blob: 0da0aa64e6d65c8fb3ad6e5bb18ded9a5d7858db [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2
3namespace lbuchs\WebAuthn;
4use lbuchs\WebAuthn\Binary\ByteBuffer;
5require_once 'WebAuthnException.php';
6require_once 'Binary/ByteBuffer.php';
7require_once 'Attestation/AttestationObject.php';
8require_once 'Attestation/AuthenticatorData.php';
9require_once 'Attestation/Format/FormatBase.php';
10require_once 'Attestation/Format/None.php';
11require_once 'Attestation/Format/AndroidKey.php';
12require_once 'Attestation/Format/AndroidSafetyNet.php';
13require_once 'Attestation/Format/Apple.php';
14require_once 'Attestation/Format/Packed.php';
15require_once 'Attestation/Format/Tpm.php';
16require_once 'Attestation/Format/U2f.php';
17require_once 'CBOR/CborDecoder.php';
18
19/**
20 * WebAuthn
21 * @author Lukas Buchs
22 * @license https://github.com/lbuchs/WebAuthn/blob/master/LICENSE MIT
23 */
24class WebAuthn {
25 // relying party
26 private $_rpName;
27 private $_rpId;
28 private $_rpIdHash;
29 private $_challenge;
30 private $_signatureCounter;
31 private $_caFiles;
32 private $_formats;
33
34 /**
35 * Initialize a new WebAuthn server
36 * @param string $rpName the relying party name
37 * @param string $rpId the relying party ID = the domain name
38 * @param bool $useBase64UrlEncoding true to use base64 url encoding for binary data in json objects. Default is a RFC 1342-Like serialized string.
39 * @throws WebAuthnException
40 */
41 public function __construct($rpName, $rpId, $allowedFormats=null, $useBase64UrlEncoding=false) {
42 $this->_rpName = $rpName;
43 $this->_rpId = $rpId;
44 $this->_rpIdHash = \hash('sha256', $rpId, true);
45 ByteBuffer::$useBase64UrlEncoding = !!$useBase64UrlEncoding;
46 $supportedFormats = array('android-key', 'android-safetynet', 'apple', 'fido-u2f', 'none', 'packed', 'tpm');
47
48 if (!\function_exists('\openssl_open')) {
49 throw new WebAuthnException('OpenSSL-Module not installed');
50 }
51
52 if (!\in_array('SHA256', \array_map('\strtoupper', \openssl_get_md_methods()))) {
53 throw new WebAuthnException('SHA256 not supported by this openssl installation.');
54 }
55
56 // default: all format
57 if (!is_array($allowedFormats)) {
58 $allowedFormats = $supportedFormats;
59 }
60 $this->_formats = $allowedFormats;
61
62 // validate formats
63 $invalidFormats = \array_diff($this->_formats, $supportedFormats);
64 if (!$this->_formats || $invalidFormats) {
65 throw new WebAuthnException('invalid formats on construct: ' . implode(', ', $invalidFormats));
66 }
67 }
68
69 /**
70 * add a root certificate to verify new registrations
71 * @param string $path file path of / directory with root certificates
72 * @param array|null $certFileExtensions if adding a direction, all files with provided extension are added. default: pem, crt, cer, der
73 */
74 public function addRootCertificates($path, $certFileExtensions=null) {
75 if (!\is_array($this->_caFiles)) {
76 $this->_caFiles = [];
77 }
78 if ($certFileExtensions === null) {
79 $certFileExtensions = array('pem', 'crt', 'cer', 'der');
80 }
81 $path = \rtrim(\trim($path), '\\/');
82 if (\is_dir($path)) {
83 foreach (\scandir($path) as $ca) {
84 if (\is_file($path . DIRECTORY_SEPARATOR . $ca) && \in_array(\strtolower(\pathinfo($ca, PATHINFO_EXTENSION)), $certFileExtensions)) {
85 $this->addRootCertificates($path . DIRECTORY_SEPARATOR . $ca);
86 }
87 }
88 } else if (\is_file($path) && !\in_array(\realpath($path), $this->_caFiles)) {
89 $this->_caFiles[] = \realpath($path);
90 }
91 }
92
93 /**
94 * Returns the generated challenge to save for later validation
95 * @return ByteBuffer
96 */
97 public function getChallenge() {
98 return $this->_challenge;
99 }
100
101 /**
102 * generates the object for a key registration
103 * provide this data to navigator.credentials.create
104 * @param string $userId
105 * @param string $userName
106 * @param string $userDisplayName
107 * @param int $timeout timeout in seconds
108 * @param bool|string $requireResidentKey 'required', if the key should be stored by the authentication device
109 * Valid values:
110 * true = required
111 * false = preferred
112 * string 'required' 'preferred' 'discouraged'
113 * @param bool|string $requireUserVerification indicates that you require user verification and will fail the operation
114 * if the response does not have the UV flag set.
