platine-php /
webauthn
@@ -100,11 +100,11 @@ discard block |
||
| 100 | 100 | */ |
| 101 | 101 | public function __construct(WebauthnConfiguration $config, array $allowedFormats = []) |
| 102 | 102 | { |
| 103 | - if (! function_exists('openssl_open')) { |
|
| 103 | + if (!function_exists('openssl_open')) { |
|
| 104 | 104 | throw new WebauthnException('OpenSSL module not installed in this platform'); |
| 105 | 105 | } |
| 106 | 106 | |
| 107 | - if (! in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 107 | + if (!in_array('SHA256', array_map('strtoupper', openssl_get_md_methods()))) { |
|
| 108 | 108 | throw new WebauthnException('SHA256 is not supported by this OpenSSL installation'); |
| 109 | 109 | } |
| 110 | 110 | |
@@ -123,7 +123,7 @@ discard block |
||
| 123 | 123 | * @param string|array<string> $path |
| 124 | 124 | * @return $this |
| 125 | 125 | */ |
| 126 | - public function addRootCertificate(string|array $path): self |
|
| 126 | + public function addRootCertificate(string | array $path): self |
|
| 127 | 127 | { |
| 128 | 128 | if (is_array($path)) { |
| 129 | 129 | foreach ($path as $p) { |
@@ -256,14 +256,14 @@ discard block |
||
| 256 | 256 | public function processRegistration( |
| 257 | 257 | string $clientDataJson, |
| 258 | 258 | string $attestationObject, |
| 259 | - ByteBuffer|string $challenge, |
|
| 259 | + ByteBuffer | string $challenge, |
|
| 260 | 260 | bool $requireUserVerification = false, |
| 261 | 261 | bool $requireUserPresent = true, |
| 262 | 262 | bool $failIfRootCertificateMismatch = true |
| 263 | 263 | ): array { |
| 264 | 264 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 265 | 265 | if (is_string($challenge)) { |
| 266 | - $challenge = new ByteBuffer($challenge); |
|
| 266 | + $challenge = new ByteBuffer($challenge); |
|
| 267 | 267 | } |
| 268 | 268 | |
| 269 | 269 | // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential |
@@ -276,21 +276,21 @@ discard block |
||
| 276 | 276 | } |
| 277 | 277 | |
| 278 | 278 | // 3. Verify that the value of C.type is webauthn.create. |
| 279 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 279 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.create') { |
|
| 280 | 280 | throw new WebauthnException('Invalid client type provided'); |
| 281 | 281 | } |
| 282 | 282 | |
| 283 | 283 | // 4. Verify that the value of C.challenge matches the challenge that was |
| 284 | 284 | // sent to the authenticator in the create() call. |
| 285 | 285 | if ( |
| 286 | - ! isset($clientData->challenge) || |
|
| 286 | + !isset($clientData->challenge) || |
|
| 287 | 287 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 288 | 288 | ) { |
| 289 | 289 | throw new WebauthnException('Invalid challenge provided'); |
| 290 | 290 | } |
| 291 | 291 | |
| 292 | 292 | // 5. Verify that the value of C.origin matches the Relying Party's origin. |
| 293 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 293 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 294 | 294 | throw new WebauthnException('Invalid origin provided'); |
| 295 | 295 | } |
| 296 | 296 | |
@@ -373,13 +373,13 @@ discard block |
||
| 373 | 373 | string $authenticatorData, |
| 374 | 374 | string $signature, |
| 375 | 375 | string $credentialPublicKey, |
| 376 | - ByteBuffer|string $challenge, |
|
| 376 | + ByteBuffer | string $challenge, |
|
| 377 | 377 | ?int $previousSignatureCount = null, |
| 378 | 378 | bool $requireUserVerification = false, |
| 379 | 379 | bool $requireUserPresent = true |
| 380 | 380 | ): bool { |
| 381 | 381 | if (is_string($challenge)) { |
