Project import generated by Copybara.

GitOrigin-RevId: 63746295f1a5ab5a619056791995793d65529e62
diff --git a/src/lib/WebAuthn/WebAuthn.php b/src/lib/WebAuthn/WebAuthn.php
new file mode 100644
index 0000000..0da0aa6
--- /dev/null
+++ b/src/lib/WebAuthn/WebAuthn.php
@@ -0,0 +1,677 @@
+<?php
+
+namespace lbuchs\WebAuthn;
+use lbuchs\WebAuthn\Binary\ByteBuffer;
+require_once 'WebAuthnException.php';
+require_once 'Binary/ByteBuffer.php';
+require_once 'Attestation/AttestationObject.php';
+require_once 'Attestation/AuthenticatorData.php';
+require_once 'Attestation/Format/FormatBase.php';
+require_once 'Attestation/Format/None.php';
+require_once 'Attestation/Format/AndroidKey.php';
+require_once 'Attestation/Format/AndroidSafetyNet.php';
+require_once 'Attestation/Format/Apple.php';
+require_once 'Attestation/Format/Packed.php';
+require_once 'Attestation/Format/Tpm.php';
+require_once 'Attestation/Format/U2f.php';
+require_once 'CBOR/CborDecoder.php';
+
+/**
+ * WebAuthn
+ * @author Lukas Buchs
+ * @license https://github.com/lbuchs/WebAuthn/blob/master/LICENSE MIT
+ */
+class WebAuthn {
+    // relying party
+    private $_rpName;
+    private $_rpId;
+    private $_rpIdHash;
+    private $_challenge;
+    private $_signatureCounter;
+    private $_caFiles;
+    private $_formats;
+
+    /**
+     * Initialize a new WebAuthn server
+     * @param string $rpName the relying party name
+     * @param string $rpId the relying party ID = the domain name
+     * @param bool $useBase64UrlEncoding true to use base64 url encoding for binary data in json objects. Default is a RFC 1342-Like serialized string.
+     * @throws WebAuthnException
+     */
+    public function __construct($rpName, $rpId, $allowedFormats=null, $useBase64UrlEncoding=false) {
+        $this->_rpName = $rpName;
+        $this->_rpId = $rpId;
+        $this->_rpIdHash = \hash('sha256', $rpId, true);
+        ByteBuffer::$useBase64UrlEncoding = !!$useBase64UrlEncoding;
+        $supportedFormats = array('android-key', 'android-safetynet', 'apple', 'fido-u2f', 'none', 'packed', 'tpm');
+
+        if (!\function_exists('\openssl_open')) {
+            throw new WebAuthnException('OpenSSL-Module not installed');
+        }
+
+        if (!\in_array('SHA256', \array_map('\strtoupper', \openssl_get_md_methods()))) {
+            throw new WebAuthnException('SHA256 not supported by this openssl installation.');
+        }
+
+        // default: all format
+        if (!is_array($allowedFormats)) {
+            $allowedFormats = $supportedFormats;
+        }
+        $this->_formats = $allowedFormats;
+
+        // validate formats
+        $invalidFormats = \array_diff($this->_formats, $supportedFormats);
+        if (!$this->_formats || $invalidFormats) {
+            throw new WebAuthnException('invalid formats on construct: ' . implode(', ', $invalidFormats));
+        }
+    }
+
+    /**
+     * add a root certificate to verify new registrations
+     * @param string $path file path of / directory with root certificates
+     * @param array|null $certFileExtensions if adding a direction, all files with provided extension are added. default: pem, crt, cer, der
+     */
+    public function addRootCertificates($path, $certFileExtensions=null) {
+        if (!\is_array($this->_caFiles)) {
+            $this->_caFiles = [];
+        }
+        if ($certFileExtensions === null) {
+            $certFileExtensions = array('pem', 'crt', 'cer', 'der');
+        }
+        $path = \rtrim(\trim($path), '\\/');
+        if (\is_dir($path)) {
+            foreach (\scandir($path) as $ca) {
+                if (\is_file($path . DIRECTORY_SEPARATOR . $ca) && \in_array(\strtolower(\pathinfo($ca, PATHINFO_EXTENSION)), $certFileExtensions)) {
+                    $this->addRootCertificates($path . DIRECTORY_SEPARATOR . $ca);
