platine-php /
webauthn
@@ -48,22 +48,22 @@ |
||
| 48 | 48 | { |
| 49 | 49 | $enc = CborDecoder::decode($binary); |
| 50 | 50 | |
| 51 | - if (! is_array($enc) || ! array_key_exists('fmt', $enc) || ! is_string($enc['fmt'])) { |
|
| 51 | + if (!is_array($enc) || !array_key_exists('fmt', $enc) || !is_string($enc['fmt'])) { |
|
| 52 | 52 | throw new WebauthnException('Invalid attestation format provided'); |
| 53 | 53 | } |
| 54 | 54 | |
| 55 | - if (! array_key_exists('attStmt', $enc) || ! is_array($enc['attStmt'])) { |
|
| 55 | + if (!array_key_exists('attStmt', $enc) || !is_array($enc['attStmt'])) { |
|
| 56 | 56 | throw new WebauthnException('Invalid attestation format provided (attStmt not available)'); |
| 57 | 57 | } |
| 58 | 58 | |
| 59 | - if (! array_key_exists('authData', $enc) || ! $enc['authData'] instanceof ByteBuffer) { |
|
| 59 | + if (!array_key_exists('authData', $enc) || !$enc['authData'] instanceof ByteBuffer) { |
|
| 60 | 60 | throw new WebauthnException('Invalid attestation format provided (authData not available)'); |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | $this->formatName = $enc['fmt']; |
| 64 | 64 | $this->authenticatorData = new AuthenticatorData($enc['authData']->getBinaryString()); |
| 65 | 65 | |
| 66 | - if (! in_array($this->formatName, $allowedFormats)) { |
|
| 66 | + if (!in_array($this->formatName, $allowedFormats)) { |
|
| 67 | 67 | throw new WebauthnException(sprintf( |
| 68 | 68 | 'Invalid attestation format [%s], allowed [%s]', |
| 69 | 69 | $this->formatName, |
@@ -284,7 +284,7 @@ |
||
| 284 | 284 | |
| 285 | 285 | $extensionData = CborDecoder::decode($data); |
| 286 | 286 | |
| 287 | - if (! is_array($extensionData)) { |
|
| 287 | + if (!is_array($extensionData)) { |
|
| 288 | 288 | throw new WebauthnException('Invalid extension data'); |
| 289 | 289 | } |
| 290 | 290 | |
@@ -56,21 +56,21 @@ |
||
| 56 | 56 | } |
| 57 | 57 | |
| 58 | 58 | if ( |
| 59 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 60 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 59 | + !array_key_exists('sig', $attestationStatement) || |
|
| 60 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 61 | 61 | ) { |
| 62 | 62 | throw new WebauthnException('No signature found'); |
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | if ( |
| 66 | - ! array_key_exists('x5c', $attestationStatement) || |
|
| 67 | - ! is_array($attestationStatement['x5c']) || |
|
| 66 | + !array_key_exists('x5c', $attestationStatement) || |
|
| 67 | + !is_array($attestationStatement['x5c']) || |
|
| 68 | 68 | count($attestationStatement['x5c']) !== 1 |
| 69 | 69 | ) { |
| 70 | 70 | throw new WebauthnException('Invalid X5C certificate'); |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | - if (! $attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 73 | + if (!$attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 74 | 74 | throw new WebauthnException('Invalid X5C certificate'); |
| 75 | 75 | } |
| 76 | 76 | |
@@ -46,7 +46,7 @@ discard block |
||
| 46 | 46 | // check u2f data |
| 47 | 47 | $attestationStatement = $this->attestationData['attStmt']; |
| 48 | 48 | if ( |
| 49 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 49 | + !array_key_exists('alg', $attestationStatement) || |
|
| 50 | 50 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 51 | 51 | ) { |
| 52 | 52 | throw new WebauthnException(sprintf( |
@@ -56,8 +56,8 @@ discard block |
||
| 56 | 56 | } |
| 57 | 57 | |
| 58 | 58 | if ( |
| 59 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 60 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 59 | + !array_key_exists('sig', $attestationStatement) || |
