diff options
Diffstat (limited to 'packages/server/src/authentication/verifyAuthenticationResponse.ts')
| -rw-r--r-- | packages/server/src/authentication/verifyAuthenticationResponse.ts | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index f6a437e..adf15e3 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -8,7 +8,6 @@ import { import { decodeClientDataJSON } from '../helpers/decodeClientDataJSON'; import { toHash } from '../helpers/toHash'; -import { convertPublicKeyToPEM } from '../helpers/convertPublicKeyToPEM'; import { verifySignature } from '../helpers/verifySignature'; import { parseAuthenticatorData } from '../helpers/parseAuthenticatorData'; import { isBase64URLString } from '../helpers/isBase64URLString'; @@ -46,9 +45,9 @@ export type VerifyAuthenticationResponseOpts = { * User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional * unless this value is `"required"` */ -export function verifyAuthenticationResponse( +export async function verifyAuthenticationResponse( options: VerifyAuthenticationResponseOpts, -): VerifiedAuthenticationResponse { +): Promise<VerifiedAuthenticationResponse> { const { credential, expectedChallenge, @@ -199,7 +198,6 @@ export function verifyAuthenticationResponse( const clientDataHash = toHash(base64url.toBuffer(response.clientDataJSON)); const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]); - const publicKey = convertPublicKeyToPEM(authenticator.credentialPublicKey); const signature = base64url.toBuffer(response.signature); if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) { @@ -215,7 +213,11 @@ export function verifyAuthenticationResponse( const { credentialDeviceType, credentialBackedUp } = parseBackupFlags(flags); const toReturn = { - verified: verifySignature(signature, signatureBase, publicKey), + verified: await verifySignature({ + signature, + signatureBase, + credentialPublicKey: authenticator.credentialPublicKey, + }), authenticationInfo: { newCounter: counter, credentialID: authenticator.credentialID, |