hyungi/TK-FB-Project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 초기 프로젝트 설정 및 룰.md 파일 추가

Browse Source
This commit is contained in:
hyungi
2025-07-28 09:53:31 +09:00
commit 09a4d38512
8165 changed files with 1021855 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/generateAuthenticationOptions.d.ts generated vendored Normal file
View File

@@ -0,0 +1,26 @@
import type { AuthenticationExtensionsClientInputs, AuthenticatorTransportFuture, Base64URLString, PublicKeyCredentialRequestOptionsJSON } from '../types/index.js';
export type GenerateAuthenticationOptionsOpts = Parameters<typeof generateAuthenticationOptions>[0];
/**
* Prepare a value to pass into navigator.credentials.get(...) for authenticator authentication
*
* **Options:**
*
* @param rpID - Valid domain name (after `https://`)
* @param allowCredentials **(Optional)** - Authenticators previously registered by the user, if any. If undefined the client will ask the user which credential they want to use
* @param challenge **(Optional)** - Random value the authenticator needs to sign and pass back user for authentication. Defaults to generating a random value
* @param timeout **(Optional)** - How long (in ms) the user can take to complete authentication. Defaults to `60000`
* @param userVerification **(Optional)** - Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise set to `'preferred'` or `'required'` as desired. Defaults to `"preferred"`
* @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during authentication
*/
export declare function generateAuthenticationOptions(options: {
rpID: string;
allowCredentials?: {
id: Base64URLString;
transports?: AuthenticatorTransportFuture[];
}[];
challenge?: string | Uint8Array;
timeout?: number;
userVerification?: 'required' | 'preferred' | 'discouraged';
extensions?: AuthenticationExtensionsClientInputs;
}): Promise<PublicKeyCredentialRequestOptionsJSON>;
//# sourceMappingURL=generateAuthenticationOptions.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/generateAuthenticationOptions.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"generateAuthenticationOptions.d.ts","sourceRoot":"","sources":["../../src/authentication/generateAuthenticationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oCAAoC,EACpC,4BAA4B,EAC5B,eAAe,EACf,qCAAqC,EACtC,MAAM,mBAAmB,CAAC;AAI3B,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,OAAO,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpG;;;;;;;;;;;GAWG;AACH,wBAAsB,6BAA6B,CACjD,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE;QACjB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;IAC5D,UAAU,CAAC,EAAE,oCAAoC,CAAC;CACnD,GACA,OAAO,CAAC,qCAAqC,CAAC,CAoChD"}

44
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/generateAuthenticationOptions.js generated vendored Normal file
View File

@@ -0,0 +1,44 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateAuthenticationOptions = generateAuthenticationOptions;
const index_js_1 = require("../helpers/iso/index.js");
const generateChallenge_js_1 = require("../helpers/generateChallenge.js");
/**
* Prepare a value to pass into navigator.credentials.get(...) for authenticator authentication
*
* **Options:**
*
* @param rpID - Valid domain name (after `https://`)
* @param allowCredentials **(Optional)** - Authenticators previously registered by the user, if any. If undefined the client will ask the user which credential they want to use
* @param challenge **(Optional)** - Random value the authenticator needs to sign and pass back user for authentication. Defaults to generating a random value
* @param timeout **(Optional)** - How long (in ms) the user can take to complete authentication. Defaults to `60000`
* @param userVerification **(Optional)** - Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise set to `'preferred'` or `'required'` as desired. Defaults to `"preferred"`
* @param extensions **(Optional)** - Additional plugins the authenticator or browser should use during authentication
*/
async function generateAuthenticationOptions(options) {
const { allowCredentials, challenge = await (0, generateChallenge_js_1.generateChallenge)(), timeout = 60000, userVerification = 'preferred', extensions, rpID, } = options;
/**
* Preserve ability to specify `string` values for challenges
*/
let _challenge = challenge;
if (typeof _challenge === 'string') {
_challenge = index_js_1.isoUint8Array.fromUTF8String(_challenge);
}
return {
rpId: rpID,
challenge: index_js_1.isoBase64URL.fromBuffer(_challenge),
allowCredentials: allowCredentials?.map((cred) => {
if (!index_js_1.isoBase64URL.isBase64URL(cred.id)) {
throw new Error(`excludeCredential id "${cred.id}" is not a valid base64url string`);
}
return {
...cred,
id: index_js_1.isoBase64URL.trimPadding(cred.id),
type: 'public-key',
};
}),
timeout,
userVerification,
extensions,
};
}

67
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/verifyAuthenticationResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,67 @@
import type { AuthenticationResponseJSON, Base64URLString, CredentialDeviceType, UserVerificationRequirement, WebAuthnCredential } from '../types/index.js';
import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js';
/**
* Configurable options when calling `verifyAuthenticationResponse()`
*/
export type VerifyAuthenticationResponseOpts = Parameters<typeof verifyAuthenticationResponse>[0];
/**
* Verify that the user has legitimately completed the authentication process
*
* **Options:**
*
* @param response - Response returned by **@simplewebauthn/browser**'s `startAssertion()`
* @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateAuthenticationOptions()`
* @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
* @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
* @param credential - An internal {@link WebAuthnCredential} corresponding to `id` in the authentication response
* @param expectedType **(Optional)** - The response type expected ('webauthn.get')
* @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
* @param advancedFIDOConfig **(Optional)** - Options for satisfying more stringent FIDO RP feature requirements
* @param advancedFIDOConfig.userVerification **(Optional)** - Enable alternative rules for evaluating the User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional unless this value is `"required"`
*/
export declare function verifyAuthenticationResponse(options: {
response: AuthenticationResponseJSON;
expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>);
expectedOrigin: string | string[];
expectedRPID: string | string[];
credential: WebAuthnCredential;
expectedType?: string | string[];
requireUserVerification?: boolean;
advancedFIDOConfig?: {
userVerification?: UserVerificationRequirement;
};
}): Promise<VerifiedAuthenticationResponse>;
/**
* Result of authentication verification
*
* @param verified If the authentication response could be verified
* @param authenticationInfo.credentialID The ID of the authenticator used during authentication.
* Should be used to identify which DB authenticator entry needs its `counter` updated to the value
* below
* @param authenticationInfo.newCounter The number of times the authenticator identified above
* reported it has been used. **Should be kept in a DB for later reference to help prevent replay
* attacks!**
* @param authenticationInfo.credentialDeviceType Whether this is a single-device or multi-device
* credential. **Should be kept in a DB for later reference!**
* @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
* reference!**
* @param authenticationInfo.origin The origin of the website that the authentication occurred on
* @param authenticationInfo.rpID The RP ID that the authentication occurred on
* @param authenticationInfo?.authenticatorExtensionResults The authenticator extensions returned
* by the browser
*/
export type VerifiedAuthenticationResponse = {
verified: boolean;
authenticationInfo: {
credentialID: Base64URLString;
newCounter: number;
userVerified: boolean;
credentialDeviceType: CredentialDeviceType;
credentialBackedUp: boolean;
origin: string;
rpID: string;
authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs;
};
};
//# sourceMappingURL=verifyAuthenticationResponse.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/verifyAuthenticationResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"verifyAuthenticationResponse.d.ts","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,eAAe,EACf,oBAAoB,EACpB,2BAA2B,EAC3B,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAM3B,OAAO,KAAK,EAAE,4CAA4C,EAAE,MAAM,6CAA6C,CAAC;AAIhH;;GAEG;AACH,MAAM,MAAM,gCAAgC,GAAG,UAAU,CAAC,OAAO,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;AAElG;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE;IACP,QAAQ,EAAE,0BAA0B,CAAC;IACrC,iBAAiB,EAAE,MAAM,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAChF,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,UAAU,EAAE,kBAAkB,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,kBAAkB,CAAC,EAAE;QACnB,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;KAChD,CAAC;CACH,GACA,OAAO,CAAC,8BAA8B,CAAC,CAmNzC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,EAAE;QAClB,YAAY,EAAE,eAAe,CAAC;QAC9B,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,kBAAkB,EAAE,OAAO,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,6BAA6B,CAAC,EAAE,4CAA4C,CAAC;KAC9E,CAAC;CACH,CAAC"}

174
api.hyungi.net/node_modules/@simplewebauthn/server/script/authentication/verifyAuthenticationResponse.js generated vendored Normal file
View File

