electron-webauthn 0.0.14 → 0.0.15

package/dist/create/authorization-controller.d.ts

@@ -0,0 +1,9 @@
+import { NobjcObject } from "objc-js";
+import type { ExcludeCredential } from "./handler.js";
+export interface PublicKeyCredentialParams {
+    type: "public-key";
+    algorithm: number;
+}
+export declare function setControllerState(self: NobjcObject, clientDataHash: Buffer, pubKeyCredParams: PublicKeyCredentialParams[], residentKeyRequired: boolean, excludeCredentialIds: ExcludeCredential[]): void;
+export declare function removeControllerState(self: NobjcObject): void;
+export declare const WebauthnCreateController: NobjcObject;

package/dist/create/authorization-controller.js

@@ -0,0 +1,69 @@
+import { NobjcClass, NobjcObject, getPointer } from "objc-js";
+import { NSDataFromBuffer } from "../objc/foundation/nsdata.js";
+import { NSArrayFromObjects } from "../objc/foundation/nsarray.js";
+import { NSStringFromString } from "../objc/foundation/nsstring.js";
+import { createASCPublicKeyCredentialDescriptor } from "../objc/authentication-services/as-authorization-c-public-key-credential-descriptor.js";
+import { NSNumberFromInteger } from "../objc/foundation/nsinteger.js";
+const createControllerState = new Map();
+function getObjectPointerString(self) {
+    return getPointer(self).toBase64();
+}
+export function setControllerState(self, clientDataHash, pubKeyCredParams, residentKeyRequired, excludeCredentialIds) {
+    const selfPointer = getObjectPointerString(self);
+    createControllerState.set(selfPointer, [
+        clientDataHash,
+        pubKeyCredParams,
+        residentKeyRequired,
+        excludeCredentialIds,
+    ]);
+}
+export function removeControllerState(self) {
+    const selfPointer = getObjectPointerString(self);
+    createControllerState.delete(selfPointer);
+}
+export const WebauthnCreateController = NobjcClass.define({
+    name: "WebauthnCreateController",
+    superclass: "ASAuthorizationController",
+    methods: {
+        _requestContextWithRequests$error$: {
+            types: "@@:@^@",
+            implementation: (self, requests, outError) => {
+                const context = NobjcClass.super(self, "_requestContextWithRequests$error$", requests, outError);
+                const selfPointer = getObjectPointerString(self);
+                if (context && createControllerState.has(selfPointer)) {
+                    const registrationOptions = context.platformKeyCredentialCreationOptions();
+                    const [clientDataHash, pubKeyCredParams, residentKeyRequired, excludeCredentials,] = createControllerState.get(selfPointer);
+                    registrationOptions.setClientDataHash$(NSDataFromBuffer(clientDataHash));
+                    registrationOptions.setChallenge$(null);
+                    const supportedAlgos = [];
+                    for (const param of pubKeyCredParams) {
+                        if (param.type === "public-key") {
+                            supportedAlgos.push(NSNumberFromInteger(param.algorithm));
+                        }
+                    }
+                    if (supportedAlgos.length > 0) {
+                        registrationOptions.setSupportedAlgorithmIdentifiers$(NSArrayFromObjects(supportedAlgos));
+                    }
+                    registrationOptions.setShouldRequireResidentKey$(residentKeyRequired);
+                    const excludeList = [];
+                    for (const cred of excludeCredentials) {
+                        const transports = [];
+                        if (cred.transports) {
+                            for (const transport of cred.transports) {
+                                transports.push(NSStringFromString(transport));
+                            }
+                        }
+                        const credentialID = NSDataFromBuffer(cred.id);
+                        const transportsArray = NSArrayFromObjects(transports);
+                        const initializedDescriptor = createASCPublicKeyCredentialDescriptor(credentialID, transportsArray);
+                        excludeList.push(initializedDescriptor);
+                    }
+                    if (excludeList.length > 0) {
+                        registrationOptions.setExcludedCredentials$(NSArrayFromObjects(excludeList));