|
| 60 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 61 | 61 | ) { |
| 62 | 62 | throw new WebauthnException('No signature found'); |
| 63 | 63 | } |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | ) { |
| 73 | 73 | // The attestation certificate attestnCert MUST be the first element in the array |
| 74 | 74 | $attestCert = array_shift($attestationStatement['x5c']); |
| 75 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 75 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 76 | 76 | throw new WebauthnException('Invalid X5C certificate'); |
| 77 | 77 | } |
| 78 | 78 | |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | */ |
| 105 | 105 | public function validateAttestation(string $clientData): bool |
| 106 | 106 | { |
| 107 | - if (! empty($this->x5c)) { |
|
| 107 | + if (!empty($this->x5c)) { |
|
| 108 | 108 | return $this->validateOverX5C($clientData); |
| 109 | 109 | } |
| 110 | 110 | |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | 'hash' => 'SHA1', |
| 189 | 189 | 'openssl' => OPENSSL_ALGO_SHA1, |
| 190 | 190 | 'cose' => [ |
| 191 | - -65535, // RS1 |
|
| 191 | + -65535, // RS1 |
|
| 192 | 192 | ], |
| 193 | 193 | ], |
| 194 | 194 | [ |
@@ -196,9 +196,9 @@ discard block |
||
| 196 | 196 | 'openssl' => OPENSSL_ALGO_SHA256, |
| 197 | 197 | 'cose' => [ |
| 198 | 198 | -257, // RS256 |
| 199 | - -37, // PS256 |
|
| 200 | - -7, // ES256 |
|
| 201 | - 5, // HMAC256 |
|
| 199 | + -37, // PS256 |
|
| 200 | + -7, // ES256 |
|
| 201 | + 5, // HMAC256 |
|
| 202 | 202 | ], |
| 203 | 203 | ], |
| 204 | 204 | [ |
@@ -206,9 +206,9 @@ discard block |
||
| 206 | 206 | 'openssl' => OPENSSL_ALGO_SHA384, |
| 207 | 207 | 'cose' => [ |
| 208 | 208 | -258, // RS384 |
| 209 | - -38, // PS384 |
|
| 210 | - -35, // ES384 |
|
| 211 | - 6, // HMAC384 |
|
| 209 | + -38, // PS384 |
|
| 210 | + -35, // ES384 |
|
| 211 | + 6, // HMAC384 |
|
| 212 | 212 | ], |
| 213 | 213 | ], |
| 214 | 214 | [ |
@@ -216,9 +216,9 @@ discard block |
||
| 216 | 216 | 'openssl' => OPENSSL_ALGO_SHA512, |
| 217 | 217 | 'cose' => [ |
| 218 | 218 | -259, // RS512 |
| 219 | - -39, // PS512 |
|
| 220 | - -36, // ES512 |
|
| 221 | - 7, // HMAC512 |
|
| 219 | + -39, // PS512 |
|
| 220 | + -36, // ES512 |
|
| 221 | + 7, // HMAC512 |
|
| 222 | 222 | ], |
| 223 | 223 | ], |
| 224 | 224 | ]; |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | $attestationStatement = $this->attestationData['attStmt']; |
| 63 | 63 | |
| 64 | 64 | if ( |
| 65 | - ! array_key_exists('ver', $attestationStatement) || |
|
| 65 | + !array_key_exists('ver', $attestationStatement) || |
|
| 66 | 66 | $attestationStatement['ver'] !== '2.0' |
| 67 | 67 | ) { |
| 68 | 68 | throw new WebauthnException(sprintf( |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | } |
| 73 | 73 | |
| 74 | 74 | if ( |
| 75 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 75 | + !array_key_exists('alg', $attestationStatement) || |
|
| 76 | 76 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 77 | 77 | ) { |
| 78 | 78 | throw new WebauthnException(sprintf( |
@@ -82,22 +82,22 @@ discard block |
||
| 82 | 82 | } |
| 83 | 83 | |
| 84 | 84 | if ( |
| 85 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 86 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 85 | + !array_key_exists('sig', $attestationStatement) || |
|
| 86 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 87 | 87 | ) { |
| 88 | 88 | throw new WebauthnException('No signature found'); |
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | if ( |