+                }
+            }
+        } else if (\is_file($path) && !\in_array(\realpath($path), $this->_caFiles)) {
+            $this->_caFiles[] = \realpath($path);
+        }
+    }
+
+    /**
+     * Returns the generated challenge to save for later validation
+     * @return ByteBuffer
+     */
+    public function getChallenge() {
+        return $this->_challenge;
+    }
+
+    /**
+     * generates the object for a key registration
+     * provide this data to navigator.credentials.create
+     * @param string $userId
+     * @param string $userName
+     * @param string $userDisplayName
+     * @param int $timeout timeout in seconds
+     * @param bool|string $requireResidentKey      'required', if the key should be stored by the authentication device
+     *                                             Valid values:
+     *                                             true = required
+     *                                             false = preferred
+     *                                             string 'required' 'preferred' 'discouraged'
+     * @param bool|string $requireUserVerification indicates that you require user verification and will fail the operation
+     *                                             if the response does not have the UV flag set.
+     *                                             Valid values:
+     *                                             true = required
+     *                                             false = preferred
+     *                                             string 'required' 'preferred' 'discouraged'
+     * @param bool|null $crossPlatformAttachment   true for cross-platform devices (eg. fido usb),
+     *                                             false for platform devices (eg. windows hello, android safetynet),
+     *                                             null for both
+     * @param array $excludeCredentialIds a array of ids, which are already registered, to prevent re-registration
+     * @return \stdClass
+     */
+    public function getCreateArgs($userId, $userName, $userDisplayName, $timeout=20, $requireResidentKey=false, $requireUserVerification=false, $crossPlatformAttachment=null, $excludeCredentialIds=[]) {
+
+        $args = new \stdClass();
+        $args->publicKey = new \stdClass();
+
+        // relying party
+        $args->publicKey->rp = new \stdClass();
+        $args->publicKey->rp->name = $this->_rpName;
+        $args->publicKey->rp->id = $this->_rpId;
+
+        $args->publicKey->authenticatorSelection = new \stdClass();
+        $args->publicKey->authenticatorSelection->userVerification = 'preferred';
+
+        // validate User Verification Requirement
+        if (\is_bool($requireUserVerification)) {
+            $args->publicKey->authenticatorSelection->userVerification = $requireUserVerification ? 'required' : 'preferred';
+
+        } else if (\is_string($requireUserVerification) && \in_array(\strtolower($requireUserVerification), ['required', 'preferred', 'discouraged'])) {
+            $args->publicKey->authenticatorSelection->userVerification = \strtolower($requireUserVerification);
+        }
+
+        // validate Resident Key Requirement
+        if (\is_bool($requireResidentKey) && $requireResidentKey) {
+            $args->publicKey->authenticatorSelection->requireResidentKey = true;
+            $args->publicKey->authenticatorSelection->residentKey = 'required';
+
+        } else if (\is_string($requireResidentKey) && \in_array(\strtolower($requireResidentKey), ['required', 'preferred', 'discouraged'])) {
+            $requireResidentKey = \strtolower($requireResidentKey);
+            $args->publicKey->authenticatorSelection->residentKey = $requireResidentKey;