+                    }
+                }
+                return context;
+            },
+        },
+    },
+});

package/dist/create/handler.d.ts

@@ -1,4 +1,33 @@
+import { type PRFInput } from "../helpers/prf.js";
+import { type PublicKeyCredentialParams } from "./authorization-controller.js";
 export interface CreateCredentialResult {
+    credentialId: Buffer;
+    clientDataJSON: Buffer;
+    attestationObject: Buffer;
+    authenticatorData: Buffer;
+    attachment: AuthenticatorAttachment;
+    transports: string[];
+    isResidentKey: boolean;
+    publicKeyAlgorithm: number;
+    publicKey: Buffer;
+    isLargeBlobSupported: boolean | null;
+    isPRFSupported: boolean | null;
+    prfFirst: Buffer | null;
+    prfSecond: Buffer | null;
 }
-declare function createCredential(rpid: string): Promise<CreateCredentialResult>;
+type CredentialUserVerificationPreference = "required" | "preferred" | "discouraged";
+type CredentialAttestationPreference = "direct" | "enterprise" | "indirect" | "none";
+declare const VALID_EXTENSIONS: readonly ["largeBlob", "prf"];
+export type CredentialCreationExtensions = (typeof VALID_EXTENSIONS)[number];
+interface CreateCredentialAdditionalOptions {
+    topFrameOrigin?: string;
+    userDisplayName?: string;
+    largeBlobSupport?: "required" | "preferred" | "unspecified";
+    prf?: PRFInput;
+}
+export interface ExcludeCredential {
+    id: Buffer;
+    transports?: string[];
+}
+declare function createCredential(rpid: string, challenge: Buffer, username: string, userID: Buffer, nativeWindowHandle: Buffer, origin: string, enabledExtensions: CredentialCreationExtensions[], attestation: CredentialAttestationPreference, supportedAlgorithmIdentifiers: PublicKeyCredentialParams[], excludeCredentials: ExcludeCredential[], residentKeyRequired?: boolean, userVerification?: CredentialUserVerificationPreference, additionalOptions?: CreateCredentialAdditionalOptions): Promise<CreateCredentialResult>;
 export { createCredential };

package/dist/create/handler.js

@@ -1,6 +1,154 @@
+import { generateClientDataInfo } from "../helpers/client-data.js";
+import { generateWebauthnClientData } from "../helpers/client-data.js";
 import { PromiseWithResolvers } from "../helpers/index.js";
-function createCredential(rpid) {
+import { encodeEC2PublicKeyToSPKI } from "../helpers/public-key.js";
+import { createPresentationContextProviderFromNativeWindowHandle } from "../helpers/presentation.js";
+import { createPRFInput } from "../helpers/prf.js";
+import { createAuthorizationControllerDelegate } from "../objc/authentication-services/as-authorization-controller-delegate.js";
+import { createPlatformPublicKeyCredentialProvider } from "../objc/authentication-services/as-authorization-platform-public-key-credential-provider.js";
+import { createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput } from "../objc/authentication-services/as-authorization-public-key-credential-large-blob-registration-input.js";
+import { ASAuthorizationPublicKeyCredentialPRFRegistrationInput, createASAuthorizationPublicKeyCredentialPRFRegistrationInput, } from "../objc/authentication-services/as-authorization-public-key-credential-prf-registration-input.js";
+import { ASAuthorizationPublicKeyCredentialAttestationKind } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attestation-kind.js";
+import { ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement } from "../objc/authentication-services/enums/as-authorization-public-key-credential-large-blob-support-requirement.js";
+import { ASAuthorizationPublicKeyCredentialUserVerificationPreference } from "../objc/authentication-services/enums/as-authorization-public-key-credential-user-verification-preference.js";
+import { NSArrayFromObjects } from "../objc/foundation/nsarray.js";
+import { bufferFromNSDataDirect, NSDataFromBuffer, } from "../objc/foundation/nsdata.js";
+import { NSStringFromString } from "../objc/foundation/nsstring.js";
+import { removeControllerState, setControllerState, WebauthnCreateController, } from "./authorization-controller.js";
+import { parseAttestationObject } from "@oslojs/webauthn";
+import { ASAuthorizationPublicKeyCredentialAttachment } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attachment.js";