@@ -0,0 +1,174 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyAuthenticationResponse = verifyAuthenticationResponse;
const decodeClientDataJSON_js_1 = require("../helpers/decodeClientDataJSON.js");
const toHash_js_1 = require("../helpers/toHash.js");
const verifySignature_js_1 = require("../helpers/verifySignature.js");
const parseAuthenticatorData_js_1 = require("../helpers/parseAuthenticatorData.js");
const parseBackupFlags_js_1 = require("../helpers/parseBackupFlags.js");
const matchExpectedRPID_js_1 = require("../helpers/matchExpectedRPID.js");
const index_js_1 = require("../helpers/iso/index.js");
/**
* Verify that the user has legitimately completed the authentication process
*
* **Options:**
*
* @param response - Response returned by **@simplewebauthn/browser**'s `startAssertion()`
* @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateAuthenticationOptions()`
* @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on
* @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options
* @param credential - An internal {@link WebAuthnCredential} corresponding to `id` in the authentication response
* @param expectedType **(Optional)** - The response type expected ('webauthn.get')
* @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true`
* @param advancedFIDOConfig **(Optional)** - Options for satisfying more stringent FIDO RP feature requirements
* @param advancedFIDOConfig.userVerification **(Optional)** - Enable alternative rules for evaluating the User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional unless this value is `"required"`
*/
async function verifyAuthenticationResponse(options) {
const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, credential, requireUserVerification = true, advancedFIDOConfig, } = options;
const { id, rawId, type: credentialType, response: assertionResponse } = response;
// Ensure credential specified an ID
if (!id) {
throw new Error('Missing credential ID');
}
// Ensure ID is base64url-encoded
if (id !== rawId) {
throw new Error('Credential ID was not base64url-encoded');
}
// Make sure credential type is public-key
if (credentialType !== 'public-key') {
throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
}
if (!response) {
throw new Error('Credential missing response');
}
if (typeof assertionResponse?.clientDataJSON !== 'string') {
throw new Error('Credential response clientDataJSON was not a string');
}
const clientDataJSON = (0, decodeClientDataJSON_js_1.decodeClientDataJSON)(assertionResponse.clientDataJSON);
const { type, origin, challenge, tokenBinding } = clientDataJSON;
// Make sure we're handling an authentication
if (Array.isArray(expectedType)) {
if (!expectedType.includes(type)) {
const joinedExpectedType = expectedType.join(', ');
throw new Error(`Unexpected authentication response type "${type}", expected one of: ${joinedExpectedType}`);
}
}
else if (expectedType) {
if (type !== expectedType) {
throw new Error(`Unexpected authentication response type "${type}", expected "${expectedType}"`);
}
}
else if (type !== 'webauthn.get') {
throw new Error(`Unexpected authentication response type: ${type}`);
}
// Ensure the device provided the challenge we gave it
if (typeof expectedChallenge === 'function') {
if (!(await expectedChallenge(challenge))) {
throw new Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`);
}
}
else if (challenge !== expectedChallenge) {
throw new Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);
}
// Check that the origin is our site
if (Array.isArray(expectedOrigin)) {
if (!expectedOrigin.includes(origin)) {
const joinedExpectedOrigin = expectedOrigin.join(', ');
throw new Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`);
}
}
else {
if (origin !== expectedOrigin) {
throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
}
}
if (!index_js_1.isoBase64URL.isBase64URL(assertionResponse.authenticatorData)) {
throw new Error('Credential response authenticatorData was not a base64url string');
}
if (!index_js_1.isoBase64URL.isBase64URL(assertionResponse.signature)) {
throw new Error('Credential response signature was not a base64url string');
}
if (assertionResponse.userHandle &&
typeof assertionResponse.userHandle !== 'string') {
throw new Error('Credential response userHandle was not a string');
}
if (tokenBinding) {
if (typeof tokenBinding !== 'object') {
throw new Error('ClientDataJSON tokenBinding was not an object');
}
if (['present', 'supported', 'notSupported'].indexOf(tokenBinding.status) < 0) {
throw new Error(`Unexpected tokenBinding status ${tokenBinding.status}`);
}
}
const authDataBuffer = index_js_1.isoBase64URL.toBuffer(assertionResponse.authenticatorData);
const parsedAuthData = (0, parseAuthenticatorData_js_1.parseAuthenticatorData)(authDataBuffer);
const { rpIdHash, flags, counter, extensionsData } = parsedAuthData;
// Make sure the response's RP ID is ours
let expectedRPIDs = [];
if (typeof expectedRPID === 'string') {
expectedRPIDs = [expectedRPID];
}
else {
expectedRPIDs = expectedRPID;
}
const matchedRPID = await (0, matchExpectedRPID_js_1.matchExpectedRPID)(rpIdHash, expectedRPIDs);
if (advancedFIDOConfig !== undefined) {
const { userVerification: fidoUserVerification } = advancedFIDOConfig;
/**
* Use FIDO Conformance-defined rules for verifying UP and UV flags
*/
if (fidoUserVerification === 'required') {
// Require `flags.uv` be true (implies `flags.up` is true)
if (!flags.uv) {
throw new Error('User verification required, but user could not be verified');
}
}
else if (fidoUserVerification === 'preferred' ||
fidoUserVerification === 'discouraged') {
// Ignore `flags.uv`
}
}
else {
/**
* Use WebAuthn spec-defined rules for verifying UP and UV flags
*/
// WebAuthn only requires the user presence flag be true
if (!flags.up) {
throw new Error('User not present during authentication');
}
// Enforce user verification if required
if (requireUserVerification && !flags.uv) {
throw new Error('User verification required, but user could not be verified');
}
}
const clientDataHash = await (0, toHash_js_1.toHash)(index_js_1.isoBase64URL.toBuffer(assertionResponse.clientDataJSON));
const signatureBase = index_js_1.isoUint8Array.concat([authDataBuffer, clientDataHash]);
const signature = index_js_1.isoBase64URL.toBuffer(assertionResponse.signature);
if ((counter > 0 || credential.counter > 0) &&
counter <= credential.counter) {
// Error out when the counter in the DB is greater than or equal to the counter in the
// dataStruct. It's related to how the authenticator maintains the number of times its been
// used for this client. If this happens, then someone's somehow increased the counter
// on the device without going through this site
throw new Error(`Response counter value ${counter} was lower than expected ${credential.counter}`);
}
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_js_1.parseBackupFlags)(flags);
const toReturn = {
verified: await (0, verifySignature_js_1.verifySignature)({
signature,
data: signatureBase,
credentialPublicKey: credential.publicKey,
}),
authenticationInfo: {
newCounter: counter,
credentialID: credential.id,
userVerified: flags.uv,
credentialDeviceType,
credentialBackedUp,
authenticatorExtensionResults: extensionsData,
origin: clientDataJSON.origin,
rpID: matchedRPID,
},
};
return toReturn;
}

5
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertAAGUIDToString.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
/**
* Convert the aaguid buffer in authData into a UUID string
*/
export declare function convertAAGUIDToString(aaguid: Uint8Array): string;
//# sourceMappingURL=convertAAGUIDToString.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertAAGUIDToString.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"convertAAGUIDToString.d.ts","sourceRoot":"","sources":["../../src/helpers/convertAAGUIDToString.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAchE"}

20
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertAAGUIDToString.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.convertAAGUIDToString = convertAAGUIDToString;
const index_js_1 = require("./iso/index.js");
/**
* Convert the aaguid buffer in authData into a UUID string
*/
function convertAAGUIDToString(aaguid) {
// Raw Hex: adce000235bcc60a648b0b25f1f05503
const hex = index_js_1.isoUint8Array.toHex(aaguid);
const segments = [
hex.slice(0, 8), // 8
hex.slice(8, 12), // 4
hex.slice(12, 16), // 4
hex.slice(16, 20), // 4
hex.slice(20, 32), // 8
];
// Formatted: adce0002-35bc-c60a-648b-0b25f1f05503
return segments.join('-');
}

5
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCOSEtoPKCS.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
/**
* Takes COSE-encoded public key and converts it to PKCS key
*/
export declare function convertCOSEtoPKCS(cosePublicKey: Uint8Array): Uint8Array;
//# sourceMappingURL=convertCOSEtoPKCS.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCOSEtoPKCS.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"convertCOSEtoPKCS.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,UAAU,GAAG,UAAU,CAmBvE"}

24
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCOSEtoPKCS.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.convertCOSEtoPKCS = convertCOSEtoPKCS;
const index_js_1 = require("./iso/index.js");
const cose_js_1 = require("./cose.js");
/**
* Takes COSE-encoded public key and converts it to PKCS key
*/
function convertCOSEtoPKCS(cosePublicKey) {
// This is a little sloppy, I'm using COSEPublicKeyEC2 since it could have both x and y, but when
// there's no y it means it's probably better typed as COSEPublicKeyOKP. I'll leave this for now
// and revisit it later if it ever becomes an actual problem.
const struct = index_js_1.isoCBOR.decodeFirst(cosePublicKey);
const tag = Uint8Array.from([0x04]);
const x = struct.get(cose_js_1.COSEKEYS.x);
const y = struct.get(cose_js_1.COSEKEYS.y);
if (!x) {
throw new Error('COSE public key was missing x');
}
if (y) {
return index_js_1.isoUint8Array.concat([tag, x, y]);
}
return index_js_1.isoUint8Array.concat([tag, x]);
}

6
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCertBufferToPEM.d.ts generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import type { Base64URLString } from '../types/index.js';
/**
* Convert buffer to an OpenSSL-compatible PEM text format.
*/
export declare function convertCertBufferToPEM(certBuffer: Uint8Array | Base64URLString): string;
//# sourceMappingURL=convertCertBufferToPEM.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCertBufferToPEM.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"convertCertBufferToPEM.d.ts","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,UAAU,GAAG,eAAe,GACvC,MAAM,CA4BR"}

34
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertCertBufferToPEM.js generated vendored Normal file
View File

@@ -0,0 +1,34 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.convertCertBufferToPEM = convertCertBufferToPEM;
const index_js_1 = require("./iso/index.js");
/**
* Convert buffer to an OpenSSL-compatible PEM text format.
*/
function convertCertBufferToPEM(certBuffer) {
let b64cert;
/**
* Get certBuffer to a base64 representation
*/
if (typeof certBuffer === 'string') {
if (index_js_1.isoBase64URL.isBase64URL(certBuffer)) {
b64cert = index_js_1.isoBase64URL.toBase64(certBuffer);
}
else if (index_js_1.isoBase64URL.isBase64(certBuffer)) {
b64cert = certBuffer;
}
else {
throw new Error('Certificate is not a valid base64 or base64url string');
}
}
else {
b64cert = index_js_1.isoBase64URL.fromBuffer(certBuffer, 'base64');
}
let PEMKey = '';
for (let i = 0; i < Math.ceil(b64cert.length / 64); i += 1) {
const start = 64 * i;
PEMKey += `${b64cert.substr(start, 64)}\n`;
}
PEMKey = `-----BEGIN CERTIFICATE-----\n${PEMKey}-----END CERTIFICATE-----\n`;
return PEMKey;
}

5
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertPEMToBytes.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
/**
* Take a certificate in PEM format and convert it to bytes
*/
export declare function convertPEMToBytes(pem: string): Uint8Array;
//# sourceMappingURL=convertPEMToBytes.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertPEMToBytes.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"convertPEMToBytes.d.ts","sourceRoot":"","sources":["../../src/helpers/convertPEMToBytes.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAOzD"}

14
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertPEMToBytes.js generated vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.convertPEMToBytes = convertPEMToBytes;
const index_js_1 = require("./iso/index.js");
/**
* Take a certificate in PEM format and convert it to bytes
*/
function convertPEMToBytes(pem) {
const certBase64 = pem
.replace('-----BEGIN CERTIFICATE-----', '')
.replace('-----END CERTIFICATE-----', '')
.replace(/[\n ]/g, '');
return index_js_1.isoBase64URL.toBuffer(certBase64, 'base64');
}

3
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertX509PublicKeyToCOSE.d.ts generated vendored Normal file
View File

@@ -0,0 +1,3 @@
import { COSEPublicKey } from './cose.js';
export declare function convertX509PublicKeyToCOSE(x509Certificate: Uint8Array): COSEPublicKey;
//# sourceMappingURL=convertX509PublicKeyToCOSE.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertX509PublicKeyToCOSE.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"convertX509PublicKeyToCOSE.d.ts","sourceRoot":"","sources":["../../src/helpers/convertX509PublicKeyToCOSE.ts"],"names":[],"mappings":"AAGA,OAAO,EAIL,aAAa,EAGd,MAAM,WAAW,CAAC;AAKnB,wBAAgB,0BAA0B,CACxC,eAAe,EAAE,UAAU,GAC1B,aAAa,CA+Ff"}

76
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/convertX509PublicKeyToCOSE.js generated vendored Normal file
View File

