@simplewebauthn/server
Advanced tools
@simplewebauthn/server - npm Package Compare versions
Comparing version 0.8.2 to 0.9.0
@@ -9,3 +9,3 @@ "use strict"; | ||
| const toHash_1 = __importDefault(require("../helpers/toHash")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../helpers/convertASN1toPEM")); | ||
| const convertPublicKeyToPEM_1 = __importDefault(require("../helpers/convertPublicKeyToPEM")); | ||
| const verifySignature_1 = __importDefault(require("../helpers/verifySignature")); | ||
@@ -109,3 +109,3 @@ const parseAuthenticatorData_1 = __importDefault(require("../helpers/parseAuthenticatorData")); | ||
| const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]); | ||
| const publicKey = convertASN1toPEM_1.default(base64url_1.default.toBuffer(authenticator.publicKey)); | ||
| const publicKey = convertPublicKeyToPEM_1.default(authenticator.publicKey); | ||
| const signature = base64url_1.default.toBuffer(response.signature); | ||
@@ -112,0 +112,0 @@ if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) { |
| /// <reference types="node" /> | ||
| import type { PublicKeyCredentialCreationOptionsJSON, Base64URLString } from '@simplewebauthn/typescript-types'; | ||
| declare type Options = { | ||
| serviceName: string; | ||
| rpName: string; | ||
| rpID: string; | ||
@@ -29,3 +29,3 @@ userID: string; | ||
| * | ||
| * @param serviceName Friendly user-visible website name | ||
| * @param rpName User-visible, "friendly" website/service name | ||
| * @param rpID Valid domain name (after `https://`) | ||
@@ -32,0 +32,0 @@ * @param userID User's website-specific unique ID |
@@ -57,3 +57,3 @@ "use strict"; | ||
| * | ||
| * @param serviceName Friendly user-visible website name | ||
| * @param rpName User-visible, "friendly" website/service name | ||
| * @param rpID Valid domain name (after `https://`) | ||
@@ -76,3 +76,3 @@ * @param userID User's website-specific unique ID | ||
| function generateAttestationOptions(options) { | ||
| const { serviceName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludedCredentialIDs = [], suggestedTransports = ['usb', 'ble', 'nfc', 'internal'], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options; | ||
| const { rpName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludedCredentialIDs = [], suggestedTransports = ['usb', 'ble', 'nfc', 'internal'], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options; | ||
| /** | ||
@@ -88,3 +88,3 @@ * Prepare pubKeyCredParams from the array of algorithm ID's | ||
| rp: { | ||
| name: serviceName, | ||
| name: rpName, | ||
| id: rpID, | ||
@@ -91,0 +91,0 @@ }, |
@@ -11,3 +11,3 @@ "use strict"; | ||
| const toHash_1 = __importDefault(require("../../../helpers/toHash")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../../../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../../../helpers/convertX509CertToPEM")); | ||
| const getCertificateInfo_1 = __importDefault(require("../../../helpers/getCertificateInfo")); | ||
@@ -138,3 +138,3 @@ const verifySignature_1 = __importDefault(require("../../../helpers/verifySignature")); | ||
| // Pick a leaf AIK certificate of the x5c array and parse it. | ||
| const leafCertPEM = convertASN1toPEM_1.default(x5c[0]); | ||
| const leafCertPEM = convertX509CertToPEM_1.default(x5c[0]); | ||
| const leafCertInfo = getCertificateInfo_1.default(leafCertPEM); | ||
@@ -189,3 +189,3 @@ const { basicConstraintsCA, version, subject, notAfter, notBefore } = leafCertInfo; | ||
| } | ||
| const { tcgAtTpmManufacturer, tcgAtTpmModel, tcgAtTpmVersion } = getTcgAtTpmValues(subjectAltNamePresent[0].directoryName[0]); | ||
| const { tcgAtTpmManufacturer, tcgAtTpmModel, tcgAtTpmVersion } = getTcgAtTpmValues(subjectAltNamePresent[0].directoryName); | ||
| if (!tcgAtTpmManufacturer || !tcgAtTpmModel || !tcgAtTpmVersion) { | ||
@@ -233,12 +233,42 @@ throw new Error('Certificate contained incomplete subjectAltName data (TPM)'); | ||