+const VALID_EXTENSIONS = ["largeBlob", "prf"];
+function createCredential(rpid, challenge, username, userID, nativeWindowHandle, origin, enabledExtensions, attestation = "none", supportedAlgorithmIdentifiers, excludeCredentials, residentKeyRequired = false, userVerification = "preferred", additionalOptions = {}) {
     const { promise, resolve, reject } = PromiseWithResolvers();
+    const NS_rpID = NSStringFromString(rpid);
+    const NS_challenge = NSDataFromBuffer(challenge);
+    const NS_username = NSStringFromString(username);
+    const NS_userID = NSDataFromBuffer(userID);
+    const platformProvider = createPlatformPublicKeyCredentialProvider(NS_rpID);
+    const platformKeyRequest = platformProvider.createCredentialRegistrationRequestWithChallenge$name$userID$(NS_challenge, NS_username, NS_userID);
+    if (enabledExtensions.includes("largeBlob")) {
+        let supportMode;
+        const largeBlobSupport = additionalOptions.largeBlobSupport;
+        if (largeBlobSupport === "required") {
+            supportMode =
+                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Required;
+        }
+        else if (largeBlobSupport === "preferred") {
+            supportMode =
+                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Preferred;
+        }
+        else {
+            console.warn("[electron-webauthn] largeBlobSupport is enabled but largeBlobSupport is not provided, skipping large blob support");
+        }
+        if (supportMode) {
+            const largeBlobInput = createASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput(supportMode);
+            platformKeyRequest.setLargeBlob$(largeBlobInput);
+        }
+    }
+    let attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.None;
+    platformKeyRequest.setAttestationPreference$(NSStringFromString(attestationPreference));
+    let userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Preferred;
+    if (userVerification === "required") {
+        userVerificationPreference =
+            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Required;
+    }
+    else if (userVerification === "discouraged") {
+        userVerificationPreference =
+            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Discouraged;
+    }
+    platformKeyRequest.setUserVerificationPreference$(NSStringFromString(userVerificationPreference));
+    if (additionalOptions.userDisplayName) {
+        const userDisplayName = NSStringFromString(additionalOptions.userDisplayName);
+        platformKeyRequest.setDisplayName$(userDisplayName);
+    }
+    if (enabledExtensions.includes("prf")) {
+        if (additionalOptions.prf) {
+            const inputValues = createPRFInput(additionalOptions.prf);
+            const prfInput = createASAuthorizationPublicKeyCredentialPRFRegistrationInput(inputValues);
+            platformKeyRequest.setPrf$(prfInput);
+        }
+        else {
+            platformKeyRequest.setPrf$(ASAuthorizationPublicKeyCredentialPRFRegistrationInput.checkForSupport());
+        }
+    }
+    const requestsArray = NSArrayFromObjects([platformKeyRequest]);
+    const authController = WebauthnCreateController.alloc().initWithAuthorizationRequests$(requestsArray);
+    const clientData = generateWebauthnClientData("webauthn.create", origin, challenge, additionalOptions.topFrameOrigin);
+    const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
+    setControllerState(authController, clientDataHash, supportedAlgorithmIdentifiers, residentKeyRequired, excludeCredentials);
+    const finished = (_success) => {
+        removeControllerState(authController);
+    };
+    const delegate = createAuthorizationControllerDelegate({
+        didCompleteWithAuthorization: (_, authorization) => {
+            const credential = authorization.credential();
+            console.log("Authorization succeeded:", credential);
+            const credentialIdBuffer = bufferFromNSDataDirect(credential.credentialID());
+            const attestationObjectBuffer = bufferFromNSDataDirect(credential.rawAttestationObject());
+            const attestation = parseAttestationObject(attestationObjectBuffer);
+            const publicKey = attestation.authenticatorData.credential.publicKey;
+            const ec2Key = publicKey.ec2();