+            $args->publicKey->authenticatorSelection->requireResidentKey = $requireResidentKey === 'required';
+        }
+
+        // filte authenticators attached with the specified authenticator attachment modality
+        if (\is_bool($crossPlatformAttachment)) {
+            $args->publicKey->authenticatorSelection->authenticatorAttachment = $crossPlatformAttachment ? 'cross-platform' : 'platform';
+        }
+
+        // user
+        $args->publicKey->user = new \stdClass();
+        $args->publicKey->user->id = new ByteBuffer($userId); // binary
+        $args->publicKey->user->name = $userName;
+        $args->publicKey->user->displayName = $userDisplayName;
+
+        // supported algorithms
+        $args->publicKey->pubKeyCredParams = [];
+
+        if (function_exists('sodium_crypto_sign_verify_detached') || \in_array('ed25519', \openssl_get_curve_names(), true)) {
+            $tmp = new \stdClass();
+            $tmp->type = 'public-key';
+            $tmp->alg = -8; // EdDSA
+            $args->publicKey->pubKeyCredParams[] = $tmp;
+            unset ($tmp);
+        }
+
+        if (\in_array('prime256v1', \openssl_get_curve_names(), true)) {
+            $tmp = new \stdClass();
+            $tmp->type = 'public-key';
+            $tmp->alg = -7; // ES256
+            $args->publicKey->pubKeyCredParams[] = $tmp;
+            unset ($tmp);
+        }
+
+        $tmp = new \stdClass();
+        $tmp->type = 'public-key';
+        $tmp->alg = -257; // RS256
+        $args->publicKey->pubKeyCredParams[] = $tmp;
+        unset ($tmp);
+
+        // if there are root certificates added, we need direct attestation to validate
+        // against the root certificate. If there are no root-certificates added,
+        // anonymization ca are also accepted, because we can't validate the root anyway.
+        $attestation = 'indirect';
+        if (\is_array($this->_caFiles)) {
+            $attestation = 'direct';
+        }
+
+        $args->publicKey->attestation = \count($this->_formats) === 1 && \in_array('none', $this->_formats) ? 'none' : $attestation;
+        $args->publicKey->extensions = new \stdClass();
+        $args->publicKey->extensions->exts = true;
+        $args->publicKey->timeout = $timeout * 1000; // microseconds
+        $args->publicKey->challenge = $this->_createChallenge(); // binary
+
+        //prevent re-registration by specifying existing credentials
+        $args->publicKey->excludeCredentials = [];
+
+        if (is_array($excludeCredentialIds)) {
+            foreach ($excludeCredentialIds as $id) {
+                $tmp = new \stdClass();
+                $tmp->id = $id instanceof ByteBuffer ? $id : new ByteBuffer($id);  // binary
+                $tmp->type = 'public-key';
+                $tmp->transports = array('usb', 'nfc', 'ble', 'hybrid', 'internal');
+                $args->publicKey->excludeCredentials[] = $tmp;
+                unset ($tmp);
+            }
+        }
+
+        return $args;
+    }
+
+    /**
+     * generates the object for key validation
+     * Provide this data to navigator.credentials.get
+     * @param array $credentialIds binary
+     * @param int $timeout timeout in seconds
+     * @param bool $allowUsb allow removable USB
+     * @param bool $allowNfc allow Near Field Communication (NFC)
+     * @param bool $allowBle allow Bluetooth
+     * @param bool $allowHybrid allow a combination of (often separate) data-transport and proximity mechanisms.
+     * @param bool $allowInternal allow client device-specific transport. These authenticators are not removable from the client device.
+     * @param bool|string $requireUserVerification indicates that you require user verification and will fail the operation
+     *                                             if the response does not have the UV flag set.
