summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/assertion/parseAssertionAuthData.ts28
-rw-r--r--packages/server/src/assertion/verifyAssertionResponse.test.ts4
-rw-r--r--packages/server/src/assertion/verifyAssertionResponse.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts32
-rw-r--r--packages/server/src/attestation/verifications/verifyFIDOU2F.ts5
-rw-r--r--packages/server/src/attestation/verifications/verifyNone.ts4
-rw-r--r--packages/server/src/attestation/verifications/verifyPacked.ts5
-rw-r--r--packages/server/src/helpers/parseAuthenticatorData.ts (renamed from packages/server/src/attestation/parseAttestationAuthData.ts)4
8 files changed, 27 insertions, 59 deletions
diff --git a/packages/server/src/assertion/parseAssertionAuthData.ts b/packages/server/src/assertion/parseAssertionAuthData.ts
deleted file mode 100644
index bdd636a..0000000
--- a/packages/server/src/assertion/parseAssertionAuthData.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-import { ParsedAssertionAuthData } from "@webauthntine/typescript-types";
-
-/**
- * Make sense of the authData buffer contained in an Assertion
- */
-export default function parseAssertionAuthData(authData: Buffer): ParsedAssertionAuthData {
- let intBuffer = authData;
-
- const rpIdHash = intBuffer.slice(0, 32);
- intBuffer = intBuffer.slice(32);
-
- const flagsBuf = intBuffer.slice(0, 1);
- intBuffer = intBuffer.slice(1);
-
- const flags = flagsBuf[0];
- const counterBuf = intBuffer.slice(0, 4);
- intBuffer = intBuffer.slice(4);
-
- const counter = counterBuf.readUInt32BE(0);
-
- return {
- rpIdHash,
- flagsBuf,
- flags,
- counter,
- counterBuf,
- };
-}
diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts
index 9e5b083..81d04b0 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.test.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts
@@ -1,14 +1,14 @@
import verifyAssertionResponse from './verifyAssertionResponse';
import * as decodeClientDataJSON from '../helpers/decodeClientDataJSON';
-import * as parseAssertionAuthData from './parseAssertionAuthData';
+import * as parseAuthenticatorData from '../helpers/parseAuthenticatorData';
let mockDecodeClientData: jest.SpyInstance;
let mockParseAuthData: jest.SpyInstance;
beforeEach(() => {
mockDecodeClientData = jest.spyOn(decodeClientDataJSON, 'default');
- mockParseAuthData = jest.spyOn(parseAssertionAuthData, 'default');
+ mockParseAuthData = jest.spyOn(parseAuthenticatorData, 'default');
});
afterEach(() => {
diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts
index fb668f4..59c3b4e 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.ts
@@ -8,10 +8,10 @@ import {
import decodeClientDataJSON from "@helpers/decodeClientDataJSON";
-import parseAssertionAuthData from './parseAssertionAuthData';
import toHash from '@helpers/toHash';
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import verifySignature from '@helpers/verifySignature';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
* Verify that the user has legitimately completed the login process
@@ -40,7 +40,7 @@ export default function verifyAssertionResponse(
}
const authDataBuffer = base64url.toBuffer(base64AuthenticatorData);
- const authData = parseAssertionAuthData(authDataBuffer);
+ const authDataStruct = parseAuthenticatorData(authDataBuffer);
if (!(authData.flags & U2F_USER_PRESENTED)) {
throw new Error('User was NOT present during assertion!');
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index da69603..5705065 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -11,8 +11,7 @@ import toHash from "@helpers/toHash";
import verifySignature from '@helpers/verifySignature';
import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
import getCertificateInfo from '@helpers/getCertificateInfo';
-
-import parseAttestationAuthData from '../parseAttestationAuthData';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
@@ -23,6 +22,20 @@ export default function verifyAttestationAndroidSafetyNet(
base64ClientDataJSON: string,
): VerifiedAttestation {
const { attStmt, authData, fmt } = attestationObject;
+ const authDataStruct = parseAuthenticatorData(authData);
+ const { counter, credentialID, COSEPublicKey, flags } = authDataStruct;
+
+ if (!flags.up) {
+ throw new Error('User was not present for attestation (None)');
