simplesamlphp /
simplesamlphp-module-webauthn
@@ -120,7 +120,7 @@ |
||
| 120 | 120 | } |
| 121 | 121 | |
| 122 | 122 | if (!is_array($config)) { |
| 123 | - throw new Exception('Invalid configuration for consent store option: '.var_export($config, true)); |
|
| 123 | + throw new Exception('Invalid configuration for consent store option: ' . var_export($config, true)); |
|
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | if (!array_key_exists(0, $config)) { |
@@ -26,18 +26,18 @@ |
||
| 26 | 26 | throw new Exception("Attempt to access the token management page unauthenticated."); |
| 27 | 27 | } |
| 28 | 28 | switch ($_POST['submit']) { |
| 29 | - case "NEVERMIND": |
|
| 30 | - Auth\ProcessingChain::resumeProcessing($state); |
|
| 31 | - break; |
|
| 32 | - case "DELETE": |
|
| 33 | - if ($state['FIDO2AuthSuccessful'] == $_POST['credId']) { |
|
| 34 | - throw new Exception("Attempt to delete the currently used credential despite UI preventing this."); |
|
| 35 | - } |
|
| 36 | - $store = $state['webauthn:store']; |
|
| 37 | - $store->deleteTokenData($_POST['credId']); |
|
| 38 | - Auth\ProcessingChain::resumeProcessing($state); |
|
| 39 | - break; |
|
| 40 | - default: |
|
| 41 | - throw new Exception("Unknown submit button state."); |
|
| 29 | + case "NEVERMIND": |
|
| 30 | + Auth\ProcessingChain::resumeProcessing($state); |
|
| 31 | + break; |
|
| 32 | + case "DELETE": |
|
| 33 | + if ($state['FIDO2AuthSuccessful'] == $_POST['credId']) { |
|
| 34 | + throw new Exception("Attempt to delete the currently used credential despite UI preventing this."); |
|
| 35 | + } |
|
| 36 | + $store = $state['webauthn:store']; |
|
| 37 | + $store->deleteTokenData($_POST['credId']); |
|
| 38 | + Auth\ProcessingChain::resumeProcessing($state); |
|
| 39 | + break; |
|
| 40 | + default: |
|
| 41 | + throw new Exception("Unknown submit button state."); |
|
| 42 | 42 | } |
| 43 | 43 | |
@@ -13,7 +13,7 @@ |
||
| 13 | 13 | use SimpleSAML\Logger; |
| 14 | 14 | use SimpleSAML\Module; |
| 15 | 15 | use SimpleSAML\Utils; |
| 16 | -use SimpleSAML\XHTML\Template;; |
|
| 16 | +use SimpleSAML\XHTML\Template; ; |
|
| 17 | 17 | |
| 18 | 18 | $globalConfig = Configuration::getInstance(); |
| 19 | 19 | |
@@ -82,10 +82,10 @@ |
||
| 82 | 82 | if ($debugEnabled) { |
| 83 | 83 | echo $authObject->debugBuffer; |
| 84 | 84 | echo $authObject->validateBuffer; |
| 85 | - echo "Debug mode, not continuing to ". ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
|
| 85 | + echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
|
| 86 | 86 | } else { |
| 87 | 87 | if ($state['FIDO2WantsRegister']) { |
| 88 | - header("Location: ".Module::getModuleURL('webauthn/webauthn.php?StateId='.urlencode($id))); |
|
| 88 | + header("Location: " . Module::getModuleURL('webauthn/webauthn.php?StateId=' . urlencode($id))); |
|
| 89 | 89 | } else { |
| 90 | 90 | Auth\ProcessingChain::resumeProcessing($state); |
| 91 | 91 | } |
@@ -174,16 +174,16 @@ discard block |
||
| 174 | 174 | */ |
| 175 | 175 | $certProps = openssl_x509_parse($this->der2pem($stmtDecoded['x5c'][0])); |
| 176 | 176 | $this->debugBuffer .= "Attestation Certificate:" . print_r($certProps, true) . "<br/>"; |
| 177 | - if ($certProps['version'] != 2 || /** §8.2.1 Bullet 1 */ |
|
| 178 | - $certProps['subject']['OU'] != "Authenticator Attestation" || /** §8.2.1 Bullet 2 [Subject-OU] */ |
|
| 179 | - !isset($certProps['subject']['CN']) || /** §8.2.1 Bullet 2 [Subject-CN] */ |
|