+     *                                             Valid values:
+     *                                             true = required
+     *                                             false = preferred
+     *                                             string 'required' 'preferred' 'discouraged'
+     * @return \stdClass
+     */
+    public function getGetArgs($credentialIds=[], $timeout=20, $allowUsb=true, $allowNfc=true, $allowBle=true, $allowHybrid=true, $allowInternal=true, $requireUserVerification=false) {
+
+        // validate User Verification Requirement
+        if (\is_bool($requireUserVerification)) {
+            $requireUserVerification = $requireUserVerification ? 'required' : 'preferred';
+        } else if (\is_string($requireUserVerification) && \in_array(\strtolower($requireUserVerification), ['required', 'preferred', 'discouraged'])) {
+            $requireUserVerification = \strtolower($requireUserVerification);
+        } else {
+            $requireUserVerification = 'preferred';
+        }
+
+        $args = new \stdClass();
+        $args->publicKey = new \stdClass();
+        $args->publicKey->timeout = $timeout * 1000; // microseconds
+        $args->publicKey->challenge = $this->_createChallenge();  // binary
+        $args->publicKey->userVerification = $requireUserVerification;
+        $args->publicKey->rpId = $this->_rpId;
+
+        if (\is_array($credentialIds) && \count($credentialIds) > 0) {
+            $args->publicKey->allowCredentials = [];
+
+            foreach ($credentialIds as $id) {
+                $tmp = new \stdClass();
+                $tmp->id = $id instanceof ByteBuffer ? $id : new ByteBuffer($id);  // binary
+                $tmp->transports = [];
+
+                if ($allowUsb) {
+                    $tmp->transports[] = 'usb';
+                }
+                if ($allowNfc) {
+                    $tmp->transports[] = 'nfc';
+                }
+                if ($allowBle) {
+                    $tmp->transports[] = 'ble';
+                }
+                if ($allowHybrid) {
+                    $tmp->transports[] = 'hybrid';
+                }
+                if ($allowInternal) {
+                    $tmp->transports[] = 'internal';
+                }
+
+                $tmp->type = 'public-key';
+                $args->publicKey->allowCredentials[] = $tmp;
+                unset ($tmp);
+            }
+        }
+
+        return $args;
+    }
+
+    /**
+     * returns the new signature counter value.
+     * returns null if there is no counter
+     * @return ?int
+     */
+    public function getSignatureCounter() {
+        return \is_int($this->_signatureCounter) ? $this->_signatureCounter : null;
+    }
+
+    /**
+     * process a create request and returns data to save for future logins
+     * @param string $clientDataJSON binary from browser
+     * @param string $attestationObject binary from browser
+     * @param string|ByteBuffer $challenge binary used challange
+     * @param bool $requireUserVerification true, if the device must verify user (e.g. by biometric data or pin)
+     * @param bool $requireUserPresent false, if the device must NOT check user presence (e.g. by pressing a button)
+     * @param bool $failIfRootMismatch false, if there should be no error thrown if root certificate doesn't match
+     * @param bool $requireCtsProfileMatch false, if you don't want to check if the device is approved as a Google-certified Android device.
+     * @return \stdClass
+     * @throws WebAuthnException
+     */
+    public function processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true, $requireCtsProfileMatch=true) {
+        $clientDataHash = \hash('sha256', $clientDataJSON, true);
+        $clientData = \json_decode($clientDataJSON);
+        $challenge = $challenge instanceof ByteBuffer ? $challenge : new ByteBuffer($challenge);
+
+        // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential
+
+        // 2. Let C, the client data claimed as collected during the credential creation,
+        //    be the result of running an implementation-specific JSON parser on JSONtext.
+        if (!\is_object($clientData)) {
+            throw new WebAuthnException('invalid client data', WebAuthnException::INVALID_DATA);
+        }
+
+        // 3. Verify that the value of C.type is webauthn.create.
+        if (!\property_exists($clientData, 'type') || $clientData->type !== 'webauthn.create') {
+            throw new WebAuthnException('invalid type', WebAuthnException::INVALID_TYPE);
+        }
+
+        // 4. Verify that the value of C.challenge matches the challenge that was sent to the authenticator in the create() call.
+        if (!\property_exists($clientData, 'challenge') || ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString()) {
+            throw new WebAuthnException('invalid challenge', WebAuthnException::INVALID_CHALLENGE);
+        }
+
+        // 5. Verify that the value of C.origin matches the Relying Party's origin.
+        if (!\property_exists($clientData, 'origin') || !$this->_checkOrigin($clientData->origin)) {
+            throw new WebAuthnException('invalid origin', WebAuthnException::INVALID_ORIGIN);
+        }
+
+        // Attestation
+        $attestationObject = new Attestation\AttestationObject($attestationObject, $this->_formats);
+
+        // 9. Verify that the RP ID hash in authData is indeed the SHA-256 hash of the RP ID expected by the RP.
