UNPKG

appattest-checker-node

Version:

Node.JS library to check/verify iOS App Attest attestations & assertions

github.com/srinivas1729/appattest-checker-node

srinivas1729/appattest-checker-node

96 lines (95 loc) 4.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/// <reference types="node" /> import { Buffer } from 'buffer'; import { X509Certificate } from '@peculiar/x509'; /** * iOS App information. */ export interface AppInfo { /** * For apps, this is of the form: <team-id (10-digit)>.<bundle-id>. See docs * regarding App Clip's. */ appId: string; /** * Whether this is for development build or production build. */ developmentEnv: boolean; } /** @internal */ export interface ParsedAttestation { credCert: X509Certificate; intermediateCert: X509Certificate; receipt: Buffer; authData: Buffer; } /** @internal */ export interface VerificationInputs { appInfo: AppInfo; keyId: string; challenge: Buffer; parsedAttestation: ParsedAttestation; } /** Possible errors when verifying an Attestation. */ export type VerifyAttestationError = 'fail_parsing_attestation' | 'fail_credId_len_invalid' | 'fail_credId_mismatch' | 'fail_aaguid_mismatch' | 'fail_signCount_nonZero' | 'fail_rpId_mismatch' | 'fail_keyId_mismatch' | 'fail_nonce_missing' | 'fail_nonce_mismatch' | 'fail_credCert_verify_failure' | 'fail_intermediateCert_verify_failure'; /** * Information returned if Attestation was verified successfully. * * @remark These fields should be persisted for this device (i.e. using some device-id) and will * needed to retrieved to check Assertions later. */ export interface VerifyAttestationSuccessResult { /** Public key that can be used to verify Assertions from a device */ publicKeyPem: string; /** Receipt that can be used assess Fraud risk as described {@link https://developer.apple.com/documentation/devicecheck/assessing_fraud_risk | here} */ receipt: Buffer; } /** Error information if Attestation could not be verified. */ export interface VerifyAttestationFailureResult { verifyError: VerifyAttestationError; errorMessage?: string; } /** Result produced by {@link verifyAttestation} */ export type VerifyAttestationResult = VerifyAttestationSuccessResult | VerifyAttestationFailureResult; /** * Verify Attestation object generated on iOS device using DCAppAttestService per * steps {@link https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server#3576643 | here}. * * @remark On successful verification, the public-key PEM and receipt should be persisted using * some device Id for future lookup. * * @param appInfo App that Attestation was generated for. See {@link AppInfo}. * @param keyId Public key identifier from device that Attestation was generated for. * @param challenge One time challenge used to generated Attestation. * @param attestation Raw attestation data generated during Key attestation. * @returns Result object containing public-key and receipt if verification was successful or * error information if verification failed. */ export declare function verifyAttestation(appInfo: AppInfo, keyId: string, challenge: Buffer, attestation: Buffer): Promise<VerifyAttestationResult>; /** * Set the Apple AppAttest Root Certificate to use during {@link verifyAttestation}. * * @remarks * This API is optional and by default the Certificate bundled with this library will be used. * * @param rootCertPem PEM formatted AppAttest Root Certificate. If null is provided, the * default Certificate bundled with this library will be used instead. */ export declare function setAppAttestRootCertificate(rootCertPem: string | null): void; /** @internal */ export declare function checkCredentialIdPerStep9(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function checkAAGuidPerStep8(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function checkSignCountPerStep7(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function checkRPIdPerStep6(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function checkKeyIdPerStep5(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function setNonceExtensionOID(oid: string): void; /** @internal */ export declare function computeAndCheckNoncePerStep2To4(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function checkCertificatesPerStep1(inputs: VerificationInputs): Promise<VerifyAttestationError | null>; /** @internal */ export declare function parseAttestation(attestation: Buffer): Promise<ParsedAttestation | string>;