@@ -97,8 +97,8 @@ discard block |
||
97 | 97 | */ |
98 | 98 | public function __construct($appId, $attestDir = null) |
99 | 99 | { |
100 | - if(OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
101 | - throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
100 | + if (OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
101 | + throw new Error('OpenSSL has to be at least version 1.0.0, this is '.OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
102 | 102 | } |
103 | 103 | $this->appId = $appId; |
104 | 104 | $this->attestDir = $attestDir; |
@@ -135,19 +135,19 @@ discard block |
||
135 | 135 | */ |
136 | 136 | public function doRegister($request, $response, $includeCert = true) |
137 | 137 | { |
138 | - if( !is_object( $request ) ) { |
|
138 | + if (!is_object($request)) { |
|
139 | 139 | throw new \InvalidArgumentException('$request of doRegister() method only accepts object.'); |
140 | 140 | } |
141 | 141 | |
142 | - if( !is_object( $response ) ) { |
|
142 | + if (!is_object($response)) { |
|
143 | 143 | throw new \InvalidArgumentException('$response of doRegister() method only accepts object.'); |
144 | 144 | } |
145 | 145 | |
146 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
147 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
146 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
147 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
148 | 148 | } |
149 | 149 | |
150 | - if( !is_bool( $includeCert ) ) { |
|
150 | + if (!is_bool($includeCert)) { |
|
151 | 151 | throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.'); |
152 | 152 | } |
153 | 153 | |
@@ -156,8 +156,8 @@ discard block |
||
156 | 156 | $clientData = $this->base64u_decode($response->clientData); |
157 | 157 | $cli = json_decode($clientData); |
158 | 158 | |
159 | - if($cli->challenge !== $request->challenge) { |
|
160 | - throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE ); |
|
159 | + if ($cli->challenge !== $request->challenge) { |
|
160 | + throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE); |
|
161 | 161 | } |
162 | 162 | |
163 | 163 | $registration = new Registration(); |
@@ -166,8 +166,8 @@ discard block |
||
166 | 166 | $offs += PUBKEY_LEN; |
167 | 167 | // decode the pubKey to make sure it's good |
168 | 168 | $tmpKey = $this->pubkey_to_pem($pubKey); |
169 | - if($tmpKey === null) { |
|
170 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
169 | + if ($tmpKey === null) { |
|
170 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
171 | 171 | } |
172 | 172 | $registration->publicKey = base64_encode($pubKey); |
173 | 173 | $khLen = $regData[$offs++]; |
@@ -185,17 +185,17 @@ discard block |
||
185 | 185 | $pemCert = "-----BEGIN CERTIFICATE-----\r\n"; |
186 | 186 | $pemCert .= chunk_split(base64_encode($rawCert), 64); |
187 | 187 | $pemCert .= "-----END CERTIFICATE-----"; |
188 | - if($includeCert) { |
|
188 | + if ($includeCert) { |
|
189 | 189 | $registration->certificate = base64_encode($rawCert); |
190 | 190 | } |
191 | - if($this->attestDir) { |
|
192 | - if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
193 | - throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION ); |
|
191 | + if ($this->attestDir) { |
|
192 | + if (openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
193 | + throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION); |
|
194 | 194 | } |
195 | 195 | } |
196 | 196 | |
197 | - if(!openssl_pkey_get_public($pemCert)) { |
|
198 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
197 | + if (!openssl_pkey_get_public($pemCert)) { |
|
198 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
199 | 199 | } |
200 | 200 | $signature = substr($rawReg, $offs); |
201 | 201 | |
@@ -205,10 +205,10 @@ discard block |
||
205 | 205 | $dataToVerify .= $kh; |
206 | 206 | $dataToVerify .= $pubKey; |
207 | 207 | |
208 | - if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
208 | + if (openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
209 | 209 | return $registration; |
210 | 210 | } else { |
211 | - throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE ); |
|
211 | + throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE); |
|
212 | 212 | } |
213 | 213 | } |
214 | 214 | |
@@ -224,7 +224,7 @@ discard block |
||
224 | 224 | $sigs = array(); |
225 | 225 | $challenge = $this->createChallenge(); |
226 | 226 | foreach ($registrations as $reg) { |
227 | - if( !is_object( $reg ) ) { |
|
227 | + if (!is_object($reg)) { |
|
228 | 228 | throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.'); |
229 | 229 | } |
230 | 230 | |
@@ -253,12 +253,12 @@ discard block |
||
253 | 253 | */ |
254 | 254 | public function doAuthenticate(array $requests, array $registrations, $response) |
255 | 255 | { |
256 | - if( !is_object( $response ) ) { |
|
256 | + if (!is_object($response)) { |
|
257 | 257 | throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.'); |
258 | 258 | } |
259 | 259 | |
260 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