+        if (!$attestationObject->validateRpIdHash($this->_rpIdHash)) {
+            throw new WebAuthnException('invalid rpId hash', WebAuthnException::INVALID_RELYING_PARTY);
+        }
+
+        // 14. Verify that attStmt is a correct attestation statement, conveying a valid attestation signature
+        if (!$attestationObject->validateAttestation($clientDataHash)) {
+            throw new WebAuthnException('invalid certificate signature', WebAuthnException::INVALID_SIGNATURE);
+        }
+
+        // Android-SafetyNet: if required, check for Compatibility Testing Suite (CTS).
+        if ($requireCtsProfileMatch && $attestationObject->getAttestationFormat() instanceof Attestation\Format\AndroidSafetyNet) {
+            if (!$attestationObject->getAttestationFormat()->ctsProfileMatch()) {
+                 throw new WebAuthnException('invalid ctsProfileMatch: device is not approved as a Google-certified Android device.', WebAuthnException::ANDROID_NOT_TRUSTED);
+            }
+        }
+
+        // 15. If validation is successful, obtain a list of acceptable trust anchors
+        $rootValid = is_array($this->_caFiles) ? $attestationObject->validateRootCertificate($this->_caFiles) : null;
+        if ($failIfRootMismatch && is_array($this->_caFiles) && !$rootValid) {
+            throw new WebAuthnException('invalid root certificate', WebAuthnException::CERTIFICATE_NOT_TRUSTED);
+        }
+
+        // 10. Verify that the User Present bit of the flags in authData is set.
+        $userPresent = $attestationObject->getAuthenticatorData()->getUserPresent();
+        if ($requireUserPresent && !$userPresent) {
+            throw new WebAuthnException('user not present during authentication', WebAuthnException::USER_PRESENT);
+        }
+
+        // 11. If user verification is required for this registration, verify that the User Verified bit of the flags in authData is set.
+        $userVerified = $attestationObject->getAuthenticatorData()->getUserVerified();
+        if ($requireUserVerification && !$userVerified) {
+            throw new WebAuthnException('user not verified during authentication', WebAuthnException::USER_VERIFICATED);
+        }
+
+        $signCount = $attestationObject->getAuthenticatorData()->getSignCount();
+        if ($signCount > 0) {
+            $this->_signatureCounter = $signCount;
+        }
+
+        // prepare data to store for future logins
+        $data = new \stdClass();
+        $data->rpId = $this->_rpId;
+        $data->attestationFormat = $attestationObject->getAttestationFormatName();
+        $data->credentialId = $attestationObject->getAuthenticatorData()->getCredentialId();
+        $data->credentialPublicKey = $attestationObject->getAuthenticatorData()->getPublicKeyPem();
+        $data->certificateChain = $attestationObject->getCertificateChain();
+        $data->certificate = $attestationObject->getCertificatePem();
+        $data->certificateIssuer = $attestationObject->getCertificateIssuer();
+        $data->certificateSubject = $attestationObject->getCertificateSubject();
+        $data->signatureCounter = $this->_signatureCounter;
+        $data->AAGUID = $attestationObject->getAuthenticatorData()->getAAGUID();
+        $data->rootValid = $rootValid;
+        $data->userPresent = $userPresent;
+        $data->userVerified = $userVerified;
+        return $data;
+    }
+
+
+    /**
+     * process a get request
+     * @param string $clientDataJSON binary from browser
+     * @param string $authenticatorData binary from browser
+     * @param string $signature binary from browser
+     * @param string $credentialPublicKey string PEM-formated public key from used credentialId
+     * @param string|ByteBuffer $challenge  binary from used challange
+     * @param int $prevSignatureCnt signature count value of the last login
+     * @param bool $requireUserVerification true, if the device must verify user (e.g. by biometric data or pin)
+     * @param bool $requireUserPresent true, if the device must check user presence (e.g. by pressing a button)
+     * @return boolean true if get is successful
+     * @throws WebAuthnException
+     */
+    public function processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, $prevSignatureCnt=null, $requireUserVerification=false, $requireUserPresent=true) {
+        $authenticatorObj = new Attestation\AuthenticatorData($authenticatorData);
+        $clientDataHash = \hash('sha256', $clientDataJSON, true);
+        $clientData = \json_decode($clientDataJSON);
+        $challenge = $challenge instanceof ByteBuffer ? $challenge : new ByteBuffer($challenge);
+
+        // https://www.w3.org/TR/webauthn/#verifying-assertion
+
+        // 1. If the allowCredentials option was given when this authentication ceremony was initiated,
+        //    verify that credential.id identifies one of the public key credentials that were listed in allowCredentials.