@@ -0,0 +1,76 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.convertX509PublicKeyToCOSE = convertX509PublicKeyToCOSE;
const asn1_schema_1 = require("@peculiar/asn1-schema");
const asn1_x509_1 = require("@peculiar/asn1-x509");
const asn1_ecc_1 = require("@peculiar/asn1-ecc");
const cose_js_1 = require("./cose.js");
const asn1_rsa_1 = require("@peculiar/asn1-rsa");
const mapX509SignatureAlgToCOSEAlg_js_1 = require("./mapX509SignatureAlgToCOSEAlg.js");
function convertX509PublicKeyToCOSE(x509Certificate) {
let cosePublicKey = new Map();
/**
* Time to extract the public key from an X.509 certificate
*/
const x509 = asn1_schema_1.AsnParser.parse(x509Certificate, asn1_x509_1.Certificate);
const { tbsCertificate } = x509;
const { subjectPublicKeyInfo, signature: _tbsSignature } = tbsCertificate;
const signatureAlgorithm = _tbsSignature.algorithm;
const publicKeyAlgorithmID = subjectPublicKeyInfo.algorithm.algorithm;
if (publicKeyAlgorithmID === asn1_ecc_1.id_ecPublicKey) {
/**
* EC2 Public Key
*/
if (!subjectPublicKeyInfo.algorithm.parameters) {
throw new Error('Certificate public key was missing parameters (EC2)');
}
const ecParameters = asn1_schema_1.AsnParser.parse(new Uint8Array(subjectPublicKeyInfo.algorithm.parameters), asn1_ecc_1.ECParameters);
let crv = -999;
const { namedCurve } = ecParameters;
if (namedCurve === asn1_ecc_1.id_secp256r1) {
crv = cose_js_1.COSECRV.P256;
}
else if (namedCurve === asn1_ecc_1.id_secp384r1) {
crv = cose_js_1.COSECRV.P384;
}
else {
throw new Error(`Certificate public key contained unexpected namedCurve ${namedCurve} (EC2)`);
}
const subjectPublicKey = new Uint8Array(subjectPublicKeyInfo.subjectPublicKey);
let x;
let y;
if (subjectPublicKey[0] === 0x04) {
// Public key is in "uncompressed form", so we can split the remaining bytes in half
let pointer = 1;
const halfLength = (subjectPublicKey.length - 1) / 2;
x = subjectPublicKey.slice(pointer, pointer += halfLength);
y = subjectPublicKey.slice(pointer);
}
else {
throw new Error('TODO: Figure out how to handle public keys in "compressed form"');
}
const coseEC2PubKey = new Map();
coseEC2PubKey.set(cose_js_1.COSEKEYS.kty, cose_js_1.COSEKTY.EC2);
coseEC2PubKey.set(cose_js_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_js_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
coseEC2PubKey.set(cose_js_1.COSEKEYS.crv, crv);
coseEC2PubKey.set(cose_js_1.COSEKEYS.x, x);
coseEC2PubKey.set(cose_js_1.COSEKEYS.y, y);
cosePublicKey = coseEC2PubKey;
}
else if (publicKeyAlgorithmID === '1.2.840.113549.1.1.1') {
/**
* RSA public key
*/
const rsaPublicKey = asn1_schema_1.AsnParser.parse(subjectPublicKeyInfo.subjectPublicKey, asn1_rsa_1.RSAPublicKey);
const coseRSAPubKey = new Map();
coseRSAPubKey.set(cose_js_1.COSEKEYS.kty, cose_js_1.COSEKTY.RSA);
coseRSAPubKey.set(cose_js_1.COSEKEYS.alg, (0, mapX509SignatureAlgToCOSEAlg_js_1.mapX509SignatureAlgToCOSEAlg)(signatureAlgorithm));
coseRSAPubKey.set(cose_js_1.COSEKEYS.n, new Uint8Array(rsaPublicKey.modulus));
coseRSAPubKey.set(cose_js_1.COSEKEYS.e, new Uint8Array(rsaPublicKey.publicExponent));
cosePublicKey = coseRSAPubKey;
}
else {
throw new Error(`Certificate public key contained unexpected algorithm ID ${publicKeyAlgorithmID}`);
}
return cosePublicKey;
}

121
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/cose.d.ts generated vendored Normal file
View File

@@ -0,0 +1,121 @@
/**
* Fundamental values that are needed to discern the more specific COSE public key types below.
*
* The use of `Maps` here is due to CBOR encoding being used with public keys, and the CBOR "Map"
* type is being decoded to JavaScript's `Map` type instead of, say, a basic Object as us JS
* developers might prefer.
*
* These types are an unorthodox way of saying "these Maps should involve these discrete lists of
* keys", but it works.
* @module
*/
/**
* COSE public key common values
*/
export type COSEPublicKey = {
get(key: COSEKEYS.kty): COSEKTY | undefined;
get(key: COSEKEYS.alg): COSEALG | undefined;
set(key: COSEKEYS.kty, value: COSEKTY): void;
set(key: COSEKEYS.alg, value: COSEALG): void;
};
/**
* Values specific to Octet Key Pair public keys
*/
export type COSEPublicKeyOKP = COSEPublicKey & {
get(key: COSEKEYS.crv): number | undefined;
get(key: COSEKEYS.x): Uint8Array | undefined;
set(key: COSEKEYS.crv, value: number): void;
set(key: COSEKEYS.x, value: Uint8Array): void;
};
/**
* Values specific to Elliptic Curve Cryptography public keys
*/
export type COSEPublicKeyEC2 = COSEPublicKey & {
get(key: COSEKEYS.crv): number | undefined;
get(key: COSEKEYS.x): Uint8Array | undefined;
get(key: COSEKEYS.y): Uint8Array | undefined;
set(key: COSEKEYS.crv, value: number): void;
set(key: COSEKEYS.x, value: Uint8Array): void;
set(key: COSEKEYS.y, value: Uint8Array): void;
};
/**
* Values specific to RSA public keys
*/
export type COSEPublicKeyRSA = COSEPublicKey & {
get(key: COSEKEYS.n): Uint8Array | undefined;
get(key: COSEKEYS.e): Uint8Array | undefined;
set(key: COSEKEYS.n, value: Uint8Array): void;
set(key: COSEKEYS.e, value: Uint8Array): void;
};
/**
* A type guard for determining if a COSE public key is an OKP key pair
*/
export declare function isCOSEPublicKeyOKP(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyOKP;
/**
* A type guard for determining if a COSE public key is an EC2 key pair
*/
export declare function isCOSEPublicKeyEC2(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyEC2;
/**
* A type guard for determining if a COSE public key is an RSA key pair
*/
export declare function isCOSEPublicKeyRSA(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyRSA;
/**
* COSE Keys
*
* https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
* https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters
*/
export declare enum COSEKEYS {
kty = 1,
alg = 3,
crv = -1,
x = -2,
y = -3,
n = -1,
e = -2
}
/**
* COSE Key Types
*
* https://www.iana.org/assignments/cose/cose.xhtml#key-type
*/
export declare enum COSEKTY {
OKP = 1,
EC2 = 2,
RSA = 3
}
export declare function isCOSEKty(kty: number | undefined): kty is COSEKTY;
/**
* COSE Curves
*
* https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
*/
export declare enum COSECRV {
P256 = 1,
P384 = 2,
P521 = 3,
ED25519 = 6,
SECP256K1 = 8
}
export declare function isCOSECrv(crv: number | undefined): crv is COSECRV;
/**
* COSE Algorithms
*
* https://www.iana.org/assignments/cose/cose.xhtml#algorithms
*/
export declare enum COSEALG {
ES256 = -7,
EdDSA = -8,
ES384 = -35,
ES512 = -36,
PS256 = -37,
PS384 = -38,
PS512 = -39,
ES256K = -47,
RS256 = -257,
RS384 = -258,
RS512 = -259,
RS1 = -65535
}
export declare function isCOSEAlg(alg: number | undefined): alg is COSEALG;
//# sourceMappingURL=cose.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/cose.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"cose.d.ts","sourceRoot":"","sources":["../../src/helpers/cose.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAE1B,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,OAAO,GAAG,SAAS,CAAC;IAE5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,UAAU,GAAG,SAAS,CAAC;IAE7C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,aAAa,GAC3B,aAAa,IAAI,gBAAgB,CAGnC;AAED;;;;;GAKG;AACH,oBAAY,QAAQ;IAClB,GAAG,IAAI;IACP,GAAG,IAAI;IACP,GAAG,KAAK;IACR,CAAC,KAAK;IACN,CAAC,KAAK;IACN,CAAC,KAAK;IACN,CAAC,KAAK;CACP;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,GAAG,IAAI;IACP,GAAG,IAAI;IACP,GAAG,IAAI;CACR;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,IAAI,IAAI;IACR,IAAI,IAAI;IACR,IAAI,IAAI;IACR,OAAO,IAAI;IACX,SAAS,IAAI;CACd;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE;AAED;;;;GAIG;AACH,oBAAY,OAAO;IACjB,KAAK,KAAK;IACV,KAAK,KAAK;IACV,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,KAAK,MAAM;IACX,MAAM,MAAM;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ,GAAG,SAAS;CACb;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,GAAG,IAAI,OAAO,CAEjE"}

110
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/cose.js generated vendored Normal file
View File