| 382 | - $challenge = new ByteBuffer($challenge); |
|
| 382 | + $challenge = new ByteBuffer($challenge); |
|
| 383 | 383 | } |
| 384 | 384 | $clientDataHash = hash('sha256', $clientDataJson, true); |
| 385 | 385 | $authenticator = $this->createAuthenticatorData($authenticatorData); |
@@ -407,21 +407,21 @@ discard block |
||
| 407 | 407 | // -> TO BE LOOKED UP BY IMPLEMENTATION |
| 408 | 408 | |
| 409 | 409 | // 7. Verify that the value of C.type is the string webauthn.get. |
| 410 | - if (! isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 410 | + if (!isset($clientData->type) || $clientData->type !== 'webauthn.get') { |
|
| 411 | 411 | throw new WebauthnException('Invalid client type provided'); |
| 412 | 412 | } |
| 413 | 413 | |
| 414 | 414 | // 8. Verify that the value of C.challenge matches the challenge that was sent to the |
| 415 | 415 | // authenticator in the PublicKeyCredentialRequestOptions passed to the get() call. |
| 416 | 416 | if ( |
| 417 | - ! isset($clientData->challenge) || |
|
| 417 | + !isset($clientData->challenge) || |
|
| 418 | 418 | ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString() |
| 419 | 419 | ) { |
| 420 | 420 | throw new WebauthnException('Invalid challenge provided'); |
| 421 | 421 | } |
| 422 | 422 | |
| 423 | 423 | // 9. Verify that the value of C.origin matches the Relying Party's origin. |
| 424 | - if (! isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 424 | + if (!isset($clientData->origin) || $this->checkOrigin($clientData->origin) === false) { |
|
| 425 | 425 | throw new WebauthnException('Invalid origin provided'); |
| 426 | 426 | } |
| 427 | 427 | |
@@ -539,7 +539,7 @@ discard block |
||
| 539 | 539 | // The origin's scheme must be https and not be ignored/whitelisted |
| 540 | 540 | $url = new Uri($origin); |
| 541 | 541 | if ( |
| 542 | - ! in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 542 | + !in_array($this->relyingParty->getId(), $this->config->get('ignore_origins')) && |
|
| 543 | 543 | $url->getScheme() !== 'https' |
| 544 | 544 | ) { |
| 545 | 545 | return false; |
@@ -576,7 +576,7 @@ discard block |
||
| 576 | 576 | return $supportedFormats; |
| 577 | 577 | } |
| 578 | 578 | |
| 579 | - $desiredFormats = array_filter($formats, function ($entry) use ($supportedFormats) { |
|
| 579 | + $desiredFormats = array_filter($formats, function($entry) use ($supportedFormats) { |
|
| 580 | 580 | return in_array($entry, $supportedFormats); |
| 581 | 581 | }); |
| 582 | 582 | |
@@ -364,9 +364,9 @@ discard block |
||
| 364 | 364 | } |
| 365 | 365 | |
| 366 | 366 | /** |
| 367 | - * Return the binary string |
|
| 368 | - * @return string |
|
| 369 | - */ |
|
| 367 | + * Return the binary string |
|
| 368 | + * @return string |
|
| 369 | + */ |
|
| 370 | 370 | public function getBinaryString(): string |
| 371 | 371 | { |
| 372 | 372 | return $this->data; |
@@ -393,9 +393,9 @@ discard block |
||
| 393 | 393 | } |
| 394 | 394 | |
| 395 | 395 | /** |
| 396 | - * {@inheritdoc} |
|
| 397 | - * @return mixed |
|
| 398 | - */ |
|
| 396 | + * {@inheritdoc} |
|
| 397 | + * @return mixed |
|
| 398 | + */ |
|
| 399 | 399 | public function jsonSerialize(): mixed |
| 400 | 400 | { |
| 401 | 401 | if ($this->useBase64UrlEncoding) { |
@@ -409,18 +409,18 @@ discard block |
||
| 409 | 409 | } |
| 410 | 410 | |
| 411 | 411 | /** |
| 412 | - * {@inheritdoc} |
|
| 413 | - * @return string|null |
|
| 414 | - */ |
|
| 412 | + * {@inheritdoc} |
|
| 413 | + * @return string|null |
|
| 414 | + */ |
|
| 415 | 415 | public function serialize(): ?string |
| 416 | 416 | { |