+        //    -> TO BE VERIFIED BY IMPLEMENTATION
+
+        // 2. If credential.response.userHandle is present, verify that the user identified
+        //    by this value is the owner of the public key credential identified by credential.id.
+        //    -> TO BE VERIFIED BY IMPLEMENTATION
+
+        // 3. Using credential’s id attribute (or the corresponding rawId, if base64url encoding is
+        //    inappropriate for your use case), look up the corresponding credential public key.
+        //    -> TO BE LOOKED UP BY IMPLEMENTATION
+
+        // 5. Let JSONtext be the result of running UTF-8 decode on the value of cData.
+        if (!\is_object($clientData)) {
+            throw new WebAuthnException('invalid client data', WebAuthnException::INVALID_DATA);
+        }
+
+        // 7. Verify that the value of C.type is the string webauthn.get.
+        if (!\property_exists($clientData, 'type') || $clientData->type !== 'webauthn.get') {
+            throw new WebAuthnException('invalid type', WebAuthnException::INVALID_TYPE);
+        }
+
+        // 8. Verify that the value of C.challenge matches the challenge that was sent to the
+        //    authenticator in the PublicKeyCredentialRequestOptions passed to the get() call.
+        if (!\property_exists($clientData, 'challenge') || ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString()) {
+            throw new WebAuthnException('invalid challenge', WebAuthnException::INVALID_CHALLENGE);
+        }
+
+        // 9. Verify that the value of C.origin matches the Relying Party's origin.
+        if (!\property_exists($clientData, 'origin') || !$this->_checkOrigin($clientData->origin)) {
+            throw new WebAuthnException('invalid origin', WebAuthnException::INVALID_ORIGIN);
+        }
+
+        // 11. Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the Relying Party.
+        if ($authenticatorObj->getRpIdHash() !== $this->_rpIdHash) {
+            throw new WebAuthnException('invalid rpId hash', WebAuthnException::INVALID_RELYING_PARTY);
+        }
+
+        // 12. Verify that the User Present bit of the flags in authData is set
+        if ($requireUserPresent && !$authenticatorObj->getUserPresent()) {
+            throw new WebAuthnException('user not present during authentication', WebAuthnException::USER_PRESENT);
+        }
+
+        // 13. If user verification is required for this assertion, verify that the User Verified bit of the flags in authData is set.
+        if ($requireUserVerification && !$authenticatorObj->getUserVerified()) {
+            throw new WebAuthnException('user not verificated during authentication', WebAuthnException::USER_VERIFICATED);
+        }
+
+        // 14. Verify the values of the client extension outputs
+        //     (extensions not implemented)
+
+        // 16. Using the credential public key looked up in step 3, verify that sig is a valid signature
+        //     over the binary concatenation of authData and hash.
