MdsCollection

MdsCollection

A class for managing, validating, and finding metadata that describes authenticators

This class does not do any of the downloading of the TOC or any of the entries in the TOC, but assumes that you can download the data and pass it to this class. This allows for cleverness and flexibility in how, when, and what is downloaded -- while at the same time allowing this class to take care of the not-so-fun parts of validating signatures, hashes, certificat chains, and certificate revocation lists.

Typically this will be created through Fido2Lib#createMdsCollection and then set as the global MDS collection via Fido2Lib#setMdsCollection

Constructor

new MdsCollection() → {MdsCollection}

Description:
  • Creates a new MdsCollection

Source:
Example
var mc = Fido2Lib.createMdsCollection()
// download TOC from https://mds.fidoalliance.org ...
var tocObj = await mc.addToc(tocBase64);
tocObj.entries.forEach((entry) => {
    // download entry.url ...
    mc.addEntry(entryBase64);
});
Fido2Lib.setMdsCollection(mc); // performs validation
var entry = Fido2Lib.findEntry("4e4e#4005");
Returns:

The MDS collection that was created. The freshly created MDS collection has no Table of Contents (TOC) or entries, which must be added through addToc and addEntry, respectively.

Type
MdsCollection

Methods

addEntry(entryStr)

Description:
  • Parses and adds a new MDS entry to the collection. The entry will not be available through findEntry until validate has been called

Source:
Parameters:
Name Type Description
entryStr String

The base64url encoded entry, most likely downloaded from the URL that was found in the Table of Contents (TOC)

(async) addToc(tocStr, rootCert, crls) → {Promise.<Object>}

Description:
  • Validates and stores the Table of Contents (TOC) for future reference. This method validates the TOC JSON Web Token (JWT) signature, as well as the certificate chain. The certiciate chain is validated using the rootCert and crls that are provided.

Source:
Parameters:
Name Type Description
tocStr String

The base64url encoded Table of Contents, as described in the FIDO Metadata Service specification

rootCert Array.<String> | Array.<ArrayBuffer> | String | ArrayBuffer | undefined

One or more root certificates that serve as a trust anchor for the Metadata Service. Certificate format is flexible, and can be a PEM string, a base64 encoded string, or an ArrayBuffer, provieded that each of those formats can be decoded to valid ASN.1 If the rootCert is undefined, then the default FIDO MDS root certificate will be used.

crls Array.<String> | Array.<ArrayBuffer>

An array of Certificate Revocation Lists (CRLs) that should be used when validating the certificate chain. Like rootCert the format of the CRLs is flexible and can be PEM encoded, base64 encoded, or an ArrayBuffer provied that the CRL contains valid ASN.1 encoding.

Returns:

Returns a Promise that resolves to a TOC object, or that rejects with an error.

Type
Promise.<Object>

findEntry(id) → {MdsEntry|null}

Description:
  • Looks up an entry by AAID, AAGUID, or attestationCertificateKeyIdentifiers. Only entries that have been validated will be found.

Source:
Parameters:
Name Type Description
id String | ArrayBuffer

The AAID, AAGUID, or attestationCertificateKeyIdentifiers of the entry to find

Returns:

The MDS entry that was found, or null if no entry was found.

Type
MdsEntry | null

getToc() → {Object|null}

Description:
  • Returns the parsed and validated Table of Contents object from getToc

Source:
Returns:

Returns the TOC if one has been provided to getToc or null if no TOC has been provided yet.

Type
Object | null

(async) validate() → {Promise}

Description:
Source:
Throws:

If a validation error occurs

Type
Error
Returns:

Returns a Promise

Type
Promise