|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2015 SURFnet bv |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Surfnet\StepupGateway\U2fVerificationBundle\Service; |
|
20
|
|
|
|
|
21
|
|
|
use Surfnet\StepupGateway\U2fVerificationBundle\Entity\Registration; |
|
22
|
|
|
use Surfnet\StepupGateway\U2fVerificationBundle\Exception\LogicException; |
|
23
|
|
|
use Surfnet\StepupGateway\U2fVerificationBundle\Value\KeyHandle; |
|
24
|
|
|
use Surfnet\StepupGateway\U2fVerificationBundle\Value\PublicKey; |
|
25
|
|
|
use Surfnet\StepupU2fBundle\Service\RegistrationVerificationResult as U2fRegistrationVerificationResult; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* @SuppressWarnings(PHPMD.TooManyMethods) |
|
29
|
|
|
*/ |
|
30
|
|
|
final class RegistrationVerificationResult |
|
31
|
|
|
{ |
|
32
|
|
|
/** |
|
33
|
|
|
* Registration was a success. |
|
34
|
|
|
*/ |
|
35
|
|
|
const STATUS_SUCCESS = 'SUCCESS'; |
|
36
|
|
|
|
|
37
|
|
|
/** |
|
38
|
|
|
* The response challenge did not match the request challenge. |
|
39
|
|
|
*/ |
|
40
|
|
|
const STATUS_UNMATCHED_REGISTRATION_CHALLENGE = 'UNMATCHED_REGISTRATION_CHALLENGE'; |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* The response was signed by another party than the device, indicating it was tampered with. |
|
44
|
|
|
*/ |
|
45
|
|
|
const STATUS_RESPONSE_NOT_SIGNED_BY_DEVICE = 'RESPONSE_NOT_SIGNED_BY_DEVICE'; |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* The device has not been manufactured by a trusted party. |
|
49
|
|
|
*/ |
|
50
|
|
|
const STATUS_UNTRUSTED_DEVICE = 'UNTRUSTED_DEVICE'; |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* The decoding of the device's public key failed. |
|
54
|
|
|
*/ |
|
55
|
|
|
const STATUS_PUBLIC_KEY_DECODING_FAILED = 'PUBLIC_KEY_DECODING_FAILED'; |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* The U2F device reported an error. |
|
59
|
|
|
* |
|
60
|
|
|
* @see \Surfnet\StepupU2fBundle\Dto\RegisterResponse::$errorCode |
|
61
|
|
|
* @see \Surfnet\StepupU2fBundle\Dto\RegisterResponse::ERROR_CODE_* constants |
|
62
|
|
|
*/ |
|
63
|
|
|
const STATUS_DEVICE_ERROR = 'DEVICE_ERROR'; |
|
64
|
|
|
|
|
65
|
|
|
/** |
|
66
|
|
|
* The AppIDs of the server and a message did not match. |
|
67
|
|
|
*/ |
|
68
|
|
|
const STATUS_APP_ID_MISMATCH = 'APP_ID_MISMATCH'; |
|
69
|
|
|
|
|
70
|
|
|
/** |
|
71
|
|
|
* @var string |
|
72
|
|
|
*/ |
|
73
|
|
|
private $status; |
|
74
|
|
|
|
|
75
|
|
|
/** |
|
76
|
|
|
* @var Registration|null |
|
77
|
|
|
*/ |
|
78
|
|
|
private $registration; |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* @param U2fRegistrationVerificationResult $u2fResult |
|
82
|
|
|
* @return self |
|
83
|
|
|
*/ |
|
84
|
|
|
public static function from(U2fRegistrationVerificationResult $u2fResult) |
|
85
|
|
|
{ |
|
86
|
|
|
$result = new self; |
|
87
|
|
|
|
|
88
|
|
View Code Duplication |
if ($u2fResult->wasSuccessful()) { |
|
|
|
|
|
|
89
|
|
|
$result->status = self::STATUS_SUCCESS; |
|
90
|
|
|
} elseif ($u2fResult->didDeviceReportAnyError()) { |
|
91
|
|
|
$result->status = self::STATUS_DEVICE_ERROR; |
|
92
|
|
|
} elseif ($u2fResult->didResponseChallengeNotMatchRequestChallenge()) { |
|
93
|
|
|
$result->status = self::STATUS_UNMATCHED_REGISTRATION_CHALLENGE; |
|
94
|
|
|
} elseif ($u2fResult->wasResponseNotSignedByDevice()) { |
|
95
|
|
|
$result->status = self::STATUS_RESPONSE_NOT_SIGNED_BY_DEVICE; |
|
96
|
|
|
} elseif ($u2fResult->canDeviceNotBeTrusted()) { |
|
97
|
|
|
$result->status = self::STATUS_UNTRUSTED_DEVICE; |
|
98
|
|
|
} elseif ($u2fResult->didPublicKeyDecodingFail()) { |
|
99
|
|
|
$result->status = self::STATUS_PUBLIC_KEY_DECODING_FAILED; |
|
100
|
|
|
} elseif ($u2fResult->didntAppIdsMatch()) { |
|
101
|
|
|
$result->status = self::STATUS_APP_ID_MISMATCH; |
|
102
|
|
|
} else { |
|
103
|
|
|
throw new LogicException('Unknown registration verification result status'); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
if ($u2fResult->wasSuccessful()) { |
|
107
|
|
|
$result->registration = new Registration( |
|
108
|
|
|
new KeyHandle($u2fResult->getRegistration()->keyHandle), |
|
109
|
|
|
new PublicKey($u2fResult->getRegistration()->publicKey) |
|
110
|
|
|
); |
|
111
|
|
|
} |
|
112
|
|
|
|
|
113
|
|
|
return $result; |
|
114
|
|
|
} |
|
115
|
|
|
|
|
116
|
|
|
/** |
|
117
|
|
|
* @return bool |
|
118
|
|
|
*/ |
|
119
|
|
|
public function wasSuccessful() |
|
120
|
|
|
{ |
|
121
|
|
|
return $this->status === self::STATUS_SUCCESS; |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
/** |
|
125
|
|
|
* @return string |
|
126
|
|
|
*/ |
|
127
|
|
|
public function getStatus() |
|
128
|
|
|
{ |
|
129
|
|
|
return $this->status; |
|
130
|
|
|
} |
|
131
|
|
|
|
|
132
|
|
|
/** |
|
133
|
|
|
* @return null|Registration |
|
134
|
|
|
*/ |
|
135
|
|
|
public function getRegistration() |
|
136
|
|
|
{ |
|
137
|
|
|
if (!$this->wasSuccessful()) { |
|
138
|
|
|
throw new LogicException('The registration was unsuccessful and the registration data is not available'); |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
return $this->registration; |
|
142
|
|
|
} |
|
143
|
|
|
} |
|
144
|
|
|
|
OpenConext /
Stepup-Gateway
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.