115 * Valid values:
116 * true = required
117 * false = preferred
118 * string 'required' 'preferred' 'discouraged'
119 * @param bool|null $crossPlatformAttachment true for cross-platform devices (eg. fido usb),
120 * false for platform devices (eg. windows hello, android safetynet),
121 * null for both
122 * @param array $excludeCredentialIds a array of ids, which are already registered, to prevent re-registration
123 * @return \stdClass
124 */
125 public function getCreateArgs($userId, $userName, $userDisplayName, $timeout=20, $requireResidentKey=false, $requireUserVerification=false, $crossPlatformAttachment=null, $excludeCredentialIds=[]) {
126
127 $args = new \stdClass();
128 $args->publicKey = new \stdClass();
129
130 // relying party
131 $args->publicKey->rp = new \stdClass();
132 $args->publicKey->rp->name = $this->_rpName;
133 $args->publicKey->rp->id = $this->_rpId;
134
135 $args->publicKey->authenticatorSelection = new \stdClass();
136 $args->publicKey->authenticatorSelection->userVerification = 'preferred';
137
138 // validate User Verification Requirement
139 if (\is_bool($requireUserVerification)) {
140 $args->publicKey->authenticatorSelection->userVerification = $requireUserVerification ? 'required' : 'preferred';
141
142 } else if (\is_string($requireUserVerification) && \in_array(\strtolower($requireUserVerification), ['required', 'preferred', 'discouraged'])) {
143 $args->publicKey->authenticatorSelection->userVerification = \strtolower($requireUserVerification);
144 }
145
146 // validate Resident Key Requirement
147 if (\is_bool($requireResidentKey) && $requireResidentKey) {
148 $args->publicKey->authenticatorSelection->requireResidentKey = true;
149 $args->publicKey->authenticatorSelection->residentKey = 'required';
150
151 } else if (\is_string($requireResidentKey) && \in_array(\strtolower($requireResidentKey), ['required', 'preferred', 'discouraged'])) {
152 $requireResidentKey = \strtolower($requireResidentKey);
153 $args->publicKey->authenticatorSelection->residentKey = $requireResidentKey;
154 $args->publicKey->authenticatorSelection->requireResidentKey = $requireResidentKey === 'required';
155 }
156
157 // filte authenticators attached with the specified authenticator attachment modality
158 if (\is_bool($crossPlatformAttachment)) {
159 $args->publicKey->authenticatorSelection->authenticatorAttachment = $crossPlatformAttachment ? 'cross-platform' : 'platform';
160 }
161
162 // user
163 $args->publicKey->user = new \stdClass();
164 $args->publicKey->user->id = new ByteBuffer($userId); // binary
165 $args->publicKey->user->name = $userName;
166 $args->publicKey->user->displayName = $userDisplayName;
167
168 // supported algorithms
169 $args->publicKey->pubKeyCredParams = [];
170
171 if (function_exists('sodium_crypto_sign_verify_detached') || \in_array('ed25519', \openssl_get_curve_names(), true)) {
172 $tmp = new \stdClass();
173 $tmp->type = 'public-key';
174 $tmp->alg = -8; // EdDSA
175 $args->publicKey->pubKeyCredParams[] = $tmp;
176 unset ($tmp);
177 }
178
179 if (\in_array('prime256v1', \openssl_get_curve_names(), true)) {
180 $tmp = new \stdClass();
181 $tmp->type = 'public-key';
182 $tmp->alg = -7; // ES256
183 $args->publicKey->pubKeyCredParams[] = $tmp;
184 unset ($tmp);
185 }
186
187 $tmp = new \stdClass();
188 $tmp->type = 'public-key';
189 $tmp->alg = -257; // RS256
190 $args->publicKey->pubKeyCredParams[] = $tmp;
191 unset ($tmp);
192
193 // if there are root certificates added, we need direct attestation to validate
194 // against the root certificate. If there are no root-certificates added,
195 // anonymization ca are also accepted, because we can't validate the root anyway.
