6 files changed, 36 insertions, 23 deletions

diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 3d1397a..9ef6bf8 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -1,13 +1,13 @@
 import base64url from 'base64url';
 
 import type { AttestationObject } from '../../helpers/decodeAttestationObject';
+import type { ParsedAuthenticatorData } from '../../helpers/parseAuthenticatorData';
 import type { VerifiedAttestation } from '../verifyAttestationResponse';
 
 import toHash from '../../helpers/toHash';
 import verifySignature from '../../helpers/verifySignature';
 import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
 import getCertificateInfo from '../../helpers/getCertificateInfo';
-import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 
 /**
  * Verify an attestation response with fmt 'android-safetynet'
@@ -15,10 +15,11 @@ import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 export default function verifyAttestationAndroidSafetyNet(
   attestationObject: AttestationObject,
   base64ClientDataJSON: string,
+  parsedAuthData: ParsedAuthenticatorData,
+  COSEPublicKey: Buffer,
 ): VerifiedAttestation {
   const { attStmt, authData, fmt } = attestationObject;
-  const authDataStruct = parseAuthenticatorData(authData);
-  const { counter, credentialID, flags } = authDataStruct;
+  const { counter, credentialID, flags } = parsedAuthData;
 
   if (!credentialID) {
     throw new Error('No credential ID was provided by authenticator (SafetyNet)');
diff --git a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
index 313bd25..335c239 100644
--- a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
@@ -1,13 +1,13 @@
 import base64url from 'base64url';
 
 import type { AttestationObject } from '../../helpers/decodeAttestationObject';
+import type { ParsedAuthenticatorData } from '../../helpers/parseAuthenticatorData';
 import type { VerifiedAttestation } from '../verifyAttestationResponse';
 
 import toHash from '../../helpers/toHash';
 import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
 import convertASN1toPEM from '../../helpers/convertASN1toPEM';
 import verifySignature from '../../helpers/verifySignature';
-import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 
 /**
  * Verify an attestation response with fmt 'fido-u2f'
@@ -15,11 +15,10 @@ import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 export default function verifyAttestationFIDOU2F(
   attestationObject: AttestationObject,
   base64ClientDataJSON: string,
+  parsedAuthData: ParsedAuthenticatorData,
 ): VerifiedAttestation {
-  const { fmt, authData, attStmt } = attestationObject;
-
-  const authDataStruct = parseAuthenticatorData(authData);
-  const { flags, COSEPublicKey, rpIdHash, credentialID, counter } = authDataStruct;
+  const { fmt, attStmt } = attestationObject;
+  const { flags, COSEPublicKey, rpIdHash, credentialID, counter } = parsedAuthData;
 
   if (!COSEPublicKey) {
     throw new Error('No public key was provided by authenticator (FIDOU2F)');
diff --git a/packages/server/src/attestation/verifications/verifyNone.ts b/packages/server/src/attestation/verifications/verifyNone.ts
index b390471..4ac1988 100644
--- a/packages/server/src/attestation/verifications/verifyNone.ts
+++ b/packages/server/src/attestation/verifications/verifyNone.ts
@@ -1,10 +1,10 @@
 import base64url from 'base64url';
 
 import type { AttestationObject } from '../../helpers/decodeAttestationObject';
+import type { ParsedAuthenticatorData } from '../../helpers/parseAuthenticatorData';
 import type { VerifiedAttestation } from '../verifyAttestationResponse';
 
 import convertCOSEtoPKCS from '../../helpers/convertCOSEtoPKCS';
-import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 
 /**
  * Verify an attestation response with fmt 'none'
@@ -13,11 +13,10 @@ import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
  */
 export default function verifyAttestationNone(
   attestationObject: AttestationObject,
+  parsedAuthData: ParsedAuthenticatorData,
 ): VerifiedAttestation {
   const { fmt, authData } = attestationObject;
-  const authDataStruct = parseAuthenticatorData(authData);
-
-  const { credentialID, COSEPublicKey, counter, flags } = authDataStruct;
+  const { credentialID, COSEPublicKey, counter, flags } = parsedAuthData;
 
