WebAuthnAuthenticationEvent::validateSignature() - Code Metrics - simplesamlphp/simplesamlphp-module-webauthn - Measure and Improve Code Quality continuously with Scrutinizer

WebAuthnAuthenticationEvent::validateSignature() B
last analyzed 2025-12-19 16:37 UTC

↳ Parent: WebAuthnAuthenticationEvent

Complexity

Conditions	6
Paths	18

Size

Total Lines	32
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	25
c	1
b	0
f	0
dl	0
loc	32
rs	8.8977
cc	6
nc	18
nop	2

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\webauthn\WebAuthn;

use Cose\Key\Ec2Key;
use Cose\Key\RsaKey;

/**
 * FIDO2/WebAuthn Authentication Processing filter
 *
 * Filter for registering or authenticating with a FIDO2/WebAuthn token after
 * having authenticated with the primary authsource.
 *
 * @author Stefan Winter <[email protected]>
 * @package SimpleSAMLphp
 */
class WebAuthnAuthenticationEvent extends WebAuthnAbstractEvent
filter:
    dependency_paths: ["lib/*"]
{
    /**
     * Initialize the event object.
     *
     * Validates and parses the configuration.
     *
     * @param string $pubkeyCredType  PublicKeyCredential.type
     * @param string $scope           the scope of the event
     * @param string $challenge       the challenge which was used to trigger this event
     * @param string $authData        the authData binary string
     * @param string $clientDataJSON  the client data JSON string which is present in all types of events
     * @param string $credentialId    the credential ID
     * @param string $publicKey       the public key which is supposed to validate the sig
     *                                (COSE format, still needs to be converted to PEM!)
     * @param string $signature       the signature value to verify
     * @param bool $debugMode         print debugging statements?
     */
    public function __construct(
        string $pubkeyCredType,
        string $scope,
        string $challenge,
        string $authData,
        string $clientDataJSON,
        string $credentialId,
        string $publicKey,
        int $algo,
        string $signature,
        bool $debugMode = false,
    ) {
        $this->eventType = "AUTH";

        $this->credential = $publicKey;

        $this->algo = $algo;

        $this->credentialId = $credentialId;

        parent::__construct($pubkeyCredType, $scope, $challenge, $authData, $clientDataJSON, $debugMode);
        $this->validateSignature($authData . $this->clientDataHash, $signature);
    }