@@ -0,0 +1,110 @@
"use strict";
/**
* Fundamental values that are needed to discern the more specific COSE public key types below.
*
* The use of `Maps` here is due to CBOR encoding being used with public keys, and the CBOR "Map"
* type is being decoded to JavaScript's `Map` type instead of, say, a basic Object as us JS
* developers might prefer.
*
* These types are an unorthodox way of saying "these Maps should involve these discrete lists of
* keys", but it works.
* @module
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.COSEALG = exports.COSECRV = exports.COSEKTY = exports.COSEKEYS = void 0;
exports.isCOSEPublicKeyOKP = isCOSEPublicKeyOKP;
exports.isCOSEPublicKeyEC2 = isCOSEPublicKeyEC2;
exports.isCOSEPublicKeyRSA = isCOSEPublicKeyRSA;
exports.isCOSEKty = isCOSEKty;
exports.isCOSECrv = isCOSECrv;
exports.isCOSEAlg = isCOSEAlg;
/**
* A type guard for determining if a COSE public key is an OKP key pair
*/
function isCOSEPublicKeyOKP(cosePublicKey) {
const kty = cosePublicKey.get(COSEKEYS.kty);
return isCOSEKty(kty) && kty === COSEKTY.OKP;
}
/**
* A type guard for determining if a COSE public key is an EC2 key pair
*/
function isCOSEPublicKeyEC2(cosePublicKey) {
const kty = cosePublicKey.get(COSEKEYS.kty);
return isCOSEKty(kty) && kty === COSEKTY.EC2;
}
/**
* A type guard for determining if a COSE public key is an RSA key pair
*/
function isCOSEPublicKeyRSA(cosePublicKey) {
const kty = cosePublicKey.get(COSEKEYS.kty);
return isCOSEKty(kty) && kty === COSEKTY.RSA;
}
/**
* COSE Keys
*
* https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters
* https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters
*/
var COSEKEYS;
(function (COSEKEYS) {
COSEKEYS[COSEKEYS["kty"] = 1] = "kty";
COSEKEYS[COSEKEYS["alg"] = 3] = "alg";
COSEKEYS[COSEKEYS["crv"] = -1] = "crv";
COSEKEYS[COSEKEYS["x"] = -2] = "x";
COSEKEYS[COSEKEYS["y"] = -3] = "y";
COSEKEYS[COSEKEYS["n"] = -1] = "n";
COSEKEYS[COSEKEYS["e"] = -2] = "e";
})(COSEKEYS || (exports.COSEKEYS = COSEKEYS = {}));
/**
* COSE Key Types
*
* https://www.iana.org/assignments/cose/cose.xhtml#key-type
*/
var COSEKTY;
(function (COSEKTY) {
COSEKTY[COSEKTY["OKP"] = 1] = "OKP";
COSEKTY[COSEKTY["EC2"] = 2] = "EC2";
COSEKTY[COSEKTY["RSA"] = 3] = "RSA";
})(COSEKTY || (exports.COSEKTY = COSEKTY = {}));
function isCOSEKty(kty) {
return Object.values(COSEKTY).indexOf(kty) >= 0;
}
/**
* COSE Curves
*
* https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
*/
var COSECRV;
(function (COSECRV) {
COSECRV[COSECRV["P256"] = 1] = "P256";
COSECRV[COSECRV["P384"] = 2] = "P384";
COSECRV[COSECRV["P521"] = 3] = "P521";
COSECRV[COSECRV["ED25519"] = 6] = "ED25519";
COSECRV[COSECRV["SECP256K1"] = 8] = "SECP256K1";
})(COSECRV || (exports.COSECRV = COSECRV = {}));
function isCOSECrv(crv) {
return Object.values(COSECRV).indexOf(crv) >= 0;
}
/**
* COSE Algorithms
*
* https://www.iana.org/assignments/cose/cose.xhtml#algorithms
*/
var COSEALG;
(function (COSEALG) {
COSEALG[COSEALG["ES256"] = -7] = "ES256";
COSEALG[COSEALG["EdDSA"] = -8] = "EdDSA";
COSEALG[COSEALG["ES384"] = -35] = "ES384";
COSEALG[COSEALG["ES512"] = -36] = "ES512";
COSEALG[COSEALG["PS256"] = -37] = "PS256";
COSEALG[COSEALG["PS384"] = -38] = "PS384";
COSEALG[COSEALG["PS512"] = -39] = "PS512";
COSEALG[COSEALG["ES256K"] = -47] = "ES256K";
COSEALG[COSEALG["RS256"] = -257] = "RS256";
COSEALG[COSEALG["RS384"] = -258] = "RS384";
COSEALG[COSEALG["RS512"] = -259] = "RS512";
COSEALG[COSEALG["RS1"] = -65535] = "RS1";
})(COSEALG || (exports.COSEALG = COSEALG = {}));
function isCOSEAlg(alg) {
return Object.values(COSEALG).indexOf(alg) >= 0;
}

34
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAttestationObject.d.ts generated vendored Normal file
View File

@@ -0,0 +1,34 @@
/**
* Convert an AttestationObject buffer to a proper object
*
* @param base64AttestationObject Attestation Object buffer
*/
export declare function decodeAttestationObject(attestationObject: Uint8Array): AttestationObject;
export type AttestationFormat = 'fido-u2f' | 'packed' | 'android-safetynet' | 'android-key' | 'tpm' | 'apple' | 'none';
export type AttestationObject = {
get(key: 'fmt'): AttestationFormat;
get(key: 'attStmt'): AttestationStatement;
get(key: 'authData'): Uint8Array;
};
/**
* `AttestationStatement` will be an instance of `Map`, but these keys help make finite the list of
* possible values within it.
*/
export type AttestationStatement = {
get(key: 'sig'): Uint8Array | undefined;
get(key: 'x5c'): Uint8Array[] | undefined;
get(key: 'response'): Uint8Array | undefined;
get(key: 'alg'): number | undefined;
get(key: 'ver'): string | undefined;
get(key: 'certInfo'): Uint8Array | undefined;
get(key: 'pubArea'): Uint8Array | undefined;
readonly size: number;
};
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _decodeAttestationObjectInternals: {
stubThis: (value: AttestationObject) => AttestationObject;
};
//# sourceMappingURL=decodeAttestationObject.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAttestationObject.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"decodeAttestationObject.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeAttestationObject.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,iBAAiB,EAAE,UAAU,GAC5B,iBAAiB,CAInB;AAED,MAAM,MAAM,iBAAiB,GACzB,UAAU,GACV,QAAQ,GACR,mBAAmB,GACnB,aAAa,GACb,KAAK,GACL,OAAO,GACP,MAAM,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,iBAAiB,CAAC;IACnC,GAAG,CAAC,GAAG,EAAE,SAAS,GAAG,oBAAoB,CAAC;IAC1C,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CAAC;CAClC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,UAAU,GAAG,SAAS,CAAC;IACxC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,UAAU,EAAE,GAAG,SAAS,CAAC;IAC1C,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,CAAC;IAE5C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,iCAAiC;sBAC1B,iBAAiB;CACpC,CAAC"}

20
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAttestationObject.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._decodeAttestationObjectInternals = void 0;
exports.decodeAttestationObject = decodeAttestationObject;
const index_js_1 = require("./iso/index.js");
/**
* Convert an AttestationObject buffer to a proper object
*
* @param base64AttestationObject Attestation Object buffer
*/
function decodeAttestationObject(attestationObject) {
return exports._decodeAttestationObjectInternals.stubThis(index_js_1.isoCBOR.decodeFirst(attestationObject));
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._decodeAttestationObjectInternals = {
stubThis: (value) => value,
};

11
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAuthenticatorExtensions.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
/**
* Convert authenticator extension data buffer to a proper object
*
* @param extensionData Authenticator Extension Data buffer
*/
export declare function decodeAuthenticatorExtensions(extensionData: Uint8Array): AuthenticationExtensionsAuthenticatorOutputs | undefined;
/**
* Attempt to support authenticator extensions we might not know about in WebAuthn
*/
export type AuthenticationExtensionsAuthenticatorOutputs = unknown;
//# sourceMappingURL=decodeAuthenticatorExtensions.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAuthenticatorExtensions.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"decodeAuthenticatorExtensions.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeAuthenticatorExtensions.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,aAAa,EAAE,UAAU,GACxB,4CAA4C,GAAG,SAAS,CAU1D;AAED;;GAEG;AACH,MAAM,MAAM,4CAA4C,GAAG,OAAO,CAAC"}

37
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeAuthenticatorExtensions.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decodeAuthenticatorExtensions = decodeAuthenticatorExtensions;
const index_js_1 = require("./iso/index.js");
/**
* Convert authenticator extension data buffer to a proper object
*
* @param extensionData Authenticator Extension Data buffer
*/
function decodeAuthenticatorExtensions(extensionData) {
let toCBOR;
try {
toCBOR = index_js_1.isoCBOR.decodeFirst(extensionData);
}
catch (err) {
const _err = err;
throw new Error(`Error decoding authenticator extensions: ${_err.message}`);
}
return convertMapToObjectDeep(toCBOR);
}
/**
* CBOR-encoded extensions can be deeply-nested Maps, which are too deep for a simple
* `Object.entries()`. This method will recursively make sure that all Maps are converted into
* basic objects.
*/
function convertMapToObjectDeep(input) {
const mapped = {};
for (const [key, value] of input) {
if (value instanceof Map) {
mapped[key] = convertMapToObjectDeep(value);
}
else {
mapped[key] = value;
}
}
return mapped;
}

23
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeClientDataJSON.d.ts generated vendored Normal file
View File

@@ -0,0 +1,23 @@
import type { Base64URLString } from '../types/index.js';
/**
* Decode an authenticator's base64url-encoded clientDataJSON to JSON
*/
export declare function decodeClientDataJSON(data: Base64URLString): ClientDataJSON;
export type ClientDataJSON = {
type: string;
challenge: string;
origin: string;
crossOrigin?: boolean;
tokenBinding?: {
id?: string;
status: 'present' | 'supported' | 'not-supported';
};
};
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _decodeClientDataJSONInternals: {
stubThis: (value: ClientDataJSON) => ClientDataJSON;
};
//# sourceMappingURL=decodeClientDataJSON.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeClientDataJSON.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"decodeClientDataJSON.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeClientDataJSON.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,GAAG,cAAc,CAK1E;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,YAAY,CAAC,EAAE;QACb,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,SAAS,GAAG,WAAW,GAAG,eAAe,CAAC;KACnD,CAAC;CACH,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,8BAA8B;sBACvB,cAAc;CACjC,CAAC"}

20
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeClientDataJSON.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._decodeClientDataJSONInternals = void 0;
exports.decodeClientDataJSON = decodeClientDataJSON;
const index_js_1 = require("./iso/index.js");
/**
* Decode an authenticator's base64url-encoded clientDataJSON to JSON
*/
function decodeClientDataJSON(data) {
const toString = index_js_1.isoBase64URL.toUTF8String(data);
const clientData = JSON.parse(toString);
return exports._decodeClientDataJSONInternals.stubThis(clientData);
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._decodeClientDataJSONInternals = {
stubThis: (value) => value,
};

10
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeCredentialPublicKey.d.ts generated vendored Normal file
View File

@@ -0,0 +1,10 @@
import { COSEPublicKey } from './cose.js';
export declare function decodeCredentialPublicKey(publicKey: Uint8Array): COSEPublicKey;
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _decodeCredentialPublicKeyInternals: {
stubThis: (value: COSEPublicKey) => COSEPublicKey;
};
//# sourceMappingURL=decodeCredentialPublicKey.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeCredentialPublicKey.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"decodeCredentialPublicKey.d.ts","sourceRoot":"","sources":["../../src/helpers/decodeCredentialPublicKey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,UAAU,GACpB,aAAa,CAIf;AAED;;;GAGG;AACH,eAAO,MAAM,mCAAmC;sBAC5B,aAAa;CAChC,CAAC"}

15
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/decodeCredentialPublicKey.js generated vendored Normal file
View File

@@ -0,0 +1,15 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._decodeCredentialPublicKeyInternals = void 0;
exports.decodeCredentialPublicKey = decodeCredentialPublicKey;
const index_js_1 = require("./iso/index.js");
function decodeCredentialPublicKey(publicKey) {
return exports._decodeCredentialPublicKeyInternals.stubThis(index_js_1.isoCBOR.decodeFirst(publicKey));
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._decodeCredentialPublicKeyInternals = {
stubThis: (value) => value,
};

13
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/fetch.d.ts generated vendored Normal file
View File

@@ -0,0 +1,13 @@
/**
* A simple method for requesting data via standard `fetch`. Should work
* across multiple runtimes.
*/
export declare function fetch(url: string): Promise<Response>;
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _fetchInternals: {
stubThis: (url: string) => Promise<Response>;
};
//# sourceMappingURL=fetch.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/fetch.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../src/helpers/fetch.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAEpD;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe;oBACV,MAAM;CACvB,CAAC"}

18
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/fetch.js generated vendored Normal file
View File