| let tcgAtTpmVersion; | ||
| root.forEach(attr => { | ||
| if (attr.type === oidManufacturer) { | ||
| tcgAtTpmManufacturer = attr.value.toString(); | ||
| } | ||
| else if (attr.type === oidModel) { | ||
| tcgAtTpmModel = attr.value.toString(); | ||
| } | ||
| else if (attr.type === oidVersion) { | ||
| tcgAtTpmVersion = attr.value.toString(); | ||
| } | ||
| /** | ||
| * Iterate through the following potential structures: | ||
| * | ||
| * (Good, follows the spec) | ||
| * https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf (page 33) | ||
| * Name [ | ||
| * RelativeDistinguishedName [ | ||
| * AttributeTypeAndValue { type, value } | ||
| * ] | ||
| * RelativeDistinguishedName [ | ||
| * AttributeTypeAndValue { type, value } | ||
| * ] | ||
| * RelativeDistinguishedName [ | ||
| * AttributeTypeAndValue { type, value } | ||
| * ] | ||
| * ] | ||
| * | ||
| * (Bad, does not follow the spec) | ||
| * Name [ | ||
| * RelativeDistinguishedName [ | ||
| * AttributeTypeAndValue { type, value } | ||
| * AttributeTypeAndValue { type, value } | ||
| * AttributeTypeAndValue { type, value } | ||
| * ] | ||
| * ] | ||
| * | ||
| * Both structures have been seen in the wild and need to be supported | ||
| */ | ||
| root.forEach(relName => { | ||
| relName.forEach(attr => { | ||
| if (attr.type === oidManufacturer) { | ||
| tcgAtTpmManufacturer = attr.value.toString(); | ||
| } | ||
| else if (attr.type === oidModel) { | ||
| tcgAtTpmModel = attr.value.toString(); | ||
| } | ||
| else if (attr.type === oidVersion) { | ||
| tcgAtTpmVersion = attr.value.toString(); | ||
| } | ||
| }); | ||
| }); | ||
@@ -245,0 +275,0 @@ return { |
@@ -28,3 +28,3 @@ "use strict"; | ||
| const asn1_android_1 = require("@peculiar/asn1-android"); | ||
| const convertASN1toPEM_1 = __importDefault(require("../../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../../helpers/convertX509CertToPEM")); | ||
| const verifySignature_1 = __importDefault(require("../../helpers/verifySignature")); | ||
@@ -76,3 +76,3 @@ const convertCOSEtoPKCS_1 = __importStar(require("../../helpers/convertCOSEtoPKCS")); | ||
| // TODO: Confirm that the root certificate is an expected certificate | ||
| // const rootCertPEM = convertASN1toPEM(x5c[x5c.length - 1]); | ||
| // const rootCertPEM = convertX509CertToPEM(x5c[x5c.length - 1]); | ||
| // console.log(rootCertPEM); | ||
@@ -92,3 +92,3 @@ // if (rootCertPEM !== expectedRootCert) { | ||
| const signatureBase = Buffer.concat([authData, clientDataHash]); | ||
| const leafCertPEM = convertASN1toPEM_1.default(x5c[0]); | ||
| const leafCertPEM = convertX509CertToPEM_1.default(x5c[0]); | ||
| const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg]; | ||
@@ -95,0 +95,0 @@ return verifySignature_1.default(sig, signatureBase, leafCertPEM, hashAlg); |
@@ -11,3 +11,3 @@ "use strict"; | ||
| const validateCertificatePath_1 = __importDefault(require("../../helpers/validateCertificatePath")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../../helpers/convertX509CertToPEM")); | ||
| const metadataService_1 = __importDefault(require("../../metadata/metadataService")); | ||
@@ -65,3 +65,3 @@ const verifyAttestationWithMetadata_1 = __importDefault(require("../../metadata/verifyAttestationWithMetadata")); | ||
| */ | ||
| const leafCert = convertASN1toPEM_1.default(HEADER.x5c[0]); | ||
| const leafCert = convertX509CertToPEM_1.default(HEADER.x5c[0]); | ||
| const leafCertInfo = getCertificateInfo_1.default(leafCert); | ||
@@ -87,3 +87,3 @@ const { subject } = leafCertInfo; | ||
| // Validate certificate path using a fixed global root cert | ||
| const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertASN1toPEM_1.default); | ||
| const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertX509CertToPEM_1.default); | ||
| try { | ||
@@ -90,0 +90,0 @@ await validateCertificatePath_1.default(path); |
