npm - electron-webauthn - Versions diffs - 1.1.0 → 1.2.0 - Mend

electron-webauthn 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/README.md +20 -1
package/dist/index.d.ts +8 -3
package/dist/index.js +78 -3
package/package.json +15 -11
package/dist/additional-objc/ASCPublicKeyCredentialDescriptor.d.ts +0 -12
package/dist/additional-objc/ASCPublicKeyCredentialDescriptor.js +0 -2
package/dist/create/authorization-controller.d.ts +0 -10
package/dist/create/authorization-controller.js +0 -77
package/dist/create/handler.d.ts +0 -43
package/dist/create/handler.js +0 -224
package/dist/create/internal-handler.d.ts +0 -35
package/dist/create/internal-handler.js +0 -207
package/dist/get/authorization-controller.d.ts +0 -5
package/dist/get/authorization-controller.js +0 -37
package/dist/get/handler.d.ts +0 -38
package/dist/get/handler.js +0 -137
package/dist/get/internal-handler.d.ts +0 -24
package/dist/get/internal-handler.js +0 -169
package/dist/helpers/client-data.d.ts +0 -14
package/dist/helpers/client-data.js +0 -36
package/dist/helpers/index.d.ts +0 -8
package/dist/helpers/index.js +0 -48
package/dist/helpers/objc.d.ts +0 -5
package/dist/helpers/objc.js +0 -10
package/dist/helpers/origin.d.ts +0 -19
package/dist/helpers/origin.js +0 -106
package/dist/helpers/presentation.d.ts +0 -1
package/dist/helpers/presentation.js +0 -11
package/dist/helpers/prf.d.ts +0 -5
package/dist/helpers/prf.js +0 -5
package/dist/helpers/public-key.d.ts +0 -1
package/dist/helpers/public-key.js +0 -49
package/dist/helpers/rpid.d.ts +0 -13
package/dist/helpers/rpid.js +0 -59
package/dist/helpers/types.d.ts +0 -1
package/dist/helpers/types.js +0 -1
package/dist/helpers/validation.d.ts +0 -3
package/dist/helpers/validation.js +0 -9
package/dist/list/handler.d.ts +0 -2
package/dist/list/handler.js +0 -65
package/dist/list/types.d.ts +0 -14
package/dist/list/types.js +0 -1