+ }
+
+ if (!COSEPublicKey) {
+ throw new Error('No public key was provided by authenticator (SafetyNet)');
+ }
+
+ if (!credentialID) {
+ throw new Error('No credential ID was provided by authenticator (SafetyNet)');
+ }
if (!attStmt.response) {
throw new Error('No response was included in attStmt by authenticator (SafetyNet)');
@@ -107,21 +120,6 @@ export default function verifyAttestationAndroidSafetyNet(
if (toReturn.verified) {
- const authDataStruct = parseAttestationAuthData(authData);
- const { counter, credentialID, COSEPublicKey, flags } = authDataStruct;
-
- if (!flags.up) {
- throw new Error('User was not present for attestation (None)');
- }
-
- if (!COSEPublicKey) {
- throw new Error('No public key was provided by authenticator (SafetyNet)');
- }
-
- if (!credentialID) {
- throw new Error('No credential ID was provided by authenticator (SafetyNet)');
- }
-
toReturn.userVerified = flags.uv;
const publicKey = convertCOSEtoPKCS(COSEPublicKey);
diff --git a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
index a509d5d..6768abc 100644
--- a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
@@ -5,8 +5,7 @@ import toHash from '@helpers/toHash';
import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import verifySignature from '@helpers/verifySignature';
-
-import parseAttestationAuthData from '../parseAttestationAuthData';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
@@ -18,7 +17,7 @@ export default function verifyAttestationFIDOU2F(
): VerifiedAttestation {
const { fmt, authData, attStmt } = attestationObject;
- const authDataStruct = parseAttestationAuthData(authData);
+ const authDataStruct = parseAuthenticatorData(authData);
const {
flags,
COSEPublicKey,
diff --git a/packages/server/src/attestation/verifications/verifyNone.ts b/packages/server/src/attestation/verifications/verifyNone.ts
index d6d20d0..470a10a 100644
--- a/packages/server/src/attestation/verifications/verifyNone.ts
+++ b/packages/server/src/attestation/verifications/verifyNone.ts
@@ -2,8 +2,8 @@ import base64url from 'base64url';
import { AttestationObject, VerifiedAttestation } from "@webauthntine/typescript-types";
import convertCOSEtoPKCS from "@helpers/convertCOSEtoPKCS";
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
-import parseAttestationAuthData from '../parseAttestationAuthData';
/**
@@ -15,7 +15,7 @@ export default function verifyAttestationNone(
attestationObject: AttestationObject,
): VerifiedAttestation {
const { fmt, authData } = attestationObject;
- const authDataStruct = parseAttestationAuthData(authData);
+ const authDataStruct = parseAuthenticatorData(authData);
const {
credentialID,
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 497cfbe..a40385a 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -9,8 +9,7 @@ import toHash from "@helpers/toHash";
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import getCertificateInfo from '@helpers/getCertificateInfo';
import verifySignature from '@helpers/verifySignature';
-
-import parseAttestationAuthData from '../parseAttestationAuthData';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
@@ -22,7 +21,7 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
const { fmt, authData, attStmt } = attestationObject;
const { sig, x5c, ecdaaKeyId } = attStmt;
- const authDataStruct = parseAttestationAuthData(authData);
+ const authDataStruct = parseAuthenticatorData(authData);
const { COSEPublicKey, counter, credentialID, flags } = authDataStruct;
diff --git a/packages/server/src/attestation/parseAttestationAuthData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index b51af5f..a3dd868 100644
--- a/packages/server/src/attestation/parseAttestationAuthData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -1,9 +1,9 @@
-import { ParsedAttestationAuthData } from "@webauthntine/typescript-types";
+import { ParsedAuthenticatorData } from "@webauthntine/typescript-types";
/**
* Make sense of the authData buffer contained in an Attestation
*/
-export default function parseAttestationAuthData(authData: Buffer): ParsedAttestationAuthData {
+export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenticatorData {
let intBuffer = authData;
const rpIdHash = intBuffer.slice(0, 32);
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 17:19:11 +0000