simplesamlphp /
simplesamlphp-module-webauthn
@@ -182,7 +182,7 @@ |
||
| 182 | 182 | return $this->credential; |
| 183 | 183 | } |
| 184 | 184 | |
| 185 | - /** |
|
| 185 | + /** |
|
| 186 | 186 | * @return int |
| 187 | 187 | */ |
| 188 | 188 | public function getAlgo(): int |
@@ -196,7 +196,7 @@ |
||
| 196 | 196 | $id = $this->authState::saveState($state, 'webauthn:request'); |
| 197 | 197 | if ($debugEnabled === true) { |
| 198 | 198 | $response = new RunnableResponse( |
| 199 | - function (WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 199 | + function(WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 200 | 200 | echo $regObject->getDebugBuffer(); |
| 201 | 201 | echo $regObject->getValidateBuffer(); |
| 202 | 202 | echo "<form id='regform' method='POST' action='" . |
@@ -109,7 +109,7 @@ |
||
| 109 | 109 | } |
| 110 | 110 | return self::STATE_AUTH_ALLOWMGMT; |
| 111 | 111 | } else { // in inflow, allow to check the management box; otherwise, |
| 112 | - // only auth |
|
| 112 | + // only auth |
|
| 113 | 113 | $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray(); |
| 114 | 114 | return $moduleConfig['registration']['use_inflow_registration'] ? self::STATE_AUTH_ALLOWMGMT : self::STATE_AUTH_NOMGMT; |
| 115 | 115 | } |
@@ -215,7 +215,7 @@ |
||
| 215 | 215 | $frontendData = []; |
| 216 | 216 | $frontendData['challengeEncoded'] = $challengeEncoded; |
| 217 | 217 | $frontendData['state'] = []; |
| 218 | - foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) { |
|
| 218 | + foreach (['FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) { |
|
| 219 | 219 | $frontendData['state'][$stateItem] = $state[$stateItem]; |
| 220 | 220 | } |
| 221 | 221 | |
@@ -131,7 +131,7 @@ |
||
| 131 | 131 | // this is the confirmed username, we store it just like the Passwordless |
| 132 | 132 | // one would have been |
| 133 | 133 | |
| 134 | - $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [ $request->request->get("username") ]; |
|
| 134 | + $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [$request->request->get("username")]; |
|
| 135 | 135 | |
| 136 | 136 | // we deliberately do not store any additional attributes - these have |
| 137 | 137 | // to be retrieved from the same authproc that would retrieve them |
@@ -215,7 +215,7 @@ |
||
| 215 | 215 | $frontendData = []; |
| 216 | 216 | $frontendData['challengeEncoded'] = $challengeEncoded; |
| 217 | 217 | $frontendData['state'] = []; |
| 218 | - foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) { |
|
| 218 | + foreach (['FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) { |
|
| 219 | 219 | $frontendData['state'][$stateItem] = $state[$stateItem]; |
| 220 | 220 | } |
| 221 | 221 | |
@@ -169,7 +169,7 @@ discard block |
||
| 169 | 169 | base64_decode($request->request->get('client_data_raw')), |
| 170 | 170 | $oneToken[0], |
| 171 | 171 | $oneToken[1], |
| 172 | - (int)$oneToken[4], // algo |
|
| 172 | + (int) $oneToken[4], // algo |
|
| 173 | 173 | base64_decode($request->request->get('signature')), |
| 174 | 174 | $debugEnabled |
| 175 | 175 | ); |
@@ -227,7 +227,7 @@ discard block |
||
| 227 | 227 | |
| 228 | 228 | if ($debugEnabled) { |
| 229 | 229 | $response = new RunnableResponse( |
| 230 | - function (WebAuthnAuthenticationEvent $authObject, array $state) { |
|
| 230 | + function(WebAuthnAuthenticationEvent $authObject, array $state) { |
|
| 231 | 231 | echo $authObject->getDebugBuffer(); |
| 232 | 232 | echo $authObject->getValidateBuffer(); |
| 233 | 233 | echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
@@ -251,7 +251,7 @@ discard block |
||
| 251 | 251 | * In passwordless, we're on our own. The one thing we know is the |
| 252 | 252 | * username. |
| 253 | 253 | */ |
| 254 | - $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [ $state['FIDO2Username'] ]; |
|
| 254 | + $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [$state['FIDO2Username']]; |
|
| 255 | 255 | // in case this authentication happened in the Supercharged context |
| 256 | 256 | // it may be that there is an authprocfilter for WebAuthN, too. |
| 257 | 257 | |
@@ -269,7 +269,7 @@ discard block |
||
| 269 | 269 | } |
| 270 | 270 | // set an internal "authenticated passwordless" hint somewhere else |
| 271 | 271 | // in $state, which the authproc can react upon |
| 272 | - $state['Attributes']['internal:FIDO2PasswordlessAuthentication'] = [ $state['FIDO2Username'] ]; |
|
| 272 | + $state['Attributes']['internal:FIDO2PasswordlessAuthentication'] = [$state['FIDO2Username']]; |
|
| 273 | 273 | |
| 274 | 274 | $this->authState::saveState($state, 'webauthn:request'); |
| 275 | 275 | |
@@ -380,8 +380,8 @@ discard block |
||
| 380 | 380 | * §8.2 Step 2 Bullet 1: check signature |
| 381 | 381 | */ |
| 382 | 382 | $retCode = openssl_verify($sigdata, $stmtDecoded['sig'], $keyResource, "sha256"); |
| 383 | - if ( $retCode !== 1) { |
|
| 384 | - $this->fail("Packed signature mismatch (return code $retCode, for :authdata:".$attestationArray['authData']." - :clientDataHash:".$this->clientDataHash." - :signature:".$stmtDecoded['sig']."), attestation failed."); |
|
| 383 | + if ($retCode !== 1) { |
|
| 384 | + $this->fail("Packed signature mismatch (return code $retCode, for :authdata:" . $attestationArray['authData'] . " - :clientDataHash:" . $this->clientDataHash . " - :signature:" . $stmtDecoded['sig'] . "), attestation failed."); |
|
| 385 | 385 | } |
| 386 | 386 | $this->pass("x5c sig check passed."); |
| 387 | 387 | } |
@@ -482,7 +482,7 @@ discard block |
||
| 482 | 482 | } |
| 483 | 483 | |
| 484 | 484 | // Keymaster 3 - KeyMint ??? |
| 485 | - private const ORIGINS_3 = [ // https://source.android.com/docs/security/features/keystore/tags#origin |
|
| 485 | + private const ORIGINS_3 = [// https://source.android.com/docs/security/features/keystore/tags#origin |
|
| 486 | 486 | 0 => "GENERATED", |
| 487 | 487 | 1 => "DERIVED", |
| 488 | 488 | 2 => "IMPORTED", |
@@ -700,7 +700,7 @@ discard block |
||
| 700 | 700 | * STEP 13 of the validation procedure in § 7.1 of the spec: is the algorithm the expected one? |
| 701 | 701 | */ |
| 702 | 702 | if (in_array($arrayPK['3'], self::PK_ALGORITHM)) { // we requested -7 or -257, so want to see it here |
| 703 | - $this->algo = (int)$arrayPK['3']; |
|
| 703 | + $this->algo = (int) $arrayPK['3']; |
|
| 704 | 704 | $this->pass("Public Key Algorithm is expected (" . implode(' or ', WebAuthnRegistrationEvent::PK_ALGORITHM) . ")."); |
| 705 | 705 | } else { |
| 706 | 706 | $this->fail("Public Key Algorithm mismatch!"); |
