@simplewebauthn/server
Advanced tools
@simplewebauthn/server - npm Package Compare versions
Comparing version 7.2.0 to 7.3.0
@@ -12,3 +12,3 @@ "use strict"; | ||
| .replace('-----END CERTIFICATE-----', '') | ||
| .replace(/\n/g, ''); | ||
| .replace(/[\n ]/g, ''); | ||
| return iso_1.isoBase64URL.toBuffer(certBase64, 'base64'); | ||
@@ -15,0 +15,0 @@ } |
| /** | ||
| * Lightweight verification for FIDO MDS JWTs. | ||
| * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA. | ||
| * | ||
| * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever | ||
| * needs to support more JWS algorithms, here's the list of them: | ||
| * If this ever needs to support more JWS algorithms, here's the list of them: | ||
| * | ||
@@ -7,0 +6,0 @@ * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1 |
@@ -8,7 +8,7 @@ "use strict"; | ||
| const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2"); | ||
| const verifyRSA_1 = require("../helpers/iso/isoCrypto/verifyRSA"); | ||
| /** | ||
| * Lightweight verification for FIDO MDS JWTs. | ||
| * Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA. | ||
| * | ||
| * Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever | ||
| * needs to support more JWS algorithms, here's the list of them: | ||
| * If this ever needs to support more JWS algorithms, here's the list of them: | ||
| * | ||
@@ -22,6 +22,8 @@ * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1 | ||
| const certCOSE = (0, convertX509PublicKeyToCOSE_1.convertX509PublicKeyToCOSE)(leafCert); | ||
| const data = iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`); | ||
| const signatureBytes = iso_1.isoBase64URL.toBuffer(signature); | ||
| if ((0, cose_1.isCOSEPublicKeyEC2)(certCOSE)) { | ||
| return (0, verifyEC2_1.verifyEC2)({ | ||
| data: iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`), | ||
| signature: iso_1.isoBase64URL.toBuffer(signature), | ||
| data, | ||
| signature: signatureBytes, | ||
| cosePublicKey: certCOSE, | ||
@@ -31,2 +33,9 @@ shaHashOverride: cose_1.COSEALG.ES256, | ||
| } | ||
| else if ((0, cose_1.isCOSEPublicKeyRSA)(certCOSE)) { | ||
| return (0, verifyRSA_1.verifyRSA)({ | ||
| data, | ||
| signature: signatureBytes, | ||
| cosePublicKey: certCOSE, | ||
| }); | ||
| } | ||
| const kty = certCOSE.get(cose_1.COSEKEYS.kty); | ||
@@ -33,0 +42,0 @@ throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`); |
| { | ||
| "name": "@simplewebauthn/server", | ||
| "version": "7.2.0", | ||
| "version": "7.3.0", | ||
| "description": "SimpleWebAuthn for Servers", | ||
@@ -65,3 +65,3 @@ "main": "dist/index.js", | ||
| }, | ||
| "gitHead": "73630d7431abde0f13cabc601c7821135d95b18c" | ||
| "gitHead": "0ab19d8f8319ff6a36dbb53d14750bd345947eb8" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.13%
332329
- Lines of code
- increased by0.15%
5351