+ case ASAuthorizationWebBrowserPublicKeyCredentialManagerAuthorizationState.Authorized:
3394
+ return "authorized";
3395
+ case ASAuthorizationWebBrowserPublicKeyCredentialManagerAuthorizationState.Denied:
3396
+ return "denied";
3397
+ case ASAuthorizationWebBrowserPublicKeyCredentialManagerAuthorizationState.NotDetermined:
3398
+ return "notDetermined";
3399
+ default:
3400
+ throw new Error(`Unknown passkey authorization state: ${rawState}`);
3401
+ }
3402
+ }
3403
+ async function requestAuthorization(manager) {
3404
+ const rawState = await new Promise((resolve) => {
3405
+ const block = requestAuthorizationForPublicKeyCredentials$Block((nextState) => {
3406
+ resolve(nextState);
3407
+ });
3408
+ manager.requestAuthorizationForPublicKeyCredentials$(block);
3409
+ });
3410
+ return normalizeAuthorizationStatus(rawState);
3411
+ }
3412
+ async function resolvePasskeyAuthorization({
3413
+ requestIfNeeded,
3414
+ manager
3415
+ }) {
3416
+ const authorizationManager = manager ?? createPasskeyAuthorizationManager();
3417
+ const currentStatus = normalizeAuthorizationStatus(authorizationManager.authorizationStateForPlatformCredentials());
3418
+ if (currentStatus !== "notDetermined" || !requestIfNeeded) {
3419
+ return currentStatus;
3420
+ }
3421
+ return requestAuthorization(authorizationManager);
3422
+ }
3423
+ function normalizeAuthorizationError(error) {
3424
+ return {
3425
+ success: false,
3426
+ error: error instanceof Error ? error : new Error(String(error))
3427
+ };
3428
+ }
3429
+ async function getListPasskeyAuthorizationStatus() {
3430
+ try {
3431
+ return {
3432
+ success: true,
3433
+ status: await resolvePasskeyAuthorization({ requestIfNeeded: false })
3434
+ };
3435
+ } catch (error) {
3436
+ return normalizeAuthorizationError(error);
3437
+ }
3438
+ }
3439
+ async function requestListPasskeyAuthorization() {
3440
+ try {
3441
+ return {
3442
+ success: true,
3443
+ status: await resolvePasskeyAuthorization({ requestIfNeeded: true })
3444
+ };
3445
+ } catch (error) {
3446
+ return normalizeAuthorizationError(error);
3447
+ }
3448
+ }
3449
+
3450
+ // ../../node_modules/.bun/objcjs-types@0.8.0+2a14cf54a30f3115/node_modules/objcjs-types/dist/osversion.js
3451
+ var cached;
3452
+ function getOSVersion() {
3453
+ if (cached !== undefined)
3454
+ return cached;
3455
+ const raw = NSProcessInfo.processInfo().operatingSystemVersion();
3456
+ cached = { major: raw.field0, minor: raw.field1, patch: raw.field2 };
3457
+ return cached;
3458
+ }
3459
+ function compareVersions(a, b) {
3460
+ if (a.major !== b.major)
3461
+ return a.major - b.major;
3462
+ if (a.minor !== b.minor)
3463
+ return a.minor - b.minor;
3464
+ return a.patch - b.patch;
3465
+ }
3466
+ function isAtLeast(target) {
3467
+ return compareVersions(getOSVersion(), target) >= 0;
3468
+ }
3469
+ function version(major, minor = 0, patch = 0) {
3470
+ return { major, minor, patch };
3471
+ }
3472
+ function formatVersion(v) {
3473
+ return `${v.major}.${v.minor}.${v.patch}`;
3474
+ }
3475
+ var macOS = {
3476
+ Tahoe: version(26),
3477
+ Sequoia: version(15),
3478
+ Sonoma: version(14),
3479
+ Ventura: version(13),
3480
+ Monterey: version(12),
3481
+ BigSur: version(11),
3482
+ Catalina: version(10, 15),
3483
+ Mojave: version(10, 14),
3484
+ HighSierra: version(10, 13),
3485
+ Sierra: version(10, 12)
3486
+ };
3487
+
3488
+ // src/list/support.ts
3489
+ var listPasskeysSupportOverride = null;
3490
+ function ensureListPasskeysSupported() {
3491
+ const isSupported = listPasskeysSupportOverride === null ? isAtLeast(version(13, 3)) : listPasskeysSupportOverride;
3492
+ if (isSupported) {
3493
+ return;
3494
+ }
3495
+ const currentVersion = getOSVersion();
3496
+ throw new Error(`Passkey listing requires macOS 13.3 or later (current: ${formatVersion(currentVersion)})`);
3497
+ }
3498
+
3499
