Skip to content

Commit

Permalink
[skip_ci] v3.3.0: Build artifacts for Deno
Browse files Browse the repository at this point in the history
  • Loading branch information
JamesCullum authored and github-actions[bot] committed Sep 1, 2022
1 parent f6d237d commit be3f01b
Show file tree
Hide file tree
Showing 2 changed files with 1,108 additions and 488 deletions.
38 changes: 29 additions & 9 deletions dist/main.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -1005,7 +1005,17 @@ class PublicKey {

let parsedCose;
try {
parsedCose = cborX__namespace.decode(new Uint8Array(cose));
// In the current state, the "cose" parameter can contain not only the actual cose (= public key) but also extensions.
// Both are CBOR encoded entries, so you can treat and evaluate the "cose" parameter accordingly.
// "fromCose" is called from a context that contains an active AT flag (attestation), so the first CBOR entry is the actual cose.
// "tools.cbor.decode" will fail when multiple entries are provided (e.g. cose + at least one extension), so "decodeMultiple" is the sollution.
cborX__namespace.decodeMultiple(
new Uint8Array(cose),
cborObject => {
parsedCose = cborObject;
return false;
}
);
} catch (err) {
throw new Error(
"couldn't parse authenticator.authData.attestationData CBOR: " +
Expand Down Expand Up @@ -2895,15 +2905,25 @@ async function parseAuthenticatorData(authnrDataArrayBuffer) {
authnrDataBuf.buffer.slice(offset, authnrDataBuf.buffer.byteLength),
);

// TODO: does not only contain the COSE if the buffer contains extensions
ret.set("credentialPublicKeyCose", await publicKey.toCose());
ret.set("credentialPublicKeyJwk", await publicKey.toJwk());
ret.set("credentialPublicKeyPem", await publicKey.toPem());
}

// TODO: parse extensions
if (extensions) {
// extensionStart = offset
throw new Error("authenticator extensions not supported");
const cborObjects = cborX__namespace.decodeMultiple(new Uint8Array(authnrDataBuf.buffer.slice(offset, authnrDataBuf.buffer.byteLength)));

// skip publicKey if present
if (attestation) {
cborObjects.shift();
}

if (cborObjects.length === 0) {
throw new Error("extensions missing");
}

ret.set("webAuthnExtensions", cborObjects);
}

return ret;
Expand Down Expand Up @@ -4955,7 +4975,7 @@ class Fido2Lib {
* @param {String} [opts.rpName="Anonymous Service"] The name of the server
* @param {String} [opts.rpIcon] A URL for the service's icon. Can be a [RFC 2397]{@link https://tools.ietf.org/html/rfc2397} data URL.
* @param {Number} [opts.challengeSize=64] The number of bytes to use for the challenge
* @param {Object} [opts.authenticatorSelectionCriteria] An object describing what types of authenticators are allowed to register with the service.
* @param {Object} [opts.authenticatorSelection] An object describing what types of authenticators are allowed to register with the service.
* See [AuthenticatorSelectionCriteria]{@link https://w3.org/TR/webauthn/#authenticatorSelection} in the WebAuthn spec for details.
* @param {String} [opts.authenticatorAttachment] Indicates whether authenticators should be part of the OS ("platform"), or can be roaming authenticators ("cross-platform")
* @param {Boolean} [opts.authenticatorRequireResidentKey] Indicates whether authenticators must store the key internally (true) or if they can use a KDF to generate keys
Expand Down Expand Up @@ -5559,13 +5579,13 @@ class Fido2Lib {
* @property {Array} [pubKeyCredParams] A list of PublicKeyCredentialParameters objects, based on the `cryptoParams` that was passed to the constructor.
* @property {Number} [timeout] The amount of time that the call should take before returning an error
* @property {String} [attestation] Whether the client should request attestation from the authenticator or not
* @property {Object} [authenticatorSelectionCriteria] A object describing which authenticators are preferred for registration
* @property {String} [authenticatorSelectionCriteria.attachment] What type of attachement is acceptable for new authenticators.
* @property {Object} [authenticatorSelection] A object describing which authenticators are preferred for registration
* @property {String} [authenticatorSelection.attachment] What type of attachement is acceptable for new authenticators.
* Allowed values are "platform", meaning that the authenticator is embedded in the operating system, or
* "cross-platform", meaning that the authenticator is removeable (e.g. USB, NFC, or BLE).
* @property {Boolean} [authenticatorSelectionCriteria.requireResidentKey] Indicates whether authenticators must store the keys internally, or if they can
* @property {Boolean} [authenticatorSelection.requireResidentKey] Indicates whether authenticators must store the keys internally, or if they can
* store them externally (using a KDF or key wrapping)
* @property {String} [authenticatorSelectionCriteria.userVerification] Indicates whether user verification is required for authenticators. User verification
* @property {String} [authenticatorSelection.userVerification] Indicates whether user verification is required for authenticators. User verification
* means that an authenticator will validate a use through their biometrics (e.g. fingerprint) or knowledge (e.g. PIN). Allowed
* values for `userVerification` are "required", meaning that registration will fail if no authenticator provides user verification;
* "preferred", meaning that if multiple authenticators are available, the one(s) that provide user verification should be used; or
Expand Down
Loading

0 comments on commit be3f01b

Please sign in to comment.