196 $attestation = 'indirect';
197 if (\is_array($this->_caFiles)) {
198 $attestation = 'direct';
199 }
200
201 $args->publicKey->attestation = \count($this->_formats) === 1 && \in_array('none', $this->_formats) ? 'none' : $attestation;
202 $args->publicKey->extensions = new \stdClass();
203 $args->publicKey->extensions->exts = true;
204 $args->publicKey->timeout = $timeout * 1000; // microseconds
205 $args->publicKey->challenge = $this->_createChallenge(); // binary
206
207 //prevent re-registration by specifying existing credentials
208 $args->publicKey->excludeCredentials = [];
209
210 if (is_array($excludeCredentialIds)) {
211 foreach ($excludeCredentialIds as $id) {
212 $tmp = new \stdClass();
213 $tmp->id = $id instanceof ByteBuffer ? $id : new ByteBuffer($id); // binary
214 $tmp->type = 'public-key';
215 $tmp->transports = array('usb', 'nfc', 'ble', 'hybrid', 'internal');
216 $args->publicKey->excludeCredentials[] = $tmp;
217 unset ($tmp);
218 }
219 }
220
221 return $args;
222 }
223
224 /**
225 * generates the object for key validation
226 * Provide this data to navigator.credentials.get
227 * @param array $credentialIds binary
228 * @param int $timeout timeout in seconds
229 * @param bool $allowUsb allow removable USB
230 * @param bool $allowNfc allow Near Field Communication (NFC)
231 * @param bool $allowBle allow Bluetooth
232 * @param bool $allowHybrid allow a combination of (often separate) data-transport and proximity mechanisms.
233 * @param bool $allowInternal allow client device-specific transport. These authenticators are not removable from the client device.
234 * @param bool|string $requireUserVerification indicates that you require user verification and will fail the operation
235 * if the response does not have the UV flag set.
236 * Valid values:
237 * true = required
238 * false = preferred
239 * string 'required' 'preferred' 'discouraged'
240 * @return \stdClass
241 */
242 public function getGetArgs($credentialIds=[], $timeout=20, $allowUsb=true, $allowNfc=true, $allowBle=true, $allowHybrid=true, $allowInternal=true, $requireUserVerification=false) {
243
244 // validate User Verification Requirement
245 if (\is_bool($requireUserVerification)) {
246 $requireUserVerification = $requireUserVerification ? 'required' : 'preferred';
247 } else if (\is_string($requireUserVerification) && \in_array(\strtolower($requireUserVerification), ['required', 'preferred', 'discouraged'])) {
248 $requireUserVerification = \strtolower($requireUserVerification);
249 } else {
250 $requireUserVerification = 'preferred';
251 }
252
253 $args = new \stdClass();
254 $args->publicKey = new \stdClass();
255 $args->publicKey->timeout = $timeout * 1000; // microseconds
256 $args->publicKey->challenge = $this->_createChallenge(); // binary
257 $args->publicKey->userVerification = $requireUserVerification;
258 $args->publicKey->rpId = $this->_rpId;
259
260 if (\is_array($credentialIds) && \count($credentialIds) > 0) {
261 $args->publicKey->allowCredentials = [];
262
263 foreach ($credentialIds as $id) {
264 $tmp = new \stdClass();
265 $tmp->id = $id instanceof ByteBuffer ? $id : new ByteBuffer($id); // binary
266 $tmp->transports = [];
267
268 if ($allowUsb) {
269 $tmp->transports[] = 'usb';
270 }
271 if ($allowNfc) {
272 $tmp->transports[] = 'nfc';
273 }
274 if ($allowBle) {
275 $tmp->transports[] = 'ble';
276 }
277 if ($allowHybrid) {
278 $tmp->transports[] = 'hybrid';
279 }
280 if ($allowInternal) {
281 $tmp->transports[] = 'internal';
282 }
283
284 $tmp->type = 'public-key';
285 $args->publicKey->allowCredentials[] = $tmp;
286 unset ($tmp);
287 }
288 }
289
290 return $args;
291 }
292
293 /**
294 * returns the new signature counter value.