package/dist/create/internal-handler.js DELETED Viewed

@@ -1,207 +0,0 @@
-import { generateClientDataInfo } from "../helpers/client-data.js";
-import { generateWebauthnClientData } from "../helpers/client-data.js";
-import { PromiseWithResolvers } from "../helpers/index.js";
-import { encodeEC2PublicKeyToSPKI } from "../helpers/public-key.js";
-import { createPresentationContextProviderFromNativeWindowHandle } from "../helpers/presentation.js";
-import { createPRFInput } from "../helpers/prf.js";
-import { removeControllerState, setControllerState, WebauthnCreateController, } from "./authorization-controller.js";
-import { parseAttestationObject } from "@oslojs/webauthn";
-import { NSArrayFromObjects, NSStringFromString } from "objcjs-types/helpers";
-import { bufferFromNSDataDirect, NSDataFromBuffer } from "objcjs-types/nsdata";
-import { ASAuthorizationPlatformPublicKeyCredentialProvider, ASAuthorizationPlatformPublicKeyCredentialRegistration, ASAuthorizationPublicKeyCredentialAttachment, ASAuthorizationPublicKeyCredentialAttestationKind, ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput, ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement, ASAuthorizationPublicKeyCredentialParameters, ASAuthorizationPublicKeyCredentialPRFRegistrationInput, ASAuthorizationPublicKeyCredentialUserVerificationPreference, ASAuthorizationSecurityKeyPublicKeyCredentialProvider, ASAuthorizationSecurityKeyPublicKeyCredentialRegistration, } from "objcjs-types/AuthenticationServices";
-import { createDelegate } from "objcjs-types";
-const VALID_EXTENSIONS = ["largeBlob", "prf"];
-function setupPublicKeyCredentialRegistrationRequest(type, keyRequest, attestation, enabledExtensions, userVerification, pubKeyCredParams, additionalOptions) {
-    if (type === "platform" && enabledExtensions.includes("largeBlob")) {
-        let supportMode;
-        const largeBlobSupport = additionalOptions.largeBlobSupport;
-        if (largeBlobSupport === "required") {
-            supportMode =
-                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Required;
-        }
-        else if (largeBlobSupport === "preferred") {
-            supportMode =
-                ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement.Preferred;
-        }
-        else {
-            console.warn("[electron-webauthn] largeBlobSupport is enabled but largeBlobSupport is not provided, skipping large blob support");
-        }
-        if (supportMode) {
-            const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput.alloc().initWithSupportRequirement$(supportMode);
-            keyRequest.setLargeBlob$(largeBlobInput);
-        }
-    }
-    let attestationPreference = ASAuthorizationPublicKeyCredentialAttestationKind.None;
-    if (type === "security-key") {
-        if (attestation === "direct") {
-            attestationPreference =
-                ASAuthorizationPublicKeyCredentialAttestationKind.Direct;
-        }
-        else if (attestation === "enterprise") {
-            attestationPreference =
-                ASAuthorizationPublicKeyCredentialAttestationKind.Enterprise;
-        }
-        else if (attestation === "indirect") {
-            attestationPreference =
-                ASAuthorizationPublicKeyCredentialAttestationKind.Indirect;
-        }
-    }
-    keyRequest.setAttestationPreference$(NSStringFromString(attestationPreference));
-    let userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference.Preferred;
-    if (userVerification === "required") {
-        userVerificationPreference =
-            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Required;
-    }
-    else if (userVerification === "discouraged") {
-        userVerificationPreference =
-            ASAuthorizationPublicKeyCredentialUserVerificationPreference.Discouraged;
-    }
-    keyRequest.setUserVerificationPreference$(NSStringFromString(userVerificationPreference));
-    if (type === "platform" && additionalOptions.userDisplayName) {
-        const userDisplayName = NSStringFromString(additionalOptions.userDisplayName);
-        keyRequest.setDisplayName$(userDisplayName);
-    }
-    if (type === "security-key") {
-        const credentialParameters = [];
-        for (const param of pubKeyCredParams) {
-            if (param.type === "public-key" && param.algorithm === -7) {
-                const paramObj = ASAuthorizationPublicKeyCredentialParameters.alloc().initWithAlgorithm$(param.algorithm);
-                credentialParameters.push(paramObj);
-            }
-        }
-        const nsCredentialParameters = NSArrayFromObjects(credentialParameters);
-        keyRequest.setCredentialParameters$(nsCredentialParameters);
-    }
-    if (type === "platform" && enabledExtensions.includes("prf")) {
-        if (additionalOptions.prf) {
-            const inputValues = createPRFInput(additionalOptions.prf);
-            const prfInput = ASAuthorizationPublicKeyCredentialPRFRegistrationInput.alloc().initWithInputValues$(inputValues);
-            keyRequest.setPrf$(prfInput);
-        }
-        else {
-            keyRequest.setPrf$(ASAuthorizationPublicKeyCredentialPRFRegistrationInput.checkForSupport());
-        }
-    }
-}
-function createCredentialInternal(rpid, challenge, username, userID, nativeWindowHandle, origin, timeout, enabledExtensions, attestation = "none", supportedAlgorithmIdentifiers = [], excludeCredentials, residentKeyRequired = false, preferredAuthenticatorAttachment = "all", userVerification = "preferred", additionalOptions = {}) {
-    const { promise, resolve, reject } = PromiseWithResolvers();
-    const NS_rpID = NSStringFromString(rpid);
-    const NS_challenge = NSDataFromBuffer(challenge);
-    const NS_username = NSStringFromString(username);
-    const NS_userID = NSDataFromBuffer(userID);
-    const requestArrayInput = [];
-    if (preferredAuthenticatorAttachment === "all" ||
-        preferredAuthenticatorAttachment === "platform") {
-        const platformProvider = ASAuthorizationPlatformPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