+            const publicKeySPKI = encodeEC2PublicKeyToSPKI(ec2Key.x, ec2Key.y);
+            const authenticatorData = Buffer.from(JSON.stringify(attestation.authenticatorData));
+            let authenticatorAttachment = "platform";
+            if (credential.attachment() ===
+                ASAuthorizationPublicKeyCredentialAttachment.ASAuthorizationPublicKeyCredentialAttachmentCrossPlatform) {
+                authenticatorAttachment = "cross-platform";
+            }
+            let isLargeBlobSupported = null;
+            if (enabledExtensions.includes("largeBlob")) {
+                const largeBlobOutput = credential.largeBlob();
+                if (largeBlobOutput) {
+                    isLargeBlobSupported = largeBlobOutput.isSupported();
+                }
+            }
+            let prfFirst = null;
+            let prfSecond = null;
+            let isPRFSupported = null;
+            if (enabledExtensions.includes("prf")) {
+                const prfOutput = credential.prf();
+                if (prfOutput) {
+                    const prfFirstData = prfOutput.first();
+                    const prfSecondData = prfOutput.second();
+                    if (prfFirstData) {
+                        prfFirst = bufferFromNSDataDirect(prfFirstData);
+                    }
+                    if (prfSecondData) {
+                        prfSecond = bufferFromNSDataDirect(prfSecondData);
+                    }
+                    isPRFSupported = prfOutput.isSupported();
+                }
+            }
+            const data = {
+                credentialId: credentialIdBuffer,
+                clientDataJSON: clientDataBuffer,
+                attestationObject: attestationObjectBuffer,
+                authenticatorData,
+                attachment: authenticatorAttachment,
+                transports: ["hybrid", "internal"],
+                isResidentKey: true,
+                publicKeyAlgorithm: publicKey.algorithm(),
+                publicKey: publicKeySPKI,
+                isLargeBlobSupported,
+                isPRFSupported,
+                prfFirst,
+                prfSecond,
+            };
+            resolve(data);
+            finished(true);
+        },
+        didCompleteWithError: (_, error) => {
+            const parsedError = error;
+            const errorMessage = parsedError.localizedDescription().UTF8String();
+            console.error("Authorization failed:", errorMessage);
+            reject(new Error(errorMessage));
+            finished(false);
+        },
+    });
+    authController.setDelegate$(delegate);
+    const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
+    authController.setPresentationContextProvider$(presentationContextProvider);
+    authController.performRequests();
     return promise;
 }
 export { createCredential };

package/dist/get/handler.d.ts

@@ -1,24 +1,36 @@
-import { type PRFInput } from "../helpers/prf.js";
-type AuthenticatorAttachment = "platform" | "cross-platform";
-export type UserVerificationPreference = "preferred" | "required" | "discouraged";
-declare const VALID_EXTENSIONS: readonly ["largeBlobRead", "largeBlobWrite", "prf"];
-export type CredentialAssertionExtensions = (typeof VALID_EXTENSIONS)[number];
-export interface GetCredentialResult {
-    id: Buffer;
-    authenticatorAttachment: AuthenticatorAttachment;
-    clientDataJSON: Buffer;
-    authenticatorData: Buffer;
-    signature: Buffer;
-    userHandle: Buffer;
-    prf: [Buffer | null, Buffer | null];
-    largeBlob: Buffer | null;
-    largeBlobWritten: boolean | null;
+export interface GetCredentialSuccessData {
+    credentialId: string;
+    clientDataJSON: string;
+    authenticatorData: string;
+    signature: string;
+    userHandle: string;
+    extensions?: {
+        prf?: {
+            results?: {
+                first: string;
+                second?: string;
+            };
+        };
+        largeBlob?: {
+            blob?: string;
+            written?: boolean;
+        };
+    };
 }
-export interface GetCredentialAdditionalOptions {
-    largeBlobDataToWrite?: Buffer;
-    prf?: PRFInput;
-    prfByCredential?: Record<string, PRFInput>;
-    topFrameOrigin?: string;
+interface WebauthnGetRequestOptions {
+    currentOrigin: string;
