@@ -112,8 +112,8 @@ discard block |
||
112 | 112 | */ |
113 | 113 | public function __construct($appId, $attestDir = null) |
114 | 114 | { |
115 | - if(OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
116 | - throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
115 | + if (OPENSSL_VERSION_NUMBER < 0x10000000) { |
|
116 | + throw new Error('OpenSSL has to be at least version 1.0.0, this is '.OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL); |
|
117 | 117 | } |
118 | 118 | $this->appId = $appId; |
119 | 119 | $this->attestDir = $attestDir; |
@@ -150,19 +150,19 @@ discard block |
||
150 | 150 | */ |
151 | 151 | public function doRegister($request, $response, $includeCert = true) |
152 | 152 | { |
153 | - if( !is_object( $request ) ) { |
|
153 | + if (!is_object($request)) { |
|
154 | 154 | throw new \InvalidArgumentException('$request of doRegister() method only accepts object.'); |
155 | 155 | } |
156 | 156 | |
157 | - if( !is_object( $response ) ) { |
|
157 | + if (!is_object($response)) { |
|
158 | 158 | throw new \InvalidArgumentException('$response of doRegister() method only accepts object.'); |
159 | 159 | } |
160 | 160 | |
161 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
162 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
161 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
162 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
163 | 163 | } |
164 | 164 | |
165 | - if( !is_bool( $includeCert ) ) { |
|
165 | + if (!is_bool($includeCert)) { |
|
166 | 166 | throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.'); |
167 | 167 | } |
168 | 168 | |
@@ -171,15 +171,15 @@ discard block |
||
171 | 171 | $clientData = $this->base64u_decode($response->clientData); |
172 | 172 | $cli = json_decode($clientData); |
173 | 173 | |
174 | - if($cli->challenge !== $request->challenge) { |
|
175 | - throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE ); |
|
174 | + if ($cli->challenge !== $request->challenge) { |
|
175 | + throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE); |
|
176 | 176 | } |
177 | 177 | |
178 | - if(isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) { |
|
178 | + if (isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) { |
|
179 | 179 | throw new Error('ClientData type is invalid', ERR_BAD_TYPE); |
180 | 180 | } |
181 | 181 | |
182 | - if(isset($cli->origin) && $cli->origin !== $request->appId) { |
|
182 | + if (isset($cli->origin) && $cli->origin !== $request->appId) { |
|
183 | 183 | throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN); |
184 | 184 | } |
185 | 185 | |
@@ -189,8 +189,8 @@ discard block |
||
189 | 189 | $offs += PUBKEY_LEN; |
190 | 190 | // decode the pubKey to make sure it's good |
191 | 191 | $tmpKey = $this->pubkey_to_pem($pubKey); |
192 | - if($tmpKey === null) { |
|
193 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
192 | + if ($tmpKey === null) { |
|
193 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
194 | 194 | } |
195 | 195 | $registration->publicKey = base64_encode($pubKey); |
196 | 196 | $khLen = $regData[$offs++]; |
@@ -208,17 +208,17 @@ discard block |
||
208 | 208 | $pemCert = "-----BEGIN CERTIFICATE-----\r\n"; |
209 | 209 | $pemCert .= chunk_split(base64_encode($rawCert), 64); |
210 | 210 | $pemCert .= "-----END CERTIFICATE-----"; |
211 | - if($includeCert) { |
|
211 | + if ($includeCert) { |
|
212 | 212 | $registration->certificate = base64_encode($rawCert); |
213 | 213 | } |
214 | - if($this->attestDir) { |
|
215 | - if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
216 | - throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION ); |
|
214 | + if ($this->attestDir) { |
|
215 | + if (openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) { |
|
216 | + throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION); |
|
217 | 217 | } |
218 | 218 | } |
219 | 219 | |
220 | - if(!openssl_pkey_get_public($pemCert)) { |
|
221 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
220 | + if (!openssl_pkey_get_public($pemCert)) { |
|
221 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
222 | 222 | } |
223 | 223 | $signature = substr($rawReg, $offs); |
224 | 224 | |
@@ -228,10 +228,10 @@ discard block |
||
228 | 228 | $dataToVerify .= $kh; |
229 | 229 | $dataToVerify .= $pubKey; |
230 | 230 | |
231 | - if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
231 | + if (openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) { |
|
232 | 232 | return $registration; |
233 | 233 | } else { |
234 | - throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE ); |
|
234 | + throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE); |
|
235 | 235 | } |
236 | 236 | } |
237 | 237 | |
@@ -247,7 +247,7 @@ discard block |
||
247 | 247 | $sigs = array(); |
248 | 248 | $challenge = $this->createChallenge(); |
249 | 249 | foreach ($registrations as $reg) { |
250 | - if( !is_object( $reg ) ) { |
|
250 | + if (!is_object($reg)) { |
|
251 | 251 | throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.'); |
252 | 252 | } |
253 | 253 | /** @var Registration $reg */ |
@@ -277,12 +277,12 @@ discard block |
||
277 | 277 | */ |
278 | 278 | public function doAuthenticate(array $requests, array $registrations, $response) |
279 | 279 | { |
280 | - if( !is_object( $response ) ) { |
|
280 | + if (!is_object($response)) { |
|
281 | 281 | throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.'); |
282 | 282 | } |
283 | 283 | |
284 | - if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) { |
|
285 | - throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING ); |
|
