summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
authorMatthew Miller <matthew@millerti.me>2021-08-02 12:13:17 -0700
committerMatthew Miller <matthew@millerti.me>2021-08-02 12:13:17 -0700
commitaf9aec4e473dbfbfdb000f0df4bc6ee8ad09da2b (patch)
treeab68b77116ddaec62b9898b180f5751ae6ea181a /packages/server/src
parente317f261e61417e21b7c06da182befaf096b3d89 (diff)
Rename buffer-to-PEM method
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/attestation/verifications/tpm/verifyTPM.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidKey.ts6
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts6
-rw-r--r--packages/server/src/attestation/verifications/verifyApple.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyFIDOU2F.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyPacked.ts4
-rw-r--r--packages/server/src/helpers/convertCertBufferToPEM.ts (renamed from packages/server/src/helpers/convertX509CertToPEM.ts)4
-rw-r--r--packages/server/src/metadata/verifyAttestationWithMetadata.ts6
-rw-r--r--packages/server/src/services/metadataService.ts4
9 files changed, 21 insertions, 21 deletions
diff --git a/packages/server/src/attestation/verifications/tpm/verifyTPM.ts b/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
index 50eb0b0..b859fb5 100644
--- a/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
+++ b/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
@@ -12,7 +12,7 @@ import type { AttestationStatement } from '../../../helpers/decodeAttestationObj
import decodeCredentialPublicKey from '../../../helpers/decodeCredentialPublicKey';
import { COSEKEYS, COSEALGHASH } from '../../../helpers/convertCOSEtoPKCS';
import toHash from '../../../helpers/toHash';
-import convertX509CertToPEM from '../../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../../helpers/convertCertBufferToPEM';
import getCertificateInfo from '../../../helpers/getCertificateInfo';
import verifySignature from '../../../helpers/verifySignature';
import MetadataService from '../../../services/metadataService';
@@ -274,7 +274,7 @@ export default async function verifyTPM(options: Options): Promise<boolean> {
// Verify signature over certInfo with the public key extracted from AIK certificate.
// In the wise words of Yuriy Ackermann: "Get Martini friend, you are done!"
- const leafCertPEM = convertX509CertToPEM(x5c[0]);
+ const leafCertPEM = convertCertBufferToPEM(x5c[0]);
return verifySignature(sig, certInfo, leafCertPEM, hashAlg);
}
diff --git a/packages/server/src/attestation/verifications/verifyAndroidKey.ts b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
index e137125..f3a47ee 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidKey.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
@@ -3,7 +3,7 @@ import { Certificate } from '@peculiar/asn1-x509';
import { KeyDescription, id_ce_keyDescription } from '@peculiar/asn1-android';
import type { AttestationStatement } from '../../helpers/decodeAttestationObject';
-import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../helpers/convertCertBufferToPEM';
import verifySignature from '../../helpers/verifySignature';
import convertCOSEtoPKCS, { COSEALGHASH } from '../../helpers/convertCOSEtoPKCS';
import MetadataService from '../../services/metadataService';
@@ -76,7 +76,7 @@ export default async function verifyAttestationAndroidKey(options: Options): Pro
}
// TODO: Confirm that the root certificate is an expected certificate
- // const rootCertPEM = convertX509CertToPEM(x5c[x5c.length - 1]);
+ // const rootCertPEM = convertBufferToPEM(x5c[x5c.length - 1]);
// console.log(rootCertPEM);
// if (rootCertPEM !== expectedRootCert) {
@@ -93,7 +93,7 @@ export default async function verifyAttestationAndroidKey(options: Options): Pro
}
const signatureBase = Buffer.concat([authData, clientDataHash]);
- const leafCertPEM = convertX509CertToPEM(x5c[0]);
+ const leafCertPEM = convertCertBufferToPEM(x5c[0]);
const hashAlg = COSEALGHASH[alg as number];
return verifySignature(sig, signatureBase, leafCertPEM, hashAlg);
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 11dec6b..8d8cc4a 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -6,7 +6,7 @@ import toHash from '../../helpers/toHash';
import verifySignature from '../../helpers/verifySignature';
import getCertificateInfo from '../../helpers/getCertificateInfo';
import validateCertificatePath from '../../helpers/validateCertificatePath';