@@ -7,3 +7,3 @@ "use strict"; | ||
| const convertCOSEtoPKCS_1 = __importDefault(require("../../helpers/convertCOSEtoPKCS")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../../helpers/convertX509CertToPEM")); | ||
| const verifySignature_1 = __importDefault(require("../../helpers/verifySignature")); | ||
@@ -36,6 +36,6 @@ /** | ||
| } | ||
| const publicKeyCertPEM = convertASN1toPEM_1.default(x5c[0]); | ||
| return verifySignature_1.default(sig, signatureBase, publicKeyCertPEM); | ||
| const leafCertPEM = convertX509CertToPEM_1.default(x5c[0]); | ||
| return verifySignature_1.default(sig, signatureBase, leafCertPEM); | ||
| } | ||
| exports.default = verifyAttestationFIDOU2F; | ||
| //# sourceMappingURL=verifyFIDOU2F.js.map |
@@ -30,3 +30,3 @@ "use strict"; | ||
| const toHash_1 = __importDefault(require("../../helpers/toHash")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../../helpers/convertX509CertToPEM")); | ||
| const getCertificateInfo_1 = __importDefault(require("../../helpers/getCertificateInfo")); | ||
@@ -53,3 +53,3 @@ const verifySignature_1 = __importDefault(require("../../helpers/verifySignature")); | ||
| if (x5c) { | ||
| const leafCert = convertASN1toPEM_1.default(x5c[0]); | ||
| const leafCert = convertX509CertToPEM_1.default(x5c[0]); | ||
| const { subject, basicConstraintsCA, version, notBefore, notAfter } = getCertificateInfo_1.default(leafCert); | ||
@@ -56,0 +56,0 @@ const { OU, CN, O, C } = subject; |
@@ -31,3 +31,3 @@ "use strict"; | ||
| const decodeCredentialPublicKey_1 = __importDefault(require("../helpers/decodeCredentialPublicKey")); | ||
| const convertCOSEtoPKCS_1 = __importStar(require("../helpers/convertCOSEtoPKCS")); | ||
| const convertCOSEtoPKCS_1 = require("../helpers/convertCOSEtoPKCS"); | ||
| const generateAttestationOptions_1 = require("./generateAttestationOptions"); | ||
@@ -195,7 +195,6 @@ const verifyFIDOU2F_1 = __importDefault(require("./verifications/verifyFIDOU2F")); | ||
| toReturn.userVerified = flags.uv; | ||
| const publicKey = convertCOSEtoPKCS_1.default(credentialPublicKey); | ||
| toReturn.authenticatorInfo = { | ||
| fmt, | ||
| counter, | ||
| base64PublicKey: base64url_1.default.encode(publicKey), | ||
| base64PublicKey: base64url_1.default.encode(credentialPublicKey), | ||
| base64CredentialID: base64url_1.default.encode(credentialID), | ||
@@ -202,0 +201,0 @@ }; |
@@ -5,5 +5,2 @@ /// <reference types="node" /> | ||
| * Takes COSE-encoded public key and converts it to PKCS key | ||
| * | ||
| * @param cosePublicKey COSE-encoded public key | ||
| * @return RAW PKCS encoded public key | ||
| */ | ||
@@ -10,0 +7,0 @@ export default function convertCOSEtoPKCS(cosePublicKey: Buffer): Buffer; |
@@ -10,23 +10,4 @@ "use strict"; | ||
| * Takes COSE-encoded public key and converts it to PKCS key | ||
| * | ||
| * @param cosePublicKey COSE-encoded public key | ||
| * @return RAW PKCS encoded public key | ||
| */ | ||
| function convertCOSEtoPKCS(cosePublicKey) { | ||
| /* | ||
| +------+-------+-------+---------+----------------------------------+ | ||
| | name | key | label | type | description | | ||
| | | type | | | | | ||
| +------+-------+-------+---------+----------------------------------+ | ||
| | crv | 2 | -1 | int / | EC Curve identifier - Taken from | | ||
| | | | | tstr | the COSE Curves registry | | ||
| | | | | | | | ||
| | x | 2 | -2 | bstr | X Coordinate | | ||
| | | | | | | | ||
| | y | 2 | -3 | bstr / | Y Coordinate | | ||
| | | | | bool | | | ||
| | | | | | | | ||
| | d | 2 | -4 | bstr | Private key | | ||
| +------+-------+-------+---------+----------------------------------+ | ||
| */ | ||
| const struct = cbor_1.default.decodeFirstSync(cosePublicKey); | ||
@@ -33,0 +14,0 @@ const tag = Buffer.from([0x04]); |
@@ -43,3 +43,3 @@ "use strict"; | ||
| const firstDecoded = cbor_1.default.decodeFirstSync(intBuffer); | ||