+    topFrameOrigin: string | undefined;
+    isPublicSuffix?: (domain: string) => boolean;
+    nativeWindowHandle: Buffer;
 }
-declare function getCredential(rpid: string, challenge: Buffer, nativeWindowHandle: Buffer, origin: string, enabledExtensions: CredentialAssertionExtensions[], allowedCredentialIds: Buffer[], userVerificationPreference?: UserVerificationPreference, additionalOptions?: GetCredentialAdditionalOptions): Promise<GetCredentialResult>;
-export { getCredential };
+interface GetCredentialSuccessResult {
+    success: true;
+    data: GetCredentialSuccessData;
+}
+interface GetCredentialErrorResult {
+    success: false;
+    error: "TypeError" | "AbortError" | "NotAllowedError" | "SecurityError";
+}
+export type GetCredentialResult = GetCredentialSuccessResult | GetCredentialErrorResult;
+export declare function getCredential(publicKeyOptions: PublicKeyCredentialRequestOptions | undefined, additionalOptions: WebauthnGetRequestOptions): Promise<GetCredentialResult>;
+export {};

package/dist/get/handler.js

@@ -1,179 +1,139 @@
-import { fromPointer } from "objc-js";
-import { createAuthorizationControllerDelegate } from "../objc/authentication-services/as-authorization-controller-delegate.js";
-import { ASAuthorizationController } from "../objc/authentication-services/as-authorization-controller.js";
-import { createPresentationContextProvider } from "../objc/authentication-services/as-authorization-controller-presentation-context-providing.js";
-import { createPlatformPublicKeyCredentialProvider } from "../objc/authentication-services/as-authorization-platform-public-key-credential-provider.js";
-import { createPlatformPublicKeyCredentialDescriptor } from "../objc/authentication-services/as-authorization-platform-public-key-credential-descriptor.js";
-import { NSArrayFromObjects } from "../objc/foundation/nsarray.js";
-import { bufferFromNSDataDirect, NSDataFromBuffer, } from "../objc/foundation/nsdata.js";
-import { NSStringFromString } from "../objc/foundation/nsstring.js";
-import { base64UrlToBuffer, bufferToBase64Url, clientDataJsonBufferToHash, PromiseWithResolvers, } from "../helpers/index.js";
-import { isSameOrigin, serializeOrigin } from "../helpers/origin.js";
-import { ASAuthorizationPublicKeyCredentialAttachment } from "../objc/authentication-services/enums/as-authorization-public-key-credential-attachment.js";
-import { removeClientDataHash, setClientDataHash, WebauthnGetController, } from "../get/authorization-controller.js";
-import { createSecurityKeyPublicKeyCredentialProvider } from "../objc/authentication-services/as-authorization-security-key-public-key-credential-provider.js";
-import { createASAuthorizationPublicKeyCredentialLargeBlobAssertionInput } from "../objc/authentication-services/as-authorization-public-key-credential-large-blob-assertion-input.js";
-import { ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation } from "../objc/authentication-services/enums/as-authorization-public-key-credential-large-blob-assertion-operation.js";
-import { createASAuthorizationPublicKeyCredentialPRFAssertionInput } from "../objc/authentication-services/as-authorization-public-key-credential-prf-assertion-input.js";
-import {} from "../objc/authentication-services/as-authorization-public-key-credential-prf-assertion-input-valuesas-authorization-public-key-credential-prf-assertion-input-values.js";
-import { createPRFInput } from "../helpers/prf.js";
-import { NSDictionaryFromKeysAndValues, } from "../objc/foundation/nsdictionary.js";
-const VALID_EXTENSIONS = ["largeBlobRead", "largeBlobWrite", "prf"];
-function setupPublicKeyCredentialRequest(type, keyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions) {
-    if (userVerificationPreference === "preferred") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("preferred"));
+import { bufferSourceToBuffer, bufferToBase64Url } from "../helpers/index.js";
+import { isRpIdAllowedForOrigin } from "../helpers/rpid.js";
+import { isNumber, isString } from "../helpers/validation.js";
+import { getCredentialInternal, } from "./internal-handler.js";
+function getExtensionsConfiguration(extensionsData) {
+    if (!(extensionsData && typeof extensionsData === "object")) {
+        return {
+            extensions: [],
+        };
     }
