Yubico /
php-u2flib-server
@@ -97,8 +97,8 @@ discard block |
||
| 97 | 97 | */ |
| 98 | 98 | public function __construct($appId, $attestDir = null) |
| 99 | 99 | { |
| 100 | - if(OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
| 101 | - throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
| 100 | + if (OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
| 101 | + throw new Error('OpenSSL has to be at least version 1.0.0, this is '.OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
| 102 | 102 | } |
| 103 | 103 | $this->appId = $appId; |
| 104 | 104 | $this->attestDir = $attestDir; |
@@ -135,19 +135,19 @@ discard block |
||
| 135 | 135 | */ |
| 136 | 136 | public function doRegister($request, $response, $includeCert = true) |
| 137 | 137 | { |
| 138 | - if( !is_object( $request ) ) { |
|
| 138 | + if (!is_object($request)) { |
|
| 139 | 139 | throw new \InvalidArgumentException('$request of doRegister() method only accepts object.'); |
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - if( !is_object( $response ) ) { |
|
| 142 | + if (!is_object($response)) { |
|
| 143 | 143 | throw new \InvalidArgumentException('$response of doRegister() method only accepts object.'); |
| 144 | 144 | } |
| 145 | 145 | |
| 146 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
| 147 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
| 146 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
| 147 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
| 148 | 148 | } |
| 149 | 149 | |
| 150 | - if( !is_bool( $includeCert ) ) { |
|
| 150 | + if (!is_bool($includeCert)) { |
|
| 151 | 151 | throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.'); |
| 152 | 152 | } |
| 153 | 153 | |
@@ -156,8 +156,8 @@ discard block |
||
| 156 | 156 | $clientData = $this->base64u_decode($response->clientData); |
| 157 | 157 | $cli = json_decode($clientData); |
| 158 | 158 | |
| 159 | - if($cli->challenge !== $request->challenge) { |
|
| 160 | - throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE ); |
|
| 159 | + if ($cli->challenge !== $request->challenge) { |
|
| 160 | + throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE); |
|
| 161 | 161 | } |
| 162 | 162 | |
| 163 | 163 | $registration = new Registration(); |
@@ -166,8 +166,8 @@ discard block |
||
| 166 | 166 | $offs += PUBKEY_LEN; |
| 167 | 167 | // decode the pubKey to make sure it's good |
| 168 | 168 | $tmpKey = $this->pubkey_to_pem($pubKey); |
| 169 | - if($tmpKey === null) { |
|
| 170 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
| 169 | + if ($tmpKey === null) { |
|
| 170 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
| 171 | 171 | } |
| 172 | 172 | $registration->publicKey = base64_encode($pubKey); |
| 173 | 173 | $khLen = $regData[$offs++]; |
@@ -185,17 +185,17 @@ discard block |
||
| 185 | 185 | $pemCert = "-----BEGIN CERTIFICATE-----\r\n"; |
| 186 | 186 | $pemCert .= chunk_split(base64_encode($rawCert), 64); |
| 187 | 187 | $pemCert .= "-----END CERTIFICATE-----"; |
| 188 | - if($includeCert) { |
|
| 188 | + if ($includeCert) { |
|
| 189 | 189 | $registration->certificate = base64_encode($rawCert); |
| 190 | 190 | } |
| 191 | - if($this->attestDir) { |
|
| 192 | - if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
| 193 | - throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION ); |
|
| 191 | + if ($this->attestDir) { |
|
| 192 | + if (openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
| 193 | + throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION); |
|
| 194 | 194 | } |
| 195 | 195 | } |
| 196 | 196 | |
| 197 | - if(!openssl_pkey_get_public($pemCert)) { |
|
| 198 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
| 197 | + if (!openssl_pkey_get_public($pemCert)) { |
|
| 198 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
| 199 | 199 | } |
| 200 | 200 | $signature = substr($rawReg, $offs); |
| 201 | 201 | |
@@ -205,10 +205,10 @@ discard block |
||
| 205 | 205 | $dataToVerify .= $kh; |
| 206 | 206 | $dataToVerify .= $pubKey; |
| 207 | 207 | |
| 208 | - if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
| 208 | + if (openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
| 209 | 209 | return $registration; |
| 210 | 210 | } else { |
| 211 | - throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE ); |
|
| 211 | + throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE); |
|
| 212 | 212 | } |
| 213 | 213 | } |
| 214 | 214 | |
@@ -224,7 +224,7 @@ discard block |
||
| 224 | 224 | $sigs = array(); |
| 225 | 225 | $challenge = $this->createChallenge(); |
| 226 | 226 | foreach ($registrations as $reg) { |
| 227 | - if( !is_object( $reg ) ) { |
|
| 227 | + if (!is_object($reg)) { |
|
| 228 | 228 | throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.'); |
| 229 | 229 | } |
| 230 | 230 | /** @var Registration $reg */ |
@@ -254,12 +254,12 @@ discard block |
||
| 254 | 254 | */ |
| 255 | 255 | public function doAuthenticate(array $requests, array $registrations, $response) |
| 256 | 256 | { |
| 257 | - if( !is_object( $response ) ) { |
|
| 257 | + if (!is_object($response)) { |
