Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (unloadedModule)
return;
// console.log(k);
// console.log(JSON.stringify(JSON.parse(textDecoder.decode(Serialize.hexToUint8Array(k.clientDataJSON))), null, 4));
const att = await (cbor as any).decodeFirst(Serialize.hexToUint8Array(k.attestationObject));
// console.log(att);
// console.log(Serialize.arrayToHex(new Uint8Array(att.authData.buffer)));
const data = new DataView(att.authData.buffer);
let pos = 30; // skip unknown
pos += 32; // RP ID hash
const flags = data.getUint8(pos++);
const signCount = data.getUint32(pos);
pos += 4;
if (!(flags & AttestationFlags.attestedCredentialPresent))
throw new Error('attestedCredentialPresent flag not set');
const aaguid = Serialize.arrayToHex(new Uint8Array(data.buffer, pos, 16));
pos += 16;
const credentialIdLength = data.getUint16(pos);
pos += 2;
const credentialId = new Uint8Array(data.buffer, pos, credentialIdLength);
pos += credentialIdLength;
const pubKey = await (cbor as any).decodeFirst(new Uint8Array(data.buffer, pos));
if (Serialize.arrayToHex(credentialId) !== k.id)
throw new Error('Credential ID does not match');
if (pubKey.get(1) !== 2)
throw new Error('Public key is not EC2');
if (pubKey.get(3) !== -7)
throw new Error('Public key is not ES256');
if (pubKey.get(-1) !== 1)
throw new Error('Public key has unsupported curve');
const x = pubKey.get(-2);
const y = pubKey.get(-3);
const data = new DataView(att.authData.buffer);
let pos = 30; // skip unknown
pos += 32; // RP ID hash
const flags = data.getUint8(pos++);
const signCount = data.getUint32(pos);
pos += 4;
if (!(flags & AttestationFlags.attestedCredentialPresent))
throw new Error('attestedCredentialPresent flag not set');
const aaguid = Serialize.arrayToHex(new Uint8Array(data.buffer, pos, 16));
pos += 16;
const credentialIdLength = data.getUint16(pos);
pos += 2;
const credentialId = new Uint8Array(data.buffer, pos, credentialIdLength);
pos += credentialIdLength;
const pubKey = await (cbor as any).decodeFirst(new Uint8Array(data.buffer, pos));
if (Serialize.arrayToHex(credentialId) !== k.id)
throw new Error('Credential ID does not match');
if (pubKey.get(1) !== 2)
throw new Error('Public key is not EC2');
if (pubKey.get(3) !== -7)
throw new Error('Public key is not ES256');
if (pubKey.get(-1) !== 1)
throw new Error('Public key has unsupported curve');
const x = pubKey.get(-2);
const y = pubKey.get(-3);
if (x.length !== 32 || y.length !== 32)
throw new Error('Public key has invalid X or Y size');
const ser = new Serialize.SerialBuffer({textEncoder: new util.TextEncoder(), textDecoder: new util.TextDecoder()});
ser.push((y[31] & 1) ? 3 : 2);
ser.pushArray(x);
ser.push(flagsToPresence(flags));
ser.pushString(k.rpid);
pubKeyCredParams: [{
type: 'public-key',
alg: -7,
}],
timeout: 60000,
challenge: new Uint8Array([
0x8C, 0x0A, 0x26, 0xFF, 0x22, 0x91, 0xC1, 0xE9, 0xB9, 0x4E, 0x2E, 0x17, 0x1A, 0x98, 0x6A, 0x73,
0x71, 0x9D, 0x43, 0x48, 0xD5, 0xA7, 0x6A, 0x15, 0x7E, 0x38, 0x94, 0x52, 0x77, 0x97, 0x0F, 0xEF,
]).buffer,
},
});
console.log(cred);
appState.io.emit('addKey', {
rpid: rp.id,
id: Serialize.arrayToHex(new Uint8Array(cred.rawId)),
attestationObject: Serialize.arrayToHex(new Uint8Array(cred.response.attestationObject)),
clientDataJSON: Serialize.arrayToHex(new Uint8Array(cred.response.clientDataJSON)),
});
} catch (e) {
appendMessage(appState, e);
}
}
type: 'public-key',
alg: -7,
}],
timeout: 60000,
challenge: new Uint8Array([
0x8C, 0x0A, 0x26, 0xFF, 0x22, 0x91, 0xC1, 0xE9, 0xB9, 0x4E, 0x2E, 0x17, 0x1A, 0x98, 0x6A, 0x73,
0x71, 0x9D, 0x43, 0x48, 0xD5, 0xA7, 0x6A, 0x15, 0x7E, 0x38, 0x94, 0x52, 0x77, 0x97, 0x0F, 0xEF,
]).buffer,
