platine-php /
webauthn
@@ -48,22 +48,22 @@ |
||
| 48 | 48 | { |
| 49 | 49 | $enc = CborDecoder::decode($binary); |
| 50 | 50 | |
| 51 | - if (! is_array($enc) || ! array_key_exists('fmt', $enc) || ! is_string($enc['fmt'])) { |
|
| 51 | + if (!is_array($enc) || !array_key_exists('fmt', $enc) || !is_string($enc['fmt'])) { |
|
| 52 | 52 | throw new WebauthnException('Invalid attestation format provided'); |
| 53 | 53 | } |
| 54 | 54 | |
| 55 | - if (! array_key_exists('attStmt', $enc) || ! is_array($enc['attStmt'])) { |
|
| 55 | + if (!array_key_exists('attStmt', $enc) || !is_array($enc['attStmt'])) { |
|
| 56 | 56 | throw new WebauthnException('Invalid attestation format provided (attStmt not available)'); |
| 57 | 57 | } |
| 58 | 58 | |
| 59 | - if (! array_key_exists('authData', $enc) || ! $enc['authData'] instanceof ByteBuffer) { |
|
| 59 | + if (!array_key_exists('authData', $enc) || !$enc['authData'] instanceof ByteBuffer) { |
|
| 60 | 60 | throw new WebauthnException('Invalid attestation format provided (authData not available)'); |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | $this->formatName = $enc['fmt']; |
| 64 | 64 | $this->authenticatorData = new AuthenticatorData($enc['authData']->getBinaryString()); |
| 65 | 65 | |
| 66 | - if (! in_array($this->formatName, $allowedFormats)) { |
|
| 66 | + if (!in_array($this->formatName, $allowedFormats)) { |
|
| 67 | 67 | throw new WebauthnException(sprintf( |
| 68 | 68 | 'Invalid attestation format [%s], allowed [%s]', |
| 69 | 69 | $this->formatName, |
@@ -284,7 +284,7 @@ |
||
| 284 | 284 | |
| 285 | 285 | $extensionData = CborDecoder::decode($data); |
| 286 | 286 | |
| 287 | - if (! is_array($extensionData)) { |
|
| 287 | + if (!is_array($extensionData)) { |
|
| 288 | 288 | throw new WebauthnException('Invalid extension data'); |
| 289 | 289 | } |
| 290 | 290 | |
@@ -56,21 +56,21 @@ |
||
| 56 | 56 | } |
| 57 | 57 | |
| 58 | 58 | if ( |
| 59 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 60 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 59 | + !array_key_exists('sig', $attestationStatement) || |
|
| 60 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 61 | 61 | ) { |
| 62 | 62 | throw new WebauthnException('No signature found'); |
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | if ( |
| 66 | - ! array_key_exists('x5c', $attestationStatement) || |
|
| 67 | - ! is_array($attestationStatement['x5c']) || |
|
| 66 | + !array_key_exists('x5c', $attestationStatement) || |
|
| 67 | + !is_array($attestationStatement['x5c']) || |
|
| 68 | 68 | count($attestationStatement['x5c']) !== 1 |
| 69 | 69 | ) { |
| 70 | 70 | throw new WebauthnException('Invalid X5C certificate'); |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | - if (! $attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 73 | + if (!$attestationStatement['x5c'][0] instanceof ByteBuffer) { |
|
| 74 | 74 | throw new WebauthnException('Invalid X5C certificate'); |
| 75 | 75 | } |
| 76 | 76 | |
@@ -46,7 +46,7 @@ discard block |
||
| 46 | 46 | // check u2f data |
| 47 | 47 | $attestationStatement = $this->attestationData['attStmt']; |
| 48 | 48 | if ( |
| 49 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 49 | + !array_key_exists('alg', $attestationStatement) || |
|
| 50 | 50 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 51 | 51 | ) { |
| 52 | 52 | throw new WebauthnException(sprintf( |
@@ -56,8 +56,8 @@ discard block |
||
| 56 | 56 | } |
| 57 | 57 | |
| 58 | 58 | if ( |
| 59 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 60 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 59 | + !array_key_exists('sig', $attestationStatement) || |
