summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packages/server/src/assertion/verifyAssertionResponse.ts4
-rw-r--r--packages/server/src/attestation/verifications/tpm/verifyTPM.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidKey.ts6
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts6
-rw-r--r--packages/server/src/attestation/verifications/verifyFIDOU2F.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyPacked.ts4
-rw-r--r--packages/server/src/helpers/convertX509CertToPEM.ts (renamed from packages/server/src/helpers/convertASN1toPEM.ts)4
-rw-r--r--packages/server/src/metadata/metadataService.ts4
-rw-r--r--packages/server/src/metadata/verifyAttestationWithMetadata.ts6
9 files changed, 21 insertions, 21 deletions
diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts
index 6d4e8ab..c954af7 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.ts
@@ -3,7 +3,7 @@ import { AssertionCredentialJSON, AuthenticatorDevice } from '@simplewebauthn/ty
import decodeClientDataJSON from '../helpers/decodeClientDataJSON';
import toHash from '../helpers/toHash';
-import convertASN1toPEM from '../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../helpers/convertX509CertToPEM';
import verifySignature from '../helpers/verifySignature';
import parseAuthenticatorData from '../helpers/parseAuthenticatorData';
import isBase64URLString from '../helpers/isBase64URLString';
@@ -139,7 +139,7 @@ export default function verifyAssertionResponse(options: Options): VerifiedAsser
const clientDataHash = toHash(base64url.toBuffer(response.clientDataJSON));
const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]);
- const publicKey = convertASN1toPEM(base64url.toBuffer(authenticator.publicKey));
+ const publicKey = convertX509CertToPEM(base64url.toBuffer(authenticator.publicKey));
const signature = base64url.toBuffer(response.signature);
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
diff --git a/packages/server/src/attestation/verifications/tpm/verifyTPM.ts b/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
index 70366aa..c731af0 100644
--- a/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
+++ b/packages/server/src/attestation/verifications/tpm/verifyTPM.ts
@@ -12,7 +12,7 @@ import type { AttestationStatement } from '../../../helpers/decodeAttestationObj
import decodeCredentialPublicKey from '../../../helpers/decodeCredentialPublicKey';
import { COSEKEYS, COSEALGHASH } from '../../../helpers/convertCOSEtoPKCS';
import toHash from '../../../helpers/toHash';
-import convertASN1toPEM from '../../../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../../../helpers/convertX509CertToPEM';
import getCertificateInfo from '../../../helpers/getCertificateInfo';
import verifySignature from '../../../helpers/verifySignature';
import MetadataService from '../../../metadata/metadataService';
@@ -177,7 +177,7 @@ export default async function verifyTPM(options: Options): Promise<boolean> {
}
// Pick a leaf AIK certificate of the x5c array and parse it.
- const leafCertPEM = convertASN1toPEM(x5c[0]);
+ const leafCertPEM = convertX509CertToPEM(x5c[0]);
const leafCertInfo = getCertificateInfo(leafCertPEM);
const { basicConstraintsCA, version, subject, notAfter, notBefore } = leafCertInfo;
diff --git a/packages/server/src/attestation/verifications/verifyAndroidKey.ts b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
index 989c210..dbe6f96 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidKey.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidKey.ts
@@ -3,7 +3,7 @@ import { Certificate } from '@peculiar/asn1-x509';
import { KeyDescription, id_ce_keyDescription } from '@peculiar/asn1-android';
import type { AttestationStatement } from '../../helpers/decodeAttestationObject';
-import convertASN1toPEM from '../../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
import verifySignature from '../../helpers/verifySignature';
import convertCOSEtoPKCS, { COSEALGHASH } from '../../helpers/convertCOSEtoPKCS';
import MetadataService from '../../metadata/metadataService';
@@ -76,7 +76,7 @@ export default async function verifyAttestationAndroidKey(options: Options): Pro
}
// TODO: Confirm that the root certificate is an expected certificate
- // const rootCertPEM = convertASN1toPEM(x5c[x5c.length - 1]);
+ // const rootCertPEM = convertX509CertToPEM(x5c[x5c.length - 1]);
// console.log(rootCertPEM);
// if (rootCertPEM !== expectedRootCert) {
@@ -93,7 +93,7 @@ export default async function verifyAttestationAndroidKey(options: Options): Pro
}
const signatureBase = Buffer.concat([authData, clientDataHash]);
- const leafCertPEM = convertASN1toPEM(x5c[0]);
+ const leafCertPEM = convertX509CertToPEM(x5c[0]);
const hashAlg = COSEALGHASH[alg as number];
return verifySignature(sig, signatureBase, leafCertPEM, hashAlg);
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 5b09724..4ce7f36 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -6,7 +6,7 @@ import toHash from '../../helpers/toHash';
import verifySignature from '../../helpers/verifySignature';
import getCertificateInfo from '../../helpers/getCertificateInfo';
import validateCertificatePath from '../../helpers/validateCertificatePath';
-import convertASN1toPEM from '../../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
import MetadataService from '../../metadata/metadataService';
import verifyAttestationWithMetadata from '../../metadata/verifyAttestationWithMetadata';
@@ -81,7 +81,7 @@ export default async function verifyAttestationAndroidSafetyNet(
/**
* START Verify Header
*/
- const leafCert = convertASN1toPEM(HEADER.x5c[0]);
+ const leafCert = convertX509CertToPEM(HEADER.x5c[0]);
const leafCertInfo = getCertificateInfo(leafCert);
const { subject } = leafCertInfo;