295 * returns null if there is no counter
296 * @return ?int
297 */
298 public function getSignatureCounter() {
299 return \is_int($this->_signatureCounter) ? $this->_signatureCounter : null;
300 }
301
302 /**
303 * process a create request and returns data to save for future logins
304 * @param string $clientDataJSON binary from browser
305 * @param string $attestationObject binary from browser
306 * @param string|ByteBuffer $challenge binary used challange
307 * @param bool $requireUserVerification true, if the device must verify user (e.g. by biometric data or pin)
308 * @param bool $requireUserPresent false, if the device must NOT check user presence (e.g. by pressing a button)
309 * @param bool $failIfRootMismatch false, if there should be no error thrown if root certificate doesn't match
310 * @param bool $requireCtsProfileMatch false, if you don't want to check if the device is approved as a Google-certified Android device.
311 * @return \stdClass
312 * @throws WebAuthnException
313 */
314 public function processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true, $requireCtsProfileMatch=true) {
315 $clientDataHash = \hash('sha256', $clientDataJSON, true);
316 $clientData = \json_decode($clientDataJSON);
317 $challenge = $challenge instanceof ByteBuffer ? $challenge : new ByteBuffer($challenge);
318
319 // security: https://www.w3.org/TR/webauthn/#registering-a-new-credential
320
321 // 2. Let C, the client data claimed as collected during the credential creation,
322 // be the result of running an implementation-specific JSON parser on JSONtext.
323 if (!\is_object($clientData)) {
324 throw new WebAuthnException('invalid client data', WebAuthnException::INVALID_DATA);
325 }
326
327 // 3. Verify that the value of C.type is webauthn.create.
328 if (!\property_exists($clientData, 'type') || $clientData->type !== 'webauthn.create') {
329 throw new WebAuthnException('invalid type', WebAuthnException::INVALID_TYPE);
330 }
331
332 // 4. Verify that the value of C.challenge matches the challenge that was sent to the authenticator in the create() call.
333 if (!\property_exists($clientData, 'challenge') || ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString()) {
334 throw new WebAuthnException('invalid challenge', WebAuthnException::INVALID_CHALLENGE);
335 }
336
337 // 5. Verify that the value of C.origin matches the Relying Party's origin.
338 if (!\property_exists($clientData, 'origin') || !$this->_checkOrigin($clientData->origin)) {
339 throw new WebAuthnException('invalid origin', WebAuthnException::INVALID_ORIGIN);
340 }
341
342 // Attestation
343 $attestationObject = new Attestation\AttestationObject($attestationObject, $this->_formats);
344
345 // 9. Verify that the RP ID hash in authData is indeed the SHA-256 hash of the RP ID expected by the RP.