-    else if (userVerificationPreference === "required") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("required"));
-    }
-    else if (userVerificationPreference === "discouraged") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("discouraged"));
-    }
-    if (type === "platform") {
-        const largeBlobRead = enabledExtensions.includes("largeBlobRead");
-        const largeBlobWrite = enabledExtensions.includes("largeBlobWrite");
-        if (largeBlobRead) {
-            const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Read;
-            const largeBlobInput = createASAuthorizationPublicKeyCredentialLargeBlobAssertionInput(operation);
-            keyRequest.setLargeBlob$(largeBlobInput);
+    const extensions = [];
+    let largeBlobWriteBuffer;
+    if (extensionsData.largeBlob) {
+        const largeBlobConfig = extensionsData.largeBlob;
+        if (largeBlobConfig.read) {
+            extensions.push("largeBlobRead");
         }
-        else if (largeBlobWrite) {
-            if (additionalOptions.largeBlobDataToWrite) {
-                const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Write;
-                const largeBlobInput = createASAuthorizationPublicKeyCredentialLargeBlobAssertionInput(operation);
-                largeBlobInput.setDataToWrite$(NSDataFromBuffer(additionalOptions.largeBlobDataToWrite));
-                keyRequest.setLargeBlob$(largeBlobInput);
-            }
-            else {
-                console.warn("[electron-webauthn] largeBlobWrite is enabled but largeBlobDataToWrite is not provided, skipping large blob write");
-            }
+        if (largeBlobConfig.write) {
+            extensions.push("largeBlobWrite");
+            largeBlobWriteBuffer = bufferSourceToBuffer(largeBlobConfig.write);
         }
     }
-    if (type === "platform" && enabledExtensions.includes("prf")) {
-        if (additionalOptions.prf || additionalOptions.prfByCredential) {
-            let inputValues = null;
-            if (additionalOptions.prf) {
-                inputValues = createPRFInput(additionalOptions.prf);
-            }
-            let perCredentialInputValues = null;
-            if (additionalOptions.prfByCredential &&
-                allowedCredentialIds.length > 0) {
-                const keys = [];
-                const values = [];
-                for (const [credentialId, prfInput] of Object.entries(additionalOptions.prfByCredential)) {
-                    const credentialIdBuffer = base64UrlToBuffer(credentialId);
-                    const credentialIdData = NSDataFromBuffer(credentialIdBuffer);
-                    keys.push(credentialIdData);
-                    values.push(createPRFInput(prfInput));
-                }
-                perCredentialInputValues = NSDictionaryFromKeysAndValues(keys, values);
-            }
-            const prfInput = createASAuthorizationPublicKeyCredentialPRFAssertionInput(inputValues, perCredentialInputValues);
-            keyRequest.setPrf$(prfInput);
+    let prf;
+    let prfByCredential;
+    const prfExtension = extensionsData.prf;
+    if (prfExtension && (prfExtension.eval || prfExtension.evalByCredential)) {
+        extensions.push("prf");
+        if (prfExtension.eval) {
+            prf = {
+                first: bufferSourceToBuffer(prfExtension.eval.first),
+                second: prfExtension.eval.second
+                    ? bufferSourceToBuffer(prfExtension.eval.second)
+                    : undefined,
+            };
         }
-        else {
-            console.warn("[electron-webauthn] prf is enabled but prf or prfByCredential is not provided, skipping PRF");
+        if (prfExtension.evalByCredential) {
+            prfByCredential = {};
+            for (const [credId, value] of Object.entries(prfExtension.evalByCredential)) {
+                prfByCredential[credId] = {
+                    first: bufferSourceToBuffer(value.first),
+                    second: value.second ? bufferSourceToBuffer(value.second) : undefined,
+                };
+            }
         }
     }
-}
-function getCredential(rpid, challenge, nativeWindowHandle, origin, enabledExtensions = [], allowedCredentialIds, userVerificationPreference, additionalOptions = {}) {
-    const { promise, resolve, reject } = PromiseWithResolvers();