+ // src/list/handler.ts
3500
+ var LOGGING_ENABLED = false;
3501
+ function log(...args) {
3502
+ if (!LOGGING_ENABLED)
3503
+ return;
3504
+ console.log(...args);
3505
+ }
3506
+ var AUTHORIZATION_DENIED_ERROR = "Authorization DENIED - user must grant permission in System Settings > Privacy & Security";
3507
+ var AUTHORIZATION_NOT_DETERMINED_ERROR = "Authorization not determined. Call requestListPasskeyAuthorization() first or pass { requestAuthorization: true } to listPasskeys().";
3508
+ async function getPlatformCredentials(manager, relyingPartyId) {
3509
+ const rpIdString = NSStringFromString(relyingPartyId);
3510
+ log(`[listPasskeys] Calling platformCredentialsForRelyingParty: ${relyingPartyId}`);
3511
+ return new Promise((resolve) => {
3512
+ const block = platformCredentialsForRelyingParty$completionHandler$Block((credentialsArray) => {
3513
+ resolve(credentialsArray);
3514
+ });
3515
+ manager.platformCredentialsForRelyingParty$completionHandler$(rpIdString, block);
3516
+ });
3517
+ }
3518
+ function isExpectedListPasskeysError(error) {
3519
+ return error.message === AUTHORIZATION_DENIED_ERROR || error.message === AUTHORIZATION_NOT_DETERMINED_ERROR;
3520
+ }
3521
+ function getListPasskeyAuthorizationStatus2() {
3522
+ return getListPasskeyAuthorizationStatus();
3523
+ }
3524
+ function requestListPasskeyAuthorization2() {
3525
+ return requestListPasskeyAuthorization();
3526
+ }
3527
+ async function listPasskeys(relyingPartyId, options = {}) {
3528
+ try {
3529
+ ensureListPasskeysSupported();
3530
+ const manager = createPasskeyAuthorizationManager();
3531
+ const requestAuthorization2 = options.requestAuthorization ?? true;
3532
+ const authorizationStatus = await resolvePasskeyAuthorization({
3533
+ requestIfNeeded: requestAuthorization2,
3534
+ manager
3535
+ });
3536
+ log(`[listPasskeys] Authorization status: ${authorizationStatus}`);
3537
+ if (authorizationStatus === "denied") {
3538
+ throw new Error(AUTHORIZATION_DENIED_ERROR);
3539
+ }
3540
+ if (authorizationStatus === "notDetermined") {
3541
+ throw new Error(AUTHORIZATION_NOT_DETERMINED_ERROR);
3542
+ }
3543
+ const credentialsArray = await getPlatformCredentials(manager, relyingPartyId);
3544
+ if (!credentialsArray) {
3545
+ throw new Error("Unknown error occurred");
3546
+ }
3547
+ const count = credentialsArray.count();
3548
+ log(`[listPasskeys] platformCredentials returned ${count} entries`);
3549
+ const credentials = [];
3550
+ for (let i = 0;i < count; i++) {
3551
+ const cred = credentialsArray.objectAtIndex$(i);
3552
+ const credentialIdData = cred.credentialID();
3553
+ const userName = cred.name().UTF8String();
3554
+ const userHandleData = cred.userHandle();
3555
+ const credentialId = bufferToBase64Url(bufferFromNSDataDirect(credentialIdData));
3556
+ const userHandle = bufferToBase64Url(bufferFromNSDataDirect(userHandleData));
3557
+ log(`[listPasskeys] Found credential: name=${userName}, id=${credentialId.substring(0, 20)}...`);
3558
+ credentials.push({
3559
+ id: credentialId,
3560
+ rpId: relyingPartyId,
3561
+ userName,
3562
+ userHandle
3563
+ });
3564
+ }
3565
+ log(`[listPasskeys] Returning ${credentials.length} results`);
3566
+ return {
3567
+ success: true,
3568
+ credentials
3569
+ };
3570
+ } catch (error) {
3571
+ const normalizedError = error instanceof Error ? error : new Error(String(error));
3572
+ if (!isExpectedListPasskeysError(normalizedError)) {
3573
+ console.error("[listPasskeys] ", normalizedError);
3574
+ }
3575
+ return {
3576
+ success: false,
3577
+ error: normalizedError
3578
+ };
3579
+ }
3580
+ }
3581
+ export {
3582
+ requestListPasskeyAuthorization2 as requestListPasskeyAuthorization,
3583
+ listPasskeys,
3584
+ getListPasskeyAuthorizationStatus2 as getListPasskeyAuthorizationStatus,
3585
+ getCredential,
3586
+ createCredential
3587
+ };