+        $dataToVerify = '';
+        $dataToVerify .= $authenticatorData;
+        $dataToVerify .= $clientDataHash;
+
+        if (!$this->_verifySignature($dataToVerify, $signature, $credentialPublicKey)) {
+            throw new WebAuthnException('invalid signature', WebAuthnException::INVALID_SIGNATURE);
+        }
+
+        $signatureCounter = $authenticatorObj->getSignCount();
+        if ($signatureCounter !== 0) {
+            $this->_signatureCounter = $signatureCounter;
+        }
+
+        // 17. If either of the signature counter value authData.signCount or
+        //     previous signature count is nonzero, and if authData.signCount
+        //     less than or equal to previous signature count, it's a signal
+        //     that the authenticator may be cloned
+        if ($prevSignatureCnt !== null) {
+            if ($signatureCounter !== 0 || $prevSignatureCnt !== 0) {
+                if ($prevSignatureCnt >= $signatureCounter) {
+                    throw new WebAuthnException('signature counter not valid', WebAuthnException::SIGNATURE_COUNTER);
+                }
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Downloads root certificates from FIDO Alliance Metadata Service (MDS) to a specific folder
+     * https://fidoalliance.org/metadata/
+     * @param string $certFolder Folder path to save the certificates in PEM format.
+     * @param bool $deleteCerts delete certificates in the target folder before adding the new ones.
+     * @return int number of cetificates
+     * @throws WebAuthnException
+     */
+    public function queryFidoMetaDataService($certFolder, $deleteCerts=true) {
+        $url = 'https://mds.fidoalliance.org/';
+        $raw = null;
+        if (\function_exists('curl_init')) {
+            $ch = \curl_init($url);
+            \curl_setopt($ch, CURLOPT_HEADER, false);
+            \curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            \curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+            \curl_setopt($ch, CURLOPT_USERAGENT, 'github.com/lbuchs/WebAuthn - A simple PHP WebAuthn server library');
+            $raw = \curl_exec($ch);
+            \curl_close($ch);
+        } else {
+            $raw = \file_get_contents($url);
+        }
+
+        $certFolder = \rtrim(\realpath($certFolder), '\\/');
+        if (!is_dir($certFolder)) {
+            throw new WebAuthnException('Invalid folder path for query FIDO Alliance Metadata Service');
+        }
+
+        if (!\is_string($raw)) {
+            throw new WebAuthnException('Unable to query FIDO Alliance Metadata Service');
+        }
+
+        $jwt = \explode('.', $raw);
+        if (\count($jwt) !== 3) {
+            throw new WebAuthnException('Invalid JWT from FIDO Alliance Metadata Service');
+        }
+
+        if ($deleteCerts) {
+            foreach (\scandir($certFolder) as $ca) {
+                if (\substr($ca, -4) === '.pem') {
+                    if (\unlink($certFolder . DIRECTORY_SEPARATOR . $ca) === false) {
+                        throw new WebAuthnException('Cannot delete certs in folder for FIDO Alliance Metadata Service');
+                    }
+                }
+            }
+        }
+
+        list($header, $payload, $hash) = $jwt;
+        $payload = Binary\ByteBuffer::fromBase64Url($payload)->getJson();
+
+        $count = 0;
+        if (\is_object($payload) && \property_exists($payload, 'entries') && \is_array($payload->entries)) {
+            foreach ($payload->entries as $entry) {
+                if (\is_object($entry) && \property_exists($entry, 'metadataStatement') && \is_object($entry->metadataStatement)) {
+                    $description = $entry->metadataStatement->description ?? null;
+                    $attestationRootCertificates = $entry->metadataStatement->attestationRootCertificates ?? null;
+
+                    if ($description && $attestationRootCertificates) {
+
+                        // create filename
+                        $certFilename = \preg_replace('/[^a-z0-9]/i', '_', $description);
+                        $certFilename = \trim(\preg_replace('/\_{2,}/i', '_', $certFilename),'_') . '.pem';
+                        $certFilename = \strtolower($certFilename);
+
+                        // add certificate
+                        $certContent = $description . "\n";