| const firstEncoded = cbor_1.default.encode(firstDecoded); | ||
| const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded)); | ||
| credentialPublicKey = firstEncoded; | ||
@@ -51,3 +51,3 @@ intBuffer = intBuffer.slice(firstEncoded.byteLength); | ||
| const firstDecoded = cbor_1.default.decodeFirstSync(intBuffer); | ||
| const firstEncoded = cbor_1.default.encode(firstDecoded); | ||
| const firstEncoded = Buffer.from(cbor_1.default.encode(firstDecoded)); | ||
| extensionsDataBuffer = firstEncoded; | ||
@@ -54,0 +54,0 @@ intBuffer = intBuffer.slice(firstEncoded.byteLength); |
@@ -11,3 +11,3 @@ "use strict"; | ||
| const validateCertificatePath_1 = __importDefault(require("../helpers/validateCertificatePath")); | ||
| const convertASN1toPEM_1 = __importDefault(require("../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../helpers/convertX509CertToPEM")); | ||
| const convertAAGUIDToString_1 = __importDefault(require("../helpers/convertAAGUIDToString")); | ||
@@ -167,3 +167,3 @@ const parseJWT_1 = __importDefault(require("./parseJWT")); | ||
| } | ||
| let fullCertPath = header.x5c.map(convertASN1toPEM_1.default); | ||
| let fullCertPath = header.x5c.map(convertX509CertToPEM_1.default); | ||
| if (rootCertURL.length > 0) { | ||
@@ -170,0 +170,0 @@ // Download FIDO the root certificate and append it to the TOC certs |
@@ -7,3 +7,3 @@ "use strict"; | ||
| const constants_1 = require("../helpers/constants"); | ||
| const convertASN1toPEM_1 = __importDefault(require("../helpers/convertASN1toPEM")); | ||
| const convertX509CertToPEM_1 = __importDefault(require("../helpers/convertX509CertToPEM")); | ||
| const validateCertificatePath_1 = __importDefault(require("../helpers/validateCertificatePath")); | ||
@@ -17,3 +17,3 @@ async function verifyAttestationWithMetadata(statement, alg, x5c) { | ||
| // Make a copy of x5c so we don't modify the original | ||
| const path = [...x5c].map(convertASN1toPEM_1.default); | ||
| const path = [...x5c].map(convertX509CertToPEM_1.default); | ||
| // Try to validate the chain with each metadata root cert until we find one that works | ||
@@ -24,3 +24,3 @@ let foundValidPath = false; | ||
| // Push the root cert to the cert path and try to validate it | ||
| path.push(convertASN1toPEM_1.default(rootCert)); | ||
| path.push(convertX509CertToPEM_1.default(rootCert)); | ||
| foundValidPath = await validateCertificatePath_1.default(path); | ||
@@ -27,0 +27,0 @@ } |
| { | ||
| "name": "@simplewebauthn/server", | ||
| "version": "0.8.2", | ||
| "version": "0.9.0", | ||
| "description": "SimpleWebAuthn for Servers", | ||
@@ -38,3 +38,3 @@ "main": "dist/index.js", | ||
| "@peculiar/asn1-x509": "^2.0.10", | ||
| "@simplewebauthn/typescript-types": "^0.8.2", | ||
| "@simplewebauthn/typescript-types": "^0.9.0", | ||
| "base64url": "^3.0.1", | ||
@@ -44,9 +44,15 @@ "cbor": "^5.0.2", | ||
| "jsrsasign": "^8.0.20", | ||
| "jwk-to-pem": "^2.0.4", | ||
| "node-fetch": "^2.6.0", | ||
| "node-rsa": "^1.1.1" | ||
| }, | ||
| "gitHead": "3a9bff568b6d818f7790536dc9b392b28b2113c1", | ||
| "gitHead": "c6c147f1a4dbbe21d643e02775a5b2e6957689c9", | ||
| "devDependencies": { | ||
| "@types/node-fetch": "^2.5.7" | ||
| "@types/cbor": "^5.0.1", | ||
| "@types/elliptic": "^6.4.12", | ||
| "@types/jsrsasign": "^8.0.5", | ||
| "@types/jwk-to-pem": "^2.0.0", | ||
| "@types/node-fetch": "^2.5.7", | ||
| "@types/node-rsa": "^1.0.0" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.7%
191485
- Number of package files
- increased by3.09%
100
- Lines of code
- increased by1.35%
3005
Worsened metrics
- Dependency count
- increased by10%
11
- Dev dependency count
- increased by500%
6
Dependency changes
+ Addedjwk-to-pem@^2.0.4
+ Added@simplewebauthn/typescript-types@0.9.0(transitive)
+ Addedasn1.js@5.4.1(transitive)
+ Addedjwk-to-pem@2.0.7(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
- Removed@simplewebauthn/typescript-types@0.8.2(transitive)