@@ -0,0 +1,18 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._fetchInternals = void 0;
exports.fetch = fetch;
/**
* A simple method for requesting data via standard `fetch`. Should work
* across multiple runtimes.
*/
function fetch(url) {
return exports._fetchInternals.stubThis(url);
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._fetchInternals = {
stubThis: (url) => globalThis.fetch(url),
};

12
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateChallenge.d.ts generated vendored Normal file
View File

@@ -0,0 +1,12 @@
/**
* Generate a suitably random value to be used as an attestation or assertion challenge
*/
export declare function generateChallenge(): Promise<Uint8Array>;
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _generateChallengeInternals: {
stubThis: (value: Uint8Array) => Uint8Array;
};
//# sourceMappingURL=generateChallenge.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateChallenge.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"generateChallenge.d.ts","sourceRoot":"","sources":["../../src/helpers/generateChallenge.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,UAAU,CAAC,CAc7D;AAED;;;GAGG;AACH,eAAO,MAAM,2BAA2B;sBACpB,UAAU;CAC7B,CAAC"}

28
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateChallenge.js generated vendored Normal file
View File

@@ -0,0 +1,28 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._generateChallengeInternals = void 0;
exports.generateChallenge = generateChallenge;
const index_js_1 = require("./iso/index.js");
/**
* Generate a suitably random value to be used as an attestation or assertion challenge
*/
async function generateChallenge() {
/**
* WebAuthn spec says that 16 bytes is a good minimum:
*
* "In order to prevent replay attacks, the challenges MUST contain enough entropy to make
* guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long."
*
* Just in case, let's double it
*/
const challenge = new Uint8Array(32);
await index_js_1.isoCrypto.getRandomValues(challenge);
return exports._generateChallengeInternals.stubThis(challenge);
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._generateChallengeInternals = {
stubThis: (value) => value,
};

12
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateUserID.d.ts generated vendored Normal file
View File

@@ -0,0 +1,12 @@
/**
* Generate a suitably random value to be used as user ID
*/
export declare function generateUserID(): Promise<Uint8Array>;
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
export declare const _generateUserIDInternals: {
stubThis: (value: Uint8Array) => Uint8Array;
};
//# sourceMappingURL=generateUserID.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateUserID.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"generateUserID.d.ts","sourceRoot":"","sources":["../../src/helpers/generateUserID.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,UAAU,CAAC,CAU1D;AAED;;;GAGG;AACH,eAAO,MAAM,wBAAwB;sBACjB,UAAU;CAC7B,CAAC"}

24
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/generateUserID.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._generateUserIDInternals = void 0;
exports.generateUserID = generateUserID;
const index_js_1 = require("./iso/index.js");
/**
* Generate a suitably random value to be used as user ID
*/
async function generateUserID() {
/**
* WebAuthn spec says user.id has a max length of 64 bytes. I prefer how 32 random bytes look
* after they're base64url-encoded so I'm choosing to go with that here.
*/
const newUserID = new Uint8Array(32);
await index_js_1.isoCrypto.getRandomValues(newUserID);
return exports._generateUserIDInternals.stubThis(newUserID);
}
/**
* Make it possible to stub the return value during testing
* @ignore Don't include this in docs output
*/
exports._generateUserIDInternals = {
stubThis: (value) => value,
};

32
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/getCertificateInfo.d.ts generated vendored Normal file
View File

@@ -0,0 +1,32 @@
import { Certificate } from '@peculiar/asn1-x509';
export type CertificateInfo = {
issuer: Issuer;
subject: Subject;
version: number;
basicConstraintsCA: boolean;
notBefore: Date;
notAfter: Date;
parsedCertificate: Certificate;
};
type Issuer = {
C?: string;
O?: string;
OU?: string;
CN?: string;
combined: string;
};
type Subject = {
C?: string;
O?: string;
OU?: string;
CN?: string;
combined: string;
};
/**
* Extract PEM certificate info
*
* @param pemCertificate Result from call to `convertASN1toPEM(x5c[0])`
*/
export declare function getCertificateInfo(leafCertBuffer: Uint8Array): CertificateInfo;
export {};
//# sourceMappingURL=getCertificateInfo.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/getCertificateInfo.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"getCertificateInfo.d.ts","sourceRoot":"","sources":["../../src/helpers/getCertificateInfo.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAE5F,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,IAAI,CAAC;IACf,iBAAiB,EAAE,WAAW,CAAC;CAChC,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,KAAK,OAAO,GAAG;IACb,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AASF;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,cAAc,EAAE,UAAU,GACzB,eAAe,CA+CjB"}

80
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/getCertificateInfo.js generated vendored Normal file
View File

@@ -0,0 +1,80 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getCertificateInfo = getCertificateInfo;
const asn1_schema_1 = require("@peculiar/asn1-schema");
const asn1_x509_1 = require("@peculiar/asn1-x509");
const issuerSubjectIDKey = {
'2.5.4.6': 'C',
'2.5.4.10': 'O',
'2.5.4.11': 'OU',
'2.5.4.3': 'CN',
};
/**
* Extract PEM certificate info
*
* @param pemCertificate Result from call to `convertASN1toPEM(x5c[0])`
*/
function getCertificateInfo(leafCertBuffer) {
const x509 = asn1_schema_1.AsnParser.parse(leafCertBuffer, asn1_x509_1.Certificate);
const parsedCert = x509.tbsCertificate;
// Issuer
const issuer = { combined: '' };
parsedCert.issuer.forEach(([iss]) => {
const key = issuerSubjectIDKey[iss.type];
if (key) {
issuer[key] = iss.value.toString();
}
});
issuer.combined = issuerSubjectToString(issuer);
// Subject
const subject = { combined: '' };
parsedCert.subject.forEach(([iss]) => {
const key = issuerSubjectIDKey[iss.type];
if (key) {
subject[key] = iss.value.toString();
}
});
subject.combined = issuerSubjectToString(subject);
let basicConstraintsCA = false;
if (parsedCert.extensions) {
// console.log(parsedCert.extensions);
for (const ext of parsedCert.extensions) {
if (ext.extnID === asn1_x509_1.id_ce_basicConstraints) {
const basicConstraints = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.BasicConstraints);
basicConstraintsCA = basicConstraints.cA;
}
}
}
return {
issuer,
subject,
version: parsedCert.version,
basicConstraintsCA,
notBefore: parsedCert.validity.notBefore.getTime(),
notAfter: parsedCert.validity.notAfter.getTime(),
parsedCertificate: x509,
};
}
/**
* Stringify the parts of Issuer or Subject info for easier comparison of subject issuers with
* issuer subjects.
*
* The order might seem arbitrary, because it is. It should be enough that the two are stringified
* in the same order.
*/
function issuerSubjectToString(input) {
const parts = [];
if (input.C) {
parts.push(input.C);
}
if (input.O) {
parts.push(input.O);
}
if (input.OU) {
parts.push(input.OU);
}
if (input.CN) {
parts.push(input.CN);
}
return parts.join(' : ');
}

17
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,17 @@
export * from './convertAAGUIDToString.js';
export * from './convertCertBufferToPEM.js';
export * from './convertCOSEtoPKCS.js';
export * from './decodeAttestationObject.js';
export * from './decodeClientDataJSON.js';
export * from './decodeCredentialPublicKey.js';
export * from './generateChallenge.js';
export * from './generateUserID.js';
export * from './getCertificateInfo.js';
export * from './isCertRevoked.js';
export * from './parseAuthenticatorData.js';
export * from './toHash.js';
export * from './validateCertificatePath.js';
export * from './verifySignature.js';
export * from './iso/index.js';
export * as cose from './cose.js';
//# sourceMappingURL=index.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/index.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/helpers/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,wBAAwB,CAAC;AACvC,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,aAAa,CAAC;AAC5B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC"}

45
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/index.js generated vendored Normal file
View File

@@ -0,0 +1,45 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.cose = void 0;
__exportStar(require("./convertAAGUIDToString.js"), exports);
__exportStar(require("./convertCertBufferToPEM.js"), exports);
__exportStar(require("./convertCOSEtoPKCS.js"), exports);
__exportStar(require("./decodeAttestationObject.js"), exports);
__exportStar(require("./decodeClientDataJSON.js"), exports);
__exportStar(require("./decodeCredentialPublicKey.js"), exports);
__exportStar(require("./generateChallenge.js"), exports);
__exportStar(require("./generateUserID.js"), exports);
__exportStar(require("./getCertificateInfo.js"), exports);
__exportStar(require("./isCertRevoked.js"), exports);
__exportStar(require("./parseAuthenticatorData.js"), exports);
__exportStar(require("./toHash.js"), exports);
__exportStar(require("./validateCertificatePath.js"), exports);
__exportStar(require("./verifySignature.js"), exports);
__exportStar(require("./iso/index.js"), exports);
exports.cose = __importStar(require("./cose.js"));

9
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/isCertRevoked.d.ts generated vendored Normal file
View File

@@ -0,0 +1,9 @@
import { Certificate } from '@peculiar/asn1-x509';
/**
* A method to pull a CRL from a certificate and compare its serial number to the list of revoked
* certificate serial numbers within the CRL.
*
* CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
*/
export declare function isCertRevoked(cert: Certificate): Promise<boolean>;
//# sourceMappingURL=isCertRevoked.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/isCertRevoked.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"isCertRevoked.d.ts","sourceRoot":"","sources":["../../src/helpers/isCertRevoked.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,WAAW,EAOZ,MAAM,qBAAqB,CAAC;AAgB7B;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAgHvE"}

102
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/isCertRevoked.js generated vendored Normal file
View File

