From 6598a86f03bb157b4b5429fb471ed6a46aa2efbc Mon Sep 17 00:00:00 2001 From: ageier Date: Thu, 18 Apr 2024 11:15:58 +0200 Subject: [PATCH] Remove unnecessary line the line does nothing, I think it was accidentely added in the 'mega refactoring' commit here: https://github.com/passwordless-id/webauthn/commit/95a47f119408bffb80f8a7e426ee920ccd84d6e5 --- dist/webauthn.min.js | 2 +- dist/webauthn.min.js.map | 4 ++-- src/server.ts | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/dist/webauthn.min.js b/dist/webauthn.min.js index cafba1d..b63be12 100644 --- a/dist/webauthn.min.js +++ b/dist/webauthn.min.js @@ -1,2 +1,2 @@ -var N=Object.defineProperty;var b=(e,a)=>{for(var t in a)N(e,t,{get:a[t],enumerable:!0})};var S={};b(S,{authenticate:()=>M,isAvailable:()=>U,isLocalAuthenticator:()=>I,register:()=>v});var s={};b(s,{bufferToHex:()=>m,concatenateBuffers:()=>D,isBase64url:()=>l,parseBase64url:()=>d,parseBuffer:()=>E,randomChallenge:()=>R,sha256:()=>u,toBase64url:()=>o,toBuffer:()=>f});function R(){return crypto.randomUUID()}function f(e){return Uint8Array.from(e,a=>a.charCodeAt(0)).buffer}function E(e){return String.fromCharCode(...new Uint8Array(e))}function l(e){return e.match(/^[a-zA-Z0-9\-_]+=*$/)!==null}function o(e){return btoa(E(e)).replaceAll("+","-").replaceAll("/","_")}function d(e){return e=e.replaceAll("-","+").replaceAll("_","/"),f(atob(e))}async function u(e){return await crypto.subtle.digest("SHA-256",e)}function m(e){return[...new Uint8Array(e)].map(a=>a.toString(16).padStart(2,"0")).join("")}function D(e,a){var t=new Uint8Array(e.byteLength+a.byteLength);return t.set(new Uint8Array(e),0),t.set(new Uint8Array(a),e.byteLength),t}function U(){return!!window.PublicKeyCredential}async function I(){return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}async function H(e){if(e==="local")return"platform";if(e==="roaming"||e==="extern")return"cross-platform";if(e!=="both")try{return await I()?"platform":"cross-platform"}catch{return}}function V(e){switch(e){case-7:return"ES256";case-257:return"RS256";default:throw new Error(`Unknown algorithm code: ${e}`)}}async function v(e,a,t){if(t=t??{},!l(a))throw new Error("Provided challenge is not properly encoded in Base64url");let i={challenge:d(a),rp:{id:window.location.hostname,name:window.location.hostname},user:{id:t.userHandle?f(t.userHandle):await u(new TextEncoder().encode("passwordless.id-user:"+e)),name:e,displayName:e},pubKeyCredParams:[{alg:-7,type:"public-key"},{alg:-257,type:"public-key"}],timeout:t.timeout??6e4,authenticatorSelection:{userVerification:t.userVerification??"required",authenticatorAttachment:await H(t.authenticatorType??"auto"),residentKey:t.discoverable??"preferred",requireResidentKey:t.discoverable==="required"},attestation:"direct"};t.debug&&console.debug(i);let r=await navigator.credentials.create({publicKey:i});t.debug&&console.debug(r);let c=r.response,n={username:e,credential:{id:r.id,publicKey:o(c.getPublicKey()),algorithm:V(r.response.getPublicKeyAlgorithm())},authenticatorData:o(c.getAuthenticatorData()),clientData:o(c.clientDataJSON)};return t.attestation&&(n.attestationData=o(c.attestationObject)),n}async function k(e){let a=["internal"],t=["hybrid","usb","ble","nfc"];if(e==="local")return a;if(e=="roaming"||e==="extern")return t;if(e==="both")return[...a,...t];try{return await I()?a:t}catch{return[...a,...t]}}async function M(e,a,t){if(t=t??{},!l(a))throw new Error("Provided challenge is not properly encoded in Base64url");let i=await k(t.authenticatorType??"auto"),r={challenge:d(a),rpId:window.location.hostname,allowCredentials:e.map(g=>({id:d(g),type:"public-key",transports:i})),userVerification:t.userVerification??"required",timeout:t.timeout??6e4};t.debug&&console.debug(r);let c=await navigator.credentials.get({publicKey:r,mediation:t.mediation});t.debug&&console.debug(c);let n=c.response;return{credentialId:c.id,authenticatorData:o(n.authenticatorData),clientData:o(n.clientDataJSON),signature:o(n.signature),userHandle:n.userHandle?o(n.userHandle):void 0}}var K={};b(K,{verifyAuthentication:()=>X,verifyRegistration:()=>J,verifySignature:()=>x});var C={};b(C,{parseAttestation:()=>_,parseAuthentication:()=>w,parseAuthenticator:()=>O,parseClient:()=>F,parseRegistration:()=>P});var h={"00000000-0000-0000-0000-000000000000":"Unknown authenticator","0076631b-d4a0-427f-5773-0ec71c9e0279":"HYPR FIDO2 Authenticator","07a9f89c-6407-4594-9d56-621d5f1e358b":"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator","08987058-cadc-4b81-b6e1-30de50dcbe96":"Windows Hello","09591fc6-9811-48f7-8f57-b9f23df6413f":"Pone Biometrics OFFPAD Authenticator","0acf3011-bc60-f375-fb53-6f05f43154e0":"Nymi FIDO2 Authenticator","0bb43545-fd2c-4185-87dd-feb0b2916ace":"Security Key NFC by Yubico - Enterprise Edition","0d9b2e56-566b-c393-2940-f821b7f15d6d":"Excelsecu eSecu FIDO2 Pro Security Key","0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6":"Keeper","1105e4ed-af1d-02ff-ffff-ffffffffffff":"Egomet FIDO2 Authenticator for Android","12ded745-4bed-47d4-abaa-e713f51d6393":"Feitian AllinOne FIDO2 Authenticator","149a2021-8ef6-4133-96b8-81f8d5b7f1f5":"Security Key by Yubico with NFC","17290f1e-c212-34d0-1423-365d729f09d9":"Thales PIN iOS SDK","175cd298-83d2-4a26-b637-313c07a6434e":"Chunghwa Telecom FIDO2 Smart Card Authenticator","1c086528-58d5-f211-823c-356786e36140":"Atos CardOS FIDO2","20f0be98-9af9-986a-4b42-8eca4acb28e4":"Excelsecu eSecu FIDO2 Fingerprint Security Key","2194b428-9397-4046-8f39-007a1605a482":"IDPrime 931 Fido","23786452-f02d-4344-87ed-aaf703726881":"SafeNet eToken Fusion CC","2c0df832-92de-4be1-8412-88a8f074df4a":"Feitian FIDO Smart Card","2d3bec26-15ee-4f5d-88b2-53622490270b":"HID Crescendo Key V2","2fc0579f-8113-47ea-b116-bb5a8db9202a":"YubiKey 5 Series with NFC","2ffd6452-01da-471f-821b-ea4bf6c8676a":"IDPrime 941 Fido","30b5035e-d297-4fc1-b00b-addc96ba6a97":"OneSpan FIDO Touch","30b5035e-d297-4ff1-b00b-addc96ba6a98":"OneSpan DIGIPASS FX1 BIO","341e4da9-3c2e-8103-5a9f-aad887135200":"Ledger Nano S FIDO2 Authenticator","34f5766d-1536-4a24-9033-0e294e510fb0":"YubiKey 5 Series CTAP2.1 Preview Expired ","361a3082-0278-4583-a16f-72a527f973e4":"eWBM eFA500 FIDO2 Authenticator","3789da91-f943-46bc-95c3-50ea2012f03a":"NEOWAVE Winkeo FIDO2","39a5647e-1853-446c-a1f6-a79bae9f5bc7":"IDmelon","3b1adb99-0dfe-46fd-90b8-7f7614a4de2a":"GoTrust Idem Key FIDO2 Authenticator","3e078ffd-4c54-4586-8baa-a77da113aec5":"Hideez Key 3 FIDO2","3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d":"Feitian iePass FIDO Authenticator","3f59672f-20aa-4afe-b6f4-7e5e916b6d98":"Arculus FIDO 2.1 Key Card [P71]","42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3":"Google Titan Security Key v2","454e5346-4944-4ffd-6c93-8e9267193e9a":"Ensurity ThinC","4b3f8944-d4f2-4d21-bb19-764a986ec160":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","4c0cf95d-2f40-43b5-ba42-4c83a11c04ba":"Feitian BioPass FIDO2 Pro Authenticator","4c50ff10-1057-4fc6-b8ed-43a529530c3c":"ImproveID Authenticator","4d41190c-7beb-4a84-8018-adf265a6352d":"Thales IDPrime FIDO Bio","4e768f2c-5fab-48b3-b300-220eb487752b":"Hideez Key 4 FIDO2 SDK","504d7149-4e4c-3841-4555-55445a677357":"WiSECURE AuthTron USB FIDO2 Authenticator","50a45b0c-80e7-f944-bf29-f552bfa2e048":"ACS FIDO Authenticator","516d3969-5a57-5651-5958-4e7a49434167":"SmartDisplayer BobeePass FIDO2 Authenticator","531126d6-e717-415c-9320-3d9aa6981239":"Dashlane","53414d53-554e-4700-0000-000000000000":"Samsung Pass","5343502d-5343-5343-6172-644649444f32":"ESS Smart Card Inc. Authenticator","54d9fee8-e621-4291-8b18-7157b99c5bec":"HID Crescendo Enabled","5626bed4-e756-430b-a7ff-ca78c8b12738":"VALMIDO PRO FIDO","58b44d0b-0a7c-f33a-fd48-f7153c871352":"Ledger Nano S Plus FIDO2 Authenticator","5ca1ab1e-1337-fa57-f1d0-a117e71ca702":"Allthenticator App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","5d629218-d3a5-11ed-afa1-0242ac120002":"Swissbit iShield Key Pro","5fdb81b8-53f0-4967-a881-f5ec26fe4d18":"VinCSS FIDO2 Authenticator","6002f033-3c07-ce3e-d0f7-0ffe5ed42543":"Excelsecu eSecu FIDO2 Fingerprint Key","6028b017-b1d4-4c02-b4b3-afcdafc96bb2":"Windows Hello","61250591-b2bc-4456-b719-0b17be90bb30":"eWBM eFPA FIDO2 Authenticator","664d9f67-84a2-412a-9ff7-b4f7d8ee6d05":"OpenSK authenticator","66a0ccb3-bd6a-191f-ee06-e375c50b9846":"Thales Bio iOS SDK","692db549-7ae5-44d5-a1e5-dd20a493b723":"HID Crescendo Key","69700f79-d1fb-472e-bd9b-a3a3b9a9eda0":"Pone Biometrics OFFPAD Authenticator","6d44ba9b-f6ec-2e49-b930-0c8fe920cb73":"Security Key by Yubico with NFC","73402251-f2a8-4f03-873e-3cb6db604b03":"uTrust FIDO2 Security Key","73bb0cd4-e502-49b8-9c6f-b59445bf720b":"YubiKey 5 FIPS Series","74820b05-a6c9-40f9-8fb0-9f86aca93998":"SafeNet eToken Fusion","77010bd7-212a-4fc9-b236-d2ca5e9d4084":"Feitian BioPass FIDO2 Authenticator","771b48fd-d3d4-4f74-9232-fc157ab0507a":"Edge on Mac","7e3f3d30-3557-4442-bdae-139312178b39":"RSA DS100","820d89ed-d65a-409e-85cb-f73f0578f82a":"IDmelon iOS Authenticator","833b721a-ff5f-4d00-bb2e-bdda3ec01e29":"Feitian ePass FIDO2 Authenticator","83c47309-aabb-4108-8470-8be838b573cb":"YubiKey Bio Series (Enterprise Profile)","85203421-48f9-4355-9bc8-8a53846e5083":"YubiKey 5 FIPS Series with Lightning","87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c":"eWBM eFA320 FIDO2 Authenticator","8836336a-f590-0921-301d-46427531eee6":"Thales Bio Android SDK","8876631b-d4a0-427f-5773-0ec71c9e0279":"Solo Secp256R1 FIDO2 CTAP2 Authenticator","88bbd2f0-342a-42e7-9729-dd158be5407a":"Precision InnaIT Key FIDO 2 Level 2 certified","8976631b-d4a0-427f-5773-0ec71c9e0279":"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator","89b19028-256b-4025-8872-255358d950e4":"Sentry Enterprises CTAP2 Authenticator","8c97a730-3f7b-41a6-87d6-1e9b62bda6f0":"FT-JCOS FIDO Fingerprint Card","8d1b1fcb-3c76-49a9-9129-5515b346aa02":"IDEMIA ID-ONE Card","91ad6b93-264b-4987-8737-3a690cad6917":"Token Ring FIDO2 Authenticator","931327dd-c89b-406c-a81e-ed7058ef36c6":"Swissbit iShield Key FIDO2","95442b2e-f15e-4def-b270-efb106facb4e":"eWBM eFA310 FIDO2 Authenticator","95e4d58c-056e-4a65-866d-f5a69659e880":"TruU Windows Authenticator","973446ca-e21c-9a9b-99f5-9b985a67af0f":"ACS FIDO Authenticator Card","9876631b-d4a0-427f-5773-0ec71c9e0279":"Somu Secp256R1 FIDO2 CTAP2 Authenticator","998f358b-2dd2-4cbe-a43a-e8107438dfb3":"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator","99bf4610-ec26-4252-b31f-7380ccd59db5":"ZTPass Card","9c835346-796b-4c27-8898-d6032f515cc5":"Cryptnox FIDO2","9d3df6ba-282f-11ed-a261-0242ac120002":"Arculus FIDO2/U2F Key Card","9ddd1817-af5a-4672-a2b9-3e3dd95000a9":"Windows Hello","9f0d8150-baa5-4c00-9299-ad62c8bb4e87":"GoTrust Idem Card FIDO2 Authenticator","9f77e279-a6e2-4d58-b700-31e5943c6a98":"Hyper FIDO Pro","a1f52be5-dfab-4364-b51c-2bd496b14a56":"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR","a3975549-b191-fd67-b8fb-017e2917fdb3":"Excelsecu eSecu FIDO2 NFC Security Key","a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa":"Security Key NFC by Yubico","ab32f0c6-2239-afbb-c470-d2ef4e254db6":"TEST (DUMMY RECORD)","ab32f0c6-2239-afbb-c470-d2ef4e254db7":"TOKEN2 FIDO2 Security Key","adce0002-35bc-c60a-648b-0b25f1f05503":"Chrome on Mac","aeb6569c-f8fb-4950-ac60-24ca2bbe2e52":"HID Crescendo C2300","b267239b-954f-4041-a01b-ee4f33c145b6":"authenton1 - CTAP2.1","b50d5e0a-7f81-4959-9b12-f45407407503":"IDPrime 3940 FIDO","b5397666-4885-aa6b-cebf-e52262a439a2":"Chromium Browser","b6ede29c-3772-412c-8a78-539c1f4c62d2":"Feitian BioPass FIDO2 Plus Authenticator","b84e4048-15dc-4dd0-8640-f4f60813c8af":"NordPass","b92c3f9a-c014-4056-887f-140a2501163b":"Security Key by Yubico","b93fd961-f2e6-462f-b122-82002247de78":"Android Authenticator with SafetyNet Attestation","ba76a271-6eb6-4171-874d-b6428dbe3437":"ATKey.ProS","ba86dc56-635f-4141-aef6-00227b1b9af6":"TruU Windows Authenticator","bada5566-a7aa-401f-bd96-45619a55120d":"1Password","bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a":"Excelsecu eSecu FIDO2 PRO Security Key","bc2fe499-0d8e-4ffe-96f3-94a82840cf8c":"OCTATCO EzQuant FIDO2 AUTHENTICATOR","be727034-574a-f799-5c76-0929e0430973":"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)","c1f9a0bc-1dd2-404a-b27f-8e29047a43fd":"YubiKey 5 FIPS Series with NFC","c5703116-972b-4851-a3e7-ae1259843399":"NEOWAVE Badgeo FIDO2","c5ef55ff-ad9a-4b9f-b580-adebafe026d0":"YubiKey 5 Series with Lightning","c80dbd9a-533f-4a17-b941-1a2f1c7cedff":"HID Crescendo C3000","ca4cff1b-5a81-4404-8194-59aabcf1660b":"IDPrime 3930 FIDO","ca87cb70-4c1b-4579-a8e8-4efdd7c007e0":"FIDO Alliance TruU Sample FIDO2 Authenticator","cb69481e-8ff7-4039-93ec-0a2729a154a8":"YubiKey 5 Series","cd69adb5-3c7a-deb9-3177-6800ea6cb72a":"Thales PIN Android SDK","cdbdaea2-c415-5073-50f7-c04e968640b6":"Excelsecu eSecu FIDO2 Security Key","cfcb13a2-244f-4b36-9077-82b79d6a7de7":"USB/NFC Passcode Authenticator","d384db22-4d50-ebde-2eac-5765cf1e2a44":"Excelsecu eSecu FIDO2 Fingerprint Security Key","d41f5a69-b817-4144-a13c-9ebd6d9254d6":"ATKey.Card CTAP2.0","d548826e-79b4-db40-a3d8-11116f7e8349":"Bitwarden","d61d3b87-3e7c-4aea-9c50-441c371903ad":"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator","d7a423ad-3e19-4492-9200-78137dccc136":"VivoKey Apex FIDO2","d821a7d4-e97c-4cb6-bd82-4237731fd4be":"Hyper FIDO Bio Security Key","d8522d9f-575b-4866-88a9-ba99fa02f35b":"YubiKey Bio Series","d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3":"KEY-ID FIDO2 Authenticator","d94a29d9-52dd-4247-9c2d-8b818b610389":"VeriMark Guard Fingerprint Key","da1fa263-8b25-42b6-a820-c0036f21ba7f":"ATKey.Card NFC","dd4ec289-e01d-41c9-bb89-70fa845d4bf2":"iCloud Keychain (Managed)","e1a96183-5016-4f24-b55b-e3ae23614cc6":"ATKey.Pro CTAP2.0","e416201b-afeb-41ca-a03d-2281c28322aa":"ATKey.Pro CTAP2.1","e86addcd-7711-47e5-b42a-c18257b0bf61":"IDCore 3121 Fido","ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4":"Google Password Manager","eabb46cc-e241-80bf-ae9e-96fa6d2975cf":"TOKEN2 PIN Plus Security Key Series ","eb3b131e-59dc-536a-d176-cb7306da10f5":"ellipticSecure MIRkey USB Authenticator","ec31b4cc-2acc-4b8e-9c01-bade00ccbe26":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","ee041bce-25e5-4cdb-8f86-897fd6418464":"Feitian ePass FIDO2-NFC Authenticator","ee882879-721c-4913-9775-3dfcce97072a":"YubiKey 5 Series","efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4":"Safenet eToken FIDO","f3809540-7f14-49c1-a8b3-8f813b225541":"Enpass","f4c63eff-d26c-4248-801c-3736c7eaa93a":"FIDO KeyPass S3","f7c558a0-f465-11e8-b568-0800200c9a66":"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator","f8a011f3-8c0a-4d15-8006-17111f9edc7d":"Security Key by Yubico","fa2b99dc-9e39-4257-8f92-4a30d23c4118":"YubiKey 5 Series with NFC","fbefdf68-fe86-0106-213e-4d5fa24cbe2e":"Excelsecu eSecu FIDO2 NFC Security Key","fbfc3007-154e-4ecc-8c0b-6e020557d7bd":"iCloud Keychain","fcb1bcb4-f370-078c-6993-bc24d0ae3fbe":"Ledger Nano X FIDO2 Authenticator","fec067a1-f1d0-4c5e-b4c0-cc3237475461":"KX701 SmartToken FIDO"};function T(e){let a=new DataView(e.slice(32,33)).getUint8(0),t={rpIdHash:o(e.slice(0,32)),flags:{userPresent:!!(a&1),userVerified:!!(a&4),backupEligibility:!!(a&8),backupState:!!(a&16),attestedData:!!(a&64),extensionsIncluded:!!(a&128)},counter:new DataView(e.slice(33,37)).getUint32(0,!1)};if(t.synced=t.flags.backupState,e.byteLength>37){let i=Y(e);t={...t,aaguid:i,name:h[i]??"Unknown",icon_light:"https://webauthn.passwordless.id/authenticators/"+i+"-light.png",icon_dark:"https://webauthn.passwordless.id/authenticators/"+i+"-dark.png"}}return t}function Y(e){return L(e.slice(37,53))}function L(e){let a=m(e);return a=a.substring(0,8)+"-"+a.substring(8,12)+"-"+a.substring(12,16)+"-"+a.substring(16,20)+"-"+a.substring(20,32),a}var W=new TextDecoder("utf-8");function F(e){return typeof e=="string"&&(e=d(e)),JSON.parse(W.decode(e))}function O(e){return typeof e=="string"&&(e=d(e)),T(e)}function _(e){return e}function P(e){return{username:e.username,credential:e.credential,client:F(e.clientData),authenticator:O(e.authenticatorData),attestation:e.attestationData?e.attestationData:null}}function w(e){return{credentialId:e.credentialId,client:F(e.clientData),authenticator:O(e.authenticatorData),signature:e.signature}}async function G(e,a){if(typeof e=="function"){let t=e(a);return t instanceof Promise?await t:t}return e===a}async function y(e,a){return!await G(e,a)}async function J(e,a){let t=P(e);if(t.client.challenge,t.client.type!