-        const platformKeyRequest = platformProvider.createCredentialRegistrationRequestWithChallenge$name$userID$(NS_challenge, NS_username, NS_userID);
-        setupPublicKeyCredentialRegistrationRequest("platform", platformKeyRequest, attestation, enabledExtensions, userVerification, supportedAlgorithmIdentifiers, additionalOptions);
-        requestArrayInput.push(platformKeyRequest);
-    }
-    if (preferredAuthenticatorAttachment === "all" ||
-        preferredAuthenticatorAttachment === "cross-platform") {
-        const securityKeyProvider = ASAuthorizationSecurityKeyPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
-        const securityKeyRequest = securityKeyProvider.createCredentialRegistrationRequestWithChallenge$displayName$name$userID$(NS_challenge, NSStringFromString(additionalOptions.userDisplayName || username), NS_username, NS_userID);
-        setupPublicKeyCredentialRegistrationRequest("security-key", securityKeyRequest, attestation, enabledExtensions, userVerification, supportedAlgorithmIdentifiers, additionalOptions);
-        requestArrayInput.push(securityKeyRequest);
-    }
-    const requestsArray = NSArrayFromObjects(requestArrayInput);
-    const authController = WebauthnCreateController.alloc().initWithAuthorizationRequests$(requestsArray);
-    const clientData = generateWebauthnClientData("webauthn.create", origin, challenge, additionalOptions.topFrameOrigin);
-    const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
-    setControllerState(authController, clientDataHash, supportedAlgorithmIdentifiers, residentKeyRequired, excludeCredentials);
-    let isFinished = false;
-    let timeoutHandlerId = null;
-    const finished = (_success) => {
-        isFinished = true;
-        removeControllerState(authController);
-        if (timeoutHandlerId) {
-            clearTimeout(timeoutHandlerId);
-            timeoutHandlerId = null;
-        }
-    };
-    const delegate = createDelegate("ASAuthorizationControllerDelegate", {
-        authorizationController$didCompleteWithAuthorization$: (_, authorization) => {
-            const credential = authorization.credential();
-            console.log("Authorization succeeded:", credential);
-            const isPlatform = credential instanceof
-                ASAuthorizationPlatformPublicKeyCredentialRegistration;
-            const isSecurityKey = credential instanceof
-                ASAuthorizationSecurityKeyPublicKeyCredentialRegistration;
-            if (!isPlatform && !isSecurityKey) {
-                reject(new Error("Resulting credential is not a platform or security key credential"));
-                finished(false);
-                return;
-            }
-            const credentialIdBuffer = bufferFromNSDataDirect(credential.credentialID());
-            const attestationObjectBuffer = bufferFromNSDataDirect(credential.rawAttestationObject());
-            const attestation = parseAttestationObject(attestationObjectBuffer);
-            const publicKey = attestation.authenticatorData.credential.publicKey;
-            const ec2Key = publicKey.ec2();
-            const publicKeySPKI = encodeEC2PublicKeyToSPKI(ec2Key.x, ec2Key.y);
-            const authenticatorData = Buffer.from(JSON.stringify(attestation.authenticatorData));
-            let authenticatorAttachment = "cross-platform";
-            if (isPlatform &&
-                credential.attachment() ===
-                    ASAuthorizationPublicKeyCredentialAttachment.Platform) {
-                authenticatorAttachment = "platform";
-            }
-            let isLargeBlobSupported = null;
-            if (enabledExtensions.includes("largeBlob")) {
-                const largeBlobOutput = credential.largeBlob();
-                if (largeBlobOutput) {
-                    isLargeBlobSupported = largeBlobOutput.isSupported();
-                }
-            }
-            let prfFirst = null;
-            let prfSecond = null;
-            let isPRFSupported = null;
-            if (enabledExtensions.includes("prf")) {
-                const prfOutput = credential.prf();
-                if (prfOutput) {
-                    const prfFirstData = prfOutput.first();
-                    const prfSecondData = prfOutput.second();
-                    if (prfFirstData) {
-                        prfFirst = bufferFromNSDataDirect(prfFirstData);
-                    }
-                    if (prfSecondData) {
-                        prfSecond = bufferFromNSDataDirect(prfSecondData);
-                    }
-                    isPRFSupported = prfOutput.isSupported();
-                }
-            }
-            const data = {
-                credentialId: credentialIdBuffer,
-                clientDataJSON: clientDataBuffer,
-                attestationObject: attestationObjectBuffer,
-                authenticatorData,
-                attachment: authenticatorAttachment,
-                transports: ["hybrid", "internal"],
-                isResidentKey: true,
-                publicKeyAlgorithm: publicKey.algorithm(),
-                publicKey: publicKeySPKI,
-                isLargeBlobSupported,
-                isPRFSupported,
-                prfFirst,
-                prfSecond,
-            };
-            resolve(data);
-            finished(true);
-        },
-        authorizationController$didCompleteWithError$: (_, error) => {
-            const errorMessage = error.localizedDescription().UTF8String();
-            reject(new Error(errorMessage));
-            finished(false);
-        },
-    });
-    authController.setDelegate$(delegate);
-    const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
-    authController.setPresentationContextProvider$(presentationContextProvider);
-    authController.performRequests();
-    timeoutHandlerId = setTimeout(() => {
-        if (isFinished)
-            return;
-        authController.cancel();
-    }, timeout);
-    return promise;
-}
-export { createCredentialInternal };