| 177 | + if ($certProps['version'] != 2 || /** §8.2.1 Bullet 1 */ |
|
| 178 | + $certProps['subject']['OU'] != "Authenticator Attestation" || /** §8.2.1 Bullet 2 [Subject-OU] */ |
|
| 179 | + !isset($certProps['subject']['CN']) || /** §8.2.1 Bullet 2 [Subject-CN] */ |
|
| 180 | 180 | !isset($certProps['extensions']['basicConstraints']) || |
| 181 | 181 | strstr("CA:FALSE", $certProps['extensions']['basicConstraints']) === false /** §8.2.1 Bullet 4 */ |
| 182 | 182 | ) { |
| 183 | 183 | $this->fail("Attestation certificate properties are no good."); |
| 184 | 184 | } |
| 185 | 185 | if (isset(AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)])) { |
| 186 | - if ($certProps['subject']['O'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['O'] || /** §8.2.1 Bullet 2 [Subject-O] */ |
|
| 186 | + if ($certProps['subject']['O'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['O'] || /** §8.2.1 Bullet 2 [Subject-O] */ |
|
| 187 | 187 | $certProps['subject']['C'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['C']) { /** §8.2.1 Bullet 2 [Subject-C] */ |
| 188 | 188 | $this->fail("AAGUID does not match vendor data."); |
| 189 | 189 | } |
@@ -288,18 +288,18 @@ discard block |
||
| 288 | 288 | if (isset($this->credential[-2]) && sizeof($this->credential[-2]) == 32 |
| 289 | 289 | && |
| 290 | 290 | isset($this->credential[-3]) && sizeof($this->credential[-3]) == 32) { |
| 291 | - $publicKeyU2F = chr(4).$this->credential[-2].$this->credential[-3]; |
|
| 291 | + $publicKeyU2F = chr(4) . $this->credential[-2] . $this->credential[-3]; |
|
| 292 | 292 | } else { |
| 293 | 293 | $this->fail("FIDO U2F attestation: the public key is not as expected."); |
| 294 | 294 | } |
| 295 | 295 | /** |
| 296 | 296 | * §8.6 Verification Step 5: create verificationData |
| 297 | 297 | */ |
| 298 | - $verificationData = chr(0).$this->rpIdHash.$this->clientDataHash.$this->credentialId.$publicKeyU2F; |
|
| 298 | + $verificationData = chr(0) . $this->rpIdHash . $this->clientDataHash . $this->credentialId . $publicKeyU2F; |
|
| 299 | 299 | /** |
| 300 | 300 | * §8.6 Verification Step 6: verify signature |
| 301 | 301 | */ |
| 302 | - if (openssl_verify($verificationData, $stmtDecoded['sig'],$attCert, OPENSSL_ALGO_SHA256) !== 1) { |
|
| 302 | + if (openssl_verify($verificationData, $stmtDecoded['sig'], $attCert, OPENSSL_ALGO_SHA256) !== 1) { |
|
| 303 | 303 | $this->fail("FIDO U2F Attestation verification failed."); |
| 304 | 304 | } else { |
| 305 | 305 | $this->pass("Successfully verified FIDO U2F signature."); |
@@ -76,7 +76,7 @@ discard block |
||
| 76 | 76 | $this->store = Store::parseStoreConfig($config['store']); |
| 77 | 77 | } catch (\Exception $e) { |
| 78 | 78 | Logger::error( |
| 79 | - 'webauthn: Could not create storage: '. |
|
| 79 | + 'webauthn: Could not create storage: ' . |
|
| 80 | 80 | $e->getMessage() |
| 81 | 81 | ); |
| 82 | 82 | } |
@@ -132,8 +132,8 @@ discard block |
||
| 132 | 132 | assert(array_key_exists('metadata-set', $state['Source'])); |
| 133 | 133 | |
| 134 | 134 | if (!array_key_exists($this->usernameAttrib, $state['Attributes'])) { |
| 135 | - Logger::warning('webauthn: cannot determine if user needs second factor, missing attribute "'. |
|
| 136 | - $this->usernameAttrib.'".'); |
|
| 135 | + Logger::warning('webauthn: cannot determine if user needs second factor, missing attribute "' . |
|
| 136 | + $this->usernameAttrib . '".'); |
|
| 137 | 137 | return; |
| 138 | 138 | } |
| 139 | 139 | |