| 92 | - ! array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | - ! $attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 92 | + !array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | + !$attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 94 | 94 | ) { |
| 95 | 95 | throw new WebauthnException('No certificate information found'); |
| 96 | 96 | } |
| 97 | 97 | |
| 98 | 98 | if ( |
| 99 | - ! array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | - ! $attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 99 | + !array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | + !$attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 101 | 101 | ) { |
| 102 | 102 | throw new WebauthnException('No public area information found'); |
| 103 | 103 | } |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | ) { |
| 115 | 115 | // The attestation certificate attestnCert MUST be the first element in the array |
| 116 | 116 | $attestCert = array_shift($attestationStatement['x5c']); |
| 117 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 117 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 118 | 118 | throw new WebauthnException('Invalid X5C certificate'); |
| 119 | 119 | } |
| 120 | 120 | |
@@ -90,14 +90,14 @@ |
||
| 90 | 90 | */ |
| 91 | 91 | public function __construct(int $binaryFlag) |
| 92 | 92 | { |
| 93 | - $this->bit0 = !! ($binaryFlag & 1); |
|
| 94 | - $this->bit1 = !! ($binaryFlag & 2); |
|
| 95 | - $this->bit2 = !! ($binaryFlag & 4); |
|
| 96 | - $this->bit3 = !! ($binaryFlag & 8); |
|
| 97 | - $this->bit4 = !! ($binaryFlag & 16); |
|
| 98 | - $this->bit5 = !! ($binaryFlag & 32); |
|
| 99 | - $this->bit6 = !! ($binaryFlag & 64); |
|
| 100 | - $this->bit7 = !! ($binaryFlag & 128); |
|
| 93 | + $this->bit0 = !!($binaryFlag & 1); |
|
| 94 | + $this->bit1 = !!($binaryFlag & 2); |
|
| 95 | + $this->bit2 = !!($binaryFlag & 4); |
|
| 96 | + $this->bit3 = !!($binaryFlag & 8); |
|
| 97 | + $this->bit4 = !!($binaryFlag & 16); |
|
| 98 | + $this->bit5 = !!($binaryFlag & 32); |
|
| 99 | + $this->bit6 = !!($binaryFlag & 64); |
|
| 100 | + $this->bit7 = !!($binaryFlag & 128); |
|
| 101 | 101 | |
| 102 | 102 | $this->userPresent = $this->bit0; |
| 103 | 103 | $this->userVerified = $this->bit2; |
@@ -40,7 +40,7 @@ |
||
| 40 | 40 | */ |
| 41 | 41 | public function __construct(string $binaryData) |
| 42 | 42 | { |
| 43 | - $this->data = (string)$binaryData; |
|
| 43 | + $this->data = (string) $binaryData; |
|
| 44 | 44 | $this->length = strlen($binaryData); |
| 45 | 45 | } |
| 46 | 46 | |
@@ -70,11 +70,11 @@ discard block |
||
| 70 | 70 | */ |
| 71 | 71 | public function __construct(WebauthnConfiguration $config, array $allowedFormats = []) |
| 72 | 72 | { |
| 73 | - if (! function_exists('openssl_open')) { |
|
| 73 | + if (!function_exists('openssl_open')) { |
|
| 74 | 74 | throw new WebauthnException('OpenSSL module not installed in this platform'); |
| 75 | 75 | } |
| 76 | 76 | |
| 77 | - if (! in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 77 | + if (!in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 78 | 78 | throw new WebauthnException('SHA256 is not supported by this OpenSSL installation'); |
| 79 | 79 | } |
| 80 | 80 | |
@@ -215,7 +215,7 @@ discard block |
||
| 215 | 215 | ): array { |
| 216 | 216 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 217 | 217 | if (is_string($challenge)) { |
| 218 | - $challenge = new ByteBuffer($challenge); |
|
| 218 | + $challenge = new ByteBuffer($challenge); |
|
| 219 | 219 | } |
| 220 | 220 | |
| 221 | 221 | // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential |
@@ -228,21 +228,21 @@ discard block |
||
| 228 | 228 | } |
| 229 | 229 | |