@@ -0,0 +1,102 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isCertRevoked = isCertRevoked;
const asn1_schema_1 = require("@peculiar/asn1-schema");
const asn1_x509_1 = require("@peculiar/asn1-x509");
const index_js_1 = require("./iso/index.js");
const fetch_js_1 = require("./fetch.js");
const cacheRevokedCerts = {};
/**
* A method to pull a CRL from a certificate and compare its serial number to the list of revoked
* certificate serial numbers within the CRL.
*
* CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117
*/
async function isCertRevoked(cert) {
const { extensions } = cert.tbsCertificate;
if (!extensions) {
return false;
}
let extAuthorityKeyID;
let extSubjectKeyID;
let extCRLDistributionPoints;
extensions.forEach((ext) => {
if (ext.extnID === asn1_x509_1.id_ce_authorityKeyIdentifier) {
extAuthorityKeyID = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.AuthorityKeyIdentifier);
}
else if (ext.extnID === asn1_x509_1.id_ce_subjectKeyIdentifier) {
extSubjectKeyID = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.SubjectKeyIdentifier);
}
else if (ext.extnID === asn1_x509_1.id_ce_cRLDistributionPoints) {
extCRLDistributionPoints = asn1_schema_1.AsnParser.parse(ext.extnValue, asn1_x509_1.CRLDistributionPoints);
}
});
// Check to see if we've got cached info for the cert's CA
let keyIdentifier = undefined;
if (extAuthorityKeyID && extAuthorityKeyID.keyIdentifier) {
keyIdentifier = index_js_1.isoUint8Array.toHex(new Uint8Array(extAuthorityKeyID.keyIdentifier.buffer));
}
else if (extSubjectKeyID) {
/**
* We might be dealing with a self-signed root certificate. Check the
* Subject key Identifier extension next.
*/
keyIdentifier = index_js_1.isoUint8Array.toHex(new Uint8Array(extSubjectKeyID.buffer));
}
const certSerialHex = index_js_1.isoUint8Array.toHex(new Uint8Array(cert.tbsCertificate.serialNumber));
if (keyIdentifier) {
const cached = cacheRevokedCerts[keyIdentifier];
if (cached) {
const now = new Date();
// If there's a nextUpdate then make sure we're before it
if (!cached.nextUpdate || cached.nextUpdate > now) {
return cached.revokedCerts.indexOf(certSerialHex) >= 0;
}
}
}
const crlURL = extCRLDistributionPoints?.[0].distributionPoint?.fullName?.[0]
.uniformResourceIdentifier;
// If no URL is provided then we have nothing to check
if (!crlURL) {
return false;
}
// Download and read the CRL
let certListBytes;
try {
const respCRL = await (0, fetch_js_1.fetch)(crlURL);
certListBytes = await respCRL.arrayBuffer();
}
catch (_err) {
return false;
}
let data;
try {
data = asn1_schema_1.AsnParser.parse(certListBytes, asn1_x509_1.CertificateList);
}
catch (_err) {
// Something was malformed with the CRL, so pass
return false;
}
const newCached = {
revokedCerts: [],
nextUpdate: undefined,
};
// nextUpdate
if (data.tbsCertList.nextUpdate) {
newCached.nextUpdate = data.tbsCertList.nextUpdate.getTime();
}
// revokedCertificates
const revokedCerts = data.tbsCertList.revokedCertificates;
if (revokedCerts) {
for (const cert of revokedCerts) {
const revokedHex = index_js_1.isoUint8Array.toHex(new Uint8Array(cert.userCertificate));
newCached.revokedCerts.push(revokedHex);
}
// Cache the results
if (keyIdentifier) {
cacheRevokedCerts[keyIdentifier] = newCached;
}
return newCached.revokedCerts.indexOf(certSerialHex) >= 0;
}
return false;
}

12
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,12 @@
/**
* A collection of methods for isomorphic manipulation of trickier data types
*
* The goal with these is to make it easier to replace dependencies later that might not play well
* with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
* etc...), while also supporting execution in Node.
*/
export * as isoBase64URL from './isoBase64URL.js';
export * as isoCBOR from './isoCBOR.js';
export * as isoCrypto from './isoCrypto/index.js';
export * as isoUint8Array from './isoUint8Array.js';
//# sourceMappingURL=index.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/index.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,YAAY,MAAM,mBAAmB,CAAC;AAClD,OAAO,KAAK,OAAO,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAC;AAClD,OAAO,KAAK,aAAa,MAAM,oBAAoB,CAAC"}

37
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/index.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.isoUint8Array = exports.isoCrypto = exports.isoCBOR = exports.isoBase64URL = void 0;
/**
* A collection of methods for isomorphic manipulation of trickier data types
*
* The goal with these is to make it easier to replace dependencies later that might not play well
* with specific server-like runtimes that expose global Web APIs (CloudFlare Workers, Deno, Bun,
* etc...), while also supporting execution in Node.
*/
exports.isoBase64URL = __importStar(require("./isoBase64URL.js"));
exports.isoCBOR = __importStar(require("./isoCBOR.js"));
exports.isoCrypto = __importStar(require("./isoCrypto/index.js"));
exports.isoUint8Array = __importStar(require("./isoUint8Array.js"));

43
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoBase64URL.d.ts generated vendored Normal file
View File

@@ -0,0 +1,43 @@
import type { Base64URLString } from '../../types/index.js';
/**
* Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a
* credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
* excludeCredentials.
*
* @param buffer Value to decode from base64
* @param to (optional) The decoding to use, in case it's desirable to decode from base64 instead
*/
export declare function toBuffer(base64urlString: string, from?: 'base64' | 'base64url'): Uint8Array;
/**
* Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various
* credential response ArrayBuffers to string for sending back to the server as JSON.
*
* @param buffer Value to encode to base64
* @param to (optional) The encoding to use, in case it's desirable to encode to base64 instead
*/
export declare function fromBuffer(buffer: Uint8Array, to?: 'base64' | 'base64url'): string;
/**
* Convert a base64url string into base64
*/
export declare function toBase64(base64urlString: string): string;
/**
* Encode a UTF-8 string to base64url
*/
export declare function fromUTF8String(utf8String: string): string;
/**
* Decode a base64url string into its original UTF-8 string
*/
export declare function toUTF8String(base64urlString: string): string;
/**
* Confirm that the string is encoded into base64
*/
export declare function isBase64(input: string): boolean;
/**
* Confirm that the string is encoded into base64url, with support for optional padding
*/
export declare function isBase64URL(input: string): boolean;
/**
* Remove optional padding from a base64url-encoded string
*/
export declare function trimPadding(input: Base64URLString): Base64URLString;
//# sourceMappingURL=isoBase64URL.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoBase64URL.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"isoBase64URL.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/isoBase64URL.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CACtB,eAAe,EAAE,MAAM,EACvB,IAAI,GAAE,QAAQ,GAAG,WAAyB,GACzC,UAAU,CAGZ;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,MAAM,EAAE,UAAU,EAClB,EAAE,GAAE,QAAQ,GAAG,WAAyB,GACvC,MAAM,CAER;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAIxD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAIlD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,eAAe,GAAG,eAAe,CAEnE"}

80
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoBase64URL.js generated vendored Normal file
View File

@@ -0,0 +1,80 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.toBuffer = toBuffer;
exports.fromBuffer = fromBuffer;
exports.toBase64 = toBase64;
exports.fromUTF8String = fromUTF8String;
exports.toUTF8String = toUTF8String;
exports.isBase64 = isBase64;
exports.isBase64URL = isBase64URL;
exports.trimPadding = trimPadding;
/**
* A runtime-agnostic collection of methods for working with Base64URL encoding
* @module
*/
const base64_1 = __importDefault(require("@hexagon/base64"));
/**
* Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a
* credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
* excludeCredentials.
*
* @param buffer Value to decode from base64
* @param to (optional) The decoding to use, in case it's desirable to decode from base64 instead
*/
function toBuffer(base64urlString, from = 'base64url') {
const _buffer = base64_1.default.toArrayBuffer(base64urlString, from === 'base64url');
return new Uint8Array(_buffer);
}
/**
* Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various
* credential response ArrayBuffers to string for sending back to the server as JSON.
*
* @param buffer Value to encode to base64
* @param to (optional) The encoding to use, in case it's desirable to encode to base64 instead
*/
function fromBuffer(buffer, to = 'base64url') {
return base64_1.default.fromArrayBuffer(buffer, to === 'base64url');
}
/**
* Convert a base64url string into base64
*/
function toBase64(base64urlString) {
const fromBase64Url = base64_1.default.toArrayBuffer(base64urlString, true);
const toBase64 = base64_1.default.fromArrayBuffer(fromBase64Url);
return toBase64;
}
/**
* Encode a UTF-8 string to base64url
*/
function fromUTF8String(utf8String) {
return base64_1.default.fromString(utf8String, true);
}
/**
* Decode a base64url string into its original UTF-8 string
*/
function toUTF8String(base64urlString) {
return base64_1.default.toString(base64urlString, true);
}
/**
* Confirm that the string is encoded into base64
*/
function isBase64(input) {
return base64_1.default.validate(input, false);
}
/**
* Confirm that the string is encoded into base64url, with support for optional padding
*/
function isBase64URL(input) {
// Trim padding characters from the string if present
input = trimPadding(input);
return base64_1.default.validate(input, true);
}
/**
* Remove optional padding from a base64url-encoded string
*/
function trimPadding(input) {
return input.replace(/=/g, '');
}

28
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCBOR.d.ts generated vendored Normal file
View File

@@ -0,0 +1,28 @@
/**
* A runtime-agnostic collection of methods for working with CBOR encoding
* @module
*/
import * as tinyCbor from '@levischuck/tiny-cbor';
/**
* Whatever CBOR encoder is used should keep CBOR data the same length when data is re-encoded
*
* MOST CRITICALLY, this means the following needs to be true of whatever CBOR library we use:
* - CBOR Map type values MUST decode to JavaScript Maps
* - CBOR tag 64 (uint8 Typed Array) MUST NOT be used when encoding Uint8Arrays back to CBOR
*
* So long as these requirements are maintained, then CBOR sequences can be encoded and decoded
* freely while maintaining their lengths for the most accurate pointer movement across them.
*/
/**
* Decode and return the first item in a sequence of CBOR-encoded values
*
* @param input The CBOR data to decode
* @param asObject (optional) Whether to convert any CBOR Maps into JavaScript Objects. Defaults to
* `false`
*/
export declare function decodeFirst<Type>(input: Uint8Array): Type;
/**
* Encode data to CBOR
*/
export declare function encode(input: tinyCbor.CBORType): Uint8Array;
//# sourceMappingURL=isoCBOR.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCBOR.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"isoCBOR.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/isoCBOR.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAC;AAElD;;;;;;;;;GASG;AAEH;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAQzD;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,GAAG,UAAU,CAE3D"}

62
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCBOR.js generated vendored Normal file
View File

@@ -0,0 +1,62 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.decodeFirst = decodeFirst;
exports.encode = encode;
/**
* A runtime-agnostic collection of methods for working with CBOR encoding
* @module
*/
const tinyCbor = __importStar(require("@levischuck/tiny-cbor"));
/**
* Whatever CBOR encoder is used should keep CBOR data the same length when data is re-encoded
*
* MOST CRITICALLY, this means the following needs to be true of whatever CBOR library we use:
* - CBOR Map type values MUST decode to JavaScript Maps
* - CBOR tag 64 (uint8 Typed Array) MUST NOT be used when encoding Uint8Arrays back to CBOR
*
* So long as these requirements are maintained, then CBOR sequences can be encoded and decoded
* freely while maintaining their lengths for the most accurate pointer movement across them.
*/
/**
* Decode and return the first item in a sequence of CBOR-encoded values
*
* @param input The CBOR data to decode
* @param asObject (optional) Whether to convert any CBOR Maps into JavaScript Objects. Defaults to
* `false`
*/
function decodeFirst(input) {
// Make a copy so we don't mutate the original
const _input = new Uint8Array(input);
const decoded = tinyCbor.decodePartialCBOR(_input, 0);
const [first] = decoded;
return first;
}
/**
* Encode data to CBOR
*/
function encode(input) {
return tinyCbor.encodeCBOR(input);
}

9
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/digest.d.ts generated vendored Normal file
View File