+                        $certContent .= \str_repeat('-', \mb_strlen($description)) . "\n";
+
+                        foreach ($attestationRootCertificates as $attestationRootCertificate) {
+                            $attestationRootCertificate = \str_replace(["\n", "\r", ' '], '', \trim($attestationRootCertificate));
+                            $count++;
+                            $certContent .= "\n-----BEGIN CERTIFICATE-----\n";
+                            $certContent .= \chunk_split($attestationRootCertificate, 64, "\n");
+                            $certContent .= "-----END CERTIFICATE-----\n";
+                        }
+
+                        if (\file_put_contents($certFolder . DIRECTORY_SEPARATOR . $certFilename, $certContent) === false) {
+                            throw new WebAuthnException('unable to save certificate from FIDO Alliance Metadata Service');
+                        }
+                    }
+                }
+            }
+        }
+
+        return $count;
+    }
+
+    // -----------------------------------------------
+    // PRIVATE
+    // -----------------------------------------------
+
+    /**
+     * checks if the origin matchs the RP ID
+     * @param string $origin
+     * @return boolean
+     * @throws WebAuthnException
+     */
+    private function _checkOrigin($origin) {
+        // https://www.w3.org/TR/webauthn/#rp-id
+
+        // The origin's scheme must be https
+        if ($this->_rpId !== 'localhost' && \parse_url($origin, PHP_URL_SCHEME) !== 'https') {
+            return false;
+        }
+
+        // extract host from origin
+        $host = \parse_url($origin, PHP_URL_HOST);
+        $host = \trim($host, '.');
+
+        // The RP ID must be equal to the origin's effective domain, or a registrable
+        // domain suffix of the origin's effective domain.
+        return \preg_match('/' . \preg_quote($this->_rpId) . '$/i', $host) === 1;
+    }
+
+    /**
+     * generates a new challange
+     * @param int $length
+     * @return string
+     * @throws WebAuthnException
+     */
+    private function _createChallenge($length = 32) {
+        if (!$this->_challenge) {
+            $this->_challenge = ByteBuffer::randomBuffer($length);
+        }
+        return $this->_challenge;
+    }
+
+    /**
+     * check if the signature is valid.
+     * @param string $dataToVerify
+     * @param string $signature
+     * @param string $credentialPublicKey PEM format
+     * @return bool
+     */
+    private function _verifySignature($dataToVerify, $signature, $credentialPublicKey) {
+
+        // Use Sodium to verify EdDSA 25519 as its not yet supported by openssl
+        if (\function_exists('sodium_crypto_sign_verify_detached') && !\in_array('ed25519', \openssl_get_curve_names(), true)) {
+            $pkParts = [];
+            if (\preg_match('/BEGIN PUBLIC KEY\-+(?:\s|\n|\r)+([^\-]+)(?:\s|\n|\r)*\-+END PUBLIC KEY/i', $credentialPublicKey, $pkParts)) {
+                $rawPk = \base64_decode($pkParts[1]);
+
+                // 30        = der sequence
+                // 2a        = length 42 byte
+                // 30        = der sequence
+                // 05        = lenght 5 byte
+                // 06        = der OID
+                // 03        = OID length 3 byte
+                // 2b 65 70  = OID 1.3.101.112 curveEd25519 (EdDSA 25519 signature algorithm)
+                // 03        = der bit string
+                // 21        = length 33 byte
+                // 00        = null padding
+                // [...]     = 32 byte x-curve
+                $okpPrefix = "\x30\x2a\x30\x05\x06\x03\x2b\x65\x70\x03\x21\x00";
+
+                if ($rawPk && \strlen($rawPk) === 44 && \substr($rawPk,0, \strlen($okpPrefix)) === $okpPrefix) {
+                    $publicKeyXCurve = \substr($rawPk, \strlen($okpPrefix));
+
+                    return \sodium_crypto_sign_verify_detached($signature, $dataToVerify, $publicKeyXCurve);
+                }
+            }
+        }
+
+        // verify with openSSL
+        $publicKey = \openssl_pkey_get_public($credentialPublicKey);
+        if ($publicKey === false) {
+            throw new WebAuthnException('public key invalid', WebAuthnException::INVALID_PUBLIC_KEY);
+        }
+
+        return \openssl_verify($dataToVerify, $signature, $publicKey, OPENSSL_ALGO_SHA256) === 1;
+    }
+}