    /**
     */
    private function validateSignature(string $sigData, string $signature): void
    {
        $keyArray = $this->cborDecode(hex2bin($this->credential));
        $keyObject = null;
        switch ($this->algo) {
            case WebAuthnRegistrationEvent::PK_ALGORITHM_ECDSA:
filter:
    dependency_paths: ["lib/*"]
                $keyObject = new Ec2Key($keyArray);
                break;
            case WebAuthnRegistrationEvent::PK_ALGORITHM_RSA:
                $keyObject = new RsaKey($keyArray);
                break;
            default:
                $this->fail("Incoming public key algorithm unknown and not supported!");
        }
        $keyResource = openssl_pkey_get_public($keyObject->asPEM());
        if ($keyResource === false) {
            $this->fail("Unable to construct public key resource from PEM (was algo type " . $this->algo . ").");
        }
        /**
         * §7.2 STEP 17: validate signature
         */
        $sigcheck = openssl_verify($sigData, $signature, $keyResource, OPENSSL_ALGO_SHA256);
        switch ($sigcheck) {
            case 1:
                $this->pass("Signature validation succeeded!");
                break;
            case 0:
                $this->fail("Signature validation failed (sigdata = $sigData) (signature = $signature) !");
                break;
            default:
                $this->fail("There was an error executing the signature check.");
                break;
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\webauthn\WebAuthn;
6
7			use Cose\Key\Ec2Key;
8			use Cose\Key\RsaKey;
9
10			/**
11			* FIDO2/WebAuthn Authentication Processing filter
12			*
13			* Filter for registering or authenticating with a FIDO2/WebAuthn token after
14			* having authenticated with the primary authsource.
15			*
16			* @author Stefan Winter <[email protected]>
17			* @package SimpleSAMLphp
18			*/
19			class WebAuthnAuthenticationEvent extends WebAuthnAbstractEvent
			0 ignored issues – show Bug introduced 2024-08-13 10:12 UTC by Report Bug Copy Issue Report The type `SimpleSAML\Module\webaut...n\WebAuthnAbstractEvent` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
20			{
21			/**
22			* Initialize the event object.
23			*
24			* Validates and parses the configuration.
25			*
26			* @param string $pubkeyCredType PublicKeyCredential.type
27			* @param string $scope the scope of the event
28			* @param string $challenge the challenge which was used to trigger this event
29			* @param string $authData the authData binary string
30			* @param string $clientDataJSON the client data JSON string which is present in all types of events
31			* @param string $credentialId the credential ID
32			* @param string $publicKey the public key which is supposed to validate the sig
33			* (COSE format, still needs to be converted to PEM!)
34			* @param string $signature the signature value to verify
35			* @param bool $debugMode print debugging statements?
36			*/
37			public function __construct(
38			string $pubkeyCredType,
39			string $scope,
40			string $challenge,
41			string $authData,
42			string $clientDataJSON,
43			string $credentialId,
44			string $publicKey,
45			int $algo,
46			string $signature,
47			bool $debugMode = false,
48			) {
49			$this->eventType = "AUTH";
			0 ignored issues – show Bug Best Practice introduced 2024-08-13 10:12 UTC by Report Bug Copy Issue Report The property `eventType` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
50			$this->credential = $publicKey;
			0 ignored issues – show Bug Best Practice introduced 2024-08-13 10:12 UTC by Report Bug Copy Issue Report The property `credential` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
51			$this->algo = $algo;
			0 ignored issues – show Bug Best Practice introduced 2024-08-13 10:12 UTC by Report Bug Copy Issue Report The property `algo` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
52			$this->credentialId = $credentialId;
			0 ignored issues – show Bug Best Practice introduced 2024-08-13 10:12 UTC by Report Bug Copy Issue Report The property `credentialId` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
53			parent::__construct($pubkeyCredType, $scope, $challenge, $authData, $clientDataJSON, $debugMode);
54			$this->validateSignature($authData . $this->clientDataHash, $signature);
55			}
56
57
58			/**
59			*/
60			private function validateSignature(string $sigData, string $signature): void
61			{
62			$keyArray = $this->cborDecode(hex2bin($this->credential));
63			$keyObject = null;
64			switch ($this->algo) {
65			case WebAuthnRegistrationEvent::PK_ALGORITHM_ECDSA:
			0 ignored issues – show Bug introduced 2025-12-19 10:27 UTC by Report Bug Copy Issue Report The type `SimpleSAML\Module\webaut...bAuthnRegistrationEvent` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
66			$keyObject = new Ec2Key($keyArray);
67			break;
68			case WebAuthnRegistrationEvent::PK_ALGORITHM_RSA:
69			$keyObject = new RsaKey($keyArray);
70			break;
71			default:
72			$this->fail("Incoming public key algorithm unknown and not supported!");
73			}
74			$keyResource = openssl_pkey_get_public($keyObject->asPEM());
75			if ($keyResource === false) {
76			$this->fail("Unable to construct public key resource from PEM (was algo type " . $this->algo . ").");
77			}
78			/**
79			* §7.2 STEP 17: validate signature
80			*/
81			$sigcheck = openssl_verify($sigData, $signature, $keyResource, OPENSSL_ALGO_SHA256);
82			switch ($sigcheck) {
83			case 1:
84			$this->pass("Signature validation succeeded!");
85			break;
86			case 0:
87			$this->fail("Signature validation failed (sigdata = $sigData) (signature = $signature) !");
88			break;
89			default:
90			$this->fail("There was an error executing the signature check.");
91			break;
92			}
93			}
94			}
95

simplesamlphp / simplesamlphp-module-webauthn

WebAuthnAuthenticationEvent::validateSignature() B last analyzed 2025-12-19 16:37 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

WebAuthnAuthenticationEvent::validateSignature() B
last analyzed 2025-12-19 16:37 UTC