=="webauthn.create")throw new Error(`Unexpected ClientData type: ${t.client.type}`);if(await y(a.origin,t.client.origin))throw new Error(`Unexpected ClientData origin: ${t.client.origin}`);if(await y(a.challenge,t.client.challenge))throw new Error(`Unexpected ClientData challenge: ${t.client.challenge}`);return t}async function X(e,a,t){if(e.credentialId!==a.id)throw new Error(`Credential ID mismatch: ${e.credentialId} vs ${a.id}`);if(!await x({algorithm:a.algorithm,publicKey:a.publicKey,authenticatorData:e.authenticatorData,clientData:e.clientData,signature:e.signature,verbose:t.verbose}))throw new Error(`Invalid signature: ${e.signature}`);let r=w(e);if(r.client.type!=="webauthn.get")throw new Error(`Unexpected clientData type: ${r.client.type}`);if(await y(t.origin,r.client.origin))throw new Error(`Unexpected ClientData origin: ${r.client.origin}`);if(await y(t.challenge,r.client.challenge))throw new Error(`Unexpected ClientData challenge: ${r.client.challenge}`);let c=new URL(r.client.origin).hostname,n=o(await u(f(c)));if(r.authenticator.rpIdHash!==n)throw new Error(`Unexpected RpIdHash: ${r.authenticator.rpIdHash} vs ${n}`);if(!r.authenticator.flags.userPresent)throw new Error("Unexpected authenticator flags: missing userPresent");if(!r.authenticator.flags.userVerified&&t.userVerified)throw new Error("Unexpected authenticator flags: missing userVerified");if(t.counter&&r.authenticator.counter<=t.counter)throw new Error(`Unexpected authenticator counter: ${r.authenticator.counter} (should be > ${t.counter})`);return r}function q(e){switch(e){case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"};case"ES256":return{name:"ECDSA",namedCurve:"P-256",hash:"SHA-256"};default:throw new Error(`Unknown or unsupported crypto algorithm: ${e}. Only 'RS256' and 'ES256' are supported.`)}}async function z(e,a){let t=d(a);return crypto.subtle.importKey("spki",t,e,!1,["verify"])}async function x({algorithm:e,publicKey:a,authenticatorData:t,clientData:i,signature:r,verbose:c}){let n=q(e),A=await z(n,a);c&&console.debug(A);let g=await u(d(i)),B=D(d(t),g);c&&(console.debug("Crypto Algo: "+JSON.stringify(n)),console.debug("Public key: "+a),console.debug("Data: "+o(B)),console.debug("Signature: "+r));let p=d(r);return e=="ES256"&&(p=j(p)),await crypto.subtle.verify(n,A,p,B)}function j(e){let a=new Uint8Array(e),t=a[4]===0?5:4,i=t+32,r=a[i+2]===0?i+3:i+2,c=a.slice(t,i),n=a.slice(r);return new Uint8Array([...c,...n])}var ie={client:S,server:K,parsers:C,utils:s,authenticatorMetadata:h};export{h as authenticatorMetadata,S as client,ie as default,C as parsers,K as server,s as utils}; +var N=Object.defineProperty;var b=(e,a)=>{for(var t in a)N(e,t,{get:a[t],enumerable:!0})};var S={};b(S,{authenticate:()=>M,isAvailable:()=>U,isLocalAuthenticator:()=>I,register:()=>v});var s={};b(s,{bufferToHex:()=>m,concatenateBuffers:()=>D,isBase64url:()=>l,parseBase64url:()=>d,parseBuffer:()=>E,randomChallenge:()=>R,sha256:()=>u,toBase64url:()=>o,toBuffer:()=>f});function R(){return crypto.randomUUID()}function f(e){return Uint8Array.from(e,a=>a.charCodeAt(0)).buffer}function E(e){return String.fromCharCode(...new Uint8Array(e))}function l(e){return e.match(/^[a-zA-Z0-9\-_]+=*$/)!==null}function o(e){return btoa(E(e)).replaceAll("+","-").replaceAll("/","_")}function d(e){return e=e.replaceAll("-","+").replaceAll("_","/"),f(atob(e))}async function u(e){return await crypto.subtle.digest("SHA-256",e)}function m(e){return[...new Uint8Array(e)].map(a=>a.toString(16).padStart(2,"0")).join("")}function D(e,a){var t=new Uint8Array(e.byteLength+a.byteLength);return t.set(new Uint8Array(e),0),t.set(new Uint8Array(a),e.byteLength),t}function U(){return!!window.PublicKeyCredential}async function I(){return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}async function H(e){if(e==="local")return"platform";if(e==="roaming"||e==="extern")return"cross-platform";if(e!=="both")try{return await I()?"platform":"cross-platform"}catch{return}}function V(e){switch(e){case-7:return"ES256";case-257:return"RS256";default:throw new Error(`Unknown algorithm code: ${e}`)}}async function v(e,a,t){if(t=t??{},!l(a))throw new Error("Provided challenge is not properly encoded in Base64url");let i={challenge:d(a),rp:{id:window.location.hostname,name:window.location.hostname},user:{id:t.userHandle?f(t.userHandle):await u(new TextEncoder().encode("passwordless.id-user:"+e)),name:e,displayName:e},pubKeyCredParams:[{alg:-7,type:"public-key"},{alg:-257,type:"public-key"}],timeout:t.timeout??6e4,authenticatorSelection:{userVerification:t.userVerification??"required",authenticatorAttachment:await H(t.authenticatorType??"auto"),residentKey:t.discoverable??"preferred",requireResidentKey:t.discoverable==="required"},attestation:"direct"};t.debug&&console.debug(i);let r=await navigator.credentials.create({publicKey:i});t.debug&&console.debug(r);let c=r.response,n={username:e,credential:{id:r.id,publicKey:o(c.getPublicKey()),algorithm:V(r.response.getPublicKeyAlgorithm())},authenticatorData:o(c.getAuthenticatorData()),clientData:o(c.clientDataJSON)};return t.attestation&&(n.attestationData=o(c.attestationObject)),n}async function k(e){let a=["internal"],t=["hybrid","usb","ble","nfc"];if(e==="local")return a;if(e=="roaming"||e==="extern")return t;if(e==="both")return[...a,...t];try{return await I()?a:t}catch{return[...a,...t]}}async function M(e,a,t){if(t=t??{},!l(a))throw new Error("Provided challenge is not properly encoded in Base64url");let i=await k(t.authenticatorType??"auto"),r={challenge:d(a),rpId:window.location.hostname,allowCredentials:e.map(g=>({id:d(g),type:"public-key",transports:i})),userVerification:t.userVerification??"required",timeout:t.timeout??6e4};t.debug&&console.debug(r);let c=await navigator.credentials.get({publicKey:r,mediation:t.mediation});t.debug&&console.debug(c);let n=c.response;return{credentialId:c.id,authenticatorData:o(n.authenticatorData),clientData:o(n.clientDataJSON),signature:o(n.signature),userHandle:n.userHandle?o(n.userHandle):void 0}}var K={};b(K,{verifyAuthentication:()=>X,verifyRegistration:()=>J,verifySignature:()=>x});var C={};b(C,{parseAttestation:()=>_,parseAuthentication:()=>w,parseAuthenticator:()=>O,parseClient:()=>F,parseRegistration:()=>P});var h={"00000000-0000-0000-0000-000000000000":"Unknown authenticator","0076631b-d4a0-427f-5773-0ec71c9e0279":"HYPR FIDO2 Authenticator","07a9f89c-6407-4594-9d56-621d5f1e358b":"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator","08987058-cadc-4b81-b6e1-30de50dcbe96":"Windows Hello","09591fc6-9811-48f7-8f57-b9f23df6413f":"Pone Biometrics OFFPAD Authenticator","0acf3011-bc60-f375-fb53-6f05f43154e0":"Nymi FIDO2 Authenticator","0bb43545-fd2c-4185-87dd-feb0b2916ace":"Security Key NFC by Yubico - Enterprise Edition","0d9b2e56-566b-c393-2940-f821b7f15d6d":"Excelsecu eSecu FIDO2 Pro Security Key","0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6":"Keeper","1105e4ed-af1d-02ff-ffff-ffffffffffff":"Egomet FIDO2 Authenticator for Android","12ded745-4bed-47d4-abaa-e713f51d6393":"Feitian AllinOne FIDO2 Authenticator","149a2021-8ef6-4133-96b8-81f8d5b7f1f5":"Security Key by Yubico with NFC","17290f1e-c212-34d0-1423-365d729f09d9":"Thales PIN iOS SDK","175cd298-83d2-4a26-b637-313c07a6434e":"Chunghwa Telecom FIDO2 Smart Card Authenticator","1c086528-58d5-f211-823c-356786e36140":"Atos CardOS FIDO2","20f0be98-9af9-986a-4b42-8eca4acb28e4":"Excelsecu eSecu FIDO2 Fingerprint Security Key","2194b428-9397-4046-8f39-007a1605a482":"IDPrime 931 Fido","23786452-f02d-4344-87ed-aaf703726881":"SafeNet eToken Fusion CC","2c0df832-92de-4be1-8412-88a8f074df4a":"Feitian FIDO Smart Card","2d3bec26-15ee-4f5d-88b2-53622490270b":"HID Crescendo Key V2","2fc0579f-8113-47ea-b116-bb5a8db9202a":"YubiKey 5 Series with NFC","2ffd6452-01da-471f-821b-ea4bf6c8676a":"IDPrime 941 Fido","30b5035e-d297-4fc1-b00b-addc96ba6a97":"OneSpan FIDO Touch","30b5035e-d297-4ff1-b00b-addc96ba6a98":"OneSpan DIGIPASS FX1 BIO","341e4da9-3c2e-8103-5a9f-aad887135200":"Ledger Nano S FIDO2 Authenticator","34f5766d-1536-4a24-9033-0e294e510fb0":"YubiKey 5 Series CTAP2.1 Preview Expired ","361a3082-0278-4583-a16f-72a527f973e4":"eWBM eFA500 FIDO2 Authenticator","3789da91-f943-46bc-95c3-50ea2012f03a":"NEOWAVE Winkeo FIDO2","39a5647e-1853-446c-a1f6-a79bae9f5bc7":"IDmelon","3b1adb99-0dfe-46fd-90b8-7f7614a4de2a":"GoTrust Idem Key FIDO2 Authenticator","3e078ffd-4c54-4586-8baa-a77da113aec5":"Hideez Key 3 FIDO2","3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d":"Feitian iePass FIDO Authenticator","3f59672f-20aa-4afe-b6f4-7e5e916b6d98":"Arculus FIDO 2.1 Key Card [P71]","42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3":"Google Titan Security Key v2","454e5346-4944-4ffd-6c93-8e9267193e9a":"Ensurity ThinC","4b3f8944-d4f2-4d21-bb19-764a986ec160":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","4c0cf95d-2f40-43b5-ba42-4c83a11c04ba":"Feitian BioPass FIDO2 Pro Authenticator","4c50ff10-1057-4fc6-b8ed-43a529530c3c":"ImproveID Authenticator","4d41190c-7beb-4a84-8018-adf265a6352d":"Thales IDPrime FIDO Bio","4e768f2c-5fab-48b3-b300-220eb487752b":"Hideez Key 4 FIDO2 SDK","504d7149-4e4c-3841-4555-55445a677357":"WiSECURE AuthTron USB FIDO2 Authenticator","50a45b0c-80e7-f944-bf29-f552bfa2e048":"ACS FIDO Authenticator","516d3969-5a57-5651-5958-4e7a49434167":"SmartDisplayer BobeePass FIDO2 Authenticator","531126d6-e717-415c-9320-3d9aa6981239":"Dashlane","53414d53-554e-4700-0000-000000000000":"Samsung Pass","5343502d-5343-5343-6172-644649444f32":"ESS Smart Card Inc. Authenticator","54d9fee8-e621-4291-8b18-7157b99c5bec":"HID Crescendo Enabled","5626bed4-e756-430b-a7ff-ca78c8b12738":"VALMIDO PRO FIDO","58b44d0b-0a7c-f33a-fd48-f7153c871352":"Ledger Nano S Plus FIDO2 Authenticator","5ca1ab1e-1337-fa57-f1d0-a117e71ca702":"Allthenticator App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","5d629218-d3a5-11ed-afa1-0242ac120002":"Swissbit iShield Key Pro","5fdb81b8-53f0-4967-a881-f5ec26fe4d18":"VinCSS FIDO2 Authenticator","6002f033-3c07-ce3e-d0f7-0ffe5ed42543":"Excelsecu eSecu FIDO2 Fingerprint Key","6028b017-b1d4-4c02-b4b3-afcdafc96bb2":"Windows Hello","61250591-b2bc-4456-b719-0b17be90bb30":"eWBM eFPA FIDO2 Authenticator","664d9f67-84a2-412a-9ff7-b4f7d8ee6d05":"OpenSK authenticator","66a0ccb3-bd6a-191f-ee06-e375c50b9846":"Thales Bio iOS SDK","692db549-7ae5-44d5-a1e5-dd20a493b723":"HID Crescendo Key","69700f79-d1fb-472e-bd9b-a3a3b9a9eda0":"Pone Biometrics OFFPAD Authenticator","6d44ba9b-f6ec-2e49-b930-0c8fe920cb73":"Security Key by Yubico with NFC","73402251-f2a8-4f03-873e-3cb6db604b03":"uTrust FIDO2 Security Key","73bb0cd4-e502-49b8-9c6f-b59445bf720b":"YubiKey 5 FIPS Series","74820b05-a6c9-40f9-8fb0-9f86aca93998":"SafeNet eToken Fusion","77010bd7-212a-4fc9-b236-d2ca5e9d4084":"Feitian BioPass FIDO2 Authenticator","771b48fd-d3d4-4f74-9232-fc157ab0507a":"Edge on Mac","7e3f3d30-3557-4442-bdae-139312178b39":"RSA DS100","820d89ed-d65a-409e-85cb-f73f0578f82a":"IDmelon iOS Authenticator","833b721a-ff5f-4d00-bb2e-bdda3ec01e29":"Feitian ePass FIDO2 Authenticator","83c47309-aabb-4108-8470-8be838b573cb":"YubiKey Bio Series (Enterprise Profile)","85203421-48f9-4355-9bc8-8a53846e5083":"YubiKey 5 FIPS Series with Lightning","87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c":"eWBM eFA320 FIDO2 Authenticator","8836336a-f590-0921-301d-46427531eee6":"Thales Bio Android SDK","8876631b-d4a0-427f-5773-0ec71c9e0279":"Solo Secp256R1 FIDO2 CTAP2 Authenticator","88bbd2f0-342a-42e7-9729-dd158be5407a":"Precision InnaIT Key FIDO 2 Level 2 certified","8976631b-d4a0-427f-5773-0ec71c9e0279":"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator","89b19028-256b-4025-8872-255358d950e4":"Sentry Enterprises CTAP2 Authenticator","8c97a730-3f7b-41a6-87d6-1e9b62bda6f0":"FT-JCOS FIDO Fingerprint Card","8d1b1fcb-3c76-49a9-9129-5515b346aa02":"IDEMIA ID-ONE Card","91ad6b93-264b-4987-8737-3a690cad6917":"Token Ring FIDO2 Authenticator","931327dd-c89b-406c-a81e-ed7058ef36c6":"Swissbit iShield Key FIDO2","95442b2e-f15e-4def-b270-efb106facb4e":"eWBM eFA310 FIDO2 Authenticator","95e4d58c-056e-4a65-866d-f5a69659e880":"TruU Windows Authenticator","973446ca-e21c-9a9b-99f5-9b985a67af0f":"ACS FIDO Authenticator Card","9876631b-d4a0-427f-5773-0ec71c9e0279":"Somu Secp256R1 FIDO2 CTAP2 Authenticator","998f358b-2dd2-4cbe-a43a-e8107438dfb3":"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator","99bf4610-ec26-4252-b31f-7380ccd59db5":"ZTPass Card","9c835346-796b-4c27-8898-d6032f515cc5":"Cryptnox FIDO2","9d3df6ba-282f-11ed-a261-0242ac120002":"Arculus FIDO2/U2F Key Card","9ddd1817-af5a-4672-a2b9-3e3dd95000a9":"Windows Hello","9f0d8150-baa5-4c00-9299-ad62c8bb4e87":"GoTrust Idem Card FIDO2 Authenticator","9f77e279-a6e2-4d58-b700-31e5943c6a98":"Hyper FIDO Pro","a1f52be5-dfab-4364-b51c-2bd496b14a56":"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR","a3975549-b191-fd67-b8fb-017e2917fdb3":"Excelsecu eSecu FIDO2 NFC Security Key","a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa":"Security Key NFC by Yubico","ab32f0c6-2239-afbb-c470-d2ef4e254db6":"TEST (DUMMY RECORD)","ab32f0c6-2239-afbb-c470-d2ef4e254db7":"TOKEN2 FIDO2 Security Key","adce0002-35bc-c60a-648b-0b25f1f05503":"Chrome on Mac","aeb6569c-f8fb-4950-ac60-24ca2bbe2e52":"HID Crescendo C2300","b267239b-954f-4041-a01b-ee4f33c145b6":"authenton1 - CTAP2.1","b50d5e0a-7f81-4959-9b12-f45407407503":"IDPrime 3940 FIDO","b5397666-4885-aa6b-cebf-e52262a439a2":"Chromium Browser","b6ede29c-3772-412c-8a78-539c1f4c62d2":"Feitian BioPass FIDO2 Plus Authenticator","b84e4048-15dc-4dd0-8640-f4f60813c8af":"NordPass","b92c3f9a-c014-4056-887f-140a2501163b":"Security Key by Yubico","b93fd961-f2e6-462f-b122-82002247de78":"Android Authenticator with SafetyNet Attestation","ba76a271-6eb6-4171-874d-b6428dbe3437":"ATKey.ProS","ba86dc56-635f-4141-aef6-00227b1b9af6":"TruU Windows Authenticator","bada5566-a7aa-401f-bd96-45619a55120d":"1Password","bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a":"Excelsecu eSecu FIDO2 PRO Security Key","bc2fe499-0d8e-4ffe-96f3-94a82840cf8c":"OCTATCO EzQuant FIDO2 AUTHENTICATOR","be727034-574a-f799-5c76-0929e0430973":"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)","c1f9a0bc-1dd2-404a-b27f-8e29047a43fd":"YubiKey 5 FIPS Series with NFC","c5703116-972b-4851-a3e7-ae1259843399":"NEOWAVE Badgeo FIDO2","c5ef55ff-ad9a-4b9f-b580-adebafe026d0":"YubiKey 5 Series with Lightning","c80dbd9a-533f-4a17-b941-1a2f1c7cedff":"HID Crescendo C3000","ca4cff1b-5a81-4404-8194-59aabcf1660b":"IDPrime 3930 FIDO","ca87cb70-4c1b-4579-a8e8-4efdd7c007e0":"FIDO Alliance TruU Sample FIDO2 Authenticator","cb69481e-8ff7-4039-93ec-0a2729a154a8":"YubiKey 5 Series","cd69adb5-3c7a-deb9-3177-6800ea6cb72a":"Thales PIN Android SDK","cdbdaea2-c415-5073-50f7-c04e968640b6":"Excelsecu eSecu FIDO2 Security Key","cfcb13a2-244f-4b36-9077-82b79d6a7de7":"USB/NFC Passcode Authenticator","d384db22-4d50-ebde-2eac-5765cf1e2a44":"Excelsecu eSecu FIDO2 Fingerprint Security Key","d41f5a69-b817-4144-a13c-9ebd6d9254d6":"ATKey.Card CTAP2.0","d548826e-79b4-db40-a3d8-11116f7e8349":"Bitwarden","d61d3b87-3e7c-4aea-9c50-441c371903ad":"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator","d7a423ad-3e19-4492-9200-78137dccc136":"VivoKey Apex FIDO2","d821a7d4-e97c-4cb6-bd82-4237731fd4be":"Hyper FIDO Bio Security Key","d8522d9f-575b-4866-88a9-ba99fa02f35b":"YubiKey Bio Series","d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3":"KEY-ID FIDO2 Authenticator","d94a29d9-52dd-4247-9c2d-8b818b610389":"VeriMark Guard Fingerprint Key","da1fa263-8b25-42b6-a820-c0036f21ba7f":"ATKey.Card NFC","dd4ec289-e01d-41c9-bb89-70fa845d4bf2":"iCloud Keychain (Managed)","e1a96183-5016-4f24-b55b-e3ae23614cc6":"ATKey.Pro CTAP2.0","e416201b-afeb-41ca-a03d-2281c28322aa":"ATKey.Pro CTAP2.1","e86addcd-7711-47e5-b42a-c18257b0bf61":"IDCore 3121 Fido","ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4":"Google Password Manager","eabb46cc-e241-80bf-ae9e-96fa6d2975cf":"TOKEN2 PIN Plus Security Key Series ","eb3b131e-59dc-536a-d176-cb7306da10f5":"ellipticSecure MIRkey USB Authenticator","ec31b4cc-2acc-4b8e-9c01-bade00ccbe26":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","ee041bce-25e5-4cdb-8f86-897fd6418464":"Feitian ePass FIDO2-NFC Authenticator","ee882879-721c-4913-9775-3dfcce97072a":"YubiKey 5 Series","efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4":"Safenet eToken FIDO","f3809540-7f14-49c1-a8b3-8f813b225541":"Enpass","f4c63eff-d26c-4248-801c-3736c7eaa93a":"FIDO KeyPass S3","f7c558a0-f465-11e8-b568-0800200c9a66":"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator","f8a011f3-8c0a-4d15-8006-17111f9edc7d":"Security Key by Yubico","fa2b99dc-9e39-4257-8f92-4a30d23c4118":"YubiKey 5 Series with NFC","fbefdf68-fe86-0106-213e-4d5fa24cbe2e":"Excelsecu eSecu FIDO2 NFC Security Key","fbfc3007-154e-4ecc-8c0b-6e020557d7bd":"iCloud Keychain","fcb1bcb4-f370-078c-6993-bc24d0ae3fbe":"Ledger Nano X FIDO2 Authenticator","fec067a1-f1d0-4c5e-b4c0-cc3237475461":"KX701 SmartToken FIDO"};function T(e){let a=new DataView(e.slice(32,33)).getUint8(0),t={rpIdHash:o(e.slice(0,32)),flags:{userPresent:!!