platine-php /
webauthn
@@ -284,7 +284,7 @@ |
||
| 284 | 284 | |
| 285 | 285 | $extensionData = CborDecoder::decode($data); |
| 286 | 286 | |
| 287 | - if (! is_array($extensionData)) { |
|
| 287 | + if (!is_array($extensionData)) { |
|
| 288 | 288 | throw new WebauthnException('Invalid extension data'); |
| 289 | 289 | } |
| 290 | 290 | |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | 'hash' => 'SHA1', |
| 189 | 189 | 'openssl' => OPENSSL_ALGO_SHA1, |
| 190 | 190 | 'cose' => [ |
| 191 | - -65535, // RS1 |
|
| 191 | + -65535, // RS1 |
|
| 192 | 192 | ], |
| 193 | 193 | ], |
| 194 | 194 | [ |
@@ -196,9 +196,9 @@ discard block |
||
| 196 | 196 | 'openssl' => OPENSSL_ALGO_SHA256, |
| 197 | 197 | 'cose' => [ |
| 198 | 198 | -257, // RS256 |
| 199 | - -37, // PS256 |
|
| 200 | - -7, // ES256 |
|
| 201 | - 5, // HMAC256 |
|
| 199 | + -37, // PS256 |
|
| 200 | + -7, // ES256 |
|
| 201 | + 5, // HMAC256 |
|
| 202 | 202 | ], |
| 203 | 203 | ], |
| 204 | 204 | [ |
@@ -206,9 +206,9 @@ discard block |
||
| 206 | 206 | 'openssl' => OPENSSL_ALGO_SHA384, |
| 207 | 207 | 'cose' => [ |
| 208 | 208 | -258, // RS384 |
| 209 | - -38, // PS384 |
|
| 210 | - -35, // ES384 |
|
| 211 | - 6, // HMAC384 |
|
| 209 | + -38, // PS384 |
|
| 210 | + -35, // ES384 |
|
| 211 | + 6, // HMAC384 |
|
| 212 | 212 | ], |
| 213 | 213 | ], |
| 214 | 214 | [ |
@@ -216,9 +216,9 @@ discard block |
||
| 216 | 216 | 'openssl' => OPENSSL_ALGO_SHA512, |
| 217 | 217 | 'cose' => [ |
| 218 | 218 | -259, // RS512 |
| 219 | - -39, // PS512 |
|
| 220 | - -36, // ES512 |
|
| 221 | - 7, // HMAC512 |
|
| 219 | + -39, // PS512 |
|
| 220 | + -36, // ES512 |
|
| 221 | + 7, // HMAC512 |
|
| 222 | 222 | ], |
| 223 | 223 | ], |
| 224 | 224 | ]; |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | $attestationStatement = $this->attestationData['attStmt']; |
| 63 | 63 | |
| 64 | 64 | if ( |
| 65 | - ! array_key_exists('ver', $attestationStatement) || |
|
| 65 | + !array_key_exists('ver', $attestationStatement) || |
|
| 66 | 66 | $attestationStatement['ver'] !== '2.0' |
| 67 | 67 | ) { |
| 68 | 68 | throw new WebauthnException(sprintf( |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | } |
| 73 | 73 | |
| 74 | 74 | if ( |
| 75 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 75 | + !array_key_exists('alg', $attestationStatement) || |
|
| 76 | 76 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 77 | 77 | ) { |
| 78 | 78 | throw new WebauthnException(sprintf( |
@@ -82,22 +82,22 @@ discard block |
||
| 82 | 82 | } |
| 83 | 83 | |
| 84 | 84 | if ( |
| 85 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 86 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 85 | + !array_key_exists('sig', $attestationStatement) || |
|
| 86 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 87 | 87 | ) { |
| 88 | 88 | throw new WebauthnException('No signature found'); |
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | if ( |
| 92 | - ! array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | - ! $attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 92 | + !array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | + !$attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 94 | 94 | ) { |
| 95 | 95 | throw new WebauthnException('No certificate information found'); |
| 96 | 96 | } |
| 97 | 97 | |
| 98 | 98 | if ( |
| 99 | - ! array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | - ! $attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 99 | + !array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | + !$attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 101 | 101 | ) { |
| 102 | 102 | throw new WebauthnException('No public area information found'); |
| 103 | 103 | } |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | ) { |