| 230 | 230 | // 3. Verify that the value of C.type is webauthn.create. |
| 231 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 231 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 232 | 232 | throw new WebauthnException('Invalid client type provided'); |
| 233 | 233 | } |
| 234 | 234 | |
| 235 | 235 | // 4. Verify that the value of C.challenge matches the challenge that was |
| 236 | 236 | // sent to the authenticator in the create() call. |
| 237 | 237 | if ( |
| 238 | - ! isset($clientData->challenge) || |
|
| 238 | + !isset($clientData->challenge) || |
|
| 239 | 239 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 240 | 240 | ) { |
| 241 | 241 | throw new WebauthnException('Invalid challenge provided'); |
| 242 | 242 | } |
| 243 | 243 | |
| 244 | 244 | // 5. Verify that the value of C.origin matches the Replying Party's origin. |
| 245 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 245 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 246 | 246 | throw new WebauthnException('Invalid origin provided'); |
| 247 | 247 | } |
| 248 | 248 | |
@@ -331,7 +331,7 @@ discard block |
||
| 331 | 331 | bool $requireUserPresent = true |
| 332 | 332 | ): bool { |
| 333 | 333 | if (is_string($challenge)) { |
| 334 | - $challenge = new ByteBuffer($challenge); |
|
| 334 | + $challenge = new ByteBuffer($challenge); |
|
| 335 | 335 | } |
| 336 | 336 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 337 | 337 | $authenticator = new AuthenticatorData($authenticatorData); |
@@ -359,21 +359,21 @@ discard block |
||
| 359 | 359 | // -> TO BE LOOKED UP BY IMPLEMENTATION |
| 360 | 360 | |
| 361 | 361 | // 7. Verify that the value of C.type is the string webauthn.get. |
| 362 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 362 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 363 | 363 | throw new WebauthnException('Invalid client type provided'); |
| 364 | 364 | } |
| 365 | 365 | |
| 366 | 366 | // 8. Verify that the value of C.challenge matches the challenge that was sent to the |
| 367 | 367 | // authenticator in the PublicKeyCredentialRequestOptions passed to the get() call. |
| 368 | 368 | if ( |
| 369 | - ! isset($clientData->challenge) || |
|
| 369 | + !isset($clientData->challenge) || |
|
| 370 | 370 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 371 | 371 | ) { |
| 372 | 372 | throw new WebauthnException('Invalid challenge provided'); |
| 373 | 373 | } |
| 374 | 374 | |
| 375 | 375 | // 9. Verify that the value of C.origin matches the Replying Party's origin. |
| 376 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 376 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 377 | 377 | throw new WebauthnException('Invalid origin provided'); |
| 378 | 378 | } |
| 379 | 379 | |
@@ -462,7 +462,7 @@ discard block |
||
| 462 | 462 | // The origin's scheme must be https and not be ignored/whitelisted |
| 463 | 463 | $url = new Uri($origin); |
| 464 | 464 | if ( |
| 465 | - ! in_array($this->replyParty->getId(), $this->config->get('ignore_origins')) && |
|
| 465 | + !in_array($this->replyParty->getId(), $this->config->get('ignore_origins')) && |
|
| 466 | 466 | $url->getScheme() !== 'https' |
| 467 | 467 | ) { |
| 468 | 468 | return false; |
@@ -499,7 +499,7 @@ discard block |
||
| 499 | 499 | return array_values($supportedFormats); |
| 500 | 500 | } |
| 501 | 501 | |
| 502 | - $desiredFormats = array_filter($formats, function ($entry) use ($supportedFormats) { |
|
| 502 | + $desiredFormats = array_filter($formats, function($entry) use ($supportedFormats) { |
|
| 503 | 503 | return in_array($entry, $supportedFormats); |
| 504 | 504 | }); |
| 505 | 505 | |