346 if (!$attestationObject->validateRpIdHash($this->_rpIdHash)) {
347 throw new WebAuthnException('invalid rpId hash', WebAuthnException::INVALID_RELYING_PARTY);
348 }
349
350 // 14. Verify that attStmt is a correct attestation statement, conveying a valid attestation signature
351 if (!$attestationObject->validateAttestation($clientDataHash)) {
352 throw new WebAuthnException('invalid certificate signature', WebAuthnException::INVALID_SIGNATURE);
353 }
354
355 // Android-SafetyNet: if required, check for Compatibility Testing Suite (CTS).
356 if ($requireCtsProfileMatch && $attestationObject->getAttestationFormat() instanceof Attestation\Format\AndroidSafetyNet) {
357 if (!$attestationObject->getAttestationFormat()->ctsProfileMatch()) {
358 throw new WebAuthnException('invalid ctsProfileMatch: device is not approved as a Google-certified Android device.', WebAuthnException::ANDROID_NOT_TRUSTED);
359 }
360 }
361
362 // 15. If validation is successful, obtain a list of acceptable trust anchors
363 $rootValid = is_array($this->_caFiles) ? $attestationObject->validateRootCertificate($this->_caFiles) : null;
364 if ($failIfRootMismatch && is_array($this->_caFiles) && !$rootValid) {
365 throw new WebAuthnException('invalid root certificate', WebAuthnException::CERTIFICATE_NOT_TRUSTED);
366 }
367
368 // 10. Verify that the User Present bit of the flags in authData is set.
369 $userPresent = $attestationObject->getAuthenticatorData()->getUserPresent();
370 if ($requireUserPresent && !$userPresent) {
371 throw new WebAuthnException('user not present during authentication', WebAuthnException::USER_PRESENT);
372 }
373
374 // 11. If user verification is required for this registration, verify that the User Verified bit of the flags in authData is set.
375 $userVerified = $attestationObject->getAuthenticatorData()->getUserVerified();
376 if ($requireUserVerification && !$userVerified) {
377 throw new WebAuthnException('user not verified during authentication', WebAuthnException::USER_VERIFICATED);
378 }
379
380 $signCount = $attestationObject->getAuthenticatorData()->getSignCount();
381 if ($signCount > 0) {
382 $this->_signatureCounter = $signCount;
383 }
384
385 // prepare data to store for future logins
386 $data = new \stdClass();
387 $data->rpId = $this->_rpId;
388 $data->attestationFormat = $attestationObject->getAttestationFormatName();
389 $data->credentialId = $attestationObject->getAuthenticatorData()->getCredentialId();
390 $data->credentialPublicKey = $attestationObject->getAuthenticatorData()->getPublicKeyPem();
391 $data->certificateChain = $attestationObject->getCertificateChain();
392 $data->certificate = $attestationObject->getCertificatePem();
393 $data->certificateIssuer = $attestationObject->getCertificateIssuer();
394 $data->certificateSubject = $attestationObject->getCertificateSubject();
395 $data->signatureCounter = $this->_signatureCounter;
396 $data->AAGUID = $attestationObject->getAuthenticatorData()->getAAGUID();
397 $data->rootValid = $rootValid;
398 $data->userPresent = $userPresent;
399 $data->userVerified = $userVerified;
400 return $data;
401 }
402
403
404 /**
405 * process a get request
406 * @param string $clientDataJSON binary from browser
407 * @param string $authenticatorData binary from browser
408 * @param string $signature binary from browser
409 * @param string $credentialPublicKey string PEM-formated public key from used credentialId
410 * @param string|ByteBuffer $challenge binary from used challange
411 * @param int $prevSignatureCnt signature count value of the last login
412 * @param bool $requireUserVerification true, if the device must verify user (e.g. by biometric data or pin)
413 * @param bool $requireUserPresent true, if the device must check user presence (e.g. by pressing a button)
414 * @return boolean true if get is successful
415 * @throws WebAuthnException
416 */
417 public function processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, $prevSignatureCnt=null, $requireUserVerification=false, $requireUserPresent=true) {
418 $authenticatorObj = new Attestation\AuthenticatorData($authenticatorData);
419 $clientDataHash = \hash('sha256', $clientDataJSON, true);
420 $clientData = \json_decode($clientDataJSON);
421 $challenge = $challenge instanceof ByteBuffer ? $challenge : new ByteBuffer($challenge);
422
423 // https://www.w3.org/TR/webauthn/#verifying-assertion
424
425 // 1. If the allowCredentials option was given when this authentication ceremony was initiated,
426 // verify that credential.id identifies one of the public key credentials that were listed in allowCredentials.