| 115 | 115 | // The attestation certificate attestnCert MUST be the first element in the array |
| 116 | 116 | $attestCert = array_shift($attestationStatement['x5c']); |
| 117 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 117 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 118 | 118 | throw new WebauthnException('Invalid X5C certificate'); |
| 119 | 119 | } |
| 120 | 120 | |
@@ -90,14 +90,14 @@ |
||
| 90 | 90 | */ |
| 91 | 91 | public function __construct(int $binaryFlag) |
| 92 | 92 | { |
| 93 | - $this->bit0 = !! ($binaryFlag & 1); |
|
| 94 | - $this->bit1 = !! ($binaryFlag & 2); |
|
| 95 | - $this->bit2 = !! ($binaryFlag & 4); |
|
| 96 | - $this->bit3 = !! ($binaryFlag & 8); |
|
| 97 | - $this->bit4 = !! ($binaryFlag & 16); |
|
| 98 | - $this->bit5 = !! ($binaryFlag & 32); |
|
| 99 | - $this->bit6 = !! ($binaryFlag & 64); |
|
| 100 | - $this->bit7 = !! ($binaryFlag & 128); |
|
| 93 | + $this->bit0 = !!($binaryFlag & 1); |
|
| 94 | + $this->bit1 = !!($binaryFlag & 2); |
|
| 95 | + $this->bit2 = !!($binaryFlag & 4); |
|
| 96 | + $this->bit3 = !!($binaryFlag & 8); |
|
| 97 | + $this->bit4 = !!($binaryFlag & 16); |
|
| 98 | + $this->bit5 = !!($binaryFlag & 32); |
|
| 99 | + $this->bit6 = !!($binaryFlag & 64); |
|
| 100 | + $this->bit7 = !!($binaryFlag & 128); |
|
| 101 | 101 | |
| 102 | 102 | $this->userPresent = $this->bit0; |
| 103 | 103 | $this->userVerified = $this->bit2; |
@@ -40,7 +40,7 @@ |
||
| 40 | 40 | */ |
| 41 | 41 | public function __construct(string $binaryData) |
| 42 | 42 | { |
| 43 | - $this->data = (string)$binaryData; |
|
| 43 | + $this->data = (string) $binaryData; |
|
| 44 | 44 | $this->length = strlen($binaryData); |
| 45 | 45 | } |
| 46 | 46 | |
@@ -85,21 +85,21 @@ |
||
| 85 | 85 | } |
| 86 | 86 | |
| 87 | 87 | if ( |
| 88 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 89 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 88 | + !array_key_exists('sig', $attestationStatement) || |
|
| 89 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 90 | 90 | ) { |
| 91 | 91 | throw new WebauthnException('No signature found'); |
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | if ( |
| 95 | - ! array_key_exists('x5c', $attestationStatement) || |
|
| 96 | - ! is_array($attestationStatement['x5c']) || |
|
| 95 | + !array_key_exists('x5c', $attestationStatement) || |
|
| 96 | + !is_array($attestationStatement['x5c']) || |
|
| 97 | 97 | count($attestationStatement['x5c']) !== 1 |
| 98 | 98 | ) { |
| 99 | 99 | throw new WebauthnException('Invalid X5C certificate'); |
| 100 | 100 | } |
| 101 | 101 | |
| 102 | - if (! $attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 102 | + if (!$attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 103 | 103 | throw new WebauthnException('Invalid X5C certificate must be Byte Buffer)'); |
| 104 | 104 | } |
| 105 | 105 | |
@@ -75,15 +75,15 @@ discard block |
||
| 75 | 75 | // check u2f data |
| 76 | 76 | $attestationStatement = $this->attestationData['attStmt']; |
| 77 | 77 | if ( |
| 78 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 78 | + !array_key_exists('alg', $attestationStatement) || |
|
| 79 | 79 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 80 | 80 | ) { |
| 81 | 81 | throw new WebauthnException('Unsupported algorithm or not provided'); |
| 82 | 82 | } |
| 83 | 83 | |
| 84 | 84 | if ( |
| 85 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 86 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 85 | + !array_key_exists('sig', $attestationStatement) || |
|
| 86 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 87 | 87 | ) { |
| 88 | 88 | throw new WebauthnException('No signature found'); |
| 89 | 89 | } |
@@ -98,7 +98,7 @@ discard block |
||
| 98 | 98 | ) { |