(a&1),userVerified:!!(a&4),backupEligibility:!!(a&8),backupState:!!(a&16),attestedData:!!(a&64),extensionsIncluded:!!(a&128)},counter:new DataView(e.slice(33,37)).getUint32(0,!1)};if(t.synced=t.flags.backupState,e.byteLength>37){let i=Y(e);t={...t,aaguid:i,name:h[i]??"Unknown",icon_light:"https://webauthn.passwordless.id/authenticators/"+i+"-light.png",icon_dark:"https://webauthn.passwordless.id/authenticators/"+i+"-dark.png"}}return t}function Y(e){return L(e.slice(37,53))}function L(e){let a=m(e);return a=a.substring(0,8)+"-"+a.substring(8,12)+"-"+a.substring(12,16)+"-"+a.substring(16,20)+"-"+a.substring(20,32),a}var W=new TextDecoder("utf-8");function F(e){return typeof e=="string"&&(e=d(e)),JSON.parse(W.decode(e))}function O(e){return typeof e=="string"&&(e=d(e)),T(e)}function _(e){return e}function P(e){return{username:e.username,credential:e.credential,client:F(e.clientData),authenticator:O(e.authenticatorData),attestation:e.attestationData?e.attestationData:null}}function w(e){return{credentialId:e.credentialId,client:F(e.clientData),authenticator:O(e.authenticatorData),signature:e.signature}}async function G(e,a){if(typeof e=="function"){let t=e(a);return t instanceof Promise?await t:t}return e===a}async function y(e,a){return!await G(e,a)}async function J(e,a){let t=P(e);if(t.client.type!=="webauthn.create")throw new Error(`Unexpected ClientData type: ${t.client.type}`);if(await y(a.origin,t.client.origin))throw new Error(`Unexpected ClientData origin: ${t.client.origin}`);if(await y(a.challenge,t.client.challenge))throw new Error(`Unexpected ClientData challenge: ${t.client.challenge}`);return t}async function X(e,a,t){if(e.credentialId!==a.id)throw new Error(`Credential ID mismatch: ${e.credentialId} vs ${a.id}`);if(!await x({algorithm:a.algorithm,publicKey:a.publicKey,authenticatorData:e.authenticatorData,clientData:e.clientData,signature:e.signature,verbose:t.verbose}))throw new Error(`Invalid signature: ${e.signature}`);let r=w(e);if(r.client.type!=="webauthn.get")throw new Error(`Unexpected clientData type: ${r.client.type}`);if(await y(t.origin,r.client.origin))throw new Error(`Unexpected ClientData origin: ${r.client.origin}`);if(await y(t.challenge,r.client.challenge))throw new Error(`Unexpected ClientData challenge: ${r.client.challenge}`);let c=new URL(r.client.origin).hostname,n=o(await u(f(c)));if(r.authenticator.rpIdHash!==n)throw new Error(`Unexpected RpIdHash: ${r.authenticator.rpIdHash} vs ${n}`);if(!r.authenticator.flags.userPresent)throw new Error("Unexpected authenticator flags: missing userPresent");if(!r.authenticator.flags.userVerified&&t.userVerified)throw new Error("Unexpected authenticator flags: missing userVerified");if(t.counter&&r.authenticator.counter<=t.counter)throw new Error(`Unexpected authenticator counter: ${r.authenticator.counter} (should be > ${t.counter})`);return r}function q(e){switch(e){case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"};case"ES256":return{name:"ECDSA",namedCurve:"P-256",hash:"SHA-256"};default:throw new Error(`Unknown or unsupported crypto algorithm: ${e}. Only 'RS256' and 'ES256' are supported.`)}}async function z(e,a){let t=d(a);return crypto.subtle.importKey("spki",t,e,!1,["verify"])}async function x({algorithm:e,publicKey:a,authenticatorData:t,clientData:i,signature:r,verbose:c}){let n=q(e),A=await z(n,a);c&&console.debug(A);let g=await u(d(i)),B=D(d(t),g);c&&(console.debug("Crypto Algo: "+JSON.stringify(n)),console.debug("Public key: "+a),console.debug("Data: "+o(B)),console.debug("Signature: "+r));let p=d(r);return e=="ES256"&&(p=j(p)),await crypto.subtle.verify(n,A,p,B)}function j(e){let a=new Uint8Array(e),t=a[4]===0?5:4,i=t+32,r=a[i+2]===0?i+3:i+2,c=a.slice(t,i),n=a.slice(r);return new Uint8Array([...c,...n])}var ie={client:S,server:K,parsers:C,utils:s,authenticatorMetadata:h};export{h as authenticatorMetadata,S as client,ie as default,C as parsers,K as server,s as utils}; //# sourceMappingURL=webauthn.min.js.map diff --git a/dist/webauthn.min.js.map b/dist/webauthn.min.js.map index b65dad9..beb70a7 100644 --- a/dist/webauthn.min.js.map +++ b/dist/webauthn.min.js.map @@ -1,7 +1,7 @@ { "version": 3, "sources": ["../src/client.ts", "../src/utils.ts", "../src/server.ts", "../src/parsers.ts", "../src/authenticatorMetadata.ts", "../src/authenticators.ts", "../src/index.ts"], - "sourcesContent": ["import * as utils from './utils.js'\nimport { AuthenticateOptions, AuthenticationEncoded, AuthType, NamedAlgo, NumAlgo, RegisterOptions, RegistrationEncoded } from './types.js'\n\n/**\n * Returns whether passwordless authentication is available on this browser/platform or not.\n */\n export function isAvailable() :boolean {\n return !!window.PublicKeyCredential\n}\n\n/**\n * Returns whether the device itself can be used as authenticator.\n */\nexport async function isLocalAuthenticator() :Promise {\n return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()\n}\n\n\n\n\nasync function getAuthAttachment(authType :AuthType) :Promise {\n if(authType === \"local\")\n return \"platform\";\n if(authType === \"roaming\" || authType === \"extern\")\n return \"cross-platform\";\n if(authType === \"both\")\n return undefined // The webauthn protocol considers `null` as invalid but `undefined` as \"both\"!\n\n // the default case: \"auto\", depending on device capabilities\n try {\n if(await isLocalAuthenticator())\n return \"platform\"\n else\n return \"cross-platform\"\n } catch(e) {\n // might happen due to some security policies\n // see https://w3c.github.io/webauthn/#sctn-isUserVerifyingPlatformAuthenticatorAvailable\n return undefined // The webauthn protocol considers `null` as invalid but `undefined` as \"both\"!\n }\n}\n\n\n\nfunction getAlgoName(num :NumAlgo) :NamedAlgo {\n switch(num) {\n case -7: return \"ES256\"\n // case -8 ignored to to its rarity\n case -257: return \"RS256\"\n default: throw new Error(`Unknown algorithm code: ${num}`)\n }\n}\n\n\n\n/**\n * Creates a cryptographic key pair, in order to register the public key for later passwordless authentication.\n *\n * @param {string} username\n * @param {string} challenge A server-side randomly generated string.\n * @param {Object} [options] Optional parameters.\n * @param {number} [options.timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check.\n * @param {'required'|'preferred'|'discouraged'} [options.userVerification='required'] Whether to prompt for biometric/PIN check or not.\n * @param {'auto'|'local'|'roaming'|'both'} [options.authenticatorType='auto'] Which device to use as authenticator.\n * 'auto': if the local device can be used as authenticator it will be preferred. Otherwise it will prompt for a roaming device.\n * 'local': use the local device (using TouchID, FaceID, Windows Hello or PIN)\n * 'roaming': use a roaming device (security key or connected phone)\n * 'both': prompt the user to choose between local or roaming device. The UI and user interaction in this case is platform specific.\n * @param {boolean} [options.attestation=false] If enabled, the device attestation and clientData will be provided as Base64url encoded binary data.\n * Note that this is not available on some platforms.\n * @param {'discouraged'|'preferred'|'required'} [options.discoverable] A \"discoverable\" credential can be selected using `authenticate(...)` without providing credential IDs.\n * Instead, a native pop-up will appear for user selection.\n * This may have an impact on the \"passkeys\" user experience and syncing behavior of the key.\n */\nexport async function register(username :string, challenge :string, options? :RegisterOptions) :Promise {\n options = options ?? {}\n\n if(!utils.isBase64url(challenge))\n throw new Error('Provided challenge is not properly encoded in Base64url')\n\n const creationOptions :PublicKeyCredentialCreationOptions = {\n challenge: utils.parseBase64url(challenge),\n rp: {\n id: window.location.hostname,\n name: window.location.hostname\n },\n user: {\n id: options.userHandle ? utils.toBuffer(options.userHandle) : await utils.sha256(new TextEncoder().encode('passwordless.id-user:' + username)), // ID should not be directly \"identifiable\" for privacy concerns\n name: username,\n displayName: username,\n },\n pubKeyCredParams: [\n {alg: -7, type: \"public-key\"}, // ES256 (Webauthn's default algorithm)\n {alg: -257, type: \"public-key\"}, // RS256 (for Windows Hello and others)\n ],\n timeout: options.timeout ?? 60000,\n authenticatorSelection: {\n userVerification: options.userVerification ?? \"required\", // Webauthn default is \"preferred\"\n authenticatorAttachment: await getAuthAttachment(options.authenticatorType ?? \"auto\"),\n residentKey: options.discoverable ?? 'preferred', // official default is 'discouraged'\n requireResidentKey: (options.discoverable === 'required') // mainly for backwards compatibility, see https://www.w3.org/TR/webauthn/#dictionary-authenticatorSelection\n },\n attestation: \"direct\"\n }\n\n if(options.debug)\n console.debug(creationOptions)\n\n const credential = await navigator.credentials.create({publicKey: creationOptions}) as any //PublicKeyCredential\n \n if(options.debug)\n console.debug(credential)\n \n const response = credential.response as any // AuthenticatorAttestationResponse\n \n let registration :RegistrationEncoded = {\n username: username,\n credential: {\n id: credential.id,\n publicKey: utils.toBase64url(response.getPublicKey()),\n algorithm: getAlgoName(credential.response.getPublicKeyAlgorithm())\n },\n authenticatorData: utils.toBase64url(response.getAuthenticatorData()),\n clientData: utils.toBase64url(response.clientDataJSON),\n }\n\n if(options.attestation) {\n registration.attestationData = utils.toBase64url(response.attestationObject)\n }\n\n return registration\n}\n\n\nasync function getTransports(authType :AuthType) :Promise {\n const local :AuthenticatorTransport[] = ['internal']\n\n // 'hybrid' was added mid-2022 in the specs and currently not yet available in the official dom types\n // @ts-ignore\n const roaming :AuthenticatorTransport[] = ['hybrid', 'usb', 'ble', 'nfc']\n \n if(authType === \"local\")\n return local\n if(authType == \"roaming\" || authType === \"extern\")\n return roaming\n if(authType === \"both\")\n return [...local, ...roaming]\n\n // the default case: \"auto\", depending on device capabilities\n try {\n if(await isLocalAuthenticator())\n return local\n else\n return roaming\n } catch(e) {\n return [...local, ...roaming]\n }\n}\n\n\n/**\n * Signs a challenge using one of the provided credentials IDs in order to authenticate the user.\n *\n * @param {string[]} credentialIds The list of credential IDs that can be used for signing.\n * @param {string} challenge A server-side randomly generated string, the base64 encoded version will be signed.\n * @param {Object} [options] Optional parameters.\n * @param {number} [options.timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check.\n * @param {'required'|'preferred'|'discouraged'} [options.userVerification='required'] Whether to prompt for biometric/PIN check or not.\n * @param {'optional'|'conditional'|'required'|'silent'} [options.mediation='optional'] https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get#mediation\n */\nexport async function authenticate(credentialIds :string[], challenge :string, options? :AuthenticateOptions) :Promise {\n options = options ?? {}\n\n if(!utils.isBase64url(challenge))\n throw new Error('Provided challenge is not properly encoded in Base64url')\n\n const transports = await getTransports(options.authenticatorType ?? \"auto\");\n\n let authOptions :PublicKeyCredentialRequestOptions = {\n challenge: utils.parseBase64url(challenge),\n rpId: window.location.hostname,\n allowCredentials: credentialIds.map(id => { return {\n id: utils.parseBase64url(id),\n type: 'public-key',\n transports: transports,\n }}),\n userVerification: options.userVerification ?? \"required\",\n timeout: options.timeout ?? 60000,\n }\n\n if(options.debug)\n console.debug(authOptions)\n\n let auth = await navigator.credentials.get({publicKey: authOptions, mediation: options.mediation}) as PublicKeyCredential\n \n if(options.debug)\n console.debug(auth)\n\n const response = auth.response as AuthenticatorAssertionResponse\n \n const authentication :AuthenticationEncoded = {\n credentialId: auth.id,\n authenticatorData: utils.toBase64url(response.authenticatorData),\n clientData: utils.toBase64url(response.clientDataJSON),\n signature: utils.toBase64url(response.signature),\n userHandle: response.userHandle ? utils.toBase64url(response.userHandle) : undefined // may not be returned by every authenticator\n }\n\n return authentication\n}\n\n", "/********************************\n Encoding/Decoding Utils\n********************************/\n\nexport function randomChallenge() {\n return crypto.randomUUID()\n}\n\n\nexport function toBuffer(txt :string) :ArrayBuffer {\n return Uint8Array.from(txt, c => c.charCodeAt(0)).buffer\n}\n\nexport function parseBuffer(buffer :ArrayBuffer) :string {\n return String.fromCharCode(...new Uint8Array(buffer))\n}\n\n\nexport function isBase64url(txt :string) :boolean {\n return txt.match(/^[a-zA-Z0-9\\-_]+=*$/) !== null\n}\n\nexport function toBase64url(buffer :ArrayBuffer) :string {\n const txt = btoa(parseBuffer(buffer)) // base64\n return txt.replaceAll('+', '-').replaceAll('/', '_')\n}\n\nexport function parseBase64url(txt :string) :ArrayBuffer {\n txt = txt.replaceAll('-', '+').replaceAll('_', '/') // base64url -> base64\n return toBuffer(atob(txt))\n}\n\n\nexport async function sha256(buffer :ArrayBuffer) :Promise {\n return await crypto.subtle.digest('SHA-256', buffer)\n}\n\nexport function bufferToHex (buffer :ArrayBuffer) :string {\n return [...new Uint8Array (buffer)]\n .map (b => b.toString (16).padStart (2, \"0\"))\n .join (\"\");\n}\n\n\nexport function concatenateBuffers(buffer1 :ArrayBuffer, buffer2 :ArrayBuffer) {\n var tmp = new Uint8Array(buffer1.byteLength + buffer2.byteLength);\n tmp.set(new Uint8Array(buffer1), 0);\n tmp.set(new Uint8Array(buffer2), buffer1.byteLength);\n return tmp;\n };", "import { parseAuthentication, parseRegistration } from \"./parsers.js\";\nimport { AuthenticationEncoded, AuthenticationParsed, CredentialKey, NamedAlgo, RegistrationEncoded, RegistrationParsed } from \"./types.js\";\nimport * as utils from './utils.js'\n\n\nasync function isValid(validator :any, value :any) :Promise {\n if(typeof validator === 'function') {\n const res = validator(value)\n if(res instanceof Promise)\n return await res\n else\n return res\n }\n // the validator can be a single value too\n return validator === value\n}\n\nasync function isNotValid(validator :any, value :any) :Promise {\n return !(await isValid(validator, value))\n}\n\ninterface RegistrationChecks {\n challenge: string | Function,\n origin: string | Function\n}\n\n\nexport async function verifyRegistration(registrationRaw: RegistrationEncoded, expected: RegistrationChecks): Promise {\n const registration = parseRegistration(registrationRaw)\n registration.client.challenge\n\n if (registration.client.type !== \"webauthn.create\")\n throw new Error(`Unexpected ClientData type: ${registration.client.type}`)\n\n if (await isNotValid(expected.origin, registration.client.origin))\n throw new Error(`Unexpected ClientData origin: ${registration.client.origin}`)\n\n if (await isNotValid(expected.challenge, registration.client.challenge))\n throw new Error(`Unexpected ClientData challenge: ${registration.client.challenge}`)\n\n return registration\n}\n\n\ninterface AuthenticationChecks {\n challenge: string | Function,\n origin: string | Function,\n userVerified: boolean,\n counter?: number, // Made optional according to https://github.com/passwordless-id/webauthn/issues/38\n verbose?: boolean\n}\n\n\nexport async function verifyAuthentication(authenticationRaw: AuthenticationEncoded, credential: CredentialKey, expected: AuthenticationChecks): Promise {\n if (authenticationRaw.credentialId !