261 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
260 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
261 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
262 | 262 | } |
263 | 263 | |
264 | 264 | /** @var object|null $req */ |
@@ -270,35 +270,35 @@ discard block |
||
270 | 270 | $clientData = $this->base64u_decode($response->clientData); |
271 | 271 | $decodedClient = json_decode($clientData); |
272 | 272 | foreach ($requests as $req) { |
273 | - if( !is_object( $req ) ) { |
|
273 | + if (!is_object($req)) { |
|
274 | 274 | throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.'); |
275 | 275 | } |
276 | 276 | |
277 | - if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
277 | + if ($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
278 | 278 | break; |
279 | 279 | } |
280 | 280 | |
281 | 281 | $req = null; |
282 | 282 | } |
283 | - if($req === null) { |
|
284 | - throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST ); |
|
283 | + if ($req === null) { |
|
284 | + throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST); |
|
285 | 285 | } |
286 | 286 | foreach ($registrations as $reg) { |
287 | - if( !is_object( $reg ) ) { |
|
287 | + if (!is_object($reg)) { |
|
288 | 288 | throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.'); |
289 | 289 | } |
290 | 290 | |
291 | - if($reg->keyHandle === $response->keyHandle) { |
|
291 | + if ($reg->keyHandle === $response->keyHandle) { |
|
292 | 292 | break; |
293 | 293 | } |
294 | 294 | $reg = null; |
295 | 295 | } |
296 | - if($reg === null) { |
|
297 | - throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION ); |
|
296 | + if ($reg === null) { |
|
297 | + throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION); |
|
298 | 298 | } |
299 | 299 | $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey)); |
300 | - if($pemKey === null) { |
|
301 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
300 | + if ($pemKey === null) { |
|
301 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
302 | 302 | } |
303 | 303 | |
304 | 304 | $signData = $this->base64u_decode($response->signatureData); |
@@ -307,18 +307,18 @@ discard block |
||
307 | 307 | $dataToVerify .= hash('sha256', $clientData, true); |
308 | 308 | $signature = substr($signData, 5); |
309 | 309 | |
310 | - if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
310 | + if (openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
311 | 311 | $ctr = unpack("Nctr", substr($signData, 1, 4)); |
312 | 312 | $counter = $ctr['ctr']; |
313 | 313 | /* TODO: wrap-around should be handled somehow.. */ |
314 | - if($counter > $reg->counter) { |
|
314 | + if ($counter > $reg->counter) { |
|
315 | 315 | $reg->counter = $counter; |
316 | 316 | return $reg; |
317 | 317 | } else { |
318 | - throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW ); |
|
318 | + throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW); |
|
319 | 319 | } |
320 | 320 | } else { |
321 | - throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE ); |
|
321 | + throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE); |
|
322 | 322 | } |
323 | 323 | } |
324 | 324 | |
@@ -329,9 +329,9 @@ discard block |
||
329 | 329 | { |
330 | 330 | $files = array(); |
331 | 331 | $dir = $this->attestDir; |
332 | - if($dir && $handle = opendir($dir)) { |
|
333 | - while(false !== ($entry = readdir($handle))) { |
|
334 | - if(is_file("$dir/$entry")) { |
|
332 | + if ($dir && $handle = opendir($dir)) { |
|
333 | + while (false !== ($entry = readdir($handle))) { |
|
334 | + if (is_file("$dir/$entry")) { |
|
335 | 335 | $files[] = "$dir/$entry"; |
336 | 336 | } |
337 | 337 | } |
@@ -364,7 +364,7 @@ discard block |
||
364 | 364 | */ |
365 | 365 | private function pubkey_to_pem($key) |
366 | 366 | { |
367 | - if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
367 | + if (strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
368 | 368 | return null; |
369 | 369 | } |
370 | 370 | |
@@ -395,12 +395,12 @@ discard block |
||
395 | 395 | */ |
396 | 396 | private function createChallenge() |
397 | 397 | { |
398 | - $challenge = openssl_random_pseudo_bytes(32, $crypto_strong ); |
|
399 | - if( $crypto_strong !== true ) { |
|
398 | + $challenge = openssl_random_pseudo_bytes(32, $crypto_strong); |
|
399 | + if ($crypto_strong !== true) { |
|
400 | 400 | throw new Error('Unable to obtain a good source of randomness', ERR_BAD_RANDOM); |
401 | 401 | } |
402 | 402 | |
403 | - $challenge = $this->base64u_encode( $challenge ); |
|
403 | + $challenge = $this->base64u_encode($challenge); |
|
404 | 404 | |
405 | 405 | return $challenge; |
406 | 406 | } |
@@ -413,7 +413,7 @@ discard block |
||
413 | 413 | */ |
414 | 414 | private function fixSignatureUnusedBits($cert) |
415 | 415 | { |
416 | - if(in_array(hash('sha256', $cert), $this->FIXCERTS)) { |
|
416 | + if (in_array(hash('sha256', $cert), $this->FIXCERTS)) { |
|
417 | 417 | $cert[strlen($cert) - 257] = "\0"; |
418 | 418 | } |
419 | 419 | return $cert; |