427 // -> TO BE VERIFIED BY IMPLEMENTATION
428
429 // 2. If credential.response.userHandle is present, verify that the user identified
430 // by this value is the owner of the public key credential identified by credential.id.
431 // -> TO BE VERIFIED BY IMPLEMENTATION
432
433 // 3. Using credential’s id attribute (or the corresponding rawId, if base64url encoding is
434 // inappropriate for your use case), look up the corresponding credential public key.
435 // -> TO BE LOOKED UP BY IMPLEMENTATION
436
437 // 5. Let JSONtext be the result of running UTF-8 decode on the value of cData.
438 if (!\is_object($clientData)) {
439 throw new WebAuthnException('invalid client data', WebAuthnException::INVALID_DATA);
440 }
441
442 // 7. Verify that the value of C.type is the string webauthn.get.
443 if (!\property_exists($clientData, 'type') || $clientData->type !== 'webauthn.get') {
444 throw new WebAuthnException('invalid type', WebAuthnException::INVALID_TYPE);
445 }
446
447 // 8. Verify that the value of C.challenge matches the challenge that was sent to the
448 // authenticator in the PublicKeyCredentialRequestOptions passed to the get() call.
449 if (!\property_exists($clientData, 'challenge') || ByteBuffer::fromBase64Url($clientData->challenge)->getBinaryString() !== $challenge->getBinaryString()) {
450 throw new WebAuthnException('invalid challenge', WebAuthnException::INVALID_CHALLENGE);
451 }
452
453 // 9. Verify that the value of C.origin matches the Relying Party's origin.
454 if (!\property_exists($clientData, 'origin') || !$this->_checkOrigin($clientData->origin)) {
455 throw new WebAuthnException('invalid origin', WebAuthnException::INVALID_ORIGIN);
456 }
457
458 // 11. Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the Relying Party.
459 if ($authenticatorObj->getRpIdHash() !== $this->_rpIdHash) {
460 throw new WebAuthnException('invalid rpId hash', WebAuthnException::INVALID_RELYING_PARTY);
461 }
462
463 // 12. Verify that the User Present bit of the flags in authData is set
464 if ($requireUserPresent && !$authenticatorObj->getUserPresent()) {
465 throw new WebAuthnException('user not present during authentication', WebAuthnException::USER_PRESENT);
466 }
467
468 // 13. If user verification is required for this assertion, verify that the User Verified bit of the flags in authData is set.
469 if ($requireUserVerification && !$authenticatorObj->getUserVerified()) {
470 throw new WebAuthnException('user not verificated during authentication', WebAuthnException::USER_VERIFICATED);
471 }
472
473 // 14. Verify the values of the client extension outputs
474 // (extensions not implemented)
475
476 // 16. Using the credential public key looked up in step 3, verify that sig is a valid signature
477 // over the binary concatenation of authData and hash.