== credential.id)\n throw new Error(`Credential ID mismatch: ${authenticationRaw.credentialId} vs ${credential.id}`)\n\n const isValidSignature: boolean = await verifySignature({\n algorithm: credential.algorithm,\n publicKey: credential.publicKey,\n authenticatorData: authenticationRaw.authenticatorData,\n clientData: authenticationRaw.clientData,\n signature: authenticationRaw.signature,\n verbose: expected.verbose\n })\n\n if(!isValidSignature)\n throw new Error(`Invalid signature: ${authenticationRaw.signature}`)\n\n const authentication = parseAuthentication(authenticationRaw)\n\n if (authentication.client.type !== \"webauthn.get\")\n throw new Error(`Unexpected clientData type: ${authentication.client.type}`)\n\n if (await isNotValid(expected.origin, authentication.client.origin))\n throw new Error(`Unexpected ClientData origin: ${authentication.client.origin}`)\n\n if (await isNotValid(expected.challenge, authentication.client.challenge))\n throw new Error(`Unexpected ClientData challenge: ${authentication.client.challenge}`)\n\n // this only works because we consider `rp.origin` and `rp.id` to be the same during authentication/registration\n const rpId = new URL(authentication.client.origin).hostname\n const expectedRpIdHash = utils.toBase64url(await utils.sha256(utils.toBuffer(rpId)))\n if (authentication.authenticator.rpIdHash !== expectedRpIdHash)\n throw new Error(`Unexpected RpIdHash: ${authentication.authenticator.rpIdHash} vs ${expectedRpIdHash}`)\n\n if (!authentication.authenticator.flags.userPresent)\n throw new Error(`Unexpected authenticator flags: missing userPresent`)\n\n if (!authentication.authenticator.flags.userVerified && expected.userVerified)\n throw new Error(`Unexpected authenticator flags: missing userVerified`)\n\n if (expected.counter && authentication.authenticator.counter <= expected.counter)\n throw new Error(`Unexpected authenticator counter: ${authentication.authenticator.counter} (should be > ${expected.counter})`)\n\n return authentication\n}\n\n\n// https://w3c.github.io/webauthn/#sctn-public-key-easy\n// https://www.iana.org/assignments/cose/cose.xhtml#algorithms\n/*\nUser agents MUST be able to return a non-null value for getPublicKey() when the credential public key has a COSEAlgorithmIdentifier value of:\n\n-7 (ES256), where kty is 2 (with uncompressed points) and crv is 1 (P-256).\n\n-257 (RS256).\n\n-8 (EdDSA), where crv is 6 (Ed25519).\n*/\nfunction getAlgoParams(algorithm: NamedAlgo): any {\n switch (algorithm) {\n case 'RS256':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: 'SHA-256'\n };\n case 'ES256':\n return {\n name: 'ECDSA',\n namedCurve: 'P-256',\n hash: 'SHA-256',\n };\n // case 'EdDSA': Not supported by browsers\n default:\n throw new Error(`Unknown or unsupported crypto algorithm: ${algorithm}. Only 'RS256' and 'ES256' are supported.`)\n }\n}\n\ntype AlgoParams = AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm\n\nasync function parseCryptoKey(algoParams: AlgoParams, publicKey: string): Promise {\n const buffer = utils.parseBase64url(publicKey)\n return crypto.subtle.importKey('spki', buffer, algoParams, false, ['verify'])\n}\n\n\n\ntype VerifyParams = {\n algorithm: NamedAlgo,\n publicKey: string, // Base64url encoded\n authenticatorData: string, // Base64url encoded\n clientData: string, // Base64url encoded\n signature: string, // Base64url encoded\n verbose?: boolean, // Enables debug logs containing sensitive data like crypto keys\n}\n\n\n// https://w3c.github.io/webauthn/#sctn-verifying-assertion\n// https://w3c.github.io/webauthn/#sctn-signature-attestation-types\n/* Emphasis mine:\n\n6.5.6. Signature Formats for Packed Attestation, FIDO U2F Attestation, and **Assertion Signatures**\n\n[...] For COSEAlgorithmIdentifier -7 (ES256) [...] the sig value MUST be encoded as an ASN.1 [...]\n[...] For COSEAlgorithmIdentifier -257 (RS256) [...] The signature is not ASN.1 wrapped.\n[...] For COSEAlgorithmIdentifier -37 (PS256) [...] The signature is not ASN.1 wrapped.\n*/\n// see also https://gist.github.com/philholden/50120652bfe0498958fd5926694ba354\nexport async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature, verbose }: VerifyParams): Promise {\n const algoParams = getAlgoParams(algorithm)\n let cryptoKey = await parseCryptoKey(algoParams, publicKey)\n \n if(verbose) {\n console.debug(cryptoKey)\n }\n\n let clientHash = await utils.sha256(utils.parseBase64url(clientData));\n\n // during \"login\", the authenticatorData is exactly 37 bytes\n let comboBuffer = utils.concatenateBuffers(utils.parseBase64url(authenticatorData), clientHash)\n\n if(verbose) {\n console.debug('Crypto Algo: ' + JSON.stringify(algoParams))\n console.debug('Public key: ' + publicKey)\n console.debug('Data: ' + utils.toBase64url(comboBuffer))\n console.debug('Signature: ' + signature)\n }\n\n // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify\n let signatureBuffer = utils.parseBase64url(signature)\n if(algorithm == 'ES256')\n signatureBuffer = convertASN1toRaw(signatureBuffer)\n\n const isValid = await crypto.subtle.verify(algoParams, cryptoKey, signatureBuffer, comboBuffer)\n\n return isValid\n}\n\nfunction convertASN1toRaw(signatureBuffer :ArrayBuffer) {\n // Convert signature from ASN.1 sequence to \"raw\" format\n const usignature = new Uint8Array(signatureBuffer);\n const rStart = usignature[4] === 0 ? 5 : 4;\n const rEnd = rStart + 32;\n const sStart = usignature[rEnd + 2] === 0 ? rEnd + 3 : rEnd + 2;\n const r = usignature.slice(rStart, rEnd);\n const s = usignature.slice(sStart);\n return new Uint8Array([...r, ...s]);\n}", "import * as authenticators from './authenticators.js'\nimport * as utils from './utils.js'\nimport { AuthenticatorInfo, ClientInfo, RegistrationEncoded, RegistrationParsed, AuthenticationEncoded, AuthenticationParsed } from './types'\n\nconst utf8Decoder = new TextDecoder('utf-8')\n\nexport function parseClient(data :string|ArrayBuffer) :ClientInfo {\n if(typeof data == 'string')\n data = utils.parseBase64url(data)\n return JSON.parse(utf8Decoder.decode(data))\n}\n\n\nexport function parseAuthenticator(data :string|ArrayBuffer) :AuthenticatorInfo {\n if(typeof data == 'string')\n data = utils.parseBase64url(data)\n return authenticators.parseAuthBuffer(data)\n}\n\n\nexport function parseAttestation(data :string|ArrayBuffer) :unknown {\n //if(typeof data == 'string')\n // data = utils.parseBase64url(data)\n // Useless comment, let's at least provide the raw value \n // return \"The device attestation proves the authenticity of the device model / aaguid. It's not guaranteed to be included and really complex to parse / verify. Good luck with that one!\"\n return data;\n}\n\n\n\nexport function parseRegistration(registration :RegistrationEncoded) :RegistrationParsed {\n return {\n username: registration.username,\n credential: registration.credential,\n\n client: parseClient(registration.clientData),\n authenticator: parseAuthenticator(registration.authenticatorData),\n attestation: registration.attestationData ? parseAttestation(registration.attestationData) : null\n }\n}\n\nexport function parseAuthentication(authentication :AuthenticationEncoded) :AuthenticationParsed {\n return {\n credentialId: authentication.credentialId,\n client: parseClient(authentication.clientData),\n authenticator: parseAuthenticator(authentication.authenticatorData),\n signature: authentication.signature\n }\n}", "/**\n * The source comes from\n * \"official\" https://mds.fidoalliance.org/\n * and the\n * \"community-driven\" https://github.com/passkeydeveloper/passkey-authenticator-aaguids\n * combined together.\n */\nexport const authenticatorMetadata :Record = {\n\t\"00000000-0000-0000-0000-000000000000\": \"Unknown authenticator\",\n\t\"0076631b-d4a0-427f-5773-0ec71c9e0279\": \"HYPR FIDO2 Authenticator\",\n\t\"07a9f89c-6407-4594-9d56-621d5f1e358b\": \"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator\",\n\t\"08987058-cadc-4b81-b6e1-30de50dcbe96\": \"Windows Hello\",\n\t\"09591fc6-9811-48f7-8f57-b9f23df6413f\": \"Pone Biometrics OFFPAD Authenticator\",\n\t\"0acf3011-bc60-f375-fb53-6f05f43154e0\": \"Nymi FIDO2 Authenticator\",\n\t\"0bb43545-fd2c-4185-87dd-feb0b2916ace\": \"Security Key NFC by Yubico - Enterprise Edition\",\n\t\"0d9b2e56-566b-c393-2940-f821b7f15d6d\": \"Excelsecu eSecu FIDO2 Pro Security Key\",\n\t\"0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6\": \"Keeper\",\n\t\"1105e4ed-af1d-02ff-ffff-ffffffffffff\": \"Egomet FIDO2 Authenticator for Android\",\n\t\"12ded745-4bed-47d4-abaa-e713f51d6393\": \"Feitian AllinOne FIDO2 Authenticator\",\n\t\"149a2021-8ef6-4133-96b8-81f8d5b7f1f5\": \"Security Key by Yubico with NFC\",\n\t\"17290f1e-c212-34d0-1423-365d729f09d9\": \"Thales PIN iOS SDK\",\n\t\"175cd298-83d2-4a26-b637-313c07a6434e\": \"Chunghwa Telecom FIDO2 Smart Card Authenticator\",\n\t\"1c086528-58d5-f211-823c-356786e36140\": \"Atos CardOS FIDO2\",\n\t\"20f0be98-9af9-986a-4b42-8eca4acb28e4\": \"Excelsecu eSecu FIDO2 Fingerprint Security Key\",\n\t\"2194b428-9397-4046-8f39-007a1605a482\": \"IDPrime 931 Fido\",\n\t\"23786452-f02d-4344-87ed-aaf703726881\": \"SafeNet eToken Fusion CC\",\n\t\"2c0df832-92de-4be1-8412-88a8f074df4a\": \"Feitian FIDO Smart Card\",\n\t\"2d3bec26-15ee-4f5d-88b2-53622490270b\": \"HID Crescendo Key V2\",\n\t\"2fc0579f-8113-47ea-b116-bb5a8db9202a\": \"YubiKey 5 Series with NFC\",\n\t\"2ffd6452-01da-471f-821b-ea4bf6c8676a\": \"IDPrime 941 Fido\",\n\t\"30b5035e-d297-4fc1-b00b-addc96ba6a97\": \"OneSpan FIDO Touch\",\n\t\"30b5035e-d297-4ff1-b00b-addc96ba6a98\": \"OneSpan DIGIPASS FX1 BIO\",\n\t\"341e4da9-3c2e-8103-5a9f-aad887135200\": \"Ledger Nano S FIDO2 Authenticator\",\n\t\"34f5766d-1536-4a24-9033-0e294e510fb0\": \"YubiKey 5 Series CTAP2.1 Preview Expired \",\n\t\"361a3082-0278-4583-a16f-72a527f973e4\": \"eWBM eFA500 FIDO2 Authenticator\",\n\t\"3789da91-f943-46bc-95c3-50ea2012f03a\": \"NEOWAVE Winkeo FIDO2\",\n\t\"39a5647e-1853-446c-a1f6-a79bae9f5bc7\": \"IDmelon\",\n\t\"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a\": \"GoTrust Idem Key FIDO2 Authenticator\",\n\t\"3e078ffd-4c54-4586-8baa-a77da113aec5\": \"Hideez Key 3 FIDO2\",\n\t\"3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d\": \"Feitian iePass FIDO Authenticator\",\n\t\"3f59672f-20aa-4afe-b6f4-7e5e916b6d98\": \"Arculus FIDO 2.1 Key Card [P71]\",\n\t\"42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3\": \"Google Titan Security Key v2\",\n\t\"454e5346-4944-4ffd-6c93-8e9267193e9a\": \"Ensurity ThinC\",\n\t\"4b3f8944-d4f2-4d21-bb19-764a986ec160\": \"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"4c0cf95d-2f40-43b5-ba42-4c83a11c04ba\": \"Feitian BioPass FIDO2 Pro Authenticator\",\n\t\"4c50ff10-1057-4fc6-b8ed-43a529530c3c\": \"ImproveID Authenticator\",\n\t\"4d41190c-7beb-4a84-8018-adf265a6352d\": \"Thales IDPrime FIDO Bio\",\n\t\"4e768f2c-5fab-48b3-b300-220eb487752b\": \"Hideez Key 4 FIDO2 SDK\",\n\t\"504d7149-4e4c-3841-4555-55445a677357\": \"WiSECURE AuthTron USB FIDO2 Authenticator\",\n\t\"50a45b0c-80e7-f944-bf29-f552bfa2e048\": \"ACS FIDO Authenticator\",\n\t\"516d3969-5a57-5651-5958-4e7a49434167\": \"SmartDisplayer BobeePass FIDO2 Authenticator\",\n\t\"531126d6-e717-415c-9320-3d9aa6981239\": \"Dashlane\",\n\t\"53414d53-554e-4700-0000-000000000000\": \"Samsung Pass\",\n\t\"5343502d-5343-5343-6172-644649444f32\": \"ESS Smart Card Inc. Authenticator\",\n\t\"54d9fee8-e621-4291-8b18-7157b99c5bec\": \"HID Crescendo Enabled\",\n\t\"5626bed4-e756-430b-a7ff-ca78c8b12738\": \"VALMIDO PRO FIDO\",\n\t\"58b44d0b-0a7c-f33a-fd48-f7153c871352\": \"Ledger Nano S Plus FIDO2 Authenticator\",\n\t\"5ca1ab1e-1337-fa57-f1d0-a117e71ca702\": \"Allthenticator App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers\",\n\t\"5d629218-d3a5-11ed-afa1-0242ac120002\": \"Swissbit iShield Key Pro\",\n\t\"5fdb81b8-53f0-4967-a881-f5ec26fe4d18\": \"VinCSS FIDO2 Authenticator\",\n\t\"6002f033-3c07-ce3e-d0f7-0ffe5ed42543\": \"Excelsecu eSecu FIDO2 Fingerprint Key\",\n\t\"6028b017-b1d4-4c02-b4b3-afcdafc96bb2\": \"Windows Hello\",\n\t\"61250591-b2bc-4456-b719-0b17be90bb30\": \"eWBM eFPA FIDO2 Authenticator\",\n\t\"664d9f67-84a2-412a-9ff7-b4f7d8ee6d05\": \"OpenSK authenticator\",\n\t\"66a0ccb3-bd6a-191f-ee06-e375c50b9846\": \"Thales Bio iOS SDK\",\n\t\"692db549-7ae5-44d5-a1e5-dd20a493b723\": \"HID Crescendo Key\",\n\t\"69700f79-d1fb-472e-bd9b-a3a3b9a9eda0\": \"Pone Biometrics OFFPAD Authenticator\",\n\t\"6d44ba9b-f6ec-2e49-b930-0c8fe920cb73\": \"Security Key by Yubico with NFC\",\n\t\"73402251-f2a8-4f03-873e-3cb6db604b03\": \"uTrust FIDO2 Security Key\",\n\t\"73bb0cd4-e502-49b8-9c6f-b59445bf720b\": \"YubiKey 5 FIPS Series\",\n\t\"74820b05-a6c9-40f9-8fb0-9f86aca93998\": \"SafeNet eToken Fusion\",\n\t\"77010bd7-212a-4fc9-b236-d2ca5e9d4084\": \"Feitian BioPass FIDO2 Authenticator\",\n\t\"771b48fd-d3d4-4f74-9232-fc157ab0507a\": \"Edge on Mac\",\n\t\"7e3f3d30-3557-4442-bdae-139312178b39\": \"RSA DS100\",\n\t\"820d89ed-d65a-409e-85cb-f73f0578f82a\": \"IDmelon iOS Authenticator\",\n\t\"833b721a-ff5f-4d00-bb2e-bdda3ec01e29\": \"Feitian ePass FIDO2 Authenticator\",\n\t\"83c47309-aabb-4108-8470-8be838b573cb\": \"YubiKey Bio Series (Enterprise Profile)\",\n\t\"85203421-48f9-4355-9bc8-8a53846e5083\": \"YubiKey 5 FIPS Series with Lightning\",\n\t\"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c\": \"eWBM eFA320 FIDO2 Authenticator\",\n\t\"8836336a-f590-0921-301d-46427531eee6\": \"Thales Bio Android SDK\",\n\t\"8876631b-d4a0-427f-5773-0ec71c9e0279\": \"Solo Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"88bbd2f0-342a-42e7-9729-dd158be5407a\": \"Precision InnaIT Key FIDO 2 Level 2 certified\",\n\t\"8976631b-d4a0-427f-5773-0ec71c9e0279\": \"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"89b19028-256b-4025-8872-255358d950e4\": \"Sentry Enterprises CTAP2 Authenticator\",\n\t\"8c97a730-3f7b-41a6-87d6-1e9b62bda6f0\": \"FT-JCOS FIDO Fingerprint Card\",\n\t\"8d1b1fcb-3c76-49a9-9129-5515b346aa02\": \"IDEMIA ID-ONE Card\",\n\t\"91ad6b93-264b-4987-8737-3a690cad6917\": \"Token Ring FIDO2 Authenticator\",\n\t\"931327dd-c89b-406c-a81e-ed7058ef36c6\": \"Swissbit iShield Key FIDO2\",\n\t\"95442b2e-f15e-4def-b270-efb106facb4e\": \"eWBM eFA310 FIDO2 Authenticator\",\n\t\"95e4d58c-056e-4a65-866d-f5a69659e880\": \"TruU Windows Authenticator\",\n\t\"973446ca-e21c-9a9b-99f5-9b985a67af0f\": \"ACS FIDO Authenticator Card\",\n\t\"9876631b-d4a0-427f-5773-0ec71c9e0279\": \"Somu Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"998f358b-2dd2-4cbe-a43a-e8107438dfb3\": \"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"99bf4610-ec26-4252-b31f-7380ccd59db5\": \"ZTPass Card\",\n\t\"9c835346-796b-4c27-8898-d6032f515cc5\": \"Cryptnox FIDO2\",\n\t\"9d3df6ba-282f-11ed-a261-0242ac120002\": \"Arculus FIDO2/U2F Key Card\",\n\t\"9ddd1817-af5a-4672-a2b9-3e3dd95000a9\": \"Windows Hello\",\n\t\"9f0d8150-baa5-4c00-9299-ad62c8bb4e87\": \"GoTrust Idem Card FIDO2 Authenticator\",\n\t\"9f77e279-a6e2-4d58-b700-31e5943c6a98\": \"Hyper FIDO Pro\",\n\t\"a1f52be5-dfab-4364-b51c-2bd496b14a56\": \"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR\",\n\t\"a3975549-b191-fd67-b8fb-017e2917fdb3\": \"Excelsecu eSecu FIDO2 NFC Security Key\",\n\t\"a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa\": \"Security Key NFC by Yubico\",\n\t\"ab32f0c6-2239-afbb-c470-d2ef4e254db6\": \"TEST (DUMMY RECORD)\",\n\t\"ab32f0c6-2239-afbb-c470-d2ef4e254db7\": \"TOKEN2 FIDO2 Security Key\",\n\t\"adce0002-35bc-c60a-648b-0b25f1f05503\": \"Chrome on Mac\",\n\t\"aeb6569c-f8fb-4950-ac60-24ca2bbe2e52\": \"HID Crescendo C2300\",\n\t\"b267239b-954f-4041-a01b-ee4f33c145b6\": \"authenton1 - CTAP2.1\",\n\t\"b50d5e0a-7f81-4959-9b12-f45407407503\": \"IDPrime 3940 FIDO\",\n\t\"b5397666-4885-aa6b-cebf-e52262a439a2\": \"Chromium Browser\",\n\t\"b6ede29c-3772-412c-8a78-539c1f4c62d2\": \"Feitian BioPass FIDO2 Plus Authenticator\",\n\t\"b84e4048-15dc-4dd0-8640-f4f60813c8af\": \"NordPass\",\n\t\"b92c3f9a-c014-4056-887f-140a2501163b\": \"Security Key by Yubico\",\n\t\"b93fd961-f2e6-462f-b122-82002247de78\": \"Android Authenticator with SafetyNet Attestation\",\n\t\"ba76a271-6eb6-4171-874d-b6428dbe3437\": \"ATKey.ProS\",\n\t\"ba86dc56-635f-4141-aef6-00227b1b9af6\": \"TruU Windows