| 99 | 99 | // The attestation certificate attestnCert MUST be the first element in the array |
| 100 | 100 | $attestCert = array_shift($attestationStatement['x5c']); |
| 101 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 101 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 102 | 102 | throw new WebauthnException('Invalid X5C certificate'); |
| 103 | 103 | } |
| 104 | 104 | |
@@ -130,7 +130,7 @@ discard block |
||
| 130 | 130 | */ |
| 131 | 131 | public function validateAttestation(string $clientData): bool |
| 132 | 132 | { |
| 133 | - if (! empty($this->x5c)) { |
|
| 133 | + if (!empty($this->x5c)) { |
|
| 134 | 134 | return $this->validateOverX5C($clientData); |
| 135 | 135 | } |
| 136 | 136 | |
@@ -100,11 +100,11 @@ discard block |
||
| 100 | 100 | */ |
| 101 | 101 | public function __construct(WebauthnConfiguration $config, array $allowedFormats = []) |
| 102 | 102 | { |
| 103 | - if (! function_exists('openssl_open')) { |
|
| 103 | + if (!function_exists('openssl_open')) { |
|
| 104 | 104 | throw new WebauthnException('OpenSSL module not installed in this platform'); |
| 105 | 105 | } |
| 106 | 106 | |
| 107 | - if (! in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 107 | + if (!in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 108 | 108 | throw new WebauthnException('SHA256 is not supported by this OpenSSL installation'); |
| 109 | 109 | } |
| 110 | 110 | |
@@ -123,7 +123,7 @@ discard block |
||
| 123 | 123 | * @param string|array<string> $path |
| 124 | 124 | * @return $this |
| 125 | 125 | */ |
| 126 | - public function addRootCertificate(string|array $path): self |
|
| 126 | + public function addRootCertificate(string | array $path): self |
|
| 127 | 127 | { |
| 128 | 128 | if (is_array($path)) { |
| 129 | 129 | foreach ($path as $p) { |
@@ -256,14 +256,14 @@ discard block |
||
| 256 | 256 | public function processRegistration( |
| 257 | 257 | string $clientDataJson, |
| 258 | 258 | string $attestationObject, |
| 259 | - ByteBuffer|string $challenge, |
|
| 259 | + ByteBuffer | string $challenge, |
|
| 260 | 260 | bool $requireUserVerification = false, |
| 261 | 261 | bool $requireUserPresent = true, |
| 262 | 262 | bool $failIfRootCertificateMismatch = true |
| 263 | 263 | ): array { |
| 264 | 264 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 265 | 265 | if (is_string($challenge)) { |
| 266 | - $challenge = new ByteBuffer($challenge); |
|
| 266 | + $challenge = new ByteBuffer($challenge); |
|
| 267 | 267 | } |
| 268 | 268 | |
| 269 | 269 | // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential |
@@ -276,21 +276,21 @@ discard block |
||
| 276 | 276 | } |
| 277 | 277 | |
| 278 | 278 | // 3. Verify that the value of C.type is webauthn.create. |
| 279 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 279 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 280 | 280 | throw new WebauthnException('Invalid client type provided'); |
| 281 | 281 | } |
| 282 | 282 | |
| 283 | 283 | // 4. Verify that the value of C.challenge matches the challenge that was |
| 284 | 284 | // sent to the authenticator in the create() call. |
| 285 | 285 | if ( |
| 286 | - ! isset($clientData->challenge) || |
|
| 286 | + !isset($clientData->challenge) || |
|
| 287 | 287 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 288 | 288 | ) { |
| 289 | 289 | throw new WebauthnException('Invalid challenge provided'); |
| 290 | 290 | } |
| 291 | 291 | |
| 292 | 292 | // 5. Verify that the value of C.origin matches the Relying Party's origin. |
| 293 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 293 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 294 | 294 | throw new WebauthnException('Invalid origin provided'); |
| 295 | 295 | } |
| 296 | 296 | |
@@ -373,13 +373,13 @@ discard block |