|
| 258 | 258 | throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.'); |
| 259 | 259 | } |
| 260 | 260 | |
| 261 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
| 262 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
| 261 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
| 262 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
| 263 | 263 | } |
| 264 | 264 | |
| 265 | 265 | /** @var object|null $req */ |
@@ -271,35 +271,35 @@ discard block |
||
| 271 | 271 | $clientData = $this->base64u_decode($response->clientData); |
| 272 | 272 | $decodedClient = json_decode($clientData); |
| 273 | 273 | foreach ($requests as $req) { |
| 274 | - if( !is_object( $req ) ) { |
|
| 274 | + if (!is_object($req)) { |
|
| 275 | 275 | throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.'); |
| 276 | 276 | } |
| 277 | 277 | |
| 278 | - if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
| 278 | + if ($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
| 279 | 279 | break; |
| 280 | 280 | } |
| 281 | 281 | |
| 282 | 282 | $req = null; |
| 283 | 283 | } |
| 284 | - if($req === null) { |
|
| 285 | - throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST ); |
|
| 284 | + if ($req === null) { |
|
| 285 | + throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST); |
|
| 286 | 286 | } |
| 287 | 287 | foreach ($registrations as $reg) { |
| 288 | - if( !is_object( $reg ) ) { |
|
| 288 | + if (!is_object($reg)) { |
|
| 289 | 289 | throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.'); |
| 290 | 290 | } |
| 291 | 291 | |
| 292 | - if($reg->keyHandle === $response->keyHandle) { |
|
| 292 | + if ($reg->keyHandle === $response->keyHandle) { |
|
| 293 | 293 | break; |
| 294 | 294 | } |
| 295 | 295 | $reg = null; |
| 296 | 296 | } |
| 297 | - if($reg === null) { |
|
| 298 | - throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION ); |
|
| 297 | + if ($reg === null) { |
|
| 298 | + throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION); |
|
| 299 | 299 | } |
| 300 | 300 | $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey)); |
| 301 | - if($pemKey === null) { |
|
| 302 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
| 301 | + if ($pemKey === null) { |
|
| 302 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
| 303 | 303 | } |
| 304 | 304 | |
| 305 | 305 | $signData = $this->base64u_decode($response->signatureData); |
@@ -308,18 +308,18 @@ discard block |
||
| 308 | 308 | $dataToVerify .= hash('sha256', $clientData, true); |
| 309 | 309 | $signature = substr($signData, 5); |
| 310 | 310 | |
| 311 | - if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
| 311 | + if (openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
| 312 | 312 | $ctr = unpack("Nctr", substr($signData, 1, 4)); |
| 313 | 313 | $counter = $ctr['ctr']; |
| 314 | 314 | /* TODO: wrap-around should be handled somehow.. */ |
| 315 | - if($counter > $reg->counter) { |
|
| 315 | + if ($counter > $reg->counter) { |
|
| 316 | 316 | $reg->counter = $counter; |
| 317 | 317 | return self::castObjectToRegistration($reg); |
| 318 | 318 | } else { |
| 319 | - throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW ); |
|
| 319 | + throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW); |
|
| 320 | 320 | } |
| 321 | 321 | } else { |
| 322 | - throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE ); |
|
| 322 | + throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE); |
|
| 323 | 323 | } |
| 324 | 324 | } |
| 325 | 325 | |
@@ -352,9 +352,9 @@ discard block |
||
| 352 | 352 | { |
| 353 | 353 | $files = array(); |
| 354 | 354 | $dir = $this->attestDir; |
| 355 | - if($dir && $handle = opendir($dir)) { |
|
| 356 | - while(false !== ($entry = readdir($handle))) { |
|
| 357 | - if(is_file("$dir/$entry")) { |
|
| 355 | + if ($dir && $handle = opendir($dir)) { |
|
| 356 | + while (false !== ($entry = readdir($handle))) { |
|
| 357 | + if (is_file("$dir/$entry")) { |
|
| 358 | 358 | $files[] = "$dir/$entry"; |
| 359 | 359 | } |
| 360 | 360 | } |
@@ -387,7 +387,7 @@ discard block |
||
| 387 | 387 | */ |
| 388 | 388 | private function pubkey_to_pem($key) |
| 389 | 389 | { |
| 390 | - if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
| 390 | + if (strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
| 391 | 391 | return null; |
| 392 | 392 | } |
| 393 | 393 | |
@@ -419,7 +419,7 @@ discard block |
||
| 419 | 419 | private function createChallenge() |
| 420 | 420 | { |
| 421 | 421 | $challenge = random_bytes(32); |
| 422 | - $challenge = $this->base64u_encode( $challenge ); |
|
| 422 | + $challenge = $this->base64u_encode($challenge); |
|
| 423 | 423 | |
| 424 | 424 | return $challenge; |
| 425 | 425 | } |
@@ -432,7 +432,7 @@ discard block |
||
| 432 | 432 | */ |
| 433 | 433 | private function fixSignatureUnusedBits($cert) |
| 434 | 434 | { |
| 435 | - if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) { |
|
| 435 | + if (in_array(hash('sha256', $cert), $this->FIXCERTS, true)) { |
|
| 436 | 436 | $cert[strlen($cert) - 257] = "\0"; |
| 437 | 437 | } |
| 438 | 438 | return $cert; |