package/dist/get/authorization-controller.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { NobjcObject } from "objc-js";
-import type { ASAuthorizationController } from "objcjs-types/AuthenticationServices";
-export declare function setClientDataHash(self: NobjcObject, clientDataHash: Buffer): void;
-export declare function removeClientDataHash(self: NobjcObject): void;
-export declare const WebauthnGetController: typeof ASAuthorizationController;

package/dist/get/authorization-controller.js DELETED Viewed

@@ -1,37 +0,0 @@
-import { NobjcClass, NobjcObject, getPointer } from "objc-js";
-import { NSDataFromBuffer } from "objcjs-types/nsdata";
-const getControllerState = new Map();
-function getObjectPointerString(self) {
-    return getPointer(self).toString("base64");
-}
-export function setClientDataHash(self, clientDataHash) {
-    const selfPointer = getObjectPointerString(self);
-    getControllerState.set(selfPointer, clientDataHash);
-}
-export function removeClientDataHash(self) {
-    const selfPointer = getObjectPointerString(self);
-    getControllerState.delete(selfPointer);
-}
-export const WebauthnGetController = NobjcClass.define({
-    name: "WebauthnGetController",
-    superclass: "ASAuthorizationController",
-    methods: {
-        _requestContextWithRequests$error$: {
-            types: "@@:@^@",
-            implementation: (self, requests, outError) => {
-                const context = NobjcClass.super(self, "_requestContextWithRequests$error$", requests, outError);
-                const selfPointer = getObjectPointerString(self);
-                if (getControllerState.has(selfPointer)) {
-                    let assertionOptions = context.platformKeyCredentialAssertionOptions();
-                    if (!assertionOptions) {
-                        assertionOptions = context.securityKeyCredentialAssertionOptions();
-                    }
-                    const clientDataHash = getControllerState.get(selfPointer);
-                    assertionOptions.setClientDataHash$(NSDataFromBuffer(clientDataHash));
-                    context.setPlatformKeyCredentialAssertionOptions$(assertionOptions.copyWithZone$(null));
-                }
-                return context;
-            },
-        },
-    },
-});

package/dist/get/handler.d.ts DELETED Viewed

@@ -1,38 +0,0 @@
-export type GetCredentialErrorCodes = "TypeError" | "AbortError" | "NotAllowedError" | "SecurityError";
-export interface GetCredentialSuccessData {
-    credentialId: string;
-    clientDataJSON: string;
-    authenticatorData: string;
-    signature: string;
-    userHandle: string;
-    extensions?: {
-        prf?: {
-            results?: {
-                first: string;
-                second?: string;
-            };
-        };
-        largeBlob?: {
-            blob?: string;
-            written?: boolean;
-        };
-    };
-}
-interface WebauthnGetRequestOptions {
-    currentOrigin: string;
-    topFrameOrigin: string | undefined;
-    isPublicSuffix?: (domain: string) => boolean;
-    nativeWindowHandle: Buffer;
-}
-interface GetCredentialSuccessResult {
-    success: true;
-    data: GetCredentialSuccessData;
-}
-interface GetCredentialErrorResult {
-    success: false;
-    error: GetCredentialErrorCodes;
-    errorObject?: Error;
-}
-export type GetCredentialResult = GetCredentialSuccessResult | GetCredentialErrorResult;
-export declare function getCredential(publicKeyOptions: PublicKeyCredentialRequestOptions | undefined, additionalOptions: WebauthnGetRequestOptions): Promise<GetCredentialResult>;
-export {};