Authenticator\",\n\t\"bada5566-a7aa-401f-bd96-45619a55120d\": \"1Password\",\n\t\"bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a\": \"Excelsecu eSecu FIDO2 PRO Security Key\",\n\t\"bc2fe499-0d8e-4ffe-96f3-94a82840cf8c\": \"OCTATCO EzQuant FIDO2 AUTHENTICATOR\",\n\t\"be727034-574a-f799-5c76-0929e0430973\": \"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)\",\n\t\"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd\": \"YubiKey 5 FIPS Series with NFC\",\n\t\"c5703116-972b-4851-a3e7-ae1259843399\": \"NEOWAVE Badgeo FIDO2\",\n\t\"c5ef55ff-ad9a-4b9f-b580-adebafe026d0\": \"YubiKey 5 Series with Lightning\",\n\t\"c80dbd9a-533f-4a17-b941-1a2f1c7cedff\": \"HID Crescendo C3000\",\n\t\"ca4cff1b-5a81-4404-8194-59aabcf1660b\": \"IDPrime 3930 FIDO\",\n\t\"ca87cb70-4c1b-4579-a8e8-4efdd7c007e0\": \"FIDO Alliance TruU Sample FIDO2 Authenticator\",\n\t\"cb69481e-8ff7-4039-93ec-0a2729a154a8\": \"YubiKey 5 Series\",\n\t\"cd69adb5-3c7a-deb9-3177-6800ea6cb72a\": \"Thales PIN Android SDK\",\n\t\"cdbdaea2-c415-5073-50f7-c04e968640b6\": \"Excelsecu eSecu FIDO2 Security Key\",\n\t\"cfcb13a2-244f-4b36-9077-82b79d6a7de7\": \"USB/NFC Passcode Authenticator\",\n\t\"d384db22-4d50-ebde-2eac-5765cf1e2a44\": \"Excelsecu eSecu FIDO2 Fingerprint Security Key\",\n\t\"d41f5a69-b817-4144-a13c-9ebd6d9254d6\": \"ATKey.Card CTAP2.0\",\n\t\"d548826e-79b4-db40-a3d8-11116f7e8349\": \"Bitwarden\",\n\t\"d61d3b87-3e7c-4aea-9c50-441c371903ad\": \"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"d7a423ad-3e19-4492-9200-78137dccc136\": \"VivoKey Apex FIDO2\",\n\t\"d821a7d4-e97c-4cb6-bd82-4237731fd4be\": \"Hyper FIDO Bio Security Key\",\n\t\"d8522d9f-575b-4866-88a9-ba99fa02f35b\": \"YubiKey Bio Series\",\n\t\"d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3\": \"KEY-ID FIDO2 Authenticator\",\n\t\"d94a29d9-52dd-4247-9c2d-8b818b610389\": \"VeriMark Guard Fingerprint Key\",\n\t\"da1fa263-8b25-42b6-a820-c0036f21ba7f\": \"ATKey.Card NFC\",\n\t\"dd4ec289-e01d-41c9-bb89-70fa845d4bf2\": \"iCloud Keychain (Managed)\",\n\t\"e1a96183-5016-4f24-b55b-e3ae23614cc6\": \"ATKey.Pro CTAP2.0\",\n\t\"e416201b-afeb-41ca-a03d-2281c28322aa\": \"ATKey.Pro CTAP2.1\",\n\t\"e86addcd-7711-47e5-b42a-c18257b0bf61\": \"IDCore 3121 Fido\",\n\t\"ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4\": \"Google Password Manager\",\n\t\"eabb46cc-e241-80bf-ae9e-96fa6d2975cf\": \"TOKEN2 PIN Plus Security Key Series \",\n\t\"eb3b131e-59dc-536a-d176-cb7306da10f5\": \"ellipticSecure MIRkey USB Authenticator\",\n\t\"ec31b4cc-2acc-4b8e-9c01-bade00ccbe26\": \"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"ee041bce-25e5-4cdb-8f86-897fd6418464\": \"Feitian ePass FIDO2-NFC Authenticator\",\n\t\"ee882879-721c-4913-9775-3dfcce97072a\": \"YubiKey 5 Series\",\n\t\"efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4\": \"Safenet eToken FIDO\",\n\t\"f3809540-7f14-49c1-a8b3-8f813b225541\": \"Enpass\",\n\t\"f4c63eff-d26c-4248-801c-3736c7eaa93a\": \"FIDO KeyPass S3\",\n\t\"f7c558a0-f465-11e8-b568-0800200c9a66\": \"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator\",\n\t\"f8a011f3-8c0a-4d15-8006-17111f9edc7d\": \"Security Key by Yubico\",\n\t\"fa2b99dc-9e39-4257-8f92-4a30d23c4118\": \"YubiKey 5 Series with NFC\",\n\t\"fbefdf68-fe86-0106-213e-4d5fa24cbe2e\": \"Excelsecu eSecu FIDO2 NFC Security Key\",\n\t\"fbfc3007-154e-4ecc-8c0b-6e020557d7bd\": \"iCloud Keychain\",\n\t\"fcb1bcb4-f370-078c-6993-bc24d0ae3fbe\": \"Ledger Nano X FIDO2 Authenticator\",\n\t\"fec067a1-f1d0-4c5e-b4c0-cc3237475461\": \"KX701 SmartToken FIDO\",\n}", "import { authenticatorMetadata } from './authenticatorMetadata.js'\nimport * as utils from './utils.js'\n\n\nexport function parseAuthBuffer(authData :ArrayBuffer) {\n //console.debug(authData)\n let flags = new DataView(authData.slice(32,33)).getUint8(0)\n //console.debug(flags)\n\n // https://w3c.github.io/webauthn/#sctn-authenticator-data\n let parsed :any = {\n rpIdHash: utils.toBase64url(authData.slice(0,32)),\n flags: {\n userPresent: !!(flags & 1),\n //reserved1: !!(flags & 2),\n userVerified: !!(flags & 4),\n backupEligibility: !!(flags & 8),\n backupState: !!(flags & 16),\n //reserved2: !!(flags & 32),\n attestedData: !!(flags & 64),\n extensionsIncluded: !!(flags & 128)\n },\n counter: new DataView(authData.slice(33,37)).getUint32(0, false), // Big-Endian!\n }\n\n // this is more descriptive than \"backupState\"\n parsed.synced = parsed.flags.backupState\n\n if(authData.byteLength > 37) {\n // registration contains additional data\n\n const aaguid = extractAaguid(authData) // bytes 37->53\n // https://w3c.github.io/webauthn/#attested-credential-data\n parsed = {\n ...parsed,\n aaguid,\n name: authenticatorMetadata[aaguid] ?? 'Unknown',\n icon_light: 'https://webauthn.passwordless.id/authenticators/' + aaguid + '-light.png',\n icon_dark: 'https://webauthn.passwordless.id/authenticators/' + aaguid + '-dark.png',\n }\n }\n\n return parsed\n}\n\nexport function extractAaguid(authData :ArrayBuffer) :string {\n return formatAaguid(authData.slice(37, 53)) // 16 bytes\n}\n\nfunction formatAaguid(buffer :ArrayBuffer) :string {\n let aaguid = utils.bufferToHex(buffer)\n aaguid = aaguid.substring(0,8) + '-' + aaguid.substring(8,12) + '-' + aaguid.substring(12,16) + '-' + aaguid.substring(16,20) + '-' + aaguid.substring(20,32)\n return aaguid // example: \"d41f5a69-b817-4144-a13c-9ebd6d9254d6\"\n}\n\n\n\n\n/**\n * Kept for compatibility purposes.\n * @deprecated\n */\nexport function resolveAuthenticatorName(aaguid :string) :string {\n const aaguidMetadata = updatedAuthenticatorMetadata ?? authenticatorMetadata //await getAaguidMetadata()\n return aaguidMetadata[aaguid]\n}\n\nlet updatedAuthenticatorMetadata :any = null\n\n/**\n * Updates the built-in metadata according to raw data available at https://mds.fidoalliance.org/\n * This service delivers a list of AAGUIDs encoded as a JWT.\n * Kept for compatibility purposes.\n * @deprecated\n */\nexport async function updateDevicesMetadata() {\n // this function is rather resource intensive and time consuming\n // therefore, the result is cached in local storage\n const jwt = await (await fetch(\"https://mds.fidoalliance.org\")).text()\n\n // the response is a JWT including all AAGUIDs and their metadata\n console.debug(jwt)\n\n // let us ignore the JWT verification, since this is solely for descriptive purposes, not signed data\n const payload = jwt.split('.')[1].replaceAll('-', '+').replaceAll('_', '/')\n const json = JSON.parse(atob(payload))\n console.debug(json)\n\n let aaguidMetadata :any = {}\n for(const e of json.entries) {\n if(!e.aaguid || !e.metadataStatement)\n continue\n\n aaguidMetadata[e.aaguid] = e.metadataStatement.description\n }\n\n console.debug(aaguidMetadata)\n updatedAuthenticatorMetadata = aaguidMetadata\n}\n", "/*\nexport * from './types'\nexport * from './webauthn'\nexport * from './parsers'\nexport * from './validation'\n*/\nimport * as client from './client.js';\nimport * as server from './server.js';\nimport * as parsers from './parsers.js';\nimport * as utils from './utils.js';\nimport { authenticatorMetadata } from './authenticatorMetadata.js'\n\nexport { client, server, parsers, utils, authenticatorMetadata }\nexport default { client, server, parsers, utils, authenticatorMetadata }\n"], - "mappings": "0FAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kBAAAE,EAAA,gBAAAC,EAAA,yBAAAC,EAAA,aAAAC,ICAA,IAAAC,EAAA,GAAAC,EAAAD,EAAA,iBAAAE,EAAA,uBAAAC,EAAA,gBAAAC,EAAA,mBAAAC,EAAA,gBAAAC,EAAA,oBAAAC,EAAA,WAAAC,EAAA,gBAAAC,EAAA,aAAAC,IAIO,SAASH,GAAkB,CAC9B,OAAO,OAAO,WAAW,CAC7B,CAGO,SAASG,EAASC,EAA0B,CAC/C,OAAO,WAAW,KAAKA,EAAKC,GAAKA,EAAE,WAAW,CAAC,CAAC,EAAE,MACtD,CAEO,SAASN,EAAYO,EAA6B,CACrD,OAAO,OAAO,aAAa,GAAG,IAAI,WAAWA,CAAM,CAAC,CACxD,CAGO,SAAST,EAAYO,EAAsB,CAC9C,OAAOA,EAAI,MAAM,qBAAqB,IAAM,IAChD,CAEO,SAASF,EAAYI,EAA6B,CAErD,OADY,KAAKP,EAAYO,CAAM,CAAC,EACzB,WAAW,IAAK,GAAG,EAAE,WAAW,IAAK,GAAG,CACvD,CAEO,SAASR,EAAeM,EAA0B,CACrD,OAAAA,EAAMA,EAAI,WAAW,IAAK,GAAG,EAAE,WAAW,IAAK,GAAG,EAC3CD,EAAS,KAAKC,CAAG,CAAC,CAC7B,CAGA,eAAsBH,EAAOK,EAA2C,CACpE,OAAO,MAAM,OAAO,OAAO,OAAO,UAAWA,CAAM,CACvD,CAEO,SAASX,EAAaW,EAA6B,CACtD,MAAO,CAAC,GAAG,IAAI,WAAYA,CAAM,CAAC,EAC7B,IAAKC,GAAKA,EAAE,SAAU,EAAE,EAAE,SAAU,EAAG,GAAG,CAAC,EAC3C,KAAM,EAAE,CACjB,CAGO,SAASX,EAAmBY,EAAsBC,EAAuB,CAC5E,IAAIC,EAAM,IAAI,WAAWF,EAAQ,WAAaC,EAAQ,UAAU,EAChE,OAAAC,EAAI,IAAI,IAAI,WAAWF,CAAO,EAAG,CAAC,EAClCE,EAAI,IAAI,IAAI,WAAWD,CAAO,EAAGD,EAAQ,UAAU,EAC5CE,CACT,CD3CM,SAASC,GAAuB,CACpC,MAAO,CAAC,CAAC,OAAO,mBACpB,CAKA,eAAsBC,GAAyC,CAC3D,OAAO,MAAM,oBAAoB,8CAA8C,CACnF,CAKA,eAAeC,EAAkBC,EAAgE,CAC7F,GAAGA,IAAa,QACZ,MAAO,WACX,GAAGA,IAAa,WAAaA,IAAa,SACtC,MAAO,iBACX,GAAGA,IAAa,OAIhB,GAAI,CACA,OAAG,MAAMF,EAAqB,EACnB,WAEA,gBACf,MAAE,CAGE,MACJ,CACJ,CAIA,SAASG,EAAYC,EAAyB,CAC1C,OAAOA,EAAK,CACR,IAAK,GAAI,MAAO,QAEhB,IAAK,KAAM,MAAO,QAClB,QAAS,MAAM,IAAI,MAAM,2BAA2BA,GAAK,CAC7D,CACJ,CAuBA,eAAsBC,EAASC,EAAkBC,EAAmBC,EAAyD,CAGzH,GAFAA,EAAUA,GAAW,CAAC,EAEnB,CAAOC,EAAYF,CAAS,EAC3B,MAAM,IAAI,MAAM,yDAAyD,EAE7E,IAAMG,EAAsD,CACxD,UAAiBC,EAAeJ,CAAS,EACzC,GAAI,CACA,GAAI,OAAO,SAAS,SACpB,KAAM,OAAO,SAAS,QAC1B,EACA,KAAM,CACF,GAAIC,EAAQ,WAAmBI,EAASJ,EAAQ,UAAU,EAAI,MAAYK,EAAO,IAAI,YAAY,EAAE,OAAO,wBAA0BP,CAAQ,CAAC,EAC7I,KAAMA,EACN,YAAaA,CACjB,EACA,iBAAkB,CACd,CAAC,IAAK,GAAI,KAAM,YAAY,EAC5B,CAAC,IAAK,KAAM,KAAM,YAAY,CAClC,EACA,QAASE,EAAQ,SAAW,IAC5B,uBAAwB,CACpB,iBAAkBA,EAAQ,kBAAoB,WAC9C,wBAAyB,MAAMP,EAAkBO,EAAQ,mBAAqB,MAAM,EACpF,YAAaA,EAAQ,cAAgB,YACrC,mBAAqBA,EAAQ,eAAiB,UAClD,EACA,YAAa,QACjB,EAEGA,EAAQ,OACP,QAAQ,MAAME,CAAe,EAEjC,IAAMI,EAAa,MAAM,UAAU,YAAY,OAAO,CAAC,UAAWJ,CAAe,CAAC,EAE/EF,EAAQ,OACP,QAAQ,MAAMM,CAAU,EAE5B,IAAMC,EAAWD,EAAW,SAExBE,EAAoC,CACpC,SAAUV,EACV,WAAY,CACR,GAAIQ,EAAW,GACf,UAAiBG,EAAYF,EAAS,aAAa,CAAC,EACpD,UAAWZ,EAAYW,EAAW,SAAS,sBAAsB,CAAC,CACtE,EACA,kBAAyBG,EAAYF,EAAS,qBAAqB,CAAC,EACpE,WAAkBE,EAAYF,EAAS,cAAc,CACzD,EAEA,OAAGP,EAAQ,cACPQ,EAAa,gBAAwBC,EAAYF,EAAS,iBAAiB,GAGxEC,CACX,CAGA,eAAeE,EAAchB,EAAuD,CAChF,IAAMiB,EAAmC,CAAC,UAAU,EAI9CC,EAAoC,CAAC,SAAU,MAAO,MAAO,KAAK,EAExE,GAAGlB,IAAa,QACZ,OAAOiB,EACX,GAAGjB,GAAY,WAAaA,IAAa,SACrC,OAAOkB,EACX,GAAGlB,IAAa,OACZ,MAAO,CAAC,GAAGiB,EAAO,GAAGC,CAAO,EAGhC,GAAI,CACA,OAAG,MAAMpB,EAAqB,EACnBmB,EAEAC,CACf,MAAE,CACE,MAAO,CAAC,GAAGD,EAAO,GAAGC,CAAO,CAChC,CACJ,CAaA,eAAsBC,EAAaC,EAAyBf,EAAmBC,EAA+D,CAG1I,GAFAA,EAAUA,GAAW,CAAC,EAEnB,CAAOC,EAAYF,CAAS,EAC3B,MAAM,IAAI,MAAM,yDAAyD,EAE7E,IAAMgB,EAAa,MAAML,EAAcV,EAAQ,mBAAqB,MAAM,EAEtEgB,EAAiD,CACjD,UAAiBb,EAAeJ,CAAS,EACzC,KAAM,OAAO,SAAS,SACtB,iBAAkBe,EAAc,IAAIG,IAAe,CAC/C,GAAUd,EAAec,CAAE,EAC3B,KAAM,aACN,WAAYF,CAChB,EAAE,EACF,iBAAkBf,EAAQ,kBAAoB,WAC9C,QAASA,EAAQ,SAAW,GAChC,EAEGA,EAAQ,OACP,QAAQ,MAAMgB,CAAW,EAE7B,IAAIE,EAAO,MAAM,UAAU,YAAY,IAAI,CAAC,UAAWF,EAAa,UAAWhB,EAAQ,SAAS,CAAC,EAE9FA,EAAQ,OACP,QAAQ,MAAMkB,CAAI,EAEtB,IAAMX,EAAWW,EAAK,SAUtB,MAR8C,CAC1C,aAAcA,EAAK,GACnB,kBAAyBT,EAAYF,EAAS,iBAAiB,EAC/D,WAAkBE,EAAYF,EAAS,cAAc,EACrD,UAAiBE,EAAYF,EAAS,SAAS,EAC/C,WAAYA,EAAS,WAAmBE,EAAYF,EAAS,UAAU,EAAI,MAC/E,CAGJ,CEhNA,IAAAY,EAAA,GAAAC,EAAAD,EAAA,0BAAAE,EAAA,uBAAAC,EAAA,oBAAAC,ICAA,IAAAC,EAAA,GAAAC,EAAAD,EAAA,sBAAAE,EAAA,wBAAAC,EAAA,uBAAAC,EAAA,gBAAAC,EAAA,sBAAAC,ICOO,IAAMC,EAAgD,CAC5D,uCAAwC,wBACxC,uCAAwC,2BACxC,uCAAwC,mEACxC,uCAAwC,gBACxC,uCAAwC,uCACxC,uCAAwC,2BACxC,uCAAwC,kDACxC,uCAAwC,yCACxC,uCAAwC,SACxC,uCAAwC,yCACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,qBACxC,uCAAwC,kDACxC,uCAAwC,oBACxC,uCAAwC,iDACxC,uCAAwC,mBACxC,uCAAwC,2BACxC,uCAAwC,0BACxC,uCAAwC,uBACxC,uCAAwC,4BACxC,uCAAwC,mBACxC,uCAAwC,qBACxC,uCAAwC,2BACxC,uCAAwC,oCACxC,uCAAwC,4CACxC,uCAAwC,kCACxC,uCAAwC,uBACxC,uCAAwC,UACxC,uCAAwC,uCACxC,uCAAwC,qBACxC,uCAAwC,oCACxC,uCAAwC,kCACxC,uCAAwC,+BACxC,uCAAwC,iBACxC,uCAAwC,sDACxC,uCAAwC,0CACxC,uCAAwC,0BACxC,uCAAwC,0BACxC,uCAAwC,yBACxC,uCAAwC,4CACxC,uCAAwC,yBACxC,uCAAwC,+CACxC,uCAAwC,WACxC,uCAAwC,eACxC,uCAAwC,oCACxC,uCAAwC,wBACxC,uCAAwC,mBACxC,uCAAwC,yCACxC,uCAAwC,+GACxC,uCAAwC,2BACxC,uCAAwC,6BACxC,uCAAwC,wCACxC,uCAAwC,gBACxC,uCAAwC,gCACxC,uCAAwC,uBACxC,uCAAwC,qBACxC,uCAAwC,oBACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,4BACxC,uCAAwC,wBACxC,uCAAwC,wBACxC,uCAAwC,sCACxC,uCAAwC,cACxC,uCAAwC,YACxC,uCAAwC,4BACxC,uCAAwC,oCACxC,uCAAwC,0CACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,yBACxC,uCAAwC,2CACxC,uCAAwC,gDACxC,uCAAwC,+CACxC,uCAAwC,yCACxC,uCAAwC,gCACxC,uCAAwC,qBACxC,uCAAwC,iCACxC,uCAAwC,6BACxC,uCAAwC,kCACxC,uCAAwC,6BACxC,uCAAwC,8BACxC,uCAAwC,2CACxC,uCAAwC,8CACxC,uCAAwC,cACxC,uCAAwC,iBACxC,uCAAwC,6BACxC,uCAAwC,gBACxC,uCAAwC,wCACxC,uCAAwC,iBACxC,uCAAwC,wCACxC,uCAAwC,yCACxC,uCAAwC,6BACxC,uCAAwC,sBACxC,uCAAwC,4BACxC,uCAAwC,gBACxC,uCAAwC,sBACxC,uCAAwC,uBACxC,uCAAwC,oBACxC,uCAAwC,mBACxC,uCAAwC,2CACxC,uCAAwC,WACxC,uCAAwC,yBACxC,uCAAwC,mDACxC,uCAAwC,aACxC,uCAAwC,6BACxC,uCAAwC,YACxC,uCAAwC,yCACxC,uCAAwC,sCACxC,uCAAwC,yDACxC,uCAAwC,iCACxC,uCAAwC,uBACxC,uCAAwC,kCACxC,uCAAwC,sBACxC,uCAAwC,oBACxC,uCAAwC,gDACxC,uCAAwC,mBACxC,uCAAwC,yBACxC,uCAAwC,qCACxC,uCAAwC,iCACxC,uCAAwC,iDACxC,uCAAwC,qBACxC,uCAAwC,YACxC,uCAAwC,+CACxC,uCAAwC,qBACxC,uCAAwC,8BACxC,uCAAwC,qBACxC,uCAAwC,6BACxC,uCAAwC,iCACxC,uCAAwC,iBACxC,uCAAwC,4BACxC,uCAAwC,oBACxC,uCAAwC,oBACxC,uCAAwC,mBACxC,uCAAwC,0BACxC,uCAAwC,uCACxC,uCAAwC,0CACxC,uCAAwC,sDACxC,uCAAwC,wCACxC,uCAAwC,mBACxC,uCAAwC,sBACxC,uCAAwC,SACxC,uCAAwC,kBACxC,uCAAwC,gEACxC,uCAAwC,yBACxC,uCAAwC,4BACxC,uCAAwC,yCACxC,uCAAwC,kBACxC,uCAAwC,oCACxC,uCAAwC,uBACzC,EC3JO,SAASC,EAAgBC,EAAuB,CAEnD,IAAIC,EAAQ,IAAI,SAASD,EAAS,MAAM,GAAG,EAAE,CAAC,EAAE,SAAS,CAAC,EAItDE,EAAc,CACd,SAAgBC,EAAYH,EAAS,MAAM,EAAE,EAAE,CAAC,EAChD,MAAO,CACC,YAAa,CAAC,EAAEC,EAAQ,GAExB,aAAc,CAAC,EAAEA,EAAS,GAC1B,kBAAmB,CAAC,EAAEA,EAAQ,GAC9B,YAAa,CAAC,EAAEA,EAAQ,IAExB,aAAc,CAAC,EAAEA,EAAQ,IACzB,mBAAoB,CAAC,EAAEA,EAAQ,IACvC,EACA,QAAS,IAAI,SAASD,EAAS,MAAM,GAAG,EAAE,CAAC,EAAE,UAAU,EAAG,EAAK,CACnE,EAKA,GAFAE,EAAO,OAASA,EAAO,MAAM,YAE1BF,EAAS,WAAa,GAAI,CAGzB,IAAMI,EAASC,EAAcL,CAAQ,EAErCE,EAAS,CACL,GAAGA,EACH,OAAAE,EACA,KAAME,EAAsBF,IAAW,UACvC,WAAY,mDAAqDA,EAAS,aAC1E,UAAW,mDAAqDA,EAAS,WAC7E,CACJ,CAEA,OAAOF,CACX,CAEO,SAASG,EAAcL,EAA+B,CACzD,OAAOO,EAAaP,EAAS,MAAM,GAAI,EAAE,CAAC,CAC9C,CAEA,SAASO,EAAaC,EAA6B,CAC/C,IAAIJ,EAAeK,EAAYD,CAAM,EACrC,OAAAJ,EAASA,EAAO,UAAU,EAAE,CAAC,EAAI,IAAMA,EAAO,UAAU,EAAE,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EACrJA,CACX,CFjDA,IAAMM,EAAc,IAAI,YAAY,OAAO,EAEpC,SAASC,EAAYC,EAAsC,CAC9D,OAAG,OAAOA,GAAQ,WACdA,EAAaC,EAAeD,CAAI,GAC7B,KAAK,MAAMF,EAAY,OAAOE,CAAI,CAAC,CAC9C,CAGO,SAASE,EAAmBF,EAA6C,CAC5E,OAAG,OAAOA,GAAQ,WACdA,EAAaC,EAAeD,CAAI,GACdG,EAAgBH,CAAI,CAC9C,CAGO,SAASI,EAAiBJ,EAAmC,CAKhE,OAAOA,CACX,CAIO,SAASK,EAAkBC,EAAuD,CACrF,MAAO,CACH,SAAUA,EAAa,SACvB,WAAYA,EAAa,WAEzB,OAAeP,EAAYO,EAAa,UAAU,EAClD,cAAeJ,EAAmBI,EAAa,iBAAiB,EAChE,YAAeA,EAAa,gBAAmCA,EAAa,gBAAmB,IACnG,CACJ,CAEO,SAASC,EAAoBC,EAA6D,CAC7F,MAAO,CACH,aAAeA,EAAe,aAC9B,OAAeT,EAAYS,EAAe,UAAU,EACpD,cAAeN,EAAmBM,EAAe,iBAAiB,EAClE,UAAWA,EAAe,SAC9B,CACJ,CD3CA,eAAeC,EAAQC,EAAgBC,EAA8B,CAClE,GAAG,OAAOD,GAAc,WAAY,CAC/B,IAAME,EAAMF,EAAUC,CAAK,EAC3B,OAAGC,aAAe,QACP,MAAMA,EAENA,CACf,CAEA,OAAOF,IAAcC,CACzB,CAEA,eAAeE,EAAWH,EAAgBC,EAA8B,CACpE,MAAO,CAAE,MAAMF,EAAQC,EAAWC,CAAK,CAC3C,CAQA,eAAsBG,EAAmBC,EAAsCC,EAA2D,CACtI,IAAMC,EAAeC,EAAkBH,CAAe,EAGtD,GAFAE,EAAa,OAAO,UAEhBA,EAAa,OAAO,OAAS,kBAC7B,MAAM,IAAI,MAAM,+BAA+BA,EAAa,OAAO,MAAM,EAE7E,GAAI,MAAMJ,EAAWG,EAAS,OAAQC,EAAa,OAAO,MAAM,EAC5D,MAAM,IAAI,MAAM,iCAAiCA,EAAa,OAAO,QAAQ,EAEjF,GAAI,MAAMJ,EAAWG,EAAS,UAAWC,EAAa,OAAO,SAAS,EAClE,MAAM,IAAI,MAAM,oCAAoCA,EAAa,OAAO,WAAW,EAEvF,OAAOA,CACX,CAYA,eAAsBE,EAAqBC,EAA0CC,EAA2BL,EAA+D,CAC3K,GAAII,EAAkB,eAAiBC,EAAW,GAC9C,MAAM,IAAI,MAAM,2BAA2BD,EAAkB,mBAAmBC,EAAW,IAAI,EAWnG,GAAG,CAT+B,MAAMC,EAAgB,CACpD,UAAWD,EAAW,UACtB,UAAWA,EAAW,UACtB,kBAAmBD,EAAkB,kBACrC,WAAYA,EAAkB,WAC9B,UAAWA,EAAkB,UAC7B,QAASJ,EAAS,OACtB,CAAC,EAGG,MAAM,IAAI,MAAM,sBAAsBI,EAAkB,WAAW,EAEvE,IAAMG,EAAiBC,EAAoBJ,CAAiB,EAE5D,GAAIG,EAAe,OAAO,OAAS,eAC/B,MAAM,IAAI,MAAM,+BAA+BA,EAAe,OAAO,MAAM,EAE/E,GAAI,MAAMV,EAAWG,EAAS,OAAQO,EAAe,OAAO,MAAM,EAC9D,MAAM,IAAI,MAAM,iCAAiCA,EAAe,OAAO,QAAQ,EAEnF,GAAI,MAAMV,EAAWG,EAAS,UAAWO,EAAe,OAAO,SAAS,EACpE,MAAM,IAAI,MAAM,oCAAoCA,EAAe,OAAO,WAAW,EAGzF,IAAME,EAAO,IAAI,IAAIF,EAAe,OAAO,MAAM,EAAE,SAC7CG,EAAyBC,EAAY,MAAYC,EAAaC,EAASJ,CAAI,CAAC,CAAC,EACnF,GAAIF,EAAe,cAAc,WAAaG,EAC1C,MAAM,IAAI,MAAM,wBAAwBH,EAAe,cAAc,eAAeG,GAAkB,EAE1G,GAAI,CAACH,EAAe,cAAc,MAAM,YACpC,MAAM,IAAI,MAAM,qDAAqD,EAEzE,GAAI,CAACA,EAAe,cAAc,MAAM,cAAgBP,EAAS,aAC7D,MAAM,IAAI,MAAM,sDAAsD,EAE1E,GAAIA,EAAS,SAAWO,EAAe,cAAc,SAAWP,EAAS,QACrE,MAAM,IAAI,MAAM,qCAAqCO,EAAe,cAAc,wBAAwBP,EAAS,UAAU,EAEjI,OAAOO,CACX,CAcA,SAASO,EAAcC,EAA2B,CAC9C,OAAQA,EAAW,CACf,IAAK,QACD,MAAO,CACH,KAAM,oBACN,KAAM,SACV,EACJ,IAAK,QACD,MAAO,CACH,KAAM,QACN,WAAY,QACZ,KAAM,SACV,EAEJ,QACI,MAAM,IAAI,MAAM,4CAA4CA,4CAAoD,CACxH,CACJ,CAIA,eAAeC,EAAeC,EAAwBC,EAAuC,CACzF,IAAMC,EAAeC,EAAeF,CAAS,EAC7C,OAAO,OAAO,OAAO,UAAU,OAAQC,EAAQF,EAAY,GAAO,CAAC,QAAQ,CAAC,CAChF,CAyBA,eAAsBX,EAAgB,CAAE,UAAAS,EAAW,UAAAG,EAAW,kBAAAG,EAAmB,WAAAC,EAAY,UAAAC,EAAW,QAAAC,CAAQ,EAAmC,CAC/I,IAAMP,EAAaH,EAAcC,CAAS,EACtCU,EAAY,MAAMT,EAAeC,EAAYC,CAAS,EAEvDM,GACC,QAAQ,MAAMC,CAAS,EAG3B,IAAIC,EAAa,MAAYd,EAAaQ,EAAeE,CAAU,CAAC,EAGhEK,EAAoBC,EAAyBR,EAAeC,CAAiB,EAAGK,CAAU,EAE3FF,IACC,QAAQ,MAAM,gBAAkB,KAAK,UAAUP,CAAU,CAAC,EAC1D,QAAQ,MAAM,eAAiBC,CAAS,EACxC,QAAQ,MAAM,SAAiBP,EAAYgB,CAAW,CAAC,EACvD,QAAQ,MAAM,cAAgBJ,CAAS,GAI3C,IAAIM,EAAwBT,EAAeG,CAAS,EACpD,OAAGR,GAAa,UACZc,EAAkBC,EAAiBD,CAAe,GAEtC,MAAM,OAAO,OAAO,OAAOZ,EAAYQ,EAAWI,EAAiBF,CAAW,CAGlG,CAEA,SAASG,EAAiBD,EAA8B,CAEpD,IAAME,EAAa,IAAI,WAAWF,CAAe,EAC3CG,EAASD,EAAW,KAAO,EAAI,EAAI,EACnCE,EAAOD,EAAS,GAChBE,EAASH,EAAWE,EAAO,KAAO,EAAIA,EAAO,EAAIA,EAAO,EACxDE,EAAIJ,EAAW,MAAMC,EAAQC,CAAI,EACjCG,EAAIL,EAAW,MAAMG,CAAM,EACjC,OAAO,IAAI,WAAW,CAAC,GAAGC,EAAG,GAAGC,CAAC,CAAC,CACtC,CIzLA,IAAOC,GAAQ,CAAE,OAAAC,EAAQ,OAAAC,EAAQ,QAAAC,EAAS,MAAAC,EAAO,sBAAAC,CAAsB", + "sourcesContent": ["import * as utils from './utils.js'\nimport { AuthenticateOptions, AuthenticationEncoded, AuthType, NamedAlgo, NumAlgo, RegisterOptions, RegistrationEncoded } from './types.js'\n\n/**\n * Returns whether passwordless authentication is available on this browser/platform or not.