| 417 | 417 | return serialize($this->data); |
| 418 | 418 | } |
| 419 | 419 | |
| 420 | 420 | /** |
| 421 | - * {@inheritdoc} |
|
| 422 | - * $param string $data |
|
| 423 | - */ |
|
| 421 | + * {@inheritdoc} |
|
| 422 | + * $param string $data |
|
| 423 | + */ |
|
| 424 | 424 | public function unserialize(string $data): void |
| 425 | 425 | { |
| 426 | 426 | $value = unserialize($data); |
@@ -68,8 +68,7 @@ discard block |
||
| 68 | 68 | * Create new instance |
| 69 | 69 | * @param string $binaryData |
| 70 | 70 | */ |
| 71 | - public function __construct(string $binaryData) |
|
| 72 | - { |
|
| 71 | + public function __construct(string $binaryData) { |
|
| 73 | 72 | $this->data = (string)$binaryData; |
| 74 | 73 | $this->length = strlen($binaryData); |
| 75 | 74 | } |
@@ -445,8 +444,7 @@ discard block |
||
| 445 | 444 | * @param array<string, mixed> $data |
| 446 | 445 | * @return void |
| 447 | 446 | */ |
| 448 | - public function __unserialize(array $data) |
|
| 449 | - { |
|
| 447 | + public function __unserialize(array $data) { |
|
| 450 | 448 | if (isset($data['data'])) { |
| 451 | 449 | $value = unserialize($data['data']); |
| 452 | 450 | if ($value === false) { |
@@ -55,9 +55,9 @@ discard block |
||
| 55 | 55 | * @param ByteBuffer|string $data |
| 56 | 56 | * @return mixed |
| 57 | 57 | */ |
| 58 | - public static function decode(ByteBuffer|string $data): mixed |
|
| 58 | + public static function decode(ByteBuffer | string $data): mixed |
|
| 59 | 59 | { |
| 60 | - if (! $data instanceof ByteBuffer) { |
|
| 60 | + if (!$data instanceof ByteBuffer) { |
|
| 61 | 61 | $data = new ByteBuffer($data); |
| 62 | 62 | } |
| 63 | 63 | |
@@ -81,11 +81,11 @@ discard block |
||
| 81 | 81 | * @return mixed |
| 82 | 82 | */ |
| 83 | 83 | public static function decodeInPlace( |
| 84 | - ByteBuffer|string $data, |
|
| 84 | + ByteBuffer | string $data, |
|
| 85 | 85 | int $startoffset, |
| 86 | 86 | ?int $endOffset = null |
| 87 | 87 | ): mixed { |
| 88 | - if (! $data instanceof ByteBuffer) { |
|
| 88 | + if (!$data instanceof ByteBuffer) { |
|
| 89 | 89 | $data = new ByteBuffer($data); |
| 90 | 90 | } |
| 91 | 91 | |
@@ -39,8 +39,7 @@ |
||
| 39 | 39 | * @class CborDecoder |
| 40 | 40 | * @package Platine\Webauthn\Helper |
| 41 | 41 | */ |
| 42 | -class CborDecoder |
|
| 43 | -{ |
|
| 42 | +class CborDecoder { |
|
| 44 | 43 | public const CBOR_MAJOR_UNSIGNED_INT = 0; |
| 45 | 44 | public const CBOR_MAJOR_NEGATIVE_INT = 1; |
| 46 | 45 | public const CBOR_MAJOR_BYTE_STRING = 2; |
@@ -188,9 +188,9 @@ |
||
| 188 | 188 | } |
| 189 | 189 | |
| 190 | 190 | /** |
| 191 | - * {@inheritdoc} |
|
| 192 | - * @return mixed |
|
| 193 | - */ |
|
| 191 | + * {@inheritdoc} |
|
| 192 | + * @return mixed |
|
| 193 | + */ |
|
| 194 | 194 | public function jsonSerialize(): mixed |
| 195 | 195 | { |
| 196 | 196 | return get_object_vars($this); |
@@ -60,7 +60,7 @@ discard block |
||
| 60 | 60 | * The attestation format |
| 61 | 61 | * @var BaseFormat|FidoU2F|None|Packed |
| 62 | 62 | */ |
| 63 | - protected BaseFormat|FidoU2F|None|Packed $format; |
|
| 63 | + protected BaseFormat | FidoU2F | None | Packed $format; |
|
| 64 | 64 | |
| 65 | 65 | /** |
| 66 | 66 | * The attestation format name |
@@ -77,11 +77,11 @@ discard block |
||
| 77 | 77 | { |
| 78 | 78 | $enc = CborDecoder::decode($binary); |
| 79 | 79 | |
| 80 | - if (! is_array($enc) || ! array_key_exists('fmt', $enc) || ! is_string($enc['fmt'])) { |
|
| 80 | + if (!is_array($enc) || !array_key_exists('fmt', $enc) || !is_string($enc['fmt'])) { |
|
| 81 | 81 | throw new WebauthnException('Invalid attestation format provided'); |