-import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../helpers/convertCertBufferToPEM';
import MetadataService from '../../services/metadataService';
import verifyAttestationWithMetadata from '../../metadata/verifyAttestationWithMetadata';
@@ -103,7 +103,7 @@ export default async function verifyAttestationAndroidSafetyNet(
}
} else {
// Validate certificate path using a fixed global root cert
- const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertX509CertToPEM);
+ const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertCertBufferToPEM);
try {
await validateCertificatePath(path);
@@ -121,7 +121,7 @@ export default async function verifyAttestationAndroidSafetyNet(
const signatureBaseBuffer = Buffer.from(`${jwtParts[0]}.${jwtParts[1]}`);
const signatureBuffer = base64url.toBuffer(SIGNATURE);
- const leafCertPEM = convertX509CertToPEM(leafCertBuffer);
+ const leafCertPEM = convertCertBufferToPEM(leafCertBuffer);
const verified = verifySignature(signatureBuffer, signatureBaseBuffer, leafCertPEM);
/**
* END Verify Signature
diff --git a/packages/server/src/attestation/verifications/verifyApple.ts b/packages/server/src/attestation/verifications/verifyApple.ts
index 419db74..952a753 100644
--- a/packages/server/src/attestation/verifications/verifyApple.ts
+++ b/packages/server/src/attestation/verifications/verifyApple.ts
@@ -3,7 +3,7 @@ import { Certificate } from '@peculiar/asn1-x509';
import type { AttestationStatement } from '../../helpers/decodeAttestationObject';
import validateCertificatePath from '../../helpers/validateCertificatePath';
-import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../helpers/convertCertBufferToPEM';
import toHash from '../../helpers/toHash';
import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
@@ -25,7 +25,7 @@ export default async function verifyApple(options: Options): Promise<boolean> {
/**
* Verify certificate path
*/
- const certPath = x5c.map(convertX509CertToPEM);
+ const certPath = x5c.map(convertCertBufferToPEM);
certPath.push(AppleWebAuthnRootCertificate);
try {
diff --git a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
index 40367d6..310cb83 100644
--- a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
@@ -1,7 +1,7 @@
import type { AttestationStatement } from '../../helpers/decodeAttestationObject';
import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
-import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../helpers/convertCertBufferToPEM';
import verifySignature from '../../helpers/verifySignature';
type Options = {
@@ -53,7 +53,7 @@ export default function verifyAttestationFIDOU2F(options: Options): boolean {
throw new Error(`AAGUID "${aaguidToHex}" was not expected value`);
}
- const leafCertPEM = convertX509CertToPEM(x5c[0]);
+ const leafCertPEM = convertCertBufferToPEM(x5c[0]);
return verifySignature(sig, signatureBase, leafCertPEM);
}
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 077e54d..854ef1a 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -11,7 +11,7 @@ import convertCOSEtoPKCS, {
} from '../../helpers/convertCOSEtoPKCS';
import { FIDO_METADATA_ATTESTATION_TYPES } from '../../helpers/constants';
import toHash from '../../helpers/toHash';
-import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../../helpers/convertCertBufferToPEM';
import getCertificateInfo from '../../helpers/getCertificateInfo';
import verifySignature from '../../helpers/verifySignature';
import decodeCredentialPublicKey from '../../helpers/decodeCredentialPublicKey';
@@ -48,7 +48,7 @@ export default async function verifyAttestationPacked(options: Options): Promise
const pkcsPublicKey = convertCOSEtoPKCS(credentialPublicKey);
if (x5c) {
- const leafCert = convertX509CertToPEM(x5c[0]);
+ const leafCert = convertCertBufferToPEM(x5c[0]);
const { subject, basicConstraintsCA, version, notBefore, notAfter } = getCertificateInfo(
x5c[0],
);
diff --git a/packages/server/src/helpers/convertX509CertToPEM.ts b/packages/server/src/helpers/convertCertBufferToPEM.ts
index 74fa157..e02a4c3 100644
--- a/packages/server/src/helpers/convertX509CertToPEM.ts
+++ b/packages/server/src/helpers/convertCertBufferToPEM.ts
@@ -2,9 +2,9 @@ import base64url from 'base64url';
import type { Base64URLString } from '@simplewebauthn/typescript-types';
/**
- * Convert X.509 certificate to an OpenSSL-compatible PEM text format.