\n */\n export function isAvailable() :boolean {\n return !!window.PublicKeyCredential\n}\n\n/**\n * Returns whether the device itself can be used as authenticator.\n */\nexport async function isLocalAuthenticator() :Promise {\n return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()\n}\n\n\n\n\nasync function getAuthAttachment(authType :AuthType) :Promise {\n if(authType === \"local\")\n return \"platform\";\n if(authType === \"roaming\" || authType === \"extern\")\n return \"cross-platform\";\n if(authType === \"both\")\n return undefined // The webauthn protocol considers `null` as invalid but `undefined` as \"both\"!\n\n // the default case: \"auto\", depending on device capabilities\n try {\n if(await isLocalAuthenticator())\n return \"platform\"\n else\n return \"cross-platform\"\n } catch(e) {\n // might happen due to some security policies\n // see https://w3c.github.io/webauthn/#sctn-isUserVerifyingPlatformAuthenticatorAvailable\n return undefined // The webauthn protocol considers `null` as invalid but `undefined` as \"both\"!\n }\n}\n\n\n\nfunction getAlgoName(num :NumAlgo) :NamedAlgo {\n switch(num) {\n case -7: return \"ES256\"\n // case -8 ignored to to its rarity\n case -257: return \"RS256\"\n default: throw new Error(`Unknown algorithm code: ${num}`)\n }\n}\n\n\n\n/**\n * Creates a cryptographic key pair, in order to register the public key for later passwordless authentication.\n *\n * @param {string} username\n * @param {string} challenge A server-side randomly generated string.\n * @param {Object} [options] Optional parameters.\n * @param {number} [options.timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check.\n * @param {'required'|'preferred'|'discouraged'} [options.userVerification='required'] Whether to prompt for biometric/PIN check or not.\n * @param {'auto'|'local'|'roaming'|'both'} [options.authenticatorType='auto'] Which device to use as authenticator.\n * 'auto': if the local device can be used as authenticator it will be preferred. Otherwise it will prompt for a roaming device.\n * 'local': use the local device (using TouchID, FaceID, Windows Hello or PIN)\n * 'roaming': use a roaming device (security key or connected phone)\n * 'both': prompt the user to choose between local or roaming device. The UI and user interaction in this case is platform specific.\n * @param {boolean} [options.attestation=false] If enabled, the device attestation and clientData will be provided as Base64url encoded binary data.\n * Note that this is not available on some platforms.\n * @param {'discouraged'|'preferred'|'required'} [options.discoverable] A \"discoverable\" credential can be selected using `authenticate(...)` without providing credential IDs.\n * Instead, a native pop-up will appear for user selection.\n * This may have an impact on the \"passkeys\" user experience and syncing behavior of the key.\n */\nexport async function register(username :string, challenge :string, options? :RegisterOptions) :Promise {\n options = options ?? {}\n\n if(!utils.isBase64url(challenge))\n throw new Error('Provided challenge is not properly encoded in Base64url')\n\n const creationOptions :PublicKeyCredentialCreationOptions = {\n challenge: utils.parseBase64url(challenge),\n rp: {\n id: window.location.hostname,\n name: window.location.hostname\n },\n user: {\n id: options.userHandle ? utils.toBuffer(options.userHandle) : await utils.sha256(new TextEncoder().encode('passwordless.id-user:' + username)), // ID should not be directly \"identifiable\" for privacy concerns\n name: username,\n displayName: username,\n },\n pubKeyCredParams: [\n {alg: -7, type: \"public-key\"}, // ES256 (Webauthn's default algorithm)\n {alg: -257, type: \"public-key\"}, // RS256 (for Windows Hello and others)\n ],\n timeout: options.timeout ?? 60000,\n authenticatorSelection: {\n userVerification: options.userVerification ?? \"required\", // Webauthn default is \"preferred\"\n authenticatorAttachment: await getAuthAttachment(options.authenticatorType ?? \"auto\"),\n residentKey: options.discoverable ?? 'preferred', // official default is 'discouraged'\n requireResidentKey: (options.discoverable === 'required') // mainly for backwards compatibility, see https://www.w3.org/TR/webauthn/#dictionary-authenticatorSelection\n },\n attestation: \"direct\"\n }\n\n if(options.debug)\n console.debug(creationOptions)\n\n const credential = await navigator.credentials.create({publicKey: creationOptions}) as any //PublicKeyCredential\n \n if(options.debug)\n console.debug(credential)\n \n const response = credential.response as any // AuthenticatorAttestationResponse\n \n let registration :RegistrationEncoded = {\n username: username,\n credential: {\n id: credential.id,\n publicKey: utils.toBase64url(response.getPublicKey()),\n algorithm: getAlgoName(credential.response.getPublicKeyAlgorithm())\n },\n authenticatorData: utils.toBase64url(response.getAuthenticatorData()),\n clientData: utils.toBase64url(response.clientDataJSON),\n }\n\n if(options.attestation) {\n registration.attestationData = utils.toBase64url(response.attestationObject)\n }\n\n return registration\n}\n\n\nasync function getTransports(authType :AuthType) :Promise {\n const local :AuthenticatorTransport[] = ['internal']\n\n // 'hybrid' was added mid-2022 in the specs and currently not yet available in the official dom types\n // @ts-ignore\n const roaming :AuthenticatorTransport[] = ['hybrid', 'usb', 'ble', 'nfc']\n \n if(authType === \"local\")\n return local\n if(authType == \"roaming\" || authType === \"extern\")\n return roaming\n if(authType === \"both\")\n return [...local, ...roaming]\n\n // the default case: \"auto\", depending on device capabilities\n try {\n if(await isLocalAuthenticator())\n return local\n else\n return roaming\n } catch(e) {\n return [...local, ...roaming]\n }\n}\n\n\n/**\n * Signs a challenge using one of the provided credentials IDs in order to authenticate the user.\n *\n * @param {string[]} credentialIds The list of credential IDs that can be used for signing.\n * @param {string} challenge A server-side randomly generated string, the base64 encoded version will be signed.\n * @param {Object} [options] Optional parameters.\n * @param {number} [options.timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check.\n * @param {'required'|'preferred'|'discouraged'} [options.userVerification='required'] Whether to prompt for biometric/PIN check or not.\n * @param {'optional'|'conditional'|'required'|'silent'} [options.mediation='optional'] https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get#mediation\n */\nexport async function authenticate(credentialIds :string[], challenge :string, options? :AuthenticateOptions) :Promise {\n options = options ?? {}\n\n if(!utils.isBase64url(challenge))\n throw new Error('Provided challenge is not properly encoded in Base64url')\n\n const transports = await getTransports(options.authenticatorType ?? \"auto\");\n\n let authOptions :PublicKeyCredentialRequestOptions = {\n challenge: utils.parseBase64url(challenge),\n rpId: window.location.hostname,\n allowCredentials: credentialIds.map(id => { return {\n id: utils.parseBase64url(id),\n type: 'public-key',\n transports: transports,\n }}),\n userVerification: options.userVerification ?? \"required\",\n timeout: options.timeout ?? 60000,\n }\n\n if(options.debug)\n console.debug(authOptions)\n\n let auth = await navigator.credentials.get({publicKey: authOptions, mediation: options.mediation}) as PublicKeyCredential\n \n if(options.debug)\n console.debug(auth)\n\n const response = auth.response as AuthenticatorAssertionResponse\n \n const authentication :AuthenticationEncoded = {\n credentialId: auth.id,\n authenticatorData: utils.toBase64url(response.authenticatorData),\n clientData: utils.toBase64url(response.clientDataJSON),\n signature: utils.toBase64url(response.signature),\n userHandle: response.userHandle ? utils.toBase64url(response.userHandle) : undefined // may not be returned by every authenticator\n }\n\n return authentication\n}\n\n", "/********************************\n Encoding/Decoding Utils\n********************************/\n\nexport function randomChallenge() {\n return crypto.randomUUID()\n}\n\n\nexport function toBuffer(txt :string) :ArrayBuffer {\n return Uint8Array.from(txt, c => c.charCodeAt(0)).buffer\n}\n\nexport function parseBuffer(buffer :ArrayBuffer) :string {\n return String.fromCharCode(...new Uint8Array(buffer))\n}\n\n\nexport function isBase64url(txt :string) :boolean {\n return txt.match(/^[a-zA-Z0-9\\-_]+=*$/) !== null\n}\n\nexport function toBase64url(buffer :ArrayBuffer) :string {\n const txt = btoa(parseBuffer(buffer)) // base64\n return txt.replaceAll('+', '-').replaceAll('/', '_')\n}\n\nexport function parseBase64url(txt :string) :ArrayBuffer {\n txt = txt.replaceAll('-', '+').replaceAll('_', '/') // base64url -> base64\n return toBuffer(atob(txt))\n}\n\n\nexport async function sha256(buffer :ArrayBuffer) :Promise {\n return await crypto.subtle.digest('SHA-256', buffer)\n}\n\nexport function bufferToHex (buffer :ArrayBuffer) :string {\n return [...new Uint8Array (buffer)]\n .map (b => b.toString (16).padStart (2, \"0\"))\n .join (\"\");\n}\n\n\nexport function concatenateBuffers(buffer1 :ArrayBuffer, buffer2 :ArrayBuffer) {\n var tmp = new Uint8Array(buffer1.byteLength + buffer2.byteLength);\n tmp.set(new Uint8Array(buffer1), 0);\n tmp.set(new Uint8Array(buffer2), buffer1.byteLength);\n return tmp;\n };", "import { parseAuthentication, parseRegistration } from \"./parsers.js\";\nimport { AuthenticationEncoded, AuthenticationParsed, CredentialKey, NamedAlgo, RegistrationEncoded, RegistrationParsed } from \"./types.js\";\nimport * as utils from './utils.js'\n\n\nasync function isValid(validator :any, value :any) :Promise {\n if(typeof validator === 'function') {\n const res = validator(value)\n if(res instanceof Promise)\n return await res\n else\n return res\n }\n // the validator can be a single value too\n return validator === value\n}\n\nasync function isNotValid(validator :any, value :any) :Promise {\n return !(await isValid(validator, value))\n}\n\ninterface RegistrationChecks {\n challenge: string | Function,\n origin: string | Function\n}\n\n\nexport async function verifyRegistration(registrationRaw: RegistrationEncoded, expected: RegistrationChecks): Promise {\n const registration = parseRegistration(registrationRaw)\n\n if (registration.client.type !== \"webauthn.create\")\n throw new Error(`Unexpected ClientData type: ${registration.client.type}`)\n\n if (await isNotValid(expected.origin, registration.client.origin))\n throw new Error(`Unexpected ClientData origin: ${registration.client.origin}`)\n\n if (await isNotValid(expected.challenge, registration.client.challenge))\n throw new Error(`Unexpected ClientData challenge: ${registration.client.challenge}`)\n\n return registration\n}\n\n\ninterface AuthenticationChecks {\n challenge: string | Function,\n origin: string | Function,\n userVerified: boolean,\n counter?: number, // Made optional according to https://github.com/passwordless-id/webauthn/issues/38\n verbose?: boolean\n}\n\n\nexport async function verifyAuthentication(authenticationRaw: AuthenticationEncoded, credential: CredentialKey, expected: AuthenticationChecks): Promise {\n if (authenticationRaw.credentialId !== credential.id)\n throw new Error(`Credential ID mismatch: ${authenticationRaw.credentialId} vs ${credential.id}`)\n\n const isValidSignature: boolean = await verifySignature({\n algorithm: credential.algorithm,\n publicKey: credential.publicKey,\n authenticatorData: authenticationRaw.authenticatorData,\n clientData: authenticationRaw.clientData,\n signature: authenticationRaw.signature,\n verbose: expected.verbose\n })\n\n if(!isValidSignature)\n throw new Error(`Invalid signature: ${authenticationRaw.signature}`)\n\n const authentication = parseAuthentication(authenticationRaw)\n\n if (authentication.client.type !== \"webauthn.get\")\n throw new Error(`Unexpected clientData type: ${authentication.client.type}`)\n\n if (await isNotValid(expected.origin, authentication.client.origin))\n throw new Error(`Unexpected ClientData origin: ${authentication.client.origin}`)\n\n if (await isNotValid(expected.challenge, authentication.client.challenge))\n throw new Error(`Unexpected ClientData challenge: ${authentication.client.challenge}`)\n\n // this only works because we consider `rp.origin` and `rp.id` to be the same during authentication/registration\n const rpId = new URL(authentication.client.origin).hostname\n const expectedRpIdHash = utils.toBase64url(await utils.sha256(utils.toBuffer(rpId)))\n if (authentication.authenticator.rpIdHash !== expectedRpIdHash)\n throw new Error(`Unexpected RpIdHash: ${authentication.authenticator.rpIdHash} vs ${expectedRpIdHash}`)\n\n if (!authentication.authenticator.flags.userPresent)\n throw new Error(`Unexpected authenticator flags: missing userPresent`)\n\n if (!authentication.authenticator.flags.userVerified && expected.userVerified)\n throw new Error(`Unexpected authenticator flags: missing userVerified`)\n\n if (expected.counter && authentication.authenticator.counter <= expected.counter)\n throw new Error(`Unexpected authenticator counter: ${authentication.authenticator.counter} (should be > ${expected.counter})`)\n\n return authentication\n}\n\n\n// https://w3c.github.io/webauthn/#sctn-public-key-easy\n// https://www.iana.org/assignments/cose/cose.xhtml#algorithms\n/*\nUser agents MUST be able to return a non-null value for getPublicKey() when the credential public key has a COSEAlgorithmIdentifier value of:\n\n-7 (ES256), where kty is 2 (with uncompressed points) and crv is 1 (P-256).\n\n-257 (RS256).\n\n-8 (EdDSA), where crv is 6 (Ed25519).\n*/\nfunction getAlgoParams(algorithm: NamedAlgo): any {\n switch (algorithm) {\n case 'RS256':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: 'SHA-256'\n };\n case 'ES256':\n return {\n name: 'ECDSA',\n namedCurve: 'P-256',\n hash: 'SHA-256',\n };\n // case 'EdDSA': Not supported by browsers\n default:\n throw new Error(`Unknown or unsupported crypto algorithm: ${algorithm}. Only 'RS256' and 'ES256' are supported.`)\n }\n}\n\ntype AlgoParams = AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm\n\nasync function parseCryptoKey(algoParams: AlgoParams, publicKey: string): Promise {\n const buffer = utils.parseBase64url(publicKey)\n return crypto.subtle.importKey('spki', buffer, algoParams, false, ['verify'])\n}\n\n\n\ntype VerifyParams = {\n algorithm: NamedAlgo,\n publicKey: string, // Base64url encoded\n authenticatorData: string, // Base64url encoded\n clientData: string, // Base64url encoded\n signature: string, // Base64url encoded\n verbose?: boolean, // Enables debug logs containing sensitive data like crypto keys\n}\n\n\n// https://w3c.github.io/webauthn/#sctn-verifying-assertion\n// https://w3c.github.io/webauthn/#sctn-signature-attestation-types\n/* Emphasis mine:\n\n6.5.6. Signature Formats for Packed Attestation, FIDO U2F Attestation, and **Assertion Signatures**\n\n[...] For COSEAlgorithmIdentifier -7 (ES256) [...] the sig value MUST be encoded as an ASN.1 [...]