@@ -103,7 +103,7 @@ export default async function verifyAttestationAndroidSafetyNet(
}
} else {
// Validate certificate path using a fixed global root cert
- const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertASN1toPEM);
+ const path = HEADER.x5c.concat([GlobalSignRootCAR2]).map(convertX509CertToPEM);
try {
await validateCertificatePath(path);
diff --git a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
index dbfffa2..47f4db0 100644
--- a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
@@ -1,7 +1,7 @@
import type { AttestationStatement } from '../../helpers/decodeAttestationObject';
import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
-import convertASN1toPEM from '../../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
import verifySignature from '../../helpers/verifySignature';
type Options = {
@@ -53,7 +53,7 @@ export default function verifyAttestationFIDOU2F(options: Options): boolean {
throw new Error(`AAGUID "${aaguidToHex}" was not expected value`);
}
- const publicKeyCertPEM = convertASN1toPEM(x5c[0]);
+ const publicKeyCertPEM = convertX509CertToPEM(x5c[0]);
return verifySignature(sig, signatureBase, publicKeyCertPEM);
}
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 8daec8e..f16aa50 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -11,7 +11,7 @@ import convertCOSEtoPKCS, {
} from '../../helpers/convertCOSEtoPKCS';
import { FIDO_METADATA_ATTESTATION_TYPES } from '../../helpers/constants';
import toHash from '../../helpers/toHash';
-import convertASN1toPEM from '../../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../../helpers/convertX509CertToPEM';
import getCertificateInfo from '../../helpers/getCertificateInfo';
import verifySignature from '../../helpers/verifySignature';
import decodeCredentialPublicKey from '../../helpers/decodeCredentialPublicKey';
@@ -48,7 +48,7 @@ export default async function verifyAttestationPacked(options: Options): Promise
const pkcsPublicKey = convertCOSEtoPKCS(credentialPublicKey);
if (x5c) {
- const leafCert = convertASN1toPEM(x5c[0]);
+ const leafCert = convertX509CertToPEM(x5c[0]);
const { subject, basicConstraintsCA, version, notBefore, notAfter } = getCertificateInfo(
leafCert,
);
diff --git a/packages/server/src/helpers/convertASN1toPEM.ts b/packages/server/src/helpers/convertX509CertToPEM.ts
index b6dd814..3bbb0d9 100644
--- a/packages/server/src/helpers/convertASN1toPEM.ts
+++ b/packages/server/src/helpers/convertX509CertToPEM.ts
@@ -2,12 +2,12 @@ import base64url from 'base64url';
import type { Base64URLString } from '@simplewebauthn/typescript-types';
/**
- * Convert binary certificate or public key to an OpenSSL-compatible PEM text format.
+ * Convert X.509 certificate to an OpenSSL-compatible PEM text format.
*
* @param buffer - Cert or PubKey buffer
* @return PEM
*/
-export default function convertASN1toPEM(pkBuffer: Buffer | Base64URLString): string {
+export default function convertX509CertToPEM(pkBuffer: Buffer | Base64URLString): string {
let buffer: Buffer;
if (typeof pkBuffer === 'string') {
buffer = base64url.toBuffer(pkBuffer);
diff --git a/packages/server/src/metadata/metadataService.ts b/packages/server/src/metadata/metadataService.ts
index b4ae295..56163e8 100644
--- a/packages/server/src/metadata/metadataService.ts
+++ b/packages/server/src/metadata/metadataService.ts
@@ -6,7 +6,7 @@ import base64url from 'base64url';
import { FIDO_AUTHENTICATOR_STATUS } from '../helpers/constants';
import toHash from '../helpers/toHash';
import validateCertificatePath from '../helpers/validateCertificatePath';
-import convertASN1toPEM from '../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../helpers/convertX509CertToPEM';
import convertAAGUIDToString from '../helpers/convertAAGUIDToString';
import parseJWT from './parseJWT';
@@ -212,7 +212,7 @@ class MetadataService {
throw new Error(`Latest TOC no. "${payload.no}" is not greater than previous ${no}`);
}
- let fullCertPath = header.x5c.map(convertASN1toPEM);
+ let fullCertPath = header.x5c.map(convertX509CertToPEM);
if (rootCertURL.length > 0) {
// Download FIDO the root certificate and append it to the TOC certs
const respFIDORootCert = await fetch(rootCertURL);
diff --git a/packages/server/src/metadata/verifyAttestationWithMetadata.ts b/packages/server/src/metadata/verifyAttestationWithMetadata.ts
index 085144e..63ea1f6 100644
--- a/packages/server/src/metadata/verifyAttestationWithMetadata.ts
+++ b/packages/server/src/metadata/verifyAttestationWithMetadata.ts
@@ -2,7 +2,7 @@ import { Base64URLString } from '@simplewebauthn/typescript-types';
import { MetadataStatement } from './metadataService';
import { FIDO_METADATA_AUTH_ALG_TO_COSE } from '../helpers/constants';
-import convertASN1toPEM from '../helpers/convertASN1toPEM';
+import convertX509CertToPEM from '../helpers/convertX509CertToPEM';
import validateCertificatePath from '../helpers/validateCertificatePath';
export default async function verifyAttestationWithMetadata(
@@ -17,14 +17,14 @@ export default async function verifyAttestationWithMetadata(
}
// Make a copy of x5c so we don't modify the original
- const path = [...x5c].map(convertASN1toPEM);
+ const path = [...x5c].map(convertX509CertToPEM);
// Try to validate the chain with each metadata root cert until we find one that works
let foundValidPath = false;
for (const rootCert of statement.attestationRootCertificates) {
try {
// Push the root cert to the cert path and try to validate it
- path.push(convertASN1toPEM(rootCert));
+ path.push(convertX509CertToPEM(rootCert));
foundValidPath = await validateCertificatePath(path);
} catch (err) {
// Swallow the error for now
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-28 19:08:11 +0000