},
});
console.log(cred);
appState.io.emit('addKey', {
rpid: rp.id,
id: Serialize.arrayToHex(new Uint8Array(cred.rawId)),
attestationObject: Serialize.arrayToHex(new Uint8Array(cred.response.attestationObject)),
clientDataJSON: Serialize.arrayToHex(new Uint8Array(cred.response.clientDataJSON)),
});
} catch (e) {
appendMessage(appState, e);
}
}
},
pubKeyCredParams: [{
type: 'public-key',
alg: -7,
}],
timeout: 60000,
challenge: new Uint8Array([
0x8C, 0x0A, 0x26, 0xFF, 0x22, 0x91, 0xC1, 0xE9, 0xB9, 0x4E, 0x2E, 0x17, 0x1A, 0x98, 0x6A, 0x73,
0x71, 0x9D, 0x43, 0x48, 0xD5, 0xA7, 0x6A, 0x15, 0x7E, 0x38, 0x94, 0x52, 0x77, 0x97, 0x0F, 0xEF,
]).buffer,
},
});
console.log(cred);
appState.io.emit('addKey', {
rpid: rp.id,
id: Serialize.arrayToHex(new Uint8Array(cred.rawId)),
attestationObject: Serialize.arrayToHex(new Uint8Array(cred.response.attestationObject)),
clientDataJSON: Serialize.arrayToHex(new Uint8Array(cred.response.clientDataJSON)),
});
} catch (e) {
appendMessage(appState, e);
}
}
});
console.log({
flags: ('00' + flags.toString(16)).slice(-2),
signCount,
aaguid,
credentialIdLength,
credentialId: Serialize.arrayToHex(credentialId),
rpid: k.rpid,
presence: flagsToPresence(flags),
x: Serialize.arrayToHex(x),
y: Serialize.arrayToHex(y),
compact: Serialize.arrayToHex(compact),
key,
});
return {
credentialId: Serialize.arrayToHex(credentialId),
key,
};
}
ser.push(flagsToPresence(flags));
ser.pushString(k.rpid);
const compact = ser.asUint8Array();
const key = Numeric.publicKeyToString({
type: Numeric.KeyType.wa,
data: compact,
});
console.log({
flags: ('00' + flags.toString(16)).slice(-2),
signCount,
aaguid,
credentialIdLength,
credentialId: Serialize.arrayToHex(credentialId),
rpid: k.rpid,
presence: flagsToPresence(flags),
x: Serialize.arrayToHex(x),
y: Serialize.arrayToHex(y),
compact: Serialize.arrayToHex(compact),
key,
});
return {
credentialId: Serialize.arrayToHex(credentialId),
key,
};
}
ser.pushString(k.rpid);
const compact = ser.asUint8Array();
const key = Numeric.publicKeyToString({
type: Numeric.KeyType.wa,
data: compact,
});
console.log({
flags: ('00' + flags.toString(16)).slice(-2),
signCount,
aaguid,
credentialIdLength,
credentialId: Serialize.arrayToHex(credentialId),
rpid: k.rpid,
presence: flagsToPresence(flags),
x: Serialize.arrayToHex(x),
y: Serialize.arrayToHex(y),
compact: Serialize.arrayToHex(compact),
key,
});
return {
credentialId: Serialize.arrayToHex(credentialId),
key,
};
}
const ser = new Serialize.SerialBuffer({textEncoder: new util.TextEncoder(), textDecoder: new util.TextDecoder()});
ser.push((y[31] & 1) ? 3 : 2);
ser.pushArray(x);
ser.push(flagsToPresence(flags));
ser.pushString(k.rpid);
const compact = ser.asUint8Array();
const key = Numeric.publicKeyToString({
type: Numeric.KeyType.wa,
data: compact,
});
console.log({
flags: ('00' + flags.toString(16)).slice(-2),
signCount,
aaguid,
credentialIdLength,
credentialId: Serialize.arrayToHex(credentialId),
rpid: k.rpid,
presence: flagsToPresence(flags),
x: Serialize.arrayToHex(x),
y: Serialize.arrayToHex(y),
compact: Serialize.arrayToHex(compact),
key,
});
return {
credentialId: Serialize.arrayToHex(credentialId),
key,
};
}
const compact = ser.asUint8Array();
const key = Numeric.publicKeyToString({
type: Numeric.KeyType.wa,
data: compact,
});
console.log({
flags: ('00' + flags.toString(16)).slice(-2),
signCount,
aaguid,
credentialIdLength,
credentialId: Serialize.arrayToHex(credentialId),
rpid: k.rpid,
presence: flagsToPresence(flags),
x: Serialize.arrayToHex(x),
y: Serialize.arrayToHex(y),
compact: Serialize.arrayToHex(compact),
key,
});
return {
credentialId: Serialize.arrayToHex(credentialId),
key,
};
}