\n[...] For COSEAlgorithmIdentifier -257 (RS256) [...] The signature is not ASN.1 wrapped.\n[...] For COSEAlgorithmIdentifier -37 (PS256) [...] The signature is not ASN.1 wrapped.\n*/\n// see also https://gist.github.com/philholden/50120652bfe0498958fd5926694ba354\nexport async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature, verbose }: VerifyParams): Promise {\n const algoParams = getAlgoParams(algorithm)\n let cryptoKey = await parseCryptoKey(algoParams, publicKey)\n\n if(verbose) {\n console.debug(cryptoKey)\n }\n\n let clientHash = await utils.sha256(utils.parseBase64url(clientData));\n\n // during \"login\", the authenticatorData is exactly 37 bytes\n let comboBuffer = utils.concatenateBuffers(utils.parseBase64url(authenticatorData), clientHash)\n\n if(verbose) {\n console.debug('Crypto Algo: ' + JSON.stringify(algoParams))\n console.debug('Public key: ' + publicKey)\n console.debug('Data: ' + utils.toBase64url(comboBuffer))\n console.debug('Signature: ' + signature)\n }\n\n // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify\n let signatureBuffer = utils.parseBase64url(signature)\n if(algorithm == 'ES256')\n signatureBuffer = convertASN1toRaw(signatureBuffer)\n\n const isValid = await crypto.subtle.verify(algoParams, cryptoKey, signatureBuffer, comboBuffer)\n\n return isValid\n}\n\nfunction convertASN1toRaw(signatureBuffer :ArrayBuffer) {\n // Convert signature from ASN.1 sequence to \"raw\" format\n const usignature = new Uint8Array(signatureBuffer);\n const rStart = usignature[4] === 0 ? 5 : 4;\n const rEnd = rStart + 32;\n const sStart = usignature[rEnd + 2] === 0 ? rEnd + 3 : rEnd + 2;\n const r = usignature.slice(rStart, rEnd);\n const s = usignature.slice(sStart);\n return new Uint8Array([...r, ...s]);\n}", "import * as authenticators from './authenticators.js'\nimport * as utils from './utils.js'\nimport { AuthenticatorInfo, ClientInfo, RegistrationEncoded, RegistrationParsed, AuthenticationEncoded, AuthenticationParsed } from './types'\n\nconst utf8Decoder = new TextDecoder('utf-8')\n\nexport function parseClient(data :string|ArrayBuffer) :ClientInfo {\n if(typeof data == 'string')\n data = utils.parseBase64url(data)\n return JSON.parse(utf8Decoder.decode(data))\n}\n\n\nexport function parseAuthenticator(data :string|ArrayBuffer) :AuthenticatorInfo {\n if(typeof data == 'string')\n data = utils.parseBase64url(data)\n return authenticators.parseAuthBuffer(data)\n}\n\n\nexport function parseAttestation(data :string|ArrayBuffer) :unknown {\n //if(typeof data == 'string')\n // data = utils.parseBase64url(data)\n // Useless comment, let's at least provide the raw value \n // return \"The device attestation proves the authenticity of the device model / aaguid. It's not guaranteed to be included and really complex to parse / verify. Good luck with that one!\"\n return data;\n}\n\n\n\nexport function parseRegistration(registration :RegistrationEncoded) :RegistrationParsed {\n return {\n username: registration.username,\n credential: registration.credential,\n\n client: parseClient(registration.clientData),\n authenticator: parseAuthenticator(registration.authenticatorData),\n attestation: registration.attestationData ? parseAttestation(registration.attestationData) : null\n }\n}\n\nexport function parseAuthentication(authentication :AuthenticationEncoded) :AuthenticationParsed {\n return {\n credentialId: authentication.credentialId,\n client: parseClient(authentication.clientData),\n authenticator: parseAuthenticator(authentication.authenticatorData),\n signature: authentication.signature\n }\n}", "/**\n * The source comes from\n * \"official\" https://mds.fidoalliance.org/\n * and the\n * \"community-driven\" https://github.com/passkeydeveloper/passkey-authenticator-aaguids\n * combined together.\n */\nexport const authenticatorMetadata :Record = {\n\t\"00000000-0000-0000-0000-000000000000\": \"Unknown authenticator\",\n\t\"0076631b-d4a0-427f-5773-0ec71c9e0279\": \"HYPR FIDO2 Authenticator\",\n\t\"07a9f89c-6407-4594-9d56-621d5f1e358b\": \"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator\",\n\t\"08987058-cadc-4b81-b6e1-30de50dcbe96\": \"Windows Hello\",\n\t\"09591fc6-9811-48f7-8f57-b9f23df6413f\": \"Pone Biometrics OFFPAD Authenticator\",\n\t\"0acf3011-bc60-f375-fb53-6f05f43154e0\": \"Nymi FIDO2 Authenticator\",\n\t\"0bb43545-fd2c-4185-87dd-feb0b2916ace\": \"Security Key NFC by Yubico - Enterprise Edition\",\n\t\"0d9b2e56-566b-c393-2940-f821b7f15d6d\": \"Excelsecu eSecu FIDO2 Pro Security Key\",\n\t\"0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6\": \"Keeper\",\n\t\"1105e4ed-af1d-02ff-ffff-ffffffffffff\": \"Egomet FIDO2 Authenticator for Android\",\n\t\"12ded745-4bed-47d4-abaa-e713f51d6393\": \"Feitian AllinOne FIDO2 Authenticator\",\n\t\"149a2021-8ef6-4133-96b8-81f8d5b7f1f5\": \"Security Key by Yubico with NFC\",\n\t\"17290f1e-c212-34d0-1423-365d729f09d9\": \"Thales PIN iOS SDK\",\n\t\"175cd298-83d2-4a26-b637-313c07a6434e\": \"Chunghwa Telecom FIDO2 Smart Card Authenticator\",\n\t\"1c086528-58d5-f211-823c-356786e36140\": \"Atos CardOS FIDO2\",\n\t\"20f0be98-9af9-986a-4b42-8eca4acb28e4\": \"Excelsecu eSecu FIDO2 Fingerprint Security Key\",\n\t\"2194b428-9397-4046-8f39-007a1605a482\": \"IDPrime 931 Fido\",\n\t\"23786452-f02d-4344-87ed-aaf703726881\": \"SafeNet eToken Fusion CC\",\n\t\"2c0df832-92de-4be1-8412-88a8f074df4a\": \"Feitian FIDO Smart Card\",\n\t\"2d3bec26-15ee-4f5d-88b2-53622490270b\": \"HID Crescendo Key V2\",\n\t\"2fc0579f-8113-47ea-b116-bb5a8db9202a\": \"YubiKey 5 Series with NFC\",\n\t\"2ffd6452-01da-471f-821b-ea4bf6c8676a\": \"IDPrime 941 Fido\",\n\t\"30b5035e-d297-4fc1-b00b-addc96ba6a97\": \"OneSpan FIDO Touch\",\n\t\"30b5035e-d297-4ff1-b00b-addc96ba6a98\": \"OneSpan DIGIPASS FX1 BIO\",\n\t\"341e4da9-3c2e-8103-5a9f-aad887135200\": \"Ledger Nano S FIDO2 Authenticator\",\n\t\"34f5766d-1536-4a24-9033-0e294e510fb0\": \"YubiKey 5 Series CTAP2.1 Preview Expired \",\n\t\"361a3082-0278-4583-a16f-72a527f973e4\": \"eWBM eFA500 FIDO2 Authenticator\",\n\t\"3789da91-f943-46bc-95c3-50ea2012f03a\": \"NEOWAVE Winkeo FIDO2\",\n\t\"39a5647e-1853-446c-a1f6-a79bae9f5bc7\": \"IDmelon\",\n\t\"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a\": \"GoTrust Idem Key FIDO2 Authenticator\",\n\t\"3e078ffd-4c54-4586-8baa-a77da113aec5\": \"Hideez Key 3 FIDO2\",\n\t\"3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d\": \"Feitian iePass FIDO Authenticator\",\n\t\"3f59672f-20aa-4afe-b6f4-7e5e916b6d98\": \"Arculus FIDO 2.1 Key Card [P71]\",\n\t\"42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3\": \"Google Titan Security Key v2\",\n\t\"454e5346-4944-4ffd-6c93-8e9267193e9a\": \"Ensurity ThinC\",\n\t\"4b3f8944-d4f2-4d21-bb19-764a986ec160\": \"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"4c0cf95d-2f40-43b5-ba42-4c83a11c04ba\": \"Feitian BioPass FIDO2 Pro Authenticator\",\n\t\"4c50ff10-1057-4fc6-b8ed-43a529530c3c\": \"ImproveID Authenticator\",\n\t\"4d41190c-7beb-4a84-8018-adf265a6352d\": \"Thales IDPrime FIDO Bio\",\n\t\"4e768f2c-5fab-48b3-b300-220eb487752b\": \"Hideez Key 4 FIDO2 SDK\",\n\t\"504d7149-4e4c-3841-4555-55445a677357\": \"WiSECURE AuthTron USB FIDO2 Authenticator\",\n\t\"50a45b0c-80e7-f944-bf29-f552bfa2e048\": \"ACS FIDO Authenticator\",\n\t\"516d3969-5a57-5651-5958-4e7a49434167\": \"SmartDisplayer BobeePass FIDO2 Authenticator\",\n\t\"531126d6-e717-415c-9320-3d9aa6981239\": \"Dashlane\",\n\t\"53414d53-554e-4700-0000-000000000000\": \"Samsung Pass\",\n\t\"5343502d-5343-5343-6172-644649444f32\": \"ESS Smart Card Inc. Authenticator\",\n\t\"54d9fee8-e621-4291-8b18-7157b99c5bec\": \"HID Crescendo Enabled\",\n\t\"5626bed4-e756-430b-a7ff-ca78c8b12738\": \"VALMIDO PRO FIDO\",\n\t\"58b44d0b-0a7c-f33a-fd48-f7153c871352\": \"Ledger Nano S Plus FIDO2 Authenticator\",\n\t\"5ca1ab1e-1337-fa57-f1d0-a117e71ca702\": \"Allthenticator App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers\",\n\t\"5d629218-d3a5-11ed-afa1-0242ac120002\": \"Swissbit iShield Key Pro\",\n\t\"5fdb81b8-53f0-4967-a881-f5ec26fe4d18\": \"VinCSS FIDO2 Authenticator\",\n\t\"6002f033-3c07-ce3e-d0f7-0ffe5ed42543\": \"Excelsecu eSecu FIDO2 Fingerprint Key\",\n\t\"6028b017-b1d4-4c02-b4b3-afcdafc96bb2\": \"Windows Hello\",\n\t\"61250591-b2bc-4456-b719-0b17be90bb30\": \"eWBM eFPA FIDO2 Authenticator\",\n\t\"664d9f67-84a2-412a-9ff7-b4f7d8ee6d05\": \"OpenSK authenticator\",\n\t\"66a0ccb3-bd6a-191f-ee06-e375c50b9846\": \"Thales Bio iOS SDK\",\n\t\"692db549-7ae5-44d5-a1e5-dd20a493b723\": \"HID Crescendo Key\",\n\t\"69700f79-d1fb-472e-bd9b-a3a3b9a9eda0\": \"Pone Biometrics OFFPAD Authenticator\",\n\t\"6d44ba9b-f6ec-2e49-b930-0c8fe920cb73\": \"Security Key by Yubico with NFC\",\n\t\"73402251-f2a8-4f03-873e-3cb6db604b03\": \"uTrust FIDO2 Security Key\",\n\t\"73bb0cd4-e502-49b8-9c6f-b59445bf720b\": \"YubiKey 5 FIPS Series\",\n\t\"74820b05-a6c9-40f9-8fb0-9f86aca93998\": \"SafeNet eToken Fusion\",\n\t\"77010bd7-212a-4fc9-b236-d2ca5e9d4084\": \"Feitian BioPass FIDO2 Authenticator\",\n\t\"771b48fd-d3d4-4f74-9232-fc157ab0507a\": \"Edge on Mac\",\n\t\"7e3f3d30-3557-4442-bdae-139312178b39\": \"RSA DS100\",\n\t\"820d89ed-d65a-409e-85cb-f73f0578f82a\": \"IDmelon iOS Authenticator\",\n\t\"833b721a-ff5f-4d00-bb2e-bdda3ec01e29\": \"Feitian ePass FIDO2 Authenticator\",\n\t\"83c47309-aabb-4108-8470-8be838b573cb\": \"YubiKey Bio Series (Enterprise Profile)\",\n\t\"85203421-48f9-4355-9bc8-8a53846e5083\": \"YubiKey 5 FIPS Series with Lightning\",\n\t\"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c\": \"eWBM eFA320 FIDO2 Authenticator\",\n\t\"8836336a-f590-0921-301d-46427531eee6\": \"Thales Bio Android SDK\",\n\t\"8876631b-d4a0-427f-5773-0ec71c9e0279\": \"Solo Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"88bbd2f0-342a-42e7-9729-dd158be5407a\": \"Precision InnaIT Key FIDO 2 Level 2 certified\",\n\t\"8976631b-d4a0-427f-5773-0ec71c9e0279\": \"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"89b19028-256b-4025-8872-255358d950e4\": \"Sentry Enterprises CTAP2 Authenticator\",\n\t\"8c97a730-3f7b-41a6-87d6-1e9b62bda6f0\": \"FT-JCOS FIDO Fingerprint Card\",\n\t\"8d1b1fcb-3c76-49a9-9129-5515b346aa02\": \"IDEMIA ID-ONE Card\",\n\t\"91ad6b93-264b-4987-8737-3a690cad6917\": \"Token Ring FIDO2 Authenticator\",\n\t\"931327dd-c89b-406c-a81e-ed7058ef36c6\": \"Swissbit iShield Key FIDO2\",\n\t\"95442b2e-f15e-4def-b270-efb106facb4e\": \"eWBM eFA310 FIDO2 Authenticator\",\n\t\"95e4d58c-056e-4a65-866d-f5a69659e880\": \"TruU Windows Authenticator\",\n\t\"973446ca-e21c-9a9b-99f5-9b985a67af0f\": \"ACS FIDO Authenticator Card\",\n\t\"9876631b-d4a0-427f-5773-0ec71c9e0279\": \"Somu Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"998f358b-2dd2-4cbe-a43a-e8107438dfb3\": \"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"99bf4610-ec26-4252-b31f-7380ccd59db5\": \"ZTPass Card\",\n\t\"9c835346-796b-4c27-8898-d6032f515cc5\": \"Cryptnox FIDO2\",\n\t\"9d3df6ba-282f-11ed-a261-0242ac120002\": \"Arculus FIDO2/U2F Key Card\",\n\t\"9ddd1817-af5a-4672-a2b9-3e3dd95000a9\": \"Windows Hello\",\n\t\"9f0d8150-baa5-4c00-9299-ad62c8bb4e87\": \"GoTrust Idem Card FIDO2 Authenticator\",\n\t\"9f77e279-a6e2-4d58-b700-31e5943c6a98\": \"Hyper FIDO Pro\",\n\t\"a1f52be5-dfab-4364-b51c-2bd496b14a56\": \"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR\",\n\t\"a3975549-b191-fd67-b8fb-017e2917fdb3\": \"Excelsecu eSecu FIDO2 NFC Security Key\",\n\t\"a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa\": \"Security Key NFC by Yubico\",\n\t\"ab32f0c6-2239-afbb-c470-d2ef4e254db6\": \"TEST (DUMMY RECORD)\",\n\t\"ab32f0c6-2239-afbb-c470-d2ef4e254db7\": \"TOKEN2 FIDO2 Security Key\",\n\t\"adce0002-35bc-c60a-648b-0b25f1f05503\": \"Chrome on Mac\",\n\t\"aeb6569c-f8fb-4950-ac60-24ca2bbe2e52\": \"HID Crescendo C2300\",\n\t\"b267239b-954f-4041-a01b-ee4f33c145b6\": \"authenton1 - CTAP2.1\",\n\t\"b50d5e0a-7f81-4959-9b12-f45407407503\": \"IDPrime 3940 FIDO\",\n\t\"b5397666-4885-aa6b-cebf-e52262a439a2\": \"Chromium Browser\",\n\t\"b6ede29c-3772-412c-8a78-539c1f4c62d2\": \"Feitian BioPass FIDO2 Plus Authenticator\",\n\t\"b84e4048-15dc-4dd0-8640-f4f60813c8af\": \"NordPass\",\n\t\"b92c3f9a-c014-4056-887f-140a2501163b\": \"Security Key by Yubico\",\n\t\"b93fd961-f2e6-462f-b122-82002247de78\": \"Android Authenticator with SafetyNet Attestation\",\n\t\"ba76a271-6eb6-4171-874d-b6428dbe3437\": \"ATKey.ProS\",\n\t\"ba86dc56-635f-4141-aef6-00227b1b9af6\": \"TruU Windows Authenticator\",\n\t\"bada5566-a7aa-401f-bd96-45619a55120d\": \"1Password\",\n\t\"bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a\": \"Excelsecu eSecu FIDO2 PRO Security Key\",\n\t\"bc2fe499-0d8e-4ffe-96f3-94a82840cf8c\": \"OCTATCO EzQuant FIDO2 AUTHENTICATOR\",\n\t\"be727034-574a-f799-5c76-0929e0430973\": \"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)\",\n\t\"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd\": \"YubiKey 5 FIPS Series with NFC\",\n\t\"c5703116-972b-4851-a3e7-ae1259843399\": \"NEOWAVE Badgeo FIDO2\",\n\t\"c5ef55ff-ad9a-4b9f-b580-adebafe026d0\": \"YubiKey 5 Series with Lightning\",\n\t\"c80dbd9a-533f-4a17-b941-1a2f1c7cedff\": \"HID Crescendo C3000\",\n\t\"ca4cff1b-5a81-4404-8194-59aabcf1660b\": \"IDPrime 3930 FIDO\",\n\t\"ca87cb70-4c1b-4579-a8e8-4efdd7c007e0\": \"FIDO Alliance TruU Sample FIDO2 Authenticator\",\n\t\"cb69481e-8ff7-4039-93ec-0a2729a154a8\": \"YubiKey 5 Series\",\n\t\"cd69adb5-3c7a-deb9-3177-6800ea6cb72a\": \"Thales PIN Android SDK\",\n\t\"cdbdaea2-c415-5073-50f7-c04e968640b6\": \"Excelsecu eSecu FIDO2 Security Key\",\n\t\"cfcb13a2-244f-4b36-9077-82b79d6a7de7\": \"USB/NFC Passcode Authenticator\",\n\t\"d384db22-4d50-ebde-2eac-5765cf1e2a44\": \"Excelsecu eSecu FIDO2 Fingerprint Security Key\",\n\t\"d41f5a69-b817-4144-a13c-9ebd6d9254d6\": \"ATKey.Card CTAP2.0\",\n\t\"d548826e-79b4-db40-a3d8-11116f7e8349\": \"Bitwarden\",\n\t\"d61d3b87-3e7c-4aea-9c50-441c371903ad\": \"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"d7a423ad-3e19-4492-9200-78137dccc136\": \"VivoKey Apex FIDO2\",\n\t\"d821a7d4-e97c-4cb6-bd82-4237731fd4be\": \"Hyper FIDO Bio Security Key\",\n\t\"d8522d9f-575b-4866-88a9-ba99fa02f35b\": \"YubiKey Bio Series\",\n\t\"d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3\": \"KEY-ID FIDO2 Authenticator\",\n\t\"d94a29d9-52dd-4247-9c2d-8b818b610389\": \"VeriMark Guard Fingerprint Key\",\n\t\"da1fa263-8b25-42b6-a820-c0036f21ba7f\": \"ATKey.Card NFC\",\n\t\"dd4ec289-e01d-41c9-bb89-70fa845d4bf2\": \"iCloud Keychain (Managed)\",\n\t\"e1a96183-5016-4f24-b55b-e3ae23614cc6\": \"ATKey.Pro CTAP2.0\",\n\t\"e416201b-afeb-41ca-a03d-2281c28322aa\": \"ATKey.Pro CTAP2.1\",\n\t\"e86addcd-7711-47e5-b42a-c18257b0bf61\": \"IDCore 3121 Fido\",\n\t\"ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4\": \"Google Password Manager\",\n\t\"eabb46cc-e241-80bf-ae9e-96fa6d2975cf\": \"TOKEN2 PIN Plus Security Key Series \",\n\t\"eb3b131e-59dc-536a-d176-cb7306da10f5\": \"ellipticSecure MIRkey USB Authenticator\",\n\t\"ec31b4cc-2acc-4b8e-9c01-bade00ccbe26\": \"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator\",\n\t\"ee041bce-25e5-4cdb-8f86-897fd6418464\": \"Feitian ePass FIDO2-NFC Authenticator\",\n\t\"ee882879-721c-4913-9775-3dfcce97072a\": \"YubiKey 5 Series\",\n\t\"efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4\": \"Safenet eToken FIDO\",\n\t\"f3809540-7f14-49c1-a8b3-8f813b225541\": \"Enpass\",\n\t\"f4c63eff-d26c-4248-801c-3736c7eaa93a\": \"FIDO KeyPass S3\",\n\t\"f7c558a0-f465-11e8-b568-0800200c9a66\": \"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator\",\n\t\"f8a011f3-8c0a-4d15-8006-17111f9edc7d\": \"Security Key by Yubico\",\n\t\"fa2b99dc-9e39-4257-8f92-4a30d23c4118\": \"YubiKey 5 Series with NFC\",\n\t\"fbefdf68-fe86-0106-213e-4d5fa24cbe2e\": \"Excelsecu eSecu FIDO2 NFC Security Key\",\n\t\"fbfc3007-154e-4ecc-8c0b-6e020557d7bd\": \"iCloud Keychain\",\n\t\"fcb1bcb4-f370-078c-6993-bc24d0ae3fbe\": \"Ledger Nano X FIDO2 Authenticator\",\n\t\"fec067a1-f1d0-4c5e-b4c0-cc3237475461\": \"KX701 SmartToken FIDO\",\n}", "import { authenticatorMetadata } from './authenticatorMetadata.js'\nimport * as utils from './utils.js'\n\n\nexport function parseAuthBuffer(authData :ArrayBuffer) {\n //console.debug(authData)\n let flags = new DataView(authData.slice(32,33)).getUint8(0)\n //console.debug(flags)\n\n // https://w3c.github.io/webauthn/#sctn-authenticator-data\n let parsed :any = {\n rpIdHash: utils.toBase64url(authData.slice(0,32)),\n flags: {\n userPresent: !!