diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-09-08 00:31:09 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-09-08 00:31:09 -0700 |
| commit | a86daa177dfa66b486cdef74d20f610425f8998a (patch) | |
| tree | 132214af99958d135503564c2efa5101a8f13501 | |
| parent | 9ea9d7d4f8ab6b258091355c8bfc1d9b1e2049b4 (diff) | |
Try to gracefully support existing public keys
| -rw-r--r-- | packages/server/src/helpers/convertPublicKeyToPEM.ts | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/packages/server/src/helpers/convertPublicKeyToPEM.ts b/packages/server/src/helpers/convertPublicKeyToPEM.ts index a7e04bd..ced4ad7 100644 --- a/packages/server/src/helpers/convertPublicKeyToPEM.ts +++ b/packages/server/src/helpers/convertPublicKeyToPEM.ts @@ -3,9 +3,41 @@ import jwkToPem from 'jwk-to-pem'; import base64url from 'base64url'; import { COSEKEYS, COSEKTY, COSECRV } from './convertCOSEtoPKCS'; +import convertX509CertToPEM from './convertX509CertToPEM'; export default function convertPublicKeyToPEM(publicKey: string): string { - const struct = cbor.decodeFirstSync(base64url.toBuffer(publicKey)); + const publicKeyBuffer = base64url.toBuffer(publicKey); + console.log(publicKeyBuffer.toString('hex')); + + let struct; + try { + struct = cbor.decodeAllSync(publicKeyBuffer)[0]; + } catch (err) { + console.warn('Caught error when trying to decode public key, might be an old public key'); + /** + * Catching an error here means we're probably converting an "old" EC2 public key that was + * saved before we started returning the full credentialPublicKey from an attestation. + * + * We're playing things a little fast and loose by naively converting it to PEM format in a way + * that is consistent with how it used to be constructed. + * + * BTW this is in here to try and prevent better RSA support from breaking existing deployments. + * It is strongly recommended that this be deprecated in a future release... + */ + let oldPubKeyPEM = convertX509CertToPEM( + Buffer.concat([ + // Assumes EC keyType with P-256 algorithm + Buffer.from('3059301306072a8648ce3d020106082a8648ce3d030107034200', 'hex'), + publicKeyBuffer, + ]), + ); + + // Replace "-----BEGIN CERTIFICATE-----" with "-----BEGIN PUBLIC KEY-----" (so we can reuse + // the method) + oldPubKeyPEM = oldPubKeyPEM.replace(/CERTIFICATE/gi, 'PUBLIC KEY'); + + return oldPubKeyPEM; + } const kty = struct.get(COSEKEYS.kty); |