@@ -0,0 +1,9 @@
import { COSEALG } from '../../cose.js';
/**
* Generate a digest of the provided data.
*
* @param data The data to generate a digest of
* @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
*/
export declare function digest(data: Uint8Array, algorithm: COSEALG): Promise<Uint8Array>;
//# sourceMappingURL=digest.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/digest.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"digest.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/digest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAIxC;;;;;GAKG;AACH,wBAAsB,MAAM,CAC1B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,OAAO,GACjB,OAAO,CAAC,UAAU,CAAC,CAQrB"}

17
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/digest.js generated vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.digest = digest;
const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
const getWebCrypto_js_1 = require("./getWebCrypto.js");
/**
* Generate a digest of the provided data.
*
* @param data The data to generate a digest of
* @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
*/
async function digest(data, algorithm) {
const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
const subtleAlgorithm = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(algorithm);
const hashed = await WebCrypto.subtle.digest(subtleAlgorithm, data);
return new Uint8Array(hashed);
}

7
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getRandomValues.d.ts generated vendored Normal file
View File

@@ -0,0 +1,7 @@
/**
* Fill up the provided bytes array with random bytes equal to its length.
*
* @returns the same bytes array passed into the method
*/
export declare function getRandomValues(array: Uint8Array): Promise<Uint8Array>;
//# sourceMappingURL=getRandomValues.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getRandomValues.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"getRandomValues.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/getRandomValues.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAM5E"}

14
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getRandomValues.js generated vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getRandomValues = getRandomValues;
const getWebCrypto_js_1 = require("./getWebCrypto.js");
/**
* Fill up the provided bytes array with random bytes equal to its length.
*
* @returns the same bytes array passed into the method
*/
async function getRandomValues(array) {
const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
WebCrypto.getRandomValues(array);
return array;
}

14
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getWebCrypto.d.ts generated vendored Normal file
View File

@@ -0,0 +1,14 @@
import type { Crypto } from '../../../types/index.js';
/**
* Try to get an instance of the Crypto API from the current runtime. Should support Node,
* as well as others, like Deno, that implement Web APIs.
*/
export declare function getWebCrypto(): Promise<Crypto>;
export declare class MissingWebCrypto extends Error {
constructor();
}
export declare const _getWebCryptoInternals: {
stubThisGlobalThisCrypto: () => import("crypto").webcrypto.Crypto;
setCachedCrypto: (newCrypto: Crypto | undefined) => void;
};
//# sourceMappingURL=getWebCrypto.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getWebCrypto.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"getWebCrypto.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/getWebCrypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAItD;;;GAGG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAgC9C;AAED,qBAAa,gBAAiB,SAAQ,KAAK;;CAM1C;AAGD,eAAO,MAAM,sBAAsB;;iCAGJ,MAAM,GAAG,SAAS;CAGhD,CAAC"}

54
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/getWebCrypto.js generated vendored Normal file
View File

@@ -0,0 +1,54 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._getWebCryptoInternals = exports.MissingWebCrypto = void 0;
exports.getWebCrypto = getWebCrypto;
let webCrypto = undefined;
/**
* Try to get an instance of the Crypto API from the current runtime. Should support Node,
* as well as others, like Deno, that implement Web APIs.
*/
function getWebCrypto() {
/**
* Hello there! If you came here wondering why this method is asynchronous when use of
* `globalThis.crypto` is not, it's to minimize a bunch of refactor related to making this
* synchronous. For example, `generateRegistrationOptions()` and `generateAuthenticationOptions()`
* become synchronous if we make this synchronous (since nothing else in that method is async)
* which represents a breaking API change in this library's core API.
*
* TODO: If it's after February 2025 when you read this then consider whether it still makes sense
* to keep this method asynchronous.
*/
const toResolve = new Promise((resolve, reject) => {
if (webCrypto) {
return resolve(webCrypto);
}
/**
* Naively attempt to access Crypto as a global object, which popular ESM-centric run-times
* support (and Node v20+)
*/
const _globalThisCrypto = exports._getWebCryptoInternals.stubThisGlobalThisCrypto();
if (_globalThisCrypto) {
webCrypto = _globalThisCrypto;
return resolve(webCrypto);
}
// We tried to access it both in Node and globally, so bail out
return reject(new MissingWebCrypto());
});
return toResolve;
}
class MissingWebCrypto extends Error {
constructor() {
const message = 'An instance of the Crypto API could not be located';
super(message);
this.name = 'MissingWebCrypto';
}
}
exports.MissingWebCrypto = MissingWebCrypto;
// Make it possible to stub return values during testing
exports._getWebCryptoInternals = {
stubThisGlobalThisCrypto: () => globalThis.crypto,
// Make it possible to reset the `webCrypto` at the top of the file
setCachedCrypto: (newCrypto) => {
webCrypto = newCrypto;
},
};

5
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/importKey.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
export declare function importKey(opts: {
keyData: JsonWebKey;
algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams;
}): Promise<CryptoKey>;
//# sourceMappingURL=importKey.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/importKey.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"importKey.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/importKey.ts"],"names":[],"mappings":"AAEA,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,OAAO,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,iBAAiB,CAAC;CAC5E,GAAG,OAAO,CAAC,SAAS,CAAC,CAQrB"}

11
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/importKey.js generated vendored Normal file
View File

@@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.importKey = importKey;
const getWebCrypto_js_1 = require("./getWebCrypto.js");
async function importKey(opts) {
const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
const { keyData, algorithm } = opts;
return WebCrypto.subtle.importKey('jwk', keyData, algorithm, false, [
'verify',
]);
}

8
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,8 @@
/**
* A runtime-agnostic collection of methods for working with the WebCrypto API
* @module
*/
export { digest } from './digest.js';
export { getRandomValues } from './getRandomValues.js';
export { verify } from './verify.js';
//# sourceMappingURL=index.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/index.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC"}

13
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/index.js generated vendored Normal file
View File

@@ -0,0 +1,13 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verify = exports.getRandomValues = exports.digest = void 0;
/**
* A runtime-agnostic collection of methods for working with the WebCrypto API
* @module
*/
var digest_js_1 = require("./digest.js");
Object.defineProperty(exports, "digest", { enumerable: true, get: function () { return digest_js_1.digest; } });
var getRandomValues_js_1 = require("./getRandomValues.js");
Object.defineProperty(exports, "getRandomValues", { enumerable: true, get: function () { return getRandomValues_js_1.getRandomValues; } });
var verify_js_1 = require("./verify.js");
Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return verify_js_1.verify; } });

7
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts generated vendored Normal file
View File

@@ -0,0 +1,7 @@
import { SubtleCryptoAlg } from './structs.js';
import { COSEALG } from '../../cose.js';
/**
* Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
*/
export declare function mapCoseAlgToWebCryptoAlg(alg: COSEALG): SubtleCryptoAlg;
//# sourceMappingURL=mapCoseAlgToWebCryptoAlg.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"mapCoseAlgToWebCryptoAlg.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO,GAAG,eAAe,CAetE"}

23
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.js generated vendored Normal file
View File

@@ -0,0 +1,23 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.mapCoseAlgToWebCryptoAlg = mapCoseAlgToWebCryptoAlg;
const cose_js_1 = require("../../cose.js");
/**
* Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
*/
function mapCoseAlgToWebCryptoAlg(alg) {
if ([cose_js_1.COSEALG.RS1].indexOf(alg) >= 0) {
return 'SHA-1';
}
else if ([cose_js_1.COSEALG.ES256, cose_js_1.COSEALG.PS256, cose_js_1.COSEALG.RS256].indexOf(alg) >= 0) {
return 'SHA-256';
}
else if ([cose_js_1.COSEALG.ES384, cose_js_1.COSEALG.PS384, cose_js_1.COSEALG.RS384].indexOf(alg) >= 0) {
return 'SHA-384';
}
else if ([cose_js_1.COSEALG.ES512, cose_js_1.COSEALG.PS512, cose_js_1.COSEALG.RS512, cose_js_1.COSEALG.EdDSA].indexOf(alg) >=
0) {
return 'SHA-512';
}
throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto alg`);
}

7
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts generated vendored Normal file
View File

@@ -0,0 +1,7 @@
import { COSEALG } from '../../cose.js';
import { SubtleCryptoKeyAlgName } from './structs.js';
/**
* Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
*/
export declare function mapCoseAlgToWebCryptoKeyAlgName(alg: COSEALG): SubtleCryptoKeyAlgName;
//# sourceMappingURL=mapCoseAlgToWebCryptoKeyAlgName.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"mapCoseAlgToWebCryptoKeyAlgName.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAEtD;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,GAAG,EAAE,OAAO,GACX,sBAAsB,CAoBxB"}

22
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.js generated vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.mapCoseAlgToWebCryptoKeyAlgName = mapCoseAlgToWebCryptoKeyAlgName;
const cose_js_1 = require("../../cose.js");
/**
* Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
*/
function mapCoseAlgToWebCryptoKeyAlgName(alg) {
if ([cose_js_1.COSEALG.EdDSA].indexOf(alg) >= 0) {
return 'Ed25519';
}
else if ([cose_js_1.COSEALG.ES256, cose_js_1.COSEALG.ES384, cose_js_1.COSEALG.ES512, cose_js_1.COSEALG.ES256K].indexOf(alg) >= 0) {
return 'ECDSA';
}
else if ([cose_js_1.COSEALG.RS256, cose_js_1.COSEALG.RS384, cose_js_1.COSEALG.RS512, cose_js_1.COSEALG.RS1].indexOf(alg) >= 0) {
return 'RSASSA-PKCS1-v1_5';
}
else if ([cose_js_1.COSEALG.PS256, cose_js_1.COSEALG.PS384, cose_js_1.COSEALG.PS512].indexOf(alg) >= 0) {
return 'RSA-PSS';
}
throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto key alg name`);
}

4
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/structs.d.ts generated vendored Normal file
View File

@@ -0,0 +1,4 @@
export type SubtleCryptoAlg = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
export type SubtleCryptoCrv = 'P-256' | 'P-384' | 'P-521' | 'Ed25519';
export type SubtleCryptoKeyAlgName = 'ECDSA' | 'Ed25519' | 'RSASSA-PKCS1-v1_5' | 'RSA-PSS';
//# sourceMappingURL=structs.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/structs.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"structs.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/structs.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAC1E,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAC9B,OAAO,GACP,SAAS,GACT,mBAAmB,GACnB,SAAS,CAAC"}

2
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/structs.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

8
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts generated vendored Normal file
View File

@@ -0,0 +1,8 @@
import { COSECRV } from '../../cose.js';
/**
* In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
*
* See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
*/
export declare function unwrapEC2Signature(signature: Uint8Array, crv: COSECRV): Uint8Array;
//# sourceMappingURL=unwrapEC2Signature.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"unwrapEC2Signature.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/unwrapEC2Signature.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAGxC;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,GAAG,UAAU,CAelF"}

76
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/unwrapEC2Signature.js generated vendored Normal file
View File