(flags & 1),\n //reserved1: !!(flags & 2),\n userVerified: !!(flags & 4),\n backupEligibility: !!(flags & 8),\n backupState: !!(flags & 16),\n //reserved2: !!(flags & 32),\n attestedData: !!(flags & 64),\n extensionsIncluded: !!(flags & 128)\n },\n counter: new DataView(authData.slice(33,37)).getUint32(0, false), // Big-Endian!\n }\n\n // this is more descriptive than \"backupState\"\n parsed.synced = parsed.flags.backupState\n\n if(authData.byteLength > 37) {\n // registration contains additional data\n\n const aaguid = extractAaguid(authData) // bytes 37->53\n // https://w3c.github.io/webauthn/#attested-credential-data\n parsed = {\n ...parsed,\n aaguid,\n name: authenticatorMetadata[aaguid] ?? 'Unknown',\n icon_light: 'https://webauthn.passwordless.id/authenticators/' + aaguid + '-light.png',\n icon_dark: 'https://webauthn.passwordless.id/authenticators/' + aaguid + '-dark.png',\n }\n }\n\n return parsed\n}\n\nexport function extractAaguid(authData :ArrayBuffer) :string {\n return formatAaguid(authData.slice(37, 53)) // 16 bytes\n}\n\nfunction formatAaguid(buffer :ArrayBuffer) :string {\n let aaguid = utils.bufferToHex(buffer)\n aaguid = aaguid.substring(0,8) + '-' + aaguid.substring(8,12) + '-' + aaguid.substring(12,16) + '-' + aaguid.substring(16,20) + '-' + aaguid.substring(20,32)\n return aaguid // example: \"d41f5a69-b817-4144-a13c-9ebd6d9254d6\"\n}\n\n\n\n\n/**\n * Kept for compatibility purposes.\n * @deprecated\n */\nexport function resolveAuthenticatorName(aaguid :string) :string {\n const aaguidMetadata = updatedAuthenticatorMetadata ?? authenticatorMetadata //await getAaguidMetadata()\n return aaguidMetadata[aaguid]\n}\n\nlet updatedAuthenticatorMetadata :any = null\n\n/**\n * Updates the built-in metadata according to raw data available at https://mds.fidoalliance.org/\n * This service delivers a list of AAGUIDs encoded as a JWT.\n * Kept for compatibility purposes.\n * @deprecated\n */\nexport async function updateDevicesMetadata() {\n // this function is rather resource intensive and time consuming\n // therefore, the result is cached in local storage\n const jwt = await (await fetch(\"https://mds.fidoalliance.org\")).text()\n\n // the response is a JWT including all AAGUIDs and their metadata\n console.debug(jwt)\n\n // let us ignore the JWT verification, since this is solely for descriptive purposes, not signed data\n const payload = jwt.split('.')[1].replaceAll('-', '+').replaceAll('_', '/')\n const json = JSON.parse(atob(payload))\n console.debug(json)\n\n let aaguidMetadata :any = {}\n for(const e of json.entries) {\n if(!e.aaguid || !e.metadataStatement)\n continue\n\n aaguidMetadata[e.aaguid] = e.metadataStatement.description\n }\n\n console.debug(aaguidMetadata)\n updatedAuthenticatorMetadata = aaguidMetadata\n}\n", "/*\nexport * from './types'\nexport * from './webauthn'\nexport * from './parsers'\nexport * from './validation'\n*/\nimport * as client from './client.js';\nimport * as server from './server.js';\nimport * as parsers from './parsers.js';\nimport * as utils from './utils.js';\nimport { authenticatorMetadata } from './authenticatorMetadata.js'\n\nexport { client, server, parsers, utils, authenticatorMetadata }\nexport default { client, server, parsers, utils, authenticatorMetadata }\n"], + "mappings": "0FAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kBAAAE,EAAA,gBAAAC,EAAA,yBAAAC,EAAA,aAAAC,ICAA,IAAAC,EAAA,GAAAC,EAAAD,EAAA,iBAAAE,EAAA,uBAAAC,EAAA,gBAAAC,EAAA,mBAAAC,EAAA,gBAAAC,EAAA,oBAAAC,EAAA,WAAAC,EAAA,gBAAAC,EAAA,aAAAC,IAIO,SAASH,GAAkB,CAC9B,OAAO,OAAO,WAAW,CAC7B,CAGO,SAASG,EAASC,EAA0B,CAC/C,OAAO,WAAW,KAAKA,EAAKC,GAAKA,EAAE,WAAW,CAAC,CAAC,EAAE,MACtD,CAEO,SAASN,EAAYO,EAA6B,CACrD,OAAO,OAAO,aAAa,GAAG,IAAI,WAAWA,CAAM,CAAC,CACxD,CAGO,SAAST,EAAYO,EAAsB,CAC9C,OAAOA,EAAI,MAAM,qBAAqB,IAAM,IAChD,CAEO,SAASF,EAAYI,EAA6B,CAErD,OADY,KAAKP,EAAYO,CAAM,CAAC,EACzB,WAAW,IAAK,GAAG,EAAE,WAAW,IAAK,GAAG,CACvD,CAEO,SAASR,EAAeM,EAA0B,CACrD,OAAAA,EAAMA,EAAI,WAAW,IAAK,GAAG,EAAE,WAAW,IAAK,GAAG,EAC3CD,EAAS,KAAKC,CAAG,CAAC,CAC7B,CAGA,eAAsBH,EAAOK,EAA2C,CACpE,OAAO,MAAM,OAAO,OAAO,OAAO,UAAWA,CAAM,CACvD,CAEO,SAASX,EAAaW,EAA6B,CACtD,MAAO,CAAC,GAAG,IAAI,WAAYA,CAAM,CAAC,EAC7B,IAAKC,GAAKA,EAAE,SAAU,EAAE,EAAE,SAAU,EAAG,GAAG,CAAC,EAC3C,KAAM,EAAE,CACjB,CAGO,SAASX,EAAmBY,EAAsBC,EAAuB,CAC5E,IAAIC,EAAM,IAAI,WAAWF,EAAQ,WAAaC,EAAQ,UAAU,EAChE,OAAAC,EAAI,IAAI,IAAI,WAAWF,CAAO,EAAG,CAAC,EAClCE,EAAI,IAAI,IAAI,WAAWD,CAAO,EAAGD,EAAQ,UAAU,EAC5CE,CACT,CD3CM,SAASC,GAAuB,CACpC,MAAO,CAAC,CAAC,OAAO,mBACpB,CAKA,eAAsBC,GAAyC,CAC3D,OAAO,MAAM,oBAAoB,8CAA8C,CACnF,CAKA,eAAeC,EAAkBC,EAAgE,CAC7F,GAAGA,IAAa,QACZ,MAAO,WACX,GAAGA,IAAa,WAAaA,IAAa,SACtC,MAAO,iBACX,GAAGA,IAAa,OAIhB,GAAI,CACA,OAAG,MAAMF,EAAqB,EACnB,WAEA,gBACf,MAAE,CAGE,MACJ,CACJ,CAIA,SAASG,EAAYC,EAAyB,CAC1C,OAAOA,EAAK,CACR,IAAK,GAAI,MAAO,QAEhB,IAAK,KAAM,MAAO,QAClB,QAAS,MAAM,IAAI,MAAM,2BAA2BA,GAAK,CAC7D,CACJ,CAuBA,eAAsBC,EAASC,EAAkBC,EAAmBC,EAAyD,CAGzH,GAFAA,EAAUA,GAAW,CAAC,EAEnB,CAAOC,EAAYF,CAAS,EAC3B,MAAM,IAAI,MAAM,yDAAyD,EAE7E,IAAMG,EAAsD,CACxD,UAAiBC,EAAeJ,CAAS,EACzC,GAAI,CACA,GAAI,OAAO,SAAS,SACpB,KAAM,OAAO,SAAS,QAC1B,EACA,KAAM,CACF,GAAIC,EAAQ,WAAmBI,EAASJ,EAAQ,UAAU,EAAI,MAAYK,EAAO,IAAI,YAAY,EAAE,OAAO,wBAA0BP,CAAQ,CAAC,EAC7I,KAAMA,EACN,YAAaA,CACjB,EACA,iBAAkB,CACd,CAAC,IAAK,GAAI,KAAM,YAAY,EAC5B,CAAC,IAAK,KAAM,KAAM,YAAY,CAClC,EACA,QAASE,EAAQ,SAAW,IAC5B,uBAAwB,CACpB,iBAAkBA,EAAQ,kBAAoB,WAC9C,wBAAyB,MAAMP,EAAkBO,EAAQ,mBAAqB,MAAM,EACpF,YAAaA,EAAQ,cAAgB,YACrC,mBAAqBA,EAAQ,eAAiB,UAClD,EACA,YAAa,QACjB,EAEGA,EAAQ,OACP,QAAQ,MAAME,CAAe,EAEjC,IAAMI,EAAa,MAAM,UAAU,YAAY,OAAO,CAAC,UAAWJ,CAAe,CAAC,EAE/EF,EAAQ,OACP,QAAQ,MAAMM,CAAU,EAE5B,IAAMC,EAAWD,EAAW,SAExBE,EAAoC,CACpC,SAAUV,EACV,WAAY,CACR,GAAIQ,EAAW,GACf,UAAiBG,EAAYF,EAAS,aAAa,CAAC,EACpD,UAAWZ,EAAYW,EAAW,SAAS,sBAAsB,CAAC,CACtE,EACA,kBAAyBG,EAAYF,EAAS,qBAAqB,CAAC,EACpE,WAAkBE,EAAYF,EAAS,cAAc,CACzD,EAEA,OAAGP,EAAQ,cACPQ,EAAa,gBAAwBC,EAAYF,EAAS,iBAAiB,GAGxEC,CACX,CAGA,eAAeE,EAAchB,EAAuD,CAChF,IAAMiB,EAAmC,CAAC,UAAU,EAI9CC,EAAoC,CAAC,SAAU,MAAO,MAAO,KAAK,EAExE,GAAGlB,IAAa,QACZ,OAAOiB,EACX,GAAGjB,GAAY,WAAaA,IAAa,SACrC,OAAOkB,EACX,GAAGlB,IAAa,OACZ,MAAO,CAAC,GAAGiB,EAAO,GAAGC,CAAO,EAGhC,GAAI,CACA,OAAG,MAAMpB,EAAqB,EACnBmB,EAEAC,CACf,MAAE,CACE,MAAO,CAAC,GAAGD,EAAO,GAAGC,CAAO,CAChC,CACJ,CAaA,eAAsBC,EAAaC,EAAyBf,EAAmBC,EAA+D,CAG1I,GAFAA,EAAUA,GAAW,CAAC,EAEnB,CAAOC,EAAYF,CAAS,EAC3B,MAAM,IAAI,MAAM,yDAAyD,EAE7E,IAAMgB,EAAa,MAAML,EAAcV,EAAQ,mBAAqB,MAAM,EAEtEgB,EAAiD,CACjD,UAAiBb,EAAeJ,CAAS,EACzC,KAAM,OAAO,SAAS,SACtB,iBAAkBe,EAAc,IAAIG,IAAe,CAC/C,GAAUd,EAAec,CAAE,EAC3B,KAAM,aACN,WAAYF,CAChB,EAAE,EACF,iBAAkBf,EAAQ,kBAAoB,WAC9C,QAASA,EAAQ,SAAW,GAChC,EAEGA,EAAQ,OACP,QAAQ,MAAMgB,CAAW,EAE7B,IAAIE,EAAO,MAAM,UAAU,YAAY,IAAI,CAAC,UAAWF,EAAa,UAAWhB,EAAQ,SAAS,CAAC,EAE9FA,EAAQ,OACP,QAAQ,MAAMkB,CAAI,EAEtB,IAAMX,EAAWW,EAAK,SAUtB,MAR8C,CAC1C,aAAcA,EAAK,GACnB,kBAAyBT,EAAYF,EAAS,iBAAiB,EAC/D,WAAkBE,EAAYF,EAAS,cAAc,EACrD,UAAiBE,EAAYF,EAAS,SAAS,EAC/C,WAAYA,EAAS,WAAmBE,EAAYF,EAAS,UAAU,EAAI,MAC/E,CAGJ,CEhNA,IAAAY,EAAA,GAAAC,EAAAD,EAAA,0BAAAE,EAAA,uBAAAC,EAAA,oBAAAC,ICAA,IAAAC,EAAA,GAAAC,EAAAD,EAAA,sBAAAE,EAAA,wBAAAC,EAAA,uBAAAC,EAAA,gBAAAC,EAAA,sBAAAC,ICOO,IAAMC,EAAgD,CAC5D,uCAAwC,wBACxC,uCAAwC,2BACxC,uCAAwC,mEACxC,uCAAwC,gBACxC,uCAAwC,uCACxC,uCAAwC,2BACxC,uCAAwC,kDACxC,uCAAwC,yCACxC,uCAAwC,SACxC,uCAAwC,yCACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,qBACxC,uCAAwC,kDACxC,uCAAwC,oBACxC,uCAAwC,iDACxC,uCAAwC,mBACxC,uCAAwC,2BACxC,uCAAwC,0BACxC,uCAAwC,uBACxC,uCAAwC,4BACxC,uCAAwC,mBACxC,uCAAwC,qBACxC,uCAAwC,2BACxC,uCAAwC,oCACxC,uCAAwC,4CACxC,uCAAwC,kCACxC,uCAAwC,uBACxC,uCAAwC,UACxC,uCAAwC,uCACxC,uCAAwC,qBACxC,uCAAwC,oCACxC,uCAAwC,kCACxC,uCAAwC,+BACxC,uCAAwC,iBACxC,uCAAwC,sDACxC,uCAAwC,0CACxC,uCAAwC,0BACxC,uCAAwC,0BACxC,uCAAwC,yBACxC,uCAAwC,4CACxC,uCAAwC,yBACxC,uCAAwC,+CACxC,uCAAwC,WACxC,uCAAwC,eACxC,uCAAwC,oCACxC,uCAAwC,wBACxC,uCAAwC,mBACxC,uCAAwC,yCACxC,uCAAwC,+GACxC,uCAAwC,2BACxC,uCAAwC,6BACxC,uCAAwC,wCACxC,uCAAwC,gBACxC,uCAAwC,gCACxC,uCAAwC,uBACxC,uCAAwC,qBACxC,uCAAwC,oBACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,4BACxC,uCAAwC,wBACxC,uCAAwC,wBACxC,uCAAwC,sCACxC,uCAAwC,cACxC,uCAAwC,YACxC,uCAAwC,4BACxC,uCAAwC,oCACxC,uCAAwC,0CACxC,uCAAwC,uCACxC,uCAAwC,kCACxC,uCAAwC,yBACxC,uCAAwC,2CACxC,uCAAwC,gDACxC,uCAAwC,+CACxC,uCAAwC,yCACxC,uCAAwC,gCACxC,uCAAwC,qBACxC,uCAAwC,iCACxC,uCAAwC,6BACxC,uCAAwC,kCACxC,uCAAwC,6BACxC,uCAAwC,8BACxC,uCAAwC,2CACxC,uCAAwC,8CACxC,uCAAwC,cACxC,uCAAwC,iBACxC,uCAAwC,6BACxC,uCAAwC,gBACxC,uCAAwC,wCACxC,uCAAwC,iBACxC,uCAAwC,wCACxC,uCAAwC,yCACxC,uCAAwC,6BACxC,uCAAwC,sBACxC,uCAAwC,4BACxC,uCAAwC,gBACxC,uCAAwC,sBACxC,uCAAwC,uBACxC,uCAAwC,oBACxC,uCAAwC,mBACxC,uCAAwC,2CACxC,uCAAwC,WACxC,uCAAwC,yBACxC,uCAAwC,mDACxC,uCAAwC,aACxC,uCAAwC,6BACxC,uCAAwC,YACxC,uCAAwC,yCACxC,uCAAwC,sCACxC,uCAAwC,yDACxC,uCAAwC,iCACxC,uCAAwC,uBACxC,uCAAwC,kCACxC,uCAAwC,sBACxC,uCAAwC,oBACxC,uCAAwC,gDACxC,uCAAwC,mBACxC,uCAAwC,yBACxC,uCAAwC,qCACxC,uCAAwC,iCACxC,uCAAwC,iDACxC,uCAAwC,qBACxC,uCAAwC,YACxC,uCAAwC,+CACxC,uCAAwC,qBACxC,uCAAwC,8BACxC,uCAAwC,qBACxC,uCAAwC,6BACxC,uCAAwC,iCACxC,uCAAwC,iBACxC,uCAAwC,4BACxC,uCAAwC,oBACxC,uCAAwC,oBACxC,uCAAwC,mBACxC,uCAAwC,0BACxC,uCAAwC,uCACxC,uCAAwC,0CACxC,uCAAwC,sDACxC,uCAAwC,wCACxC,uCAAwC,mBACxC,uCAAwC,sBACxC,uCAAwC,SACxC,uCAAwC,kBACxC,uCAAwC,gEACxC,uCAAwC,yBACxC,uCAAwC,4BACxC,uCAAwC,yCACxC,uCAAwC,kBACxC,uCAAwC,oCACxC,uCAAwC,uBACzC,EC3JO,SAASC,EAAgBC,EAAuB,CAEnD,IAAIC,EAAQ,IAAI,SAASD,EAAS,MAAM,GAAG,EAAE,CAAC,EAAE,SAAS,CAAC,EAItDE,EAAc,CACd,SAAgBC,EAAYH,EAAS,MAAM,EAAE,EAAE,CAAC,EAChD,MAAO,CACC,YAAa,CAAC,EAAEC,EAAQ,GAExB,aAAc,CAAC,EAAEA,EAAS,GAC1B,kBAAmB,CAAC,EAAEA,EAAQ,GAC9B,YAAa,CAAC,EAAEA,EAAQ,IAExB,aAAc,CAAC,EAAEA,EAAQ,IACzB,mBAAoB,CAAC,EAAEA,EAAQ,IACvC,EACA,QAAS,IAAI,SAASD,EAAS,MAAM,GAAG,EAAE,CAAC,EAAE,UAAU,EAAG,EAAK,CACnE,EAKA,GAFAE,EAAO,OAASA,EAAO,MAAM,YAE1BF,EAAS,WAAa,GAAI,CAGzB,IAAMI,EAASC,EAAcL,CAAQ,EAErCE,EAAS,CACL,GAAGA,EACH,OAAAE,EACA,KAAME,EAAsBF,IAAW,UACvC,WAAY,mDAAqDA,EAAS,aAC1E,UAAW,mDAAqDA,EAAS,WAC7E,CACJ,CAEA,OAAOF,CACX,CAEO,SAASG,EAAcL,EAA+B,CACzD,OAAOO,EAAaP,EAAS,MAAM,GAAI,EAAE,CAAC,CAC9C,CAEA,SAASO,EAAaC,EAA6B,CAC/C,IAAIJ,EAAeK,EAAYD,CAAM,EACrC,OAAAJ,EAASA,EAAO,UAAU,EAAE,CAAC,EAAI,IAAMA,EAAO,UAAU,EAAE,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EAAI,IAAMA,EAAO,UAAU,GAAG,EAAE,EACrJA,CACX,CFjDA,IAAMM,EAAc,IAAI,YAAY,OAAO,EAEpC,SAASC,EAAYC,EAAsC,CAC9D,OAAG,OAAOA,GAAQ,WACdA,EAAaC,EAAeD,CAAI,GAC7B,KAAK,MAAMF,EAAY,OAAOE,CAAI,CAAC,CAC9C,CAGO,SAASE,EAAmBF,EAA6C,CAC5E,OAAG,OAAOA,GAAQ,WACdA,EAAaC,EAAeD,CAAI,GACdG,EAAgBH,CAAI,CAC9C,CAGO,SAASI,EAAiBJ,EAAmC,CAKhE,OAAOA,CACX,CAIO,SAASK,EAAkBC,EAAuD,CACrF,MAAO,CACH,SAAUA,EAAa,SACvB,WAAYA,EAAa,WAEzB,OAAeP,EAAYO,EAAa,UAAU,EAClD,cAAeJ,EAAmBI,EAAa,iBAAiB,EAChE,YAAeA,EAAa,gBAAmCA,EAAa,gBAAmB,IACnG,CACJ,CAEO,SAASC,EAAoBC,EAA6D,CAC7F,MAAO,CACH,aAAeA,EAAe,aAC9B,OAAeT,EAAYS,EAAe,UAAU,EACpD,cAAeN,EAAmBM,EAAe,iBAAiB,EAClE,UAAWA,EAAe,SAC9B,CACJ,CD3CA,eAAeC,EAAQC,EAAgBC,EAA8B,CAClE,GAAG,OAAOD,GAAc,WAAY,CAC/B,IAAME,EAAMF,EAAUC,CAAK,EAC3B,OAAGC,aAAe,QACP,MAAMA,EAENA,CACf,CAEA,OAAOF,IAAcC,CACzB,CAEA,eAAeE,EAAWH,EAAgBC,EAA8B,CACpE,MAAO,CAAE,MAAMF,EAAQC,EAAWC,CAAK,CAC3C,CAQA,eAAsBG,EAAmBC,EAAsCC,EAA2D,CACtI,IAAMC,EAAeC,EAAkBH,CAAe,EAEtD,GAAIE,EAAa,OAAO,OAAS,kBAC7B,MAAM,IAAI,MAAM,+BAA+BA,EAAa,OAAO,MAAM,EAE7E,GAAI,MAAMJ,EAAWG,EAAS,OAAQC,EAAa,OAAO,MAAM,EAC5D,MAAM,IAAI,MAAM,iCAAiCA,EAAa,OAAO,QAAQ,EAEjF,GAAI,MAAMJ,EAAWG,EAAS,UAAWC,EAAa,OAAO,SAAS,EAClE,MAAM,IAAI,MAAM,oCAAoCA,EAAa,OAAO,WAAW,EAEvF,OAAOA,CACX,CAYA,eAAsBE,EAAqBC,EAA0CC,EAA2BL,EAA+D,CAC3K,GAAII,EAAkB,eAAiBC,EAAW,GAC9C,MAAM,IAAI,MAAM,2BAA2BD,EAAkB,mBAAmBC,EAAW,IAAI,EAWnG,GAAG,CAT+B,MAAMC,EAAgB,CACpD,UAAWD,EAAW,UACtB,UAAWA,EAAW,UACtB,kBAAmBD,EAAkB,kBACrC,WAAYA,EAAkB,WAC9B,UAAWA,EAAkB,UAC7B,QAASJ,EAAS,OACtB,CAAC,EAGG,MAAM,IAAI,MAAM,sBAAsBI,EAAkB,WAAW,EAEvE,IAAMG,EAAiBC,EAAoBJ,CAAiB,EAE5D,GAAIG,EAAe,OAAO,OAAS,eAC/B,MAAM,IAAI,MAAM,+BAA+BA,EAAe,OAAO,MAAM,EAE/E,GAAI,MAAMV,EAAWG,EAAS,OAAQO,EAAe,OAAO,MAAM,EAC9D,MAAM,IAAI,MAAM,iCAAiCA,EAAe,OAAO,QAAQ,EAEnF,GAAI,MAAMV,EAAWG,EAAS,UAAWO,EAAe,OAAO,SAAS,EACpE,MAAM,IAAI,MAAM,oCAAoCA,EAAe,OAAO,WAAW,EAGzF,IAAME,EAAO,IAAI,IAAIF,EAAe,OAAO,MAAM,EAAE,SAC7CG,EAAyBC,EAAY,MAAYC,EAAaC,EAASJ,CAAI,CAAC,CAAC,EACnF,GAAIF,EAAe,cAAc,WAAaG,EAC1C,MAAM,IAAI,MAAM,wBAAwBH,EAAe,cAAc,eAAeG,GAAkB,EAE1G,GAAI,CAACH,EAAe,cAAc,MAAM,YACpC,MAAM,IAAI,MAAM,qDAAqD,EAEzE,GAAI,CAACA,EAAe,cAAc,MAAM,cAAgBP,EAAS,aAC7D,MAAM,IAAI,MAAM,sDAAsD,EAE1E,GAAIA,EAAS,SAAWO,EAAe,cAAc,SAAWP,EAAS,QACrE,MAAM,IAAI,MAAM,qCAAqCO,EAAe,cAAc,wBAAwBP,EAAS,UAAU,EAEjI,OAAOO,CACX,CAcA,SAASO,EAAcC,EAA2B,CAC9C,OAAQA,EAAW,CACf,IAAK,QACD,MAAO,CACH,KAAM,oBACN,KAAM,SACV,EACJ,IAAK,QACD,MAAO,CACH,KAAM,QACN,WAAY,QACZ,KAAM,SACV,EAEJ,QACI,MAAM,IAAI,MAAM,4CAA4CA,4CAAoD,CACxH,CACJ,CAIA,eAAeC,EAAeC,EAAwBC,EAAuC,CACzF,IAAMC,EAAeC,EAAeF,CAAS,EAC7C,OAAO,OAAO,OAAO,UAAU,OAAQC,EAAQF,EAAY,GAAO,CAAC,QAAQ,CAAC,CAChF,CAyBA,eAAsBX,EAAgB,CAAE,UAAAS,EAAW,UAAAG,EAAW,kBAAAG,EAAmB,WAAAC,EAAY,UAAAC,EAAW,QAAAC,CAAQ,EAAmC,CAC/I,IAAMP,EAAaH,EAAcC,CAAS,EACtCU,EAAY,MAAMT,EAAeC,EAAYC,CAAS,EAEvDM,GACC,QAAQ,MAAMC,CAAS,EAG3B,IAAIC,EAAa,MAAYd,EAAaQ,EAAeE,CAAU,CAAC,EAGhEK,EAAoBC,EAAyBR,EAAeC,CAAiB,EAAGK,CAAU,EAE3FF,IACC,QAAQ,MAAM,gBAAkB,KAAK,UAAUP,CAAU,CAAC,EAC1D,QAAQ,MAAM,eAAiBC,CAAS,EACxC,QAAQ,MAAM,SAAiBP,EAAYgB,CAAW,CAAC,EACvD,QAAQ,MAAM,cAAgBJ,CAAS,GAI3C,IAAIM,EAAwBT,EAAeG,CAAS,EACpD,OAAGR,GAAa,UACZc,EAAkBC,EAAiBD,CAAe,GAEtC,MAAM,OAAO,OAAO,OAAOZ,EAAYQ,EAAWI,EAAiBF,CAAW,CAGlG,CAEA,SAASG,EAAiBD,EAA8B,CAEpD,IAAME,EAAa,IAAI,WAAWF,CAAe,EAC3CG,EAASD,EAAW,KAAO,EAAI,EAAI,EACnCE,EAAOD,EAAS,GAChBE,EAASH,EAAWE,EAAO,KAAO,EAAIA,EAAO,EAAIA,EAAO,EACxDE,EAAIJ,EAAW,MAAMC,EAAQC,CAAI,EACjCG,EAAIL,EAAW,MAAMG,CAAM,EACjC,OAAO,IAAI,WAAW,CAAC,GAAGC,EAAG,GAAGC,CAAC,CAAC,CACtC,CIxLA,IAAOC,GAAQ,CAAE,OAAAC,EAAQ,OAAAC,EAAQ,QAAAC,EAAS,MAAAC,EAAO,sBAAAC,CAAsB", "names": ["client_exports", "__export", "authenticate", "isAvailable", "isLocalAuthenticator", "register", "utils_exports", "__export", "bufferToHex", "concatenateBuffers", "isBase64url", "parseBase64url", "parseBuffer", "randomChallenge", "sha256", "toBase64url", "toBuffer", "txt", "c", "buffer", "b", "buffer1", "buffer2", "tmp", "isAvailable", "isLocalAuthenticator", "getAuthAttachment", "authType", "getAlgoName", "num", "register", "username", "challenge", "options", "isBase64url", "creationOptions", "parseBase64url", "toBuffer", "sha256", "credential", "response", "registration", "toBase64url", "getTransports", "local", "roaming", "authenticate", "credentialIds", "transports", "authOptions", "id", "auth", "server_exports", "__export", "verifyAuthentication", "verifyRegistration", "verifySignature", "parsers_exports", "__export", "parseAttestation", "parseAuthentication", "parseAuthenticator", "parseClient", "parseRegistration", "authenticatorMetadata", "parseAuthBuffer", "authData", "flags", "parsed", "toBase64url", "aaguid", "extractAaguid", "authenticatorMetadata", "formatAaguid", "buffer", "bufferToHex", "utf8Decoder", "parseClient", "data", "parseBase64url", "parseAuthenticator", "parseAuthBuffer", "parseAttestation", "parseRegistration", "registration", "parseAuthentication", "authentication", "isValid", "validator", "value", "res", "isNotValid", "verifyRegistration", "registrationRaw", "expected", "registration", "parseRegistration", "verifyAuthentication", "authenticationRaw", "credential", "verifySignature", "authentication", "parseAuthentication", "rpId", "expectedRpIdHash", "toBase64url", "sha256", "toBuffer", "getAlgoParams", "algorithm", "parseCryptoKey", "algoParams", "publicKey", "buffer", "parseBase64url", "authenticatorData", "clientData", "signature", "verbose", "cryptoKey", "clientHash", "comboBuffer", "concatenateBuffers", "signatureBuffer", "convertASN1toRaw", "usignature", "rStart", "rEnd", "sStart", "r", "s", "src_default", "client_exports", "server_exports", "parsers_exports", "utils_exports", "authenticatorMetadata"] } diff --git a/src/server.ts b/src/server.ts index ddcd69d..2733588 100644 --- a/src/server.ts +++ b/src/server.ts @@ -27,7 +27,6 @@ interface RegistrationChecks { export async function verifyRegistration(registrationRaw: RegistrationEncoded, expected: RegistrationChecks): Promise { const registration = parseRegistration(registrationRaw) - registration.client.challenge if (registration.client.type !== "webauthn.create") throw new Error(`Unexpected ClientData type: ${registration.client.type}`) @@ -160,7 +159,7 @@ type VerifyParams = { export async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature, verbose }: VerifyParams): Promise { const algoParams = getAlgoParams(algorithm) let cryptoKey = await parseCryptoKey(algoParams, publicKey) - + if(verbose) { console.debug(cryptoKey) }