-    const NS_rpID = NSStringFromString(rpid);
-    const NS_challenge = NSDataFromBuffer(challenge);
-    const platformProvider = createPlatformPublicKeyCredentialProvider(NS_rpID);
-    const platformKeyRequest = platformProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
-    setupPublicKeyCredentialRequest("platform", platformKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
-    const securityKeyProvider = createSecurityKeyPublicKeyCredentialProvider(NS_rpID);
-    const securityKeyRequest = securityKeyProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
-    setupPublicKeyCredentialRequest("security-key", securityKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
-    const requestsArray = NSArrayFromObjects([
-        platformKeyRequest,
-        securityKeyRequest,
-    ]);
-    const authController = WebauthnGetController.alloc().initWithAuthorizationRequests$(requestsArray);
-    const serializedOrigin = serializeOrigin(origin);
-    const clientData = {
-        type: "webauthn.get",
-        challenge: bufferToBase64Url(challenge),
-        origin: serializedOrigin,
-        crossOrigin: false,
+    return {
+        extensions,
+        largeBlobWriteBuffer,
+        prf,
+        prfByCredential,
     };
-    if (additionalOptions.topFrameOrigin) {
-        const sameOrigin = isSameOrigin(origin, additionalOptions.topFrameOrigin);
-        if (!sameOrigin) {
-            const serializedTopFrameOrigin = serializeOrigin(additionalOptions.topFrameOrigin);
-            clientData.topOrigin = serializedTopFrameOrigin;
-            clientData.crossOrigin = true;
-        }
+}
+export async function getCredential(publicKeyOptions, additionalOptions) {
+    if (!publicKeyOptions) {
+        return null;
     }
-    const clientDataJSON = JSON.stringify(clientData);
-    const clientDataBuffer = Buffer.from(clientDataJSON, "utf-8");
-    const clientDataHash = clientDataJsonBufferToHash(clientDataBuffer);
-    setClientDataHash(authController, clientDataHash);
-    const finished = (_success) => {
-        removeClientDataHash(authController);
-    };
-    if (allowedCredentialIds.length > 0) {
-        const allowedCredentials = NSArrayFromObjects(allowedCredentialIds.map((id) => createPlatformPublicKeyCredentialDescriptor(NSDataFromBuffer(id))));
-        platformKeyRequest.setAllowedCredentials$(allowedCredentials);
+    const rpId = publicKeyOptions.rpId;
+    if (!isString(rpId)) {
+        return { success: false, error: "TypeError" };
     }
-    const delegate = createAuthorizationControllerDelegate({
-        didCompleteWithAuthorization: (_, authorization) => {
-            const credential = authorization.credential();
-            const id_data = credential.credentialID();
-            const id = bufferFromNSDataDirect(id_data);
-            let authenticatorAttachment = "platform";
-            if (credential.attachment() ===
-                ASAuthorizationPublicKeyCredentialAttachment.ASAuthorizationPublicKeyCredentialAttachmentCrossPlatform) {
-                authenticatorAttachment = "cross-platform";
-            }
-            const prf = credential.prf();
-            const prfFirst = prf?.first ? prf.first() : null;
-            const prfSecond = prf?.second ? prf.second() : null;
-            let largeBlobBuffer = null;
-            let largeBlobWritten = null;
-            if (credential.largeBlob()) {
-                const largeBlobData = credential.largeBlob().readData();
-                if (largeBlobData) {
-                    largeBlobBuffer = bufferFromNSDataDirect(largeBlobData);
-                }
-                else {
-                    largeBlobWritten = credential.largeBlob().didWrite();
-                }
-            }
-            resolve({
-                id,
-                authenticatorAttachment,
-                clientDataJSON: clientDataBuffer,
-                authenticatorData: bufferFromNSDataDirect(credential.rawAuthenticatorData()),
-                signature: bufferFromNSDataDirect(credential.signature()),
-                userHandle: bufferFromNSDataDirect(credential.userID()),
-                prf: [
-                    prfFirst ? bufferFromNSDataDirect(prfFirst) : null,
-                    prfSecond ? bufferFromNSDataDirect(prfSecond) : null,
