View GitHub Repository simplesamlphp-module-webauthn

Schedule Inspection
Subscribe
Passed
Push — master ( ba62bd...5ef40c )
by Stefan
02:25
created
Status
Category
Toggle Patches
lib/WebAuthn/WebAuthnRegistrationEvent.php 1 patch
Spacing   +7 added lines, -7 removed lines patch added patch discarded remove patch 
@@ -174,16 +174,16 @@  discard block
 
 block discarded – undo
174 174 
              */
175 175 
             $certProps = openssl_x509_parse($this->der2pem($stmtDecoded['x5c'][0]));
176 176 
             $this->debugBuffer .= "Attestation Certificate:" . print_r($certProps, true) . "<br/>";
177 
-            if ($certProps['version'] != 2 ||                                                                      /** §8.2.1 Bullet 1 */
178 
-                    $certProps['subject']['OU'] != "Authenticator Attestation" ||                                  /** §8.2.1 Bullet 2 [Subject-OU] */
179 
-                    !isset($certProps['subject']['CN']) ||                                                         /** §8.2.1 Bullet 2 [Subject-CN] */
177 
+            if ($certProps['version'] != 2 || /** §8.2.1 Bullet 1 */
178 
+                    $certProps['subject']['OU'] != "Authenticator Attestation" || /** §8.2.1 Bullet 2 [Subject-OU] */
179 
+                    !isset($certProps['subject']['CN']) || /** §8.2.1 Bullet 2 [Subject-CN] */
180 180 
                     !isset($certProps['extensions']['basicConstraints']) ||
181 181 
                     strstr("CA:FALSE", $certProps['extensions']['basicConstraints']) === false                     /** §8.2.1 Bullet 4 */
182 182 
             ) {
183 183 
                 $this->fail("Attestation certificate properties are no good.");
184 184 
             }
185 185 
             if (isset(AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)])) {
186 
-                if ($certProps['subject']['O'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['O'] ||     /** §8.2.1 Bullet 2 [Subject-O] */
186 
+                if ($certProps['subject']['O'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['O'] || /** §8.2.1 Bullet 2 [Subject-O] */
187 187 
                         $certProps['subject']['C'] != AAGUID::AAGUID_DICTIONARY[strtolower($this->AAGUID)]['C']) { /** §8.2.1 Bullet 2 [Subject-C] */
188 188 
                     $this->fail("AAGUID does not match vendor data.");
189 189 
                 }
 
@@ -288,18 +288,18 @@  discard block
 
 block discarded – undo
288 288 
         if (isset($this->credential[-2]) && sizeof($this->credential[-2]) == 32
289 289 
               &&
290 290 
             isset($this->credential[-3]) && sizeof($this->credential[-3]) == 32) {
291 
-            $publicKeyU2F = chr(4).$this->credential[-2].$this->credential[-3];
291 
+            $publicKeyU2F = chr(4) . $this->credential[-2] . $this->credential[-3];
292 292 
         } else {
293 293 
             $this->fail("FIDO U2F attestation: the public key is not as expected.");
294 294 
         }
295 295 
         /**
296 296 
          * §8.6 Verification Step 5: create verificationData
297 297 
          */
298 
-        $verificationData = chr(0).$this->rpIdHash.$this->clientDataHash.$this->credentialId.$publicKeyU2F;
298 
+        $verificationData = chr(0) . $this->rpIdHash . $this->clientDataHash . $this->credentialId . $publicKeyU2F;
299 299 
         /**
300 300 
          * §8.6 Verification Step 6: verify signature
301 301 
          */
302 
-        if (openssl_verify($verificationData, $stmtDecoded['sig'],$attCert, OPENSSL_ALGO_SHA256) !== 1) {
302 
+        if (openssl_verify($verificationData, $stmtDecoded['sig'], $attCert, OPENSSL_ALGO_SHA256) !== 1) {
303 303 
             $this->fail("FIDO U2F Attestation verification failed.");
304 304 
         } else {
305 305 
             $this->pass("Successfully verified FIDO U2F signature.");
Please login to merge, or discard this patch.