478 $dataToVerify = '';
479 $dataToVerify .= $authenticatorData;
480 $dataToVerify .= $clientDataHash;
481
482 if (!$this->_verifySignature($dataToVerify, $signature, $credentialPublicKey)) {
483 throw new WebAuthnException('invalid signature', WebAuthnException::INVALID_SIGNATURE);
484 }
485
486 $signatureCounter = $authenticatorObj->getSignCount();
487 if ($signatureCounter !== 0) {
488 $this->_signatureCounter = $signatureCounter;
489 }
490
491 // 17. If either of the signature counter value authData.signCount or
492 // previous signature count is nonzero, and if authData.signCount
493 // less than or equal to previous signature count, it's a signal
494 // that the authenticator may be cloned
495 if ($prevSignatureCnt !== null) {
496 if ($signatureCounter !== 0 || $prevSignatureCnt !== 0) {
497 if ($prevSignatureCnt >= $signatureCounter) {
498 throw new WebAuthnException('signature counter not valid', WebAuthnException::SIGNATURE_COUNTER);
499 }
500 }
501 }
502
503 return true;
504 }
505
506 /**
507 * Downloads root certificates from FIDO Alliance Metadata Service (MDS) to a specific folder
508 * https://fidoalliance.org/metadata/
509 * @param string $certFolder Folder path to save the certificates in PEM format.
510 * @param bool $deleteCerts delete certificates in the target folder before adding the new ones.
511 * @return int number of cetificates
512 * @throws WebAuthnException
513 */
514 public function queryFidoMetaDataService($certFolder, $deleteCerts=true) {
515 $url = 'https://mds.fidoalliance.org/';
516 $raw = null;
517 if (\function_exists('curl_init')) {
518 $ch = \curl_init($url);
519 \curl_setopt($ch, CURLOPT_HEADER, false);
520 \curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
521 \curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
522 \curl_setopt($ch, CURLOPT_USERAGENT, 'github.com/lbuchs/WebAuthn - A simple PHP WebAuthn server library');
523 $raw = \curl_exec($ch);
524 \curl_close($ch);
525 } else {
526 $raw = \file_get_contents($url);
527 }
528
529 $certFolder = \rtrim(\realpath($certFolder), '\\/');
530 if (!is_dir($certFolder)) {
531 throw new WebAuthnException('Invalid folder path for query FIDO Alliance Metadata Service');
532 }
533
534 if (!\is_string($raw)) {
535 throw new WebAuthnException('Unable to query FIDO Alliance Metadata Service');
536 }
537
538 $jwt = \explode('.', $raw);
539 if (\count($jwt) !== 3) {
540 throw new WebAuthnException('Invalid JWT from FIDO Alliance Metadata Service');
541 }
542
543 if ($deleteCerts) {
544 foreach (\scandir($certFolder) as $ca) {
545 if (\substr($ca, -4) === '.pem') {
546 if (\unlink($certFolder . DIRECTORY_SEPARATOR . $ca) === false) {
547 throw new WebAuthnException('Cannot delete certs in folder for FIDO Alliance Metadata Service');
548 }
549 }
550 }
551 }
552
553 list($header, $payload, $hash) = $jwt;
554 $payload = Binary\ByteBuffer::fromBase64Url($payload)->getJson();
555
556 $count = 0;
557 if (\is_object($payload) && \property_exists($payload, 'entries') && \is_array($payload->entries)) {
558 foreach ($payload->entries as $entry) {
559 if (\is_object($entry) && \property_exists($entry, 'metadataStatement') && \is_object($entry->metadataStatement)) {
560 $description = $entry->metadataStatement->description ?? null;
561 $attestationRootCertificates = $entry->metadataStatement->attestationRootCertificates ?? null;
562
563 if ($description && $attestationRootCertificates) {
564
565 // create filename
566 $certFilename = \preg_replace('/[^a-z0-9]/i', '_', $description);
567 $certFilename = \trim(\preg_replace('/\_{2,}/i', '_', $certFilename),'_') . '.pem';
568 $certFilename = \strtolower($certFilename);
569