   if (!COSEPublicKey) {
     throw new Error('No public key was provided by authenticator (None)');
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 803d327..48764aa 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -4,6 +4,7 @@ import elliptic from 'elliptic';
 import NodeRSA, { SigningSchemeHash } from 'node-rsa';
 
 import type { AttestationObject } from '../../helpers/decodeAttestationObject';
+import type { ParsedAuthenticatorData } from '../../helpers/parseAuthenticatorData';
 import type { VerifiedAttestation } from '../verifyAttestationResponse';
 
 import convertCOSEtoPKCS, {
@@ -14,7 +15,6 @@ import toHash from '../../helpers/toHash';
 import convertASN1toPEM from '../../helpers/convertASN1toPEM';
 import getCertificateInfo from '../../helpers/getCertificateInfo';
 import verifySignature from '../../helpers/verifySignature';
-import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 
 /**
  * Verify an attestation response with fmt 'packed'
@@ -22,13 +22,11 @@ import parseAuthenticatorData from '../../helpers/parseAuthenticatorData';
 export default function verifyAttestationPacked(
   attestationObject: AttestationObject,
   base64ClientDataJSON: string,
+  parsedAuthData: ParsedAuthenticatorData,
 ): VerifiedAttestation {
   const { fmt, authData, attStmt } = attestationObject;
   const { sig, x5c } = attStmt;
-
-  const authDataStruct = parseAuthenticatorData(authData);
-
-  const { COSEPublicKey, counter, credentialID, flags } = authDataStruct;
+  const { COSEPublicKey, counter, credentialID, flags } = parsedAuthData;
 
   if (!COSEPublicKey) {
     throw new Error('No public key was provided by authenticator (Packed)');
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts
index f50b9a1..6b54d8a 100644
--- a/packages/server/src/attestation/verifyAttestationResponse.ts
+++ b/packages/server/src/attestation/verifyAttestationResponse.ts
@@ -52,7 +52,7 @@ export default function verifyAttestationResponse(
   }
 
   const attestationObject = decodeAttestationObject(response.attestationObject);
-  const { fmt, authData, attStmt } = attestationObject;
+  const { fmt, authData } = attestationObject;
 
   const parsedAuthData = parseAuthenticatorData(authData);
   const { rpIdHash, flags, COSEPublicKey } = parsedAuthData;
@@ -89,19 +89,35 @@ export default function verifyAttestationResponse(
    * Verification can only be performed when attestation = 'direct'
    */
   if (fmt === ATTESTATION_FORMATS.FIDO_U2F) {
-    return verifyFIDOU2F(attestationObject, response.clientDataJSON);
+    return verifyFIDOU2F(
+      attestationObject,
+      response.clientDataJSON,
+      parsedAuthData,
+    );
   }
 
   if (fmt === ATTESTATION_FORMATS.PACKED) {
-    return verifyPacked(attestationObject, response.clientDataJSON);
+    return verifyPacked(
+      attestationObject,
+      response.clientDataJSON,
+      parsedAuthData,
+    );
   }
 
   if (fmt === ATTESTATION_FORMATS.ANDROID_SAFETYNET) {
-    return verifyAndroidSafetynet(attestationObject, response.clientDataJSON);
+    return verifyAndroidSafetynet(
+      attestationObject,
+      response.clientDataJSON,
+      parsedAuthData,
+      COSEPublicKey,
+    );
   }
 
   if (fmt === ATTESTATION_FORMATS.NONE) {
-    return verifyNone(attestationObject);
+    return verifyNone(
+      attestationObject,
+      parsedAuthData,
+    );
   }
 
   throw new Error(`Unsupported Attestation Format: ${fmt}`);
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 3177dd5..510c228 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -56,7 +56,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
   };
 }
 
-type ParsedAuthenticatorData = {
+export type ParsedAuthenticatorData = {
   rpIdHash: Buffer;
   flagsBuf: Buffer;
   flags: {