| 82 | 82 | } |
| 83 | 83 | |
| 84 | - if (! array_key_exists('attStmt', $enc) || ! is_array($enc['attStmt'])) { |
|
| 84 | + if (!array_key_exists('attStmt', $enc) || !is_array($enc['attStmt'])) { |
|
| 85 | 85 | throw new WebauthnException('Invalid attestation format provided (attStmt not available)'); |
| 86 | 86 | } |
| 87 | 87 | |
@@ -107,7 +107,7 @@ discard block |
||
| 107 | 107 | * |
| 108 | 108 | * @return BaseFormat|FidoU2F|None|Packed |
| 109 | 109 | */ |
| 110 | - public function getFormat(): BaseFormat|FidoU2F|None|Packed |
|
| 110 | + public function getFormat(): BaseFormat | FidoU2F | None | Packed |
|
| 111 | 111 | { |
| 112 | 112 | return $this->format; |
| 113 | 113 | } |
@@ -235,7 +235,7 @@ discard block |
||
| 235 | 235 | */ |
| 236 | 236 | protected function setAuthenticatorData(array $enc): void |
| 237 | 237 | { |
| 238 | - if (! array_key_exists('authData', $enc) || ! $enc['authData'] instanceof ByteBuffer) { |
|
| 238 | + if (!array_key_exists('authData', $enc) || !$enc['authData'] instanceof ByteBuffer) { |
|
| 239 | 239 | throw new WebauthnException('Invalid attestation format provided (authData not available)'); |
| 240 | 240 | } |
| 241 | 241 | |
@@ -250,7 +250,7 @@ discard block |
||
| 250 | 250 | */ |
| 251 | 251 | protected function createAttestationFormat(array $enc, array $allowedFormats): void |
| 252 | 252 | { |
| 253 | - if (! in_array($this->formatName, $allowedFormats)) { |
|
| 253 | + if (!in_array($this->formatName, $allowedFormats)) { |
|
| 254 | 254 | throw new WebauthnException(sprintf( |
| 255 | 255 | 'Invalid attestation format [%s], allowed [%s]', |
| 256 | 256 | $this->formatName, |
@@ -48,8 +48,7 @@ discard block |
||
| 48 | 48 | * @class AttestationData |
| 49 | 49 | * @package Platine\Webauthn\Attestation |
| 50 | 50 | */ |
| 51 | -class AttestationData implements JsonSerializable |
|
| 52 | -{ |
|
| 51 | +class AttestationData implements JsonSerializable { |
|
| 53 | 52 | /** |
| 54 | 53 | * The AuthenticatorData instance |
| 55 | 54 | * @var AuthenticatorData |
@@ -73,8 +72,7 @@ discard block |
||
| 73 | 72 | * @param string $binary |
| 74 | 73 | * @param array<string> $allowedFormats |
| 75 | 74 | */ |
| 76 | - public function __construct(string $binary, array $allowedFormats) |
|
| 77 | - { |
|
| 75 | + public function __construct(string $binary, array $allowedFormats) { |
|
| 78 | 76 | $enc = CborDecoder::decode($binary); |
| 79 | 77 | |
| 80 | 78 | if (! is_array($enc) || ! array_key_exists('fmt', $enc) || ! is_string($enc['fmt'])) { |
@@ -270,9 +270,9 @@ |
||
| 270 | 270 | |
| 271 | 271 | |
| 272 | 272 | /** |
| 273 | - * {@inheritdoc} |
|
| 274 | - * @return mixed |
|
| 275 | - */ |
|
| 273 | + * {@inheritdoc} |
|
| 274 | + * @return mixed |
|
| 275 | + */ |
|
| 276 | 276 | public function jsonSerialize(): mixed |
| 277 | 277 | { |
| 278 | 278 | return get_object_vars($this); |
@@ -44,8 +44,7 @@ discard block |
||
| 44 | 44 | * @class AuthenticatorData |
| 45 | 45 | * @package Platine\Webauthn\Attestation |
| 46 | 46 | */ |
| 47 | -class AuthenticatorData implements JsonSerializable |
|
| 48 | -{ |
|
| 47 | +class AuthenticatorData implements JsonSerializable { |
|
| 49 | 48 | public const EC2_TYPE = 2; |
| 50 | 49 | public const RSA_TYPE = 3; |
| 51 | 50 | |
@@ -89,8 +88,7 @@ discard block |
||
| 89 | 88 | * Create new instance |
| 90 | 89 | * @param string $binary |
| 91 | 90 | */ |
| 92 | - public function __construct(string $binary) |
|
| 93 | - { |
|
| 91 | + public function __construct(string $binary) { |
|