284 | + if (property_exists($response, 'errorCode') && $response->errorCode !== 0) { |
|
285 | + throw new Error('User-agent returned error. Error code: '.$response->errorCode, ERR_BAD_UA_RETURNING); |
|
286 | 286 | } |
287 | 287 | |
288 | 288 | /** @var object|null $req */ |
@@ -294,43 +294,43 @@ discard block |
||
294 | 294 | $clientData = $this->base64u_decode($response->clientData); |
295 | 295 | $decodedClient = json_decode($clientData); |
296 | 296 | |
297 | - if(isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) { |
|
297 | + if (isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) { |
|
298 | 298 | throw new Error('ClientData type is invalid', ERR_BAD_TYPE); |
299 | 299 | } |
300 | 300 | |
301 | 301 | foreach ($requests as $req) { |
302 | - if( !is_object( $req ) ) { |
|
302 | + if (!is_object($req)) { |
|
303 | 303 | throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.'); |
304 | 304 | } |
305 | 305 | |
306 | - if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
306 | + if ($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) { |
|
307 | 307 | break; |
308 | 308 | } |
309 | 309 | |
310 | 310 | $req = null; |
311 | 311 | } |
312 | - if($req === null) { |
|
313 | - throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST ); |
|
312 | + if ($req === null) { |
|
313 | + throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST); |
|
314 | 314 | } |
315 | - if(isset($decodedClient->origin) && $decodedClient->origin !== $req->appId) { |
|
315 | + if (isset($decodedClient->origin) && $decodedClient->origin !== $req->appId) { |
|
316 | 316 | throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN); |
317 | 317 | } |
318 | 318 | foreach ($registrations as $reg) { |
319 | - if( !is_object( $reg ) ) { |
|
319 | + if (!is_object($reg)) { |
|
320 | 320 | throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.'); |
321 | 321 | } |
322 | 322 | |
323 | - if($reg->keyHandle === $response->keyHandle) { |
|
323 | + if ($reg->keyHandle === $response->keyHandle) { |
|
324 | 324 | break; |
325 | 325 | } |
326 | 326 | $reg = null; |
327 | 327 | } |
328 | - if($reg === null) { |
|
329 | - throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION ); |
|
328 | + if ($reg === null) { |
|
329 | + throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION); |
|
330 | 330 | } |
331 | 331 | $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey)); |
332 | - if($pemKey === null) { |
|
333 | - throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE ); |
|
332 | + if ($pemKey === null) { |
|
333 | + throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE); |
|
334 | 334 | } |
335 | 335 | |
336 | 336 | $signData = $this->base64u_decode($response->signatureData); |
@@ -339,22 +339,22 @@ discard block |
||
339 | 339 | $dataToVerify .= hash('sha256', $clientData, true); |
340 | 340 | $signature = substr($signData, 5); |
341 | 341 | |
342 | - if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
342 | + if (openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) { |
|
343 | 343 | $upb = unpack("Cupb", substr($signData, 0, 1)); |
344 | - if($upb['upb'] !== 1) { |
|
345 | - throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE ); |
|
344 | + if ($upb['upb'] !== 1) { |
|
345 | + throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE); |
|
346 | 346 | } |
347 | 347 | $ctr = unpack("Nctr", substr($signData, 1, 4)); |
348 | 348 | $counter = $ctr['ctr']; |
349 | 349 | /* TODO: wrap-around should be handled somehow.. */ |
350 | - if($counter > $reg->counter) { |
|
350 | + if ($counter > $reg->counter) { |
|
351 | 351 | $reg->counter = $counter; |
352 | 352 | return self::castObjectToRegistration($reg); |
353 | 353 | } else { |
354 | - throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW ); |
|
354 | + throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW); |
|
355 | 355 | } |
356 | 356 | } else { |
357 | - throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE ); |
|
357 | + throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE); |
|
358 | 358 | } |
359 | 359 | } |
360 | 360 | |
@@ -387,9 +387,9 @@ discard block |
||
387 | 387 | { |
388 | 388 | $files = array(); |
389 | 389 | $dir = $this->attestDir; |
390 | - if($dir != null && is_dir($dir) && $handle = opendir($dir)) { |
|
391 | - while(false !== ($entry = readdir($handle))) { |
|
392 | - if(is_file("$dir/$entry")) { |
|
390 | + if ($dir != null && is_dir($dir) && $handle = opendir($dir)) { |
|
391 | + while (false !== ($entry = readdir($handle))) { |
|
392 | + if (is_file("$dir/$entry")) { |
|
393 | 393 | $files[] = "$dir/$entry"; |
394 | 394 | } |
395 | 395 | } |
@@ -424,7 +424,7 @@ discard block |
||
424 | 424 | */ |
425 | 425 | private function pubkey_to_pem($key) |
426 | 426 | { |
427 | - if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
427 | + if (strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") { |
|
428 | 428 | return null; |
429 | 429 | } |
430 | 430 | |
@@ -456,7 +456,7 @@ discard block |
||
456 | 456 | private function createChallenge() |
457 | 457 | { |
458 | 458 | $challenge = random_bytes(32); |
459 | - $challenge = $this->base64u_encode( $challenge ); |
|
459 | + $challenge = $this->base64u_encode($challenge); |
|
460 | 460 | |
461 | 461 | return $challenge; |
462 | 462 | } |
@@ -469,7 +469,7 @@ discard block |
||
469 | 469 | */ |
470 | 470 | private function fixSignatureUnusedBits($cert) |
471 | 471 | { |
472 | - if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) { |
|
472 | + if (in_array(hash('sha256', $cert), $this->FIXCERTS, true)) { |
|
473 | 473 | $cert[strlen($cert) - 257] = "\0"; |
474 | 474 | } |
475 | 475 | return $cert; |