View GitHub Repository simplesamlphp-module-webauthn

Schedule Inspection
Subscribe
Passed
Push — master ( 74c929...60a713 )
by Stefan
10:18
created
Status
Category
Toggle Patches
lib/WebAuthn/WebAuthnRegistrationEvent.php 1 patch
Spacing   +7 added lines, -7 removed lines patch added patch discarded remove patch 
@@ -181,7 +181,7 @@  discard block
 
 block discarded – undo
181 181 
 	// Found the root CA with Google, see above, and will perform chain validation even if the spec doesn't say so.
182 182
183 183 
 	// first, clear the openssl error backlog. We might need error data in case things go sideways.
184 
-	while(openssl_error_string() !== false);
184 
+	while (openssl_error_string() !== false);
185 185
186 186 
         $stmtDecoded = $attestationArray['attStmt'];
187 187 
 	if (!isset($stmtDecoded['x5c'])) {
 
@@ -197,7 +197,7 @@  discard block
 
 block discarded – undo
197 197 
            !isset($certProps['extensions']['1.2.840.113635.100.8.2'])
198 198 
            || empty($certProps['extensions']['1.2.840.113635.100.8.2'])
199 199 
                 ) {
200 
-                    $this->fail( "The required nonce value is not present in the OID." );
200 
+                    $this->fail("The required nonce value is not present in the OID.");
201 201 
                 }
202 202 
 	$toCompare = substr($certProps['extensions']['1.2.840.113635.100.8.2'], 6);
203 203 
 	if ($nonce != $toCompare) {
 
@@ -205,7 +205,7 @@  discard block
 
 block discarded – undo
205 205 
 	}
206 206
207 207 
 	// chain validation first
208 
-	foreach ( $stmtDecoded['x5c'] as $runIndex => $runCert ) {
208 
+	foreach ($stmtDecoded['x5c'] as $runIndex => $runCert) {
209 209 
 		if (isset($stmtDecoded['x5c'][$runIndex + 1])) { // there is a next cert, so follow the chain
210 210 
 			$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
211 211 
 			$signerPubKey = openssl_pkey_get_public(Utils\Crypto::der2pem($stmtDecoded['x5c'][$runIndex + 1]));
 
@@ -219,7 +219,7 @@  discard block
 
 block discarded – undo
219 219 
 			$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
220 220 
 			$signerPubKey = openssl_pkey_get_public($APPLE_WEBAUTHN_ROOT_CA);
221 221 
 			if (openssl_x509_verify($certResource, $signerPubKey) != 1) {
222 
-                                $this->fail("Error during root CA validation of the attestation chain certificate, which is ".Utils\Crypto::der2pem($runCert));
222 
+                                $this->fail("Error during root CA validation of the attestation chain certificate, which is " . Utils\Crypto::der2pem($runCert));
223 223 
                         }
224 224 
 		}
225 225 
 	}
 
@@ -251,9 +251,9 @@  discard block
 
 block discarded – undo
251 251 
 	// § 8.8 Bullet 5
252 252 
 	$credentialDetails = openssl_pkey_get_details($credentialResource);
253 253 
 	$keyDetails = openssl_pkey_get_details($keyResource);
254 
-	if ( $credentialDetails['bits'] != $keyDetails['bits'] ||
255 
-             $credentialDetails['key']  != $keyDetails['key']  ||
256 
-             $credentialDetails['type'] != $keyDetails['type'] ) {
254 
+	if ($credentialDetails['bits'] != $keyDetails['bits'] ||
255 
+             $credentialDetails['key'] != $keyDetails['key'] ||
256 
+             $credentialDetails['type'] != $keyDetails['type']) {
257 257 
 		$this->fail("The credential public key does not match the certificate public key in attestationData. ("
258 258 
               . $credentialDetails['key']
259 259 
               . " - "
Please login to merge, or discard this patch.