-                ],
-                largeBlob: largeBlobBuffer,
-                largeBlobWritten,
-            });
-            finished(true);
-        },
-        didCompleteWithError: (_, error) => {
-            const parsedError = error;
-            const errorMessage = parsedError.localizedDescription().UTF8String();
-            reject(new Error(errorMessage));
-            finished(false);
-        },
+    let timeout = publicKeyOptions.timeout;
+    if (!isNumber(timeout) || timeout <= 0) {
+        timeout = 10 * 60 * 1000;
+    }
+    else if (timeout > 60 * 60 * 1000) {
+        timeout = 60 * 60 * 1000;
+    }
+    const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
+    if (!challenge) {
+        return { success: false, error: "TypeError" };
+    }
+    const userVerification = publicKeyOptions.userVerification;
+    if (userVerification && !isString(userVerification)) {
+        return { success: false, error: "TypeError" };
+    }
+    const allowedCredentialsArray = [];
+    const allowedCredentials = publicKeyOptions.allowCredentials;
+    if (allowedCredentials && Array.isArray(allowedCredentials)) {
+        for (const allowedCredential of allowedCredentials) {
+            if (!(allowedCredential && typeof allowedCredential === "object"))
+                continue;
+            if (allowedCredential.type !== "public-key")
+                continue;
+            const id = bufferSourceToBuffer(allowedCredential.id);
+            if (!id)
+                continue;
+            allowedCredentialsArray.push(id);
+        }
+    }
+    const { extensions: enabledExtensions, largeBlobWriteBuffer, prf, prfByCredential, } = getExtensionsConfiguration(publicKeyOptions.extensions);
+    const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
+    const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
+        isPublicSuffix,
     });
-    authController.setDelegate$(delegate);
-    const presentationContextProvider = createPresentationContextProvider({
-        presentationAnchorForAuthorizationController: () => {
-            const nsView = fromPointer(nativeWindowHandle);
-            const nsWindow = nsView.window();
-            return nsWindow;
-        },
+    if (!isRpIdAllowed.ok) {
+        return { success: false, error: "NotAllowedError" };
+    }
+    const result = await getCredentialInternal(rpId, challenge, nativeWindowHandle, currentOrigin, enabledExtensions, allowedCredentialsArray, userVerification, {
+        topFrameOrigin,
+        largeBlobDataToWrite: largeBlobWriteBuffer,
+        prf,
+        prfByCredential,
+    }).catch((error) => {
+        console.error("Error getting credential", error);
+        if (error.message.startsWith("The operation couldn’t be completed.")) {
+            return "NotAllowedError";
+        }
+        return "NotAllowedError";
     });
-    authController.setPresentationContextProvider$(presentationContextProvider);
-    authController.performRequests();
-    return promise;
+    if (typeof result === "string") {
+        if (result === "NotAllowedError") {
+            return { success: false, error: "NotAllowedError" };
+        }
+        return { success: false, error: "NotAllowedError" };
+    }
+    const data = {
+        credentialId: bufferToBase64Url(result.id),
+        clientDataJSON: bufferToBase64Url(result.clientDataJSON),
+        authenticatorData: bufferToBase64Url(result.authenticatorData),
+        signature: bufferToBase64Url(result.signature),
+        userHandle: bufferToBase64Url(result.userHandle),
+        extensions: {},
+    };
+    if (result.prf && (result.prf[0] || result.prf[1])) {
+        data.extensions.prf = {
+            results: {
+                first: bufferToBase64Url(result.prf[0]),
+                second: result.prf[1] ? bufferToBase64Url(result.prf[1]) : undefined,
+            },
+        };
+    }
+    if (result.largeBlob || result.largeBlobWritten) {
+        data.extensions.largeBlob = {
+            blob: result.largeBlob ? bufferToBase64Url(result.largeBlob) : undefined,
+            written: result.largeBlobWritten !== null ? result.largeBlobWritten : undefined,
+        };
+    }
+    return { success: true, data };
 }
-export { getCredential };