570 // add certificate
571 $certContent = $description . "\n";
572 $certContent .= \str_repeat('-', \mb_strlen($description)) . "\n";
573
574 foreach ($attestationRootCertificates as $attestationRootCertificate) {
575 $attestationRootCertificate = \str_replace(["\n", "\r", ' '], '', \trim($attestationRootCertificate));
576 $count++;
577 $certContent .= "\n-----BEGIN CERTIFICATE-----\n";
578 $certContent .= \chunk_split($attestationRootCertificate, 64, "\n");
579 $certContent .= "-----END CERTIFICATE-----\n";
580 }
581
582 if (\file_put_contents($certFolder . DIRECTORY_SEPARATOR . $certFilename, $certContent) === false) {
583 throw new WebAuthnException('unable to save certificate from FIDO Alliance Metadata Service');
584 }
585 }
586 }
587 }
588 }
589
590 return $count;
591 }
592
593 // -----------------------------------------------
594 // PRIVATE
595 // -----------------------------------------------
596
597 /**
598 * checks if the origin matchs the RP ID
599 * @param string $origin
600 * @return boolean
601 * @throws WebAuthnException
602 */
603 private function _checkOrigin($origin) {
604 // https://www.w3.org/TR/webauthn/#rp-id
605
606 // The origin's scheme must be https
607 if ($this->_rpId !== 'localhost' && \parse_url($origin, PHP_URL_SCHEME) !== 'https') {
608 return false;
609 }
610
611 // extract host from origin
612 $host = \parse_url($origin, PHP_URL_HOST);
613 $host = \trim($host, '.');
614
615 // The RP ID must be equal to the origin's effective domain, or a registrable
616 // domain suffix of the origin's effective domain.
617 return \preg_match('/' . \preg_quote($this->_rpId) . '$/i', $host) === 1;
618 }
619
620 /**
621 * generates a new challange
622 * @param int $length
623 * @return string
624 * @throws WebAuthnException
625 */
626 private function _createChallenge($length = 32) {
627 if (!$this->_challenge) {
628 $this->_challenge = ByteBuffer::randomBuffer($length);
629 }
630 return $this->_challenge;
631 }
632
633 /**
634 * check if the signature is valid.
635 * @param string $dataToVerify
636 * @param string $signature
637 * @param string $credentialPublicKey PEM format
638 * @return bool
639 */
640 private function _verifySignature($dataToVerify, $signature, $credentialPublicKey) {
641
642 // Use Sodium to verify EdDSA 25519 as its not yet supported by openssl
643 if (\function_exists('sodium_crypto_sign_verify_detached') && !\in_array('ed25519', \openssl_get_curve_names(), true)) {
644 $pkParts = [];
645 if (\preg_match('/BEGIN PUBLIC KEY\-+(?:\s|\n|\r)+([^\-]+)(?:\s|\n|\r)*\-+END PUBLIC KEY/i', $credentialPublicKey, $pkParts)) {
646 $rawPk = \base64_decode($pkParts[1]);
647
648 // 30 = der sequence
649 // 2a = length 42 byte
650 // 30 = der sequence
651 // 05 = lenght 5 byte
652 // 06 = der OID
653 // 03 = OID length 3 byte
654 // 2b 65 70 = OID 1.3.101.112 curveEd25519 (EdDSA 25519 signature algorithm)
655 // 03 = der bit string
656 // 21 = length 33 byte
657 // 00 = null padding
658 // [...] = 32 byte x-curve
659 $okpPrefix = "\x30\x2a\x30\x05\x06\x03\x2b\x65\x70\x03\x21\x00";
660
661 if ($rawPk && \strlen($rawPk) === 44 && \substr($rawPk,0, \strlen($okpPrefix)) === $okpPrefix) {
662 $publicKeyXCurve = \substr($rawPk, \strlen($okpPrefix));
663
664 return \sodium_crypto_sign_verify_detached($signature, $dataToVerify, $publicKeyXCurve);
665 }
666 }
667 }
668
669 // verify with openSSL
670 $publicKey = \openssl_pkey_get_public($credentialPublicKey);
671 if ($publicKey === false) {
672 throw new WebAuthnException('public key invalid', WebAuthnException::INVALID_PUBLIC_KEY);
673 }
674
675 return \openssl_verify($dataToVerify, $signature, $publicKey, OPENSSL_ALGO_SHA256) === 1;
676 }
677}