||
| 373 | 373 | string $authenticatorData, |
| 374 | 374 | string $signature, |
| 375 | 375 | string $credentialPublicKey, |
| 376 | - ByteBuffer|string $challenge, |
|
| 376 | + ByteBuffer | string $challenge, |
|
| 377 | 377 | ?int $previousSignatureCount = null, |
| 378 | 378 | bool $requireUserVerification = false, |
| 379 | 379 | bool $requireUserPresent = true |
| 380 | 380 | ): bool { |
| 381 | 381 | if (is_string($challenge)) { |
| 382 | - $challenge = new ByteBuffer($challenge); |
|
| 382 | + $challenge = new ByteBuffer($challenge); |
|
| 383 | 383 | } |
| 384 | 384 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 385 | 385 | $authenticator = $this->createAuthenticatorData($authenticatorData); |
@@ -407,21 +407,21 @@ discard block |
||
| 407 | 407 | // -> TO BE LOOKED UP BY IMPLEMENTATION |
| 408 | 408 | |
| 409 | 409 | // 7. Verify that the value of C.type is the string webauthn.get. |
| 410 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 410 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 411 | 411 | throw new WebauthnException('Invalid client type provided'); |
| 412 | 412 | } |
| 413 | 413 | |
| 414 | 414 | // 8. Verify that the value of C.challenge matches the challenge that was sent to the |
| 415 | 415 | // authenticator in the PublicKeyCredentialRequestOptions passed to the get() call. |
| 416 | 416 | if ( |
| 417 | - ! isset($clientData->challenge) || |
|
| 417 | + !isset($clientData->challenge) || |
|
| 418 | 418 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 419 | 419 | ) { |
| 420 | 420 | throw new WebauthnException('Invalid challenge provided'); |
| 421 | 421 | } |
| 422 | 422 | |
| 423 | 423 | // 9. Verify that the value of C.origin matches the Relying Party's origin. |
| 424 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 424 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 425 | 425 | throw new WebauthnException('Invalid origin provided'); |
| 426 | 426 | } |
| 427 | 427 | |
@@ -539,7 +539,7 @@ discard block |
||
| 539 | 539 | // The origin's scheme must be https and not be ignored/whitelisted |
| 540 | 540 | $url = new Uri($origin); |
| 541 | 541 | if ( |
| 542 | - ! in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 542 | + !in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 543 | 543 | $url->getScheme() !== 'https' |
| 544 | 544 | ) { |
| 545 | 545 | return false; |
@@ -576,7 +576,7 @@ discard block |
||
| 576 | 576 | return $supportedFormats; |
| 577 | 577 | } |
| 578 | 578 | |
| 579 | - $desiredFormats = array_filter($formats, function ($entry) use ($supportedFormats) { |
|
| 579 | + $desiredFormats = array_filter($formats, function($entry) use ($supportedFormats) { |
|
| 580 | 580 | return in_array($entry, $supportedFormats); |
| 581 | 581 | }); |
| 582 | 582 | |
@@ -55,9 +55,9 @@ discard block |
||
| 55 | 55 | * @param ByteBuffer|string $data |
| 56 | 56 | * @return mixed |
| 57 | 57 | */ |
| 58 | - public static function decode(ByteBuffer|string $data): mixed |
|
| 58 | + public static function decode(ByteBuffer | string $data): mixed |
|
| 59 | 59 | { |
| 60 | - if (! $data instanceof ByteBuffer) { |
|
| 60 | + if (!$data instanceof ByteBuffer) { |
|
| 61 | 61 | $data = new ByteBuffer($data); |
| 62 | 62 | } |
| 63 | 63 | |
@@ -81,11 +81,11 @@ discard block |
||
| 81 | 81 | * @return mixed |
| 82 | 82 | */ |
| 83 | 83 | public static function decodeInPlace( |
| 84 | - ByteBuffer|string $data, |
|
| 84 | + ByteBuffer | string $data, |
|
| 85 | 85 | int $startoffset, |
| 86 | 86 | ?int $endOffset = null |
| 87 | 87 | ): mixed { |
| 88 | - if (! $data instanceof ByteBuffer) { |
|
| 88 | + if (!$data instanceof ByteBuffer) { |
|
| 89 | 89 | $data = new ByteBuffer($data); |
| 90 | 90 | } |
| 91 | 91 | |