package/dist/get/handler.js DELETED Viewed

@@ -1,137 +0,0 @@
-import { bufferSourceToBuffer, bufferToBase64Url } from "../helpers/index.js";
-import { isRpIdAllowedForOrigin } from "../helpers/rpid.js";
-import { isNumber, isString } from "../helpers/validation.js";
-import { getCredentialInternal, } from "./internal-handler.js";
-function getExtensionsConfiguration(extensionsData) {
-    if (!(extensionsData && typeof extensionsData === "object")) {
-        return {
-            extensions: [],
-        };
-    }
-    const extensions = [];
-    let largeBlobWriteBuffer;
-    if (extensionsData.largeBlob) {
-        const largeBlobConfig = extensionsData.largeBlob;
-        if (largeBlobConfig.read) {
-            extensions.push("largeBlobRead");
-        }
-        if (largeBlobConfig.write) {
-            extensions.push("largeBlobWrite");
-            largeBlobWriteBuffer = bufferSourceToBuffer(largeBlobConfig.write);
-        }
-    }
-    let prf;
-    let prfByCredential;
-    const prfExtension = extensionsData.prf;
-    if (prfExtension && (prfExtension.eval || prfExtension.evalByCredential)) {
-        extensions.push("prf");
-        if (prfExtension.eval) {
-            prf = {
-                first: bufferSourceToBuffer(prfExtension.eval.first),
-                second: prfExtension.eval.second
-                    ? bufferSourceToBuffer(prfExtension.eval.second)
-                    : undefined,
-            };
-        }
-        if (prfExtension.evalByCredential) {
-            prfByCredential = {};
-            for (const [credId, value] of Object.entries(prfExtension.evalByCredential)) {
-                prfByCredential[credId] = {
-                    first: bufferSourceToBuffer(value.first),
-                    second: value.second ? bufferSourceToBuffer(value.second) : undefined,
-                };
-            }
-        }
-    }
-    return {
-        extensions,
-        largeBlobWriteBuffer,
-        prf,
-        prfByCredential,
-    };
-}
-export async function getCredential(publicKeyOptions, additionalOptions) {
-    if (!publicKeyOptions) {
-        return null;
-    }
-    const rpId = publicKeyOptions.rpId;
-    if (!isString(rpId)) {
-        return { success: false, error: "TypeError" };
-    }
-    let timeout = publicKeyOptions.timeout;
-    if (!isNumber(timeout) || timeout <= 0) {
-        timeout = 10 * 60 * 1000;
-    }
-    else if (timeout > 60 * 60 * 1000) {
-        timeout = 60 * 60 * 1000;
-    }
-    const challenge = bufferSourceToBuffer(publicKeyOptions.challenge);
-    if (!challenge) {
-        return { success: false, error: "TypeError" };
-    }
-    const userVerification = publicKeyOptions.userVerification;
-    if (userVerification && !isString(userVerification)) {
-        return { success: false, error: "TypeError" };
-    }
-    const allowedCredentialsArray = [];
-    const allowedCredentials = publicKeyOptions.allowCredentials;
-    if (allowedCredentials && Array.isArray(allowedCredentials)) {
-        for (const allowedCredential of allowedCredentials) {
-            if (!(allowedCredential && typeof allowedCredential === "object"))
-                continue;
-            if (allowedCredential.type !== "public-key")
-                continue;
-            const id = bufferSourceToBuffer(allowedCredential.id);
-            if (!id)
-                continue;
-            allowedCredentialsArray.push(id);
-        }
-    }
-    const { extensions: enabledExtensions, largeBlobWriteBuffer, prf, prfByCredential, } = getExtensionsConfiguration(publicKeyOptions.extensions);
-    const { currentOrigin, topFrameOrigin, isPublicSuffix, nativeWindowHandle } = additionalOptions;
-    const isRpIdAllowed = isRpIdAllowedForOrigin(currentOrigin, rpId, {
-        isPublicSuffix,
-    });
-    if (!isRpIdAllowed.ok) {
-        return { success: false, error: "NotAllowedError" };
-    }
-    let errorResult = null;
-    const result = await getCredentialInternal(rpId, challenge, nativeWindowHandle, currentOrigin, timeout, enabledExtensions, allowedCredentialsArray, userVerification, {
-        topFrameOrigin,
-        largeBlobDataToWrite: largeBlobWriteBuffer,
-        prf,
-        prfByCredential,
-    }).catch((error) => {
-        errorResult = error;
-        if (error.message.startsWith("The operation couldn’t be completed.")) {
-            return "NotAllowedError";
-        }
-        return "NotAllowedError";
-    });
-    if (typeof result === "string") {
-        return { success: false, error: result, errorObject: errorResult };
-    }
-    const data = {
-        credentialId: bufferToBase64Url(result.id),
-        clientDataJSON: bufferToBase64Url(result.clientDataJSON),
-        authenticatorData: bufferToBase64Url(result.authenticatorData),
-        signature: bufferToBase64Url(result.signature),
-        userHandle: bufferToBase64Url(result.userHandle),
-        extensions: {},
-    };
-    if (result.prf && (result.prf[0] || result.prf[1])) {
-        data.extensions.prf = {
-            results: {
-                first: bufferToBase64Url(result.prf[0]),
-                second: result.prf[1] ? bufferToBase64Url(result.prf[1]) : undefined,
-            },
-        };
-    }
-    if (result.largeBlob || result.largeBlobWritten) {
-        data.extensions.largeBlob = {
-            blob: result.largeBlob ? bufferToBase64Url(result.largeBlob) : undefined,
-            written: result.largeBlobWritten !== null ? result.largeBlobWritten : undefined,
-        };
-    }
-    return { success: true, data };
-}