| 94 | 92 | if (strlen($binary) < 37) { |
| 95 | 93 | throw new WebauthnException('Invalid authenticator data provided'); |
| 96 | 94 | } |
@@ -124,9 +124,9 @@ |
||
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | /** |
| 127 | - * {@inheritdoc} |
|
| 128 | - * @return mixed |
|
| 129 | - */ |
|
| 127 | + * {@inheritdoc} |
|
| 128 | + * @return mixed |
|
| 129 | + */ |
|
| 130 | 130 | public function jsonSerialize(): mixed |
| 131 | 131 | { |
| 132 | 132 | return get_object_vars($this); |
@@ -40,8 +40,7 @@ discard block |
||
| 40 | 40 | * @class BaseFormat |
| 41 | 41 | * @package Platine\Webauthn\Attestation\Format |
| 42 | 42 | */ |
| 43 | -abstract class BaseFormat implements JsonSerializable |
|
| 44 | -{ |
|
| 43 | +abstract class BaseFormat implements JsonSerializable { |
|
| 45 | 44 | /** |
| 46 | 45 | * The X5C Chain data |
| 47 | 46 | * @var array<string> |
@@ -68,8 +67,7 @@ discard block |
||
| 68 | 67 | /** |
| 69 | 68 | * Destructor |
| 70 | 69 | */ |
| 71 | - public function __destruct() |
|
| 72 | - { |
|
| 70 | + public function __destruct() { |
|
| 73 | 71 | // delete X.509 chain certificate file after use |
| 74 | 72 | if ($this->x5cTempFile !== null && is_file($this->x5cTempFile)) { |
| 75 | 73 | unlink($this->x5cTempFile); |
@@ -41,8 +41,7 @@ |
||
| 41 | 41 | * @class Tpm |
| 42 | 42 | * @package Platine\Webauthn\Attestation\Format |
| 43 | 43 | */ |
| 44 | -class Tpm extends BaseFormat |
|
| 45 | -{ |
|
| 44 | +class Tpm extends BaseFormat { |
|
| 46 | 45 | public const TPM_GENERATED_VALUE = "\xFF\x54\x43\x47"; |
| 47 | 46 | public const TPM_ST_ATTEST_CERTIFY = "\x80\x17"; |
| 48 | 47 | |
@@ -193,9 +193,9 @@ |
||
| 193 | 193 | } |
| 194 | 194 | |
| 195 | 195 | /** |
| 196 | - * {@inheritdoc} |
|
| 197 | - * @return mixed |
|
| 198 | - */ |
|
| 196 | + * {@inheritdoc} |
|
| 197 | + * @return mixed |
|
| 198 | + */ |
|
| 199 | 199 | public function jsonSerialize(): mixed |
| 200 | 200 | { |
| 201 | 201 | return get_object_vars($this); |
@@ -43,8 +43,7 @@ discard block |
||
| 43 | 43 | * @class CredentialPublicKey |
| 44 | 44 | * @package Platine\Webauthn\Entity |
| 45 | 45 | */ |
| 46 | -class CredentialPublicKey implements JsonSerializable |
|
| 47 | -{ |
|
| 46 | +class CredentialPublicKey implements JsonSerializable { |
|
| 48 | 47 | /* |
| 49 | 48 | * Cose encoded keys |
| 50 | 49 | */ |
@@ -117,8 +116,7 @@ discard block |
||
| 117 | 116 | * @param int $offset |
| 118 | 117 | * @param int $endOffset |
| 119 | 118 | */ |
| 120 | - public function __construct(string $binaryData, int $offset, int &$endOffset) |
|
| 121 | - { |
|
| 119 | + public function __construct(string $binaryData, int $offset, int &$endOffset) { |
|
| 122 | 120 | $enc = CborDecoder::decodeInPlace($binaryData, $offset, $endOffset); |
| 123 | 121 | |
| 124 | 122 | // COSE key-encoded elliptic curve public key in EC2 format |
@@ -127,9 +127,9 @@ |
||
| 127 | 127 | } |
| 128 | 128 | |
| 129 | 129 | /** |
| 130 | - * {@inheritdoc} |
|
| 131 | - * @return mixed |
|
| 132 | - */ |
|
| 130 | + * {@inheritdoc} |
|
| 131 | + * @return mixed |
|
| 132 | + */ |
|
| 133 | 133 | public function jsonSerialize(): mixed |
| 134 | 134 | { |
| 135 | 135 | return get_object_vars($this); |
@@ -40,8 +40,7 @@ |
||
| 40 | 40 | * @class AuthenticatorSelection |
| 41 | 41 | * @package Platine\Webauthn\Entity |
| 42 | 42 | */ |
| 43 | -class AuthenticatorSelection implements JsonSerializable |
|
| 44 | -{ |
|
| 43 | +class AuthenticatorSelection implements JsonSerializable { |
|
| 45 | 44 | /** |
| 46 | 45 | * The authenticator attachment |
| 47 | 46 | * @var string |