|
| 60 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 61 | 61 | ) { |
| 62 | 62 | throw new WebauthnException('No signature found'); |
| 63 | 63 | } |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | ) { |
| 73 | 73 | // The attestation certificate attestnCert MUST be the first element in the array |
| 74 | 74 | $attestCert = array_shift($attestationStatement['x5c']); |
| 75 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 75 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 76 | 76 | throw new WebauthnException('Invalid X5C certificate'); |
| 77 | 77 | } |
| 78 | 78 | |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | */ |
| 105 | 105 | public function validateAttestation(string $clientData): bool |
| 106 | 106 | { |
| 107 | - if (! empty($this->x5c)) { |
|
| 107 | + if (!empty($this->x5c)) { |
|
| 108 | 108 | return $this->validateOverX5C($clientData); |
| 109 | 109 | } |
| 110 | 110 | |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | 'hash' => 'SHA1', |
| 189 | 189 | 'openssl' => OPENSSL_ALGO_SHA1, |
| 190 | 190 | 'cose' => [ |
| 191 | - -65535, // RS1 |
|
| 191 | + -65535, // RS1 |
|
| 192 | 192 | ], |
| 193 | 193 | ], |
| 194 | 194 | [ |
@@ -196,9 +196,9 @@ discard block |
||
| 196 | 196 | 'openssl' => OPENSSL_ALGO_SHA256, |
| 197 | 197 | 'cose' => [ |
| 198 | 198 | -257, // RS256 |
| 199 | - -37, // PS256 |
|
| 200 | - -7, // ES256 |
|
| 201 | - 5, // HMAC256 |
|
| 199 | + -37, // PS256 |
|
| 200 | + -7, // ES256 |
|
| 201 | + 5, // HMAC256 |
|
| 202 | 202 | ], |
| 203 | 203 | ], |
| 204 | 204 | [ |
@@ -206,9 +206,9 @@ discard block |
||
| 206 | 206 | 'openssl' => OPENSSL_ALGO_SHA384, |
| 207 | 207 | 'cose' => [ |
| 208 | 208 | -258, // RS384 |
| 209 | - -38, // PS384 |
|
| 210 | - -35, // ES384 |
|
| 211 | - 6, // HMAC384 |
|
| 209 | + -38, // PS384 |
|
| 210 | + -35, // ES384 |
|
| 211 | + 6, // HMAC384 |
|
| 212 | 212 | ], |
| 213 | 213 | ], |
| 214 | 214 | [ |
@@ -216,9 +216,9 @@ discard block |
||
| 216 | 216 | 'openssl' => OPENSSL_ALGO_SHA512, |
| 217 | 217 | 'cose' => [ |
| 218 | 218 | -259, // RS512 |
| 219 | - -39, // PS512 |
|
| 220 | - -36, // ES512 |
|
| 221 | - 7, // HMAC512 |
|
| 219 | + -39, // PS512 |
|
| 220 | + -36, // ES512 |
|
| 221 | + 7, // HMAC512 |
|
| 222 | 222 | ], |
| 223 | 223 | ], |
| 224 | 224 | ]; |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | $attestationStatement = $this->attestationData['attStmt']; |
| 63 | 63 | |
| 64 | 64 | if ( |
| 65 | - ! array_key_exists('ver', $attestationStatement) || |
|
| 65 | + !array_key_exists('ver', $attestationStatement) || |
|
| 66 | 66 | $attestationStatement['ver'] !== '2.0' |
| 67 | 67 | ) { |
| 68 | 68 | throw new WebauthnException(sprintf( |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | } |
| 73 | 73 | |
| 74 | 74 | if ( |
| 75 | - ! array_key_exists('alg', $attestationStatement) || |
|
| 75 | + !array_key_exists('alg', $attestationStatement) || |
|
| 76 | 76 | $this->getCoseAlgorithm($attestationStatement['alg']) === null |
| 77 | 77 | ) { |
| 78 | 78 | throw new WebauthnException(sprintf( |
@@ -82,22 +82,22 @@ discard block |
||
| 82 | 82 | } |
| 83 | 83 | |
| 84 | 84 | if ( |
| 85 | - ! array_key_exists('sig', $attestationStatement) || |
|
| 86 | - ! $attestationStatement['sig'] instanceof ByteBuffer |
|
| 85 | + !array_key_exists('sig', $attestationStatement) || |
|
| 86 | + !$attestationStatement['sig'] instanceof ByteBuffer |
|
| 87 | 87 | ) { |
| 88 | 88 | throw new WebauthnException('No signature found'); |
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | if ( |
