1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace MadWizard\WebAuthn\Policy\Trust; |
4
|
|
|
|
5
|
|
|
use MadWizard\WebAuthn\Attestation\TrustAnchor\MetadataInterface; |
6
|
|
|
use MadWizard\WebAuthn\Exception\UntrustedException; |
7
|
|
|
use MadWizard\WebAuthn\Exception\WebAuthnException; |
8
|
|
|
use MadWizard\WebAuthn\Policy\Trust\Voter\TrustVoterInterface; |
9
|
|
|
use MadWizard\WebAuthn\Server\Registration\RegistrationResultInterface; |
10
|
|
|
use Psr\Log\LoggerAwareInterface; |
11
|
|
|
use Psr\Log\LoggerAwareTrait; |
12
|
|
|
use Psr\Log\NullLogger; |
13
|
|
|
|
14
|
|
|
final class TrustDecisionManager implements TrustDecisionManagerInterface, LoggerAwareInterface |
15
|
|
|
{ |
16
|
|
|
use LoggerAwareTrait; |
17
|
|
|
|
18
|
|
|
/** |
19
|
|
|
* @var TrustVoterInterface[] |
20
|
|
|
*/ |
21
|
|
|
private $voters = []; |
22
|
|
|
|
23
|
24 |
|
public function __construct() |
24
|
|
|
{ |
25
|
24 |
|
$this->logger = new NullLogger(); |
26
|
24 |
|
} |
27
|
|
|
|
28
|
18 |
|
public function addVoter(TrustVoterInterface $trustVoter): self |
29
|
|
|
{ |
30
|
18 |
|
$this->voters[] = $trustVoter; |
31
|
18 |
|
return $this; |
32
|
|
|
} |
33
|
|
|
|
34
|
1 |
|
public function verifyTrust(RegistrationResultInterface $registrationResult, ?MetadataInterface $metadata): void |
35
|
|
|
{ |
36
|
1 |
|
$trusted = false; |
37
|
1 |
|
$trustPath = $registrationResult->getVerificationResult()->getTrustPath(); |
38
|
1 |
|
foreach ($this->voters as $voter) { |
39
|
1 |
|
$vote = $voter->voteOnTrust($registrationResult, $trustPath, $metadata); |
40
|
1 |
|
if ($vote->isTrusted()) { |
41
|
1 |
|
$this->logger->debug("Voter {class} voted 'trusted'.", ['class' => get_class($voter)]); |
42
|
1 |
|
$trusted = true; |
43
|
1 |
|
} elseif ($vote->isUntrusted()) { |
44
|
|
|
$this->logger->debug("Voter {class} voted 'untrusted'.", ['class' => get_class($voter), 'reason' => $vote->getReason()]); |
45
|
|
|
throw UntrustedException::createWithReason($vote->getReason()); |
46
|
1 |
|
} elseif ($vote->isAbstain()) { |
47
|
1 |
|
$this->logger->debug('Voter {class} abstained from voting.', ['class' => get_class($voter)]); |
48
|
|
|
} else { |
49
|
|
|
throw new WebAuthnException('Unsupported vote type.'); |
50
|
|
|
} |
51
|
|
|
} |
52
|
|
|
|
53
|
1 |
|
if (!$trusted) { |
54
|
|
|
$this->logger->debug('No voter trusted the registration.'); |
55
|
|
|
throw UntrustedException::createWithReason('No voter trusted the registration.'); |
56
|
|
|
} |
57
|
1 |
|
} |
58
|
|
|
} |
59
|
|
|
|