@@ -0,0 +1,76 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.unwrapEC2Signature = unwrapEC2Signature;
const asn1_schema_1 = require("@peculiar/asn1-schema");
const asn1_ecc_1 = require("@peculiar/asn1-ecc");
const cose_js_1 = require("../../cose.js");
const index_js_1 = require("../index.js");
/**
* In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
*
* See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
*/
function unwrapEC2Signature(signature, crv) {
const parsedSignature = asn1_schema_1.AsnParser.parse(signature, asn1_ecc_1.ECDSASigValue);
const rBytes = new Uint8Array(parsedSignature.r);
const sBytes = new Uint8Array(parsedSignature.s);
const componentLength = getSignatureComponentLength(crv);
const rNormalizedBytes = toNormalizedBytes(rBytes, componentLength);
const sNormalizedBytes = toNormalizedBytes(sBytes, componentLength);
const finalSignature = index_js_1.isoUint8Array.concat([
rNormalizedBytes,
sNormalizedBytes,
]);
return finalSignature;
}
/**
* The SubtleCrypto Web Crypto API expects ECDSA signatures with `r` and `s` values to be encoded
* to a specific length depending on the order of the curve. This function returns the expected
* byte-length for each of the `r` and `s` signature components.
*
* See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
*/
function getSignatureComponentLength(crv) {
switch (crv) {
case cose_js_1.COSECRV.P256:
return 32;
case cose_js_1.COSECRV.P384:
return 48;
case cose_js_1.COSECRV.P521:
return 66;
default:
throw new Error(`Unexpected COSE crv value of ${crv} (EC2)`);
}
}
/**
* Converts the ASN.1 integer representation to bytes of a specific length `n`.
*
* DER encodes integers as big-endian byte arrays, with as small as possible representation and
* requires a leading `0` byte to disambiguate between negative and positive numbers. This means
* that `r` and `s` can potentially not be the expected byte-length that is needed by the
* SubtleCrypto Web Crypto API: if there are leading `0`s it can be shorter than expected, and if
* it has a leading `1` bit, it can be one byte longer.
*
* See <https://www.itu.int/rec/T-REC-X.690-202102-I/en>
* See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
*/
function toNormalizedBytes(bytes, componentLength) {
let normalizedBytes;
if (bytes.length < componentLength) {
// In case the bytes are shorter than expected, we need to pad it with leading `0`s.
normalizedBytes = new Uint8Array(componentLength);
normalizedBytes.set(bytes, componentLength - bytes.length);
}
else if (bytes.length === componentLength) {
normalizedBytes = bytes;
}
else if (bytes.length === componentLength + 1 && bytes[0] === 0 && (bytes[1] & 0x80) === 0x80) {
// The bytes contain a leading `0` to encode that the integer is positive. This leading `0`
// needs to be removed for compatibility with the SubtleCrypto Web Crypto API.
normalizedBytes = bytes.subarray(1);
}
else {
throw new Error(`Invalid signature component length ${bytes.length}, expected ${componentLength}`);
}
return normalizedBytes;
}

11
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verify.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
import { COSEALG, COSEPublicKey } from '../../cose.js';
/**
* Verify signatures with their public key. Supports EC2 and RSA public keys.
*/
export declare function verify(opts: {
cosePublicKey: COSEPublicKey;
signature: Uint8Array;
data: Uint8Array;
shaHashOverride?: COSEALG;
}): Promise<boolean>;
//# sourceMappingURL=verify.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verify.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EAEP,aAAa,EAKd,MAAM,eAAe,CAAC;AAMvB;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CAyBnB"}

35
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verify.js generated vendored Normal file
View File

@@ -0,0 +1,35 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verify = verify;
const cose_js_1 = require("../../cose.js");
const verifyEC2_js_1 = require("./verifyEC2.js");
const verifyRSA_js_1 = require("./verifyRSA.js");
const verifyOKP_js_1 = require("./verifyOKP.js");
const unwrapEC2Signature_js_1 = require("./unwrapEC2Signature.js");
/**
* Verify signatures with their public key. Supports EC2 and RSA public keys.
*/
function verify(opts) {
const { cosePublicKey, signature, data, shaHashOverride } = opts;
if ((0, cose_js_1.isCOSEPublicKeyEC2)(cosePublicKey)) {
const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
if (!(0, cose_js_1.isCOSECrv)(crv)) {
throw new Error(`unknown COSE curve ${crv}`);
}
const unwrappedSignature = (0, unwrapEC2Signature_js_1.unwrapEC2Signature)(signature, crv);
return (0, verifyEC2_js_1.verifyEC2)({
cosePublicKey,
signature: unwrappedSignature,
data,
shaHashOverride,
});
}
else if ((0, cose_js_1.isCOSEPublicKeyRSA)(cosePublicKey)) {
return (0, verifyRSA_js_1.verifyRSA)({ cosePublicKey, signature, data, shaHashOverride });
}
else if ((0, cose_js_1.isCOSEPublicKeyOKP)(cosePublicKey)) {
return (0, verifyOKP_js_1.verifyOKP)({ cosePublicKey, signature, data });
}
const kty = cosePublicKey.get(cose_js_1.COSEKEYS.kty);
throw new Error(`Signature verification with public key of kty ${kty} is not supported by this method`);
}

11
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyEC2.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
import { COSEALG, COSEPublicKeyEC2 } from '../../cose.js';
/**
* Verify a signature using an EC2 public key
*/
export declare function verifyEC2(opts: {
cosePublicKey: COSEPublicKeyEC2;
signature: Uint8Array;
data: Uint8Array;
shaHashOverride?: COSEALG;
}): Promise<boolean>;
//# sourceMappingURL=verifyEC2.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyEC2.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"verifyEC2.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyEC2.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAqB,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAO7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CA0EnB"}

76
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyEC2.js generated vendored Normal file
View File

@@ -0,0 +1,76 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyEC2 = verifyEC2;
const cose_js_1 = require("../../cose.js");
const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
const importKey_js_1 = require("./importKey.js");
const index_js_1 = require("../index.js");
const getWebCrypto_js_1 = require("./getWebCrypto.js");
/**
* Verify a signature using an EC2 public key
*/
async function verifyEC2(opts) {
const { cosePublicKey, signature, data, shaHashOverride } = opts;
const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
// Import the public key
const alg = cosePublicKey.get(cose_js_1.COSEKEYS.alg);
const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
const x = cosePublicKey.get(cose_js_1.COSEKEYS.x);
const y = cosePublicKey.get(cose_js_1.COSEKEYS.y);
if (!alg) {
throw new Error('Public key was missing alg (EC2)');
}
if (!crv) {
throw new Error('Public key was missing crv (EC2)');
}
if (!x) {
throw new Error('Public key was missing x (EC2)');
}
if (!y) {
throw new Error('Public key was missing y (EC2)');
}
let _crv;
if (crv === cose_js_1.COSECRV.P256) {
_crv = 'P-256';
}
else if (crv === cose_js_1.COSECRV.P384) {
_crv = 'P-384';
}
else if (crv === cose_js_1.COSECRV.P521) {
_crv = 'P-521';
}
else {
throw new Error(`Unexpected COSE crv value of ${crv} (EC2)`);
}
const keyData = {
kty: 'EC',
crv: _crv,
x: index_js_1.isoBase64URL.fromBuffer(x),
y: index_js_1.isoBase64URL.fromBuffer(y),
ext: false,
};
const keyAlgorithm = {
/**
* Note to future self: you can't use `mapCoseAlgToWebCryptoKeyAlgName()` here because some
* leaf certs from actual devices specified an RSA SHA value for `alg` (e.g. `-257`) which
* would then map here to `'RSASSA-PKCS1-v1_5'`. We always want `'ECDSA'` here so we'll
* hard-code this.
*/
name: 'ECDSA',
namedCurve: _crv,
};
const key = await (0, importKey_js_1.importKey)({
keyData,
algorithm: keyAlgorithm,
});
// Determine which SHA algorithm to use for signature verification
let subtleAlg = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(alg);
if (shaHashOverride) {
subtleAlg = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(shaHashOverride);
}
const verifyAlgorithm = {
name: 'ECDSA',
hash: { name: subtleAlg },
};
return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
}

7
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyOKP.d.ts generated vendored Normal file
View File

@@ -0,0 +1,7 @@
import { COSEPublicKeyOKP } from '../../cose.js';
export declare function verifyOKP(opts: {
cosePublicKey: COSEPublicKeyOKP;
signature: Uint8Array;
data: Uint8Array;
}): Promise<boolean>;
//# sourceMappingURL=verifyOKP.d.ts.map

1
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyOKP.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"verifyOKP.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyOKP.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,gBAAgB,EAAa,MAAM,eAAe,CAAC;AAM/E,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;CAClB,GAAG,OAAO,CAAC,OAAO,CAAC,CAyDnB"}

54
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyOKP.js generated vendored Normal file
View File

@@ -0,0 +1,54 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyOKP = verifyOKP;
const cose_js_1 = require("../../cose.js");
const index_js_1 = require("../../index.js");
const importKey_js_1 = require("./importKey.js");
const getWebCrypto_js_1 = require("./getWebCrypto.js");
async function verifyOKP(opts) {
const { cosePublicKey, signature, data } = opts;
const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
const alg = cosePublicKey.get(cose_js_1.COSEKEYS.alg);
const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
const x = cosePublicKey.get(cose_js_1.COSEKEYS.x);
if (!alg) {
throw new Error('Public key was missing alg (OKP)');
}
if (!(0, cose_js_1.isCOSEAlg)(alg)) {
throw new Error(`Public key had invalid alg ${alg} (OKP)`);
}
if (!crv) {
throw new Error('Public key was missing crv (OKP)');
}
if (!x) {
throw new Error('Public key was missing x (OKP)');
}
// Pulled key import steps from here:
// https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations
let _crv;
if (crv === cose_js_1.COSECRV.ED25519) {
_crv = 'Ed25519';
}
else {
throw new Error(`Unexpected COSE crv value of ${crv} (OKP)`);
}
const keyData = {
kty: 'OKP',
crv: _crv,
alg: 'EdDSA',
x: index_js_1.isoBase64URL.fromBuffer(x),
ext: false,
};
const keyAlgorithm = {
name: _crv,
namedCurve: _crv,
};
const key = await (0, importKey_js_1.importKey)({
keyData,
algorithm: keyAlgorithm,
});
const verifyAlgorithm = {
name: _crv,
};
return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
}

11
api.hyungi.net/node_modules/@simplewebauthn/server/script/helpers/iso/isoCrypto/verifyRSA.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
import { COSEALG, COSEPublicKeyRSA } from '../../cose.js';
/**
* Verify a signature using an RSA public key
*/
export declare function verifyRSA(opts: {
cosePublicKey: COSEPublicKeyRSA;
signature: Uint8Array;
data: Uint8Array;
shaHashOverride?: COSEALG;
}): Promise<boolean>;
//# sourceMappingURL=verifyRSA.d.ts.map

Some files were not shown because too many files have changed in this diff Show More