+ * Convert buffer to an OpenSSL-compatible PEM text format.
*/
-export default function convertX509CertToPEM(certBuffer: Buffer | Base64URLString): string {
+export default function convertCertBufferToPEM(certBuffer: Buffer | Base64URLString): string {
let buffer: Buffer;
if (typeof certBuffer === 'string') {
buffer = base64url.toBuffer(certBuffer);
diff --git a/packages/server/src/metadata/verifyAttestationWithMetadata.ts b/packages/server/src/metadata/verifyAttestationWithMetadata.ts
index 3ef04a9..e45eeeb 100644
--- a/packages/server/src/metadata/verifyAttestationWithMetadata.ts
+++ b/packages/server/src/metadata/verifyAttestationWithMetadata.ts
@@ -2,7 +2,7 @@ import { Base64URLString } from '@simplewebauthn/typescript-types';
import { MetadataStatement } from '../services/metadataService';
import { FIDO_METADATA_AUTH_ALG_TO_COSE } from '../helpers/constants';
-import convertX509CertToPEM from '../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../helpers/convertCertBufferToPEM';
import validateCertificatePath from '../helpers/validateCertificatePath';
export default async function verifyAttestationWithMetadata(
@@ -17,14 +17,14 @@ export default async function verifyAttestationWithMetadata(
}
// Make a copy of x5c so we don't modify the original
- const path = [...x5c].map(convertX509CertToPEM);
+ const path = [...x5c].map(convertCertBufferToPEM);
// Try to validate the chain with each metadata root cert until we find one that works
let foundValidPath = false;
for (const rootCert of statement.attestationRootCertificates) {
try {
// Push the root cert to the cert path and try to validate it
- path.push(convertX509CertToPEM(rootCert));
+ path.push(convertCertBufferToPEM(rootCert));
foundValidPath = await validateCertificatePath(path);
} catch (err) {
// Swallow the error for now
diff --git a/packages/server/src/services/metadataService.ts b/packages/server/src/services/metadataService.ts
index 3cec5e3..a9baf9e 100644
--- a/packages/server/src/services/metadataService.ts
+++ b/packages/server/src/services/metadataService.ts
@@ -6,7 +6,7 @@ import base64url from 'base64url';
import { FIDO_AUTHENTICATOR_STATUS } from '../helpers/constants';
import toHash from '../helpers/toHash';
import validateCertificatePath from '../helpers/validateCertificatePath';
-import convertX509CertToPEM from '../helpers/convertX509CertToPEM';
+import convertCertBufferToPEM from '../helpers/convertCertBufferToPEM';
import convertAAGUIDToString from '../helpers/convertAAGUIDToString';
// TODO: Re-enable this once we figure out logging
// import { log } from '../helpers/logging';
@@ -224,7 +224,7 @@ class MetadataService {
throw new Error(`Latest TOC no. "${payload.no}" is not greater than previous ${no}`);
}
- let fullCertPath = header.x5c.map(convertX509CertToPEM);
+ let fullCertPath = header.x5c.map(convertCertBufferToPEM);
if (rootCertURL.length > 0) {
// Download FIDO the root certificate and append it to the TOC certs
const respFIDORootCert = await fetch(rootCertURL);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-03 03:48:18 +0000