package/dist/get/internal-handler.d.ts DELETED Viewed

@@ -1,24 +0,0 @@
-import { type PRFInput } from "../helpers/prf.js";
-import type { AuthenticatorAttachment } from "../helpers/types.js";
-export type UserVerificationPreference = "preferred" | "required" | "discouraged";
-declare const VALID_EXTENSIONS: readonly ["largeBlobRead", "largeBlobWrite", "prf"];
-export type CredentialAssertionExtensions = (typeof VALID_EXTENSIONS)[number];
-export interface GetCredentialResult {
-    id: Buffer;
-    authenticatorAttachment: AuthenticatorAttachment;
-    clientDataJSON: Buffer;
-    authenticatorData: Buffer;
-    signature: Buffer;
-    userHandle: Buffer;
-    prf: [Buffer | null, Buffer | null];
-    largeBlob: Buffer | null;
-    largeBlobWritten: boolean | null;
-}
-export interface GetCredentialAdditionalOptions {
-    largeBlobDataToWrite?: Buffer;
-    prf?: PRFInput;
-    prfByCredential?: Record<string, PRFInput>;
-    topFrameOrigin?: string;
-}
-declare function getCredentialInternal(rpid: string, challenge: Buffer, nativeWindowHandle: Buffer, origin: string, timeout: number, enabledExtensions: CredentialAssertionExtensions[], allowedCredentialIds: Buffer[], userVerificationPreference?: UserVerificationPreference, additionalOptions?: GetCredentialAdditionalOptions): Promise<GetCredentialResult>;
-export { getCredentialInternal };