| 92 | - ! array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | - ! $attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 92 | + !array_key_exists('certInfo', $attestationStatement) || |
|
| 93 | + !$attestationStatement['certInfo'] instanceof ByteBuffer |
|
| 94 | 94 | ) { |
| 95 | 95 | throw new WebauthnException('No certificate information found'); |
| 96 | 96 | } |
| 97 | 97 | |
| 98 | 98 | if ( |
| 99 | - ! array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | - ! $attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 99 | + !array_key_exists('pubArea', $attestationStatement) || |
|
| 100 | + !$attestationStatement['pubArea'] instanceof ByteBuffer |
|
| 101 | 101 | ) { |
| 102 | 102 | throw new WebauthnException('No public area information found'); |
| 103 | 103 | } |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | ) { |
| 115 | 115 | // The attestation certificate attestnCert MUST be the first element in the array |
| 116 | 116 | $attestCert = array_shift($attestationStatement['x5c']); |
| 117 | - if (! $attestCert instanceof ByteBuffer) { |
|
| 117 | + if (!$attestCert instanceof ByteBuffer) { |
|
| 118 | 118 | throw new WebauthnException('Invalid X5C certificate'); |
| 119 | 119 | } |
| 120 | 120 | |
@@ -90,14 +90,14 @@ |
||
| 90 | 90 | */ |
| 91 | 91 | public function __construct(int $binaryFlag) |
| 92 | 92 | { |
| 93 | - $this->bit0 = !! ($binaryFlag & 1); |
|
| 94 | - $this->bit1 = !! ($binaryFlag & 2); |
|
| 95 | - $this->bit2 = !! ($binaryFlag & 4); |
|
| 96 | - $this->bit3 = !! ($binaryFlag & 8); |
|
| 97 | - $this->bit4 = !! ($binaryFlag & 16); |
|
| 98 | - $this->bit5 = !! ($binaryFlag & 32); |
|
| 99 | - $this->bit6 = !! ($binaryFlag & 64); |
|
| 100 | - $this->bit7 = !! ($binaryFlag & 128); |
|
| 93 | + $this->bit0 = !!($binaryFlag & 1); |
|
| 94 | + $this->bit1 = !!($binaryFlag & 2); |
|
| 95 | + $this->bit2 = !!($binaryFlag & 4); |
|
| 96 | + $this->bit3 = !!($binaryFlag & 8); |
|
| 97 | + $this->bit4 = !!($binaryFlag & 16); |
|
| 98 | + $this->bit5 = !!($binaryFlag & 32); |
|
| 99 | + $this->bit6 = !!($binaryFlag & 64); |
|
| 100 | + $this->bit7 = !!($binaryFlag & 128); |
|
| 101 | 101 | |
| 102 | 102 | $this->userPresent = $this->bit0; |
| 103 | 103 | $this->userVerified = $this->bit2; |
@@ -40,7 +40,7 @@ |
||
| 40 | 40 | */ |
| 41 | 41 | public function __construct(string $binaryData) |
| 42 | 42 | { |
| 43 | - $this->data = (string)$binaryData; |
|
| 43 | + $this->data = (string) $binaryData; |
|
| 44 | 44 | $this->length = strlen($binaryData); |
| 45 | 45 | } |
| 46 | 46 | |
@@ -99,11 +99,11 @@ discard block |
||
| 99 | 99 | */ |
| 100 | 100 | public function __construct(WebauthnConfiguration $config, array $allowedFormats = []) |
| 101 | 101 | { |
| 102 | - if (! function_exists('openssl_open')) { |
|
| 102 | + if (!function_exists('openssl_open')) { |
|
| 103 | 103 | throw new WebauthnException('OpenSSL module not installed in this platform'); |
| 104 | 104 | } |
| 105 | 105 | |
| 106 | - if (! in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 106 | + if (!in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 107 | 107 | throw new WebauthnException('SHA256 is not supported by this OpenSSL installation'); |
| 108 | 108 | } |
| 109 | 109 | |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | ): array { |
| 245 | 245 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 246 | 246 | if (is_string($challenge)) { |
| 247 | - $challenge = new ByteBuffer($challenge); |
|
| 247 | + $challenge = new ByteBuffer($challenge); |
|
| 248 | 248 | } |
| 249 | 249 | |
| 250 | 250 | // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential |
@@ -257,21 +257,21 @@ discard block |
||
| 257 | 257 | } |
| 258 | 258 | |
| 259 | 259 | // 3. Verify that the value of C.type is webauthn.create. |
| 260 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 260 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 261 | 261 | throw new WebauthnException('Invalid client type provided'); |
| 262 | 262 | } |
| 263 | 263 | |
| 264 | 264 | // 4. Verify that the value of C.challenge matches the challenge that was |
| 265 | 265 | // sent to the authenticator in the create() call. |
| 266 | 266 | if ( |
| 267 | - ! isset($clientData->challenge) || |
|
| 267 | + !isset($clientData->challenge) || |
|
| 268 | 268 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 269 | 269 | ) { |
| 270 | 270 | throw new WebauthnException('Invalid challenge provided'); |
| 271 | 271 | } |
| 272 | 272 | |
| 273 | 273 | // 5. Verify that the value of C.origin matches the Relying Party's origin. |
| 274 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 274 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 275 | 275 | throw new WebauthnException('Invalid origin provided'); |
| 276 | 276 | } |
| 277 | 277 | |
@@ -360,7 +360,7 @@ discard block |
||
| 360 | 360 | bool $requireUserPresent = true |
| 361 | 361 | ): bool { |
| 362 | 362 | if (is_string($challenge)) { |
| 363 | - $challenge = new ByteBuffer($challenge); |
|
| 363 | + $challenge = new ByteBuffer($challenge); |
|
| 364 | 364 | } |
| 365 | 365 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 366 | 366 | $authenticator = new AuthenticatorData($authenticatorData); |
@@ -388,21 +388,21 @@ discard block |
||
| 388 | 388 | // -> TO BE LOOKED UP BY IMPLEMENTATION |
| 389 | 389 | |
| 390 | 390 | // 7. Verify that the value of C.type is the string webauthn.get. |
| 391 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 391 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 392 | 392 | throw new WebauthnException('Invalid client type provided'); |
| 393 | 393 | } |
| 394 | 394 | |
| 395 | 395 | // 8. Verify that the value of C.challenge matches the challenge that was sent to the |
| 396 | 396 | // authenticator in the PublicKeyCredentialRequestOptions passed to the get() call. |
| 397 | 397 | if ( |
| 398 | - ! isset($clientData->challenge) || |
|
| 398 | + !isset($clientData->challenge) || |
|
| 399 | 399 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 400 | 400 | ) { |
| 401 | 401 | throw new WebauthnException('Invalid challenge provided'); |
| 402 | 402 | } |
| 403 | 403 | |
| 404 | 404 | // 9. Verify that the value of C.origin matches the Relying Party's origin. |
| 405 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 405 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 406 | 406 | throw new WebauthnException('Invalid origin provided'); |
| 407 | 407 | } |
| 408 | 408 | |
@@ -491,7 +491,7 @@ discard block |
||
| 491 | 491 | // The origin's scheme must be https and not be ignored/whitelisted |
| 492 | 492 | $url = new Uri($origin); |
| 493 | 493 | if ( |
| 494 | - ! in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 494 | + !in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 495 | 495 | $url->getScheme() !== 'https' |
| 496 | 496 | ) { |
| 497 | 497 | return false; |
@@ -528,7 +528,7 @@ discard block |
||
| 528 | 528 | return $supportedFormats; |
| 529 | 529 | } |
| 530 | 530 | |
| 531 | - $desiredFormats = array_filter($formats, function ($entry) use ($supportedFormats) { |
|
| 531 | + $desiredFormats = array_filter($formats, function($entry) use ($supportedFormats) { |
|
| 532 | 532 | return in_array($entry, $supportedFormats); |
| 533 | 533 | }); |
| 534 | 534 | |