package/dist/get/internal-handler.js DELETED Viewed

@@ -1,169 +0,0 @@
-import { base64UrlToBuffer, PromiseWithResolvers } from "../helpers/index.js";
-import { removeClientDataHash, setClientDataHash, WebauthnGetController, } from "../get/authorization-controller.js";
-import { createPRFInput } from "../helpers/prf.js";
-import { generateClientDataInfo, generateWebauthnClientData, } from "../helpers/client-data.js";
-import { createPresentationContextProviderFromNativeWindowHandle } from "../helpers/presentation.js";
-import { NSStringFromString } from "objcjs-types/helpers";
-import { ASAuthorizationPlatformPublicKeyCredentialProvider, ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput, ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation, ASAuthorizationPlatformPublicKeyCredentialDescriptor, ASAuthorizationSecurityKeyPublicKeyCredentialProvider, ASAuthorizationPublicKeyCredentialPRFAssertionInput, ASAuthorizationPublicKeyCredentialAttachment, ASAuthorizationPlatformPublicKeyCredentialAssertion, ASAuthorizationSecurityKeyPublicKeyCredentialAssertion, } from "objcjs-types/AuthenticationServices";
-import { NSDataFromBuffer, bufferFromNSDataDirect } from "objcjs-types/nsdata";
-import { createDelegate } from "objcjs-types/delegates";
-import { NSArray, NSDictionary, } from "objcjs-types/Foundation";
-import { NSArrayFromObjects, NSDictionaryFromKeysAndValues, } from "objcjs-types/helpers";
-const VALID_EXTENSIONS = ["largeBlobRead", "largeBlobWrite", "prf"];
-function setupPublicKeyCredentialRequest(type, keyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions) {
-    if (userVerificationPreference === "preferred") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("preferred"));
-    }
-    else if (userVerificationPreference === "required") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("required"));
-    }
-    else if (userVerificationPreference === "discouraged") {
-        keyRequest.setUserVerificationPreference$(NSStringFromString("discouraged"));
-    }
-    if (type === "platform") {
-        const largeBlobRead = enabledExtensions.includes("largeBlobRead");
-        const largeBlobWrite = enabledExtensions.includes("largeBlobWrite");
-        if (largeBlobRead) {
-            const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Read;
-            const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.alloc().initWithOperation$(operation);
-            keyRequest.setLargeBlob$(largeBlobInput);
-        }
-        else if (largeBlobWrite) {
-            if (additionalOptions.largeBlobDataToWrite) {
-                const operation = ASAuthorizationPublicKeyCredentialLargeBlobAssertionOperation.Write;
-                const largeBlobInput = ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.alloc().initWithOperation$(operation);
-                largeBlobInput.setDataToWrite$(NSDataFromBuffer(additionalOptions.largeBlobDataToWrite));
-                keyRequest.setLargeBlob$(largeBlobInput);
-            }
-            else {
-                console.warn("[electron-webauthn] largeBlobWrite is enabled but largeBlobDataToWrite is not provided, skipping large blob write");
-            }
-        }
-    }
-    if (type === "platform" && enabledExtensions.includes("prf")) {
-        if (additionalOptions.prf || additionalOptions.prfByCredential) {
-            let inputValues = null;
-            if (additionalOptions.prf) {
-                inputValues = createPRFInput(additionalOptions.prf);
-            }
-            let perCredentialInputValues = null;
-            if (additionalOptions.prfByCredential &&
-                allowedCredentialIds.length > 0) {
-                const keys = [];
-                const values = [];
-                for (const [credentialId, prfInput] of Object.entries(additionalOptions.prfByCredential)) {
-                    const credentialIdBuffer = base64UrlToBuffer(credentialId);
-                    const credentialIdData = NSDataFromBuffer(credentialIdBuffer);
-                    keys.push(credentialIdData);
-                    values.push(createPRFInput(prfInput));
-                }
-                perCredentialInputValues = NSDictionaryFromKeysAndValues(keys, values);
-            }
-            const prfInput = ASAuthorizationPublicKeyCredentialPRFAssertionInput.alloc().initWithInputValues$perCredentialInputValues$(inputValues, perCredentialInputValues);
-            keyRequest.setPrf$(prfInput);
-        }
-        else {
-            console.warn("[electron-webauthn] prf is enabled but prf or prfByCredential is not provided, skipping PRF");
-        }
-    }
-}
-function getCredentialInternal(rpid, challenge, nativeWindowHandle, origin, timeout, enabledExtensions = [], allowedCredentialIds, userVerificationPreference, additionalOptions = {}) {
-    const { promise, resolve, reject } = PromiseWithResolvers();
-    const NS_rpID = NSStringFromString(rpid);
-    const NS_challenge = NSDataFromBuffer(challenge);
-    const platformProvider = ASAuthorizationPlatformPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
-    const platformKeyRequest = platformProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
-    setupPublicKeyCredentialRequest("platform", platformKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
-    const securityKeyProvider = ASAuthorizationSecurityKeyPublicKeyCredentialProvider.alloc().initWithRelyingPartyIdentifier$(NS_rpID);
-    const securityKeyRequest = securityKeyProvider.createCredentialAssertionRequestWithChallenge$(NS_challenge);
-    setupPublicKeyCredentialRequest("security-key", securityKeyRequest, userVerificationPreference, enabledExtensions, allowedCredentialIds, additionalOptions);
-    const requestsArray = NSArrayFromObjects([
-        platformKeyRequest,
-        securityKeyRequest,
-    ]);
-    const authController = WebauthnGetController.alloc().initWithAuthorizationRequests$(requestsArray);
-    const clientData = generateWebauthnClientData("webauthn.get", origin, challenge, additionalOptions.topFrameOrigin);
-    const { clientDataHash, clientDataBuffer } = generateClientDataInfo(clientData);
-    setClientDataHash(authController, clientDataHash);
-    let isFinished = false;
-    let timeoutHandlerId = null;
-    const finished = (_success) => {
-        isFinished = true;
-        removeClientDataHash(authController);
-        if (timeoutHandlerId) {
-            clearTimeout(timeoutHandlerId);
-            timeoutHandlerId = null;
-        }
-    };
-    if (allowedCredentialIds.length > 0) {
-        const allowedCredentials = NSArrayFromObjects(allowedCredentialIds.map((id) => ASAuthorizationPlatformPublicKeyCredentialDescriptor.alloc().initWithCredentialID$(NSDataFromBuffer(id))));
-        platformKeyRequest.setAllowedCredentials$(allowedCredentials);
-    }
-    const delegate = createDelegate("ASAuthorizationControllerDelegate", {
-        authorizationController$didCompleteWithAuthorization$: (_, authorization) => {
-            const credential = authorization.credential();
-            const isPlatform = credential instanceof
-                ASAuthorizationPlatformPublicKeyCredentialAssertion;
-            const isSecurityKey = credential instanceof
-                ASAuthorizationSecurityKeyPublicKeyCredentialAssertion;
-            if (!isPlatform && !isSecurityKey) {
-                reject(new Error("Resulting credential is not a platform or security key credential"));
-                finished(false);
-                return;
-            }
-            const id_data = credential.credentialID();
-            const id = bufferFromNSDataDirect(id_data);
-            let authenticatorAttachment = "cross-platform";
-            if (isPlatform &&
-                credential.attachment() ===
-                    ASAuthorizationPublicKeyCredentialAttachment.Platform) {
-                authenticatorAttachment = "platform";
-            }
-            const prf = credential.prf();
-            const prfFirst = prf?.first ? prf.first() : null;
-            const prfSecond = prf?.second ? prf.second() : null;
-            let largeBlobBuffer = null;
-            let largeBlobWritten = null;
-            if (credential.largeBlob()) {
-                const largeBlobData = credential.largeBlob().readData();
-                if (largeBlobData) {
-                    largeBlobBuffer = bufferFromNSDataDirect(largeBlobData);
-                }
-                else {
-                    largeBlobWritten = credential.largeBlob().didWrite();
-                }
-            }
-            resolve({
-                id,
-                authenticatorAttachment,
-                clientDataJSON: clientDataBuffer,
-                authenticatorData: bufferFromNSDataDirect(credential.rawAuthenticatorData()),
-                signature: bufferFromNSDataDirect(credential.signature()),
-                userHandle: bufferFromNSDataDirect(credential.userID()),
-                prf: [
-                    prfFirst ? bufferFromNSDataDirect(prfFirst) : null,
-                    prfSecond ? bufferFromNSDataDirect(prfSecond) : null,
-                ],
-                largeBlob: largeBlobBuffer,
-                largeBlobWritten,
-            });
-            finished(true);
-        },
-        authorizationController$didCompleteWithError$: (_, error) => {
-            const errorMessage = error.localizedDescription().UTF8String();
-            reject(new Error(errorMessage));
-            finished(false);
-        },
-    });
-    authController.setDelegate$(delegate);
-    const presentationContextProvider = createPresentationContextProviderFromNativeWindowHandle(nativeWindowHandle);
-    authController.setPresentationContextProvider$(presentationContextProvider);
-    authController.performRequests();
-    timeoutHandlerId = setTimeout(() => {
-        if (isFinished)
-            return;
-        authController.cancel();
-    }, timeout);
-    return promise;
-}
-export { getCredentialInternal };

package/dist/helpers/client-data.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-interface WebauthnClientData {
-    type: "webauthn.get" | "webauthn.create";
-    challenge: string;
-    origin: string;
-    topOrigin?: string;
-    crossOrigin: boolean;
-}
-export declare function generateWebauthnClientData(type: "webauthn.get" | "webauthn.create", origin: string, challenge: Buffer, topFrameOrigin?: string): WebauthnClientData;
-export declare function generateClientDataInfo(clientData: WebauthnClientData): {
-    clientDataJSON: string;
-    clientDataBuffer: Buffer<ArrayBuffer>;
-    clientDataHash: Buffer<ArrayBufferLike>;
-};
-export {};