refactoring
This commit is contained in:
Roland Gruber
parent
de19770211
commit
eae502c629
|
|
@ -13,8 +13,6 @@ use \htmlOutputText;
|
|||
use \htmlDiv;
|
||||
use \LAMException;
|
||||
use Webauthn\PublicKeyCredentialCreationOptions;
|
||||
use function LAM\LOGIN\WEBAUTHN\hasTokensRegistered;
|
||||
use function LAM\LOGIN\WEBAUTHN\storeNewRegistration;
|
||||
|
||||
/*
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
|
|
@ -580,7 +578,7 @@ class WebauthnProvider extends BaseProvider {
|
|||
}
|
||||
$response = base64_decode($_POST['sig_response']);
|
||||
$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
|
||||
if (storeNewRegistration($registrationObject, $response)) {
|
||||
if ($webauthnManager->storeNewRegistration($registrationObject, $response)) {
|
||||
return true;
|
||||
}
|
||||
logNewMessage(LOG_ERR, 'Webauthn authentication failed');
|
||||
|
|
|
|||
|
|
@ -119,6 +119,44 @@ class WebauthnManager {
|
|||
return $registrationObject;
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the registration and stores it in the database.
|
||||
*
|
||||
* @param PublicKeyCredentialCreationOptions $registration registration object
|
||||
* @param string $clientResponse client response
|
||||
* @return bool true if response is valid and registration succeeded
|
||||
*/
|
||||
public function storeNewRegistration($registration, $clientResponse) {
|
||||
$decoder = $this->getCborDecoder();
|
||||
$tokenBindingHandler = new IgnoreTokenBindingHandler();
|
||||
$attestationSupportManager = $this->getAttestationSupportManager($decoder);
|
||||
$attestationObjectLoader = $this->getAttestationObjectLoader($attestationSupportManager, $decoder);
|
||||
$publicKeyCredentialLoader = $this->getPublicKeyCredentialLoader($attestationObjectLoader, $decoder);
|
||||
$extensionOutputCheckerHandler = $this->getExtensionOutputChecker();
|
||||
$repository = new PublicKeyCredentialSourceRepositorySQLite();
|
||||
$responseValidator = new AuthenticatorAttestationResponseValidator(
|
||||
$attestationSupportManager, $repository, $tokenBindingHandler, $extensionOutputCheckerHandler);
|
||||
try {
|
||||
$publicKeyCredential = $publicKeyCredentialLoader->load($clientResponse);
|
||||
$authenticatorAttestationResponse = $publicKeyCredential->getResponse();
|
||||
if (!$authenticatorAttestationResponse instanceof AuthenticatorAttestationResponse) {
|
||||
logNewMessage(LOG_ERR, 'Invalid webauthn response: ' . $clientResponse);
|
||||
return false;
|
||||
}
|
||||
$symfonyRequest = Request::createFromGlobals();
|
||||
$psr17Factory = new Psr17Factory();
|
||||
$psrFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
|
||||
$psr7Request = $psrFactory->createRequest($symfonyRequest);
|
||||
$publicKeyCredentialSource = $responseValidator->check($authenticatorAttestationResponse, $registration, $psr7Request);
|
||||
$repository->saveCredentialSource($publicKeyCredentialSource);
|
||||
return true;
|
||||
}
|
||||
catch (\Throwable $exception) {
|
||||
logNewMessage(LOG_ERR, 'Webauthn validation failed: ' . $exception->getMessage() . $exception->getTraceAsString());
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the user entity for the registration.
|
||||
*
|
||||
|
|
@ -181,61 +219,12 @@ class WebauthnManager {
|
|||
return $keys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the webauthn database.
|
||||
*
|
||||
* @return PublicKeyCredentialSourceRepositorySQLite database
|
||||
*/
|
||||
public function getDatabase() {
|
||||
return new PublicKeyCredentialSourceRepositorySQLite();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the registration and stores it in the database.
|
||||
*
|
||||
* @param PublicKeyCredentialCreationOptions $registration registration object
|
||||
* @param string $clientResponse client response
|
||||
* @return bool true if response is valid and registration succeeded
|
||||
*/
|
||||
function storeNewRegistration($registration, $clientResponse) {
|
||||
$decoder = getCborDecoder();
|
||||
$tokenBindingHandler = new IgnoreTokenBindingHandler();
|
||||
$attestationSupportManager = getAttestationSupportManager($decoder);
|
||||
$attestationObjectLoader = getAttestationObjectLoader($attestationSupportManager, $decoder);
|
||||
$publicKeyCredentialLoader = getPublicKeyCredentialLoader($attestationObjectLoader, $decoder);
|
||||
$extensionOutputCheckerHandler = getExtensionOutputChecker();
|
||||
$repository = new PublicKeyCredentialSourceRepositorySQLite();
|
||||
$responseValidator = new AuthenticatorAttestationResponseValidator(
|
||||
$attestationSupportManager, $repository, $tokenBindingHandler, $extensionOutputCheckerHandler);
|
||||
try {
|
||||
$publicKeyCredential = $publicKeyCredentialLoader->load($clientResponse);
|
||||
$authenticatorAttestationResponse = $publicKeyCredential->getResponse();
|
||||
if (!$authenticatorAttestationResponse instanceof AuthenticatorAttestationResponse) {
|
||||
logNewMessage(LOG_ERR, 'Invalid webauthn response: ' . $clientResponse);
|
||||
return false;
|
||||
}
|
||||
$symfonyRequest = Request::createFromGlobals();
|
||||
$psr17Factory = new Psr17Factory();
|
||||
$psrFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
|
||||
$psr7Request = $psrFactory->createRequest($symfonyRequest);
|
||||
$publicKeyCredentialSource = $responseValidator->check($authenticatorAttestationResponse, $registration, $psr7Request);
|
||||
$repository->saveCredentialSource($publicKeyCredentialSource);
|
||||
return true;
|
||||
}
|
||||
catch (\Throwable $exception) {
|
||||
logNewMessage(LOG_ERR, 'Webauthn validation failed: ' . $exception->getMessage() . $exception->getTraceAsString());
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a CBOR decoder.
|
||||
*
|
||||
* @return Decoder decoder
|
||||
*/
|
||||
function getCborDecoder() {
|
||||
private function getCborDecoder() {
|
||||
return new Decoder(new TagObjectManager(), new OtherObjectManager());
|
||||
}
|
||||
|
||||
|
|
@ -245,7 +234,7 @@ function getCborDecoder() {
|
|||
* @param Decoder $decoder decoder
|
||||
* @return AttestationStatementSupportManager manager
|
||||
*/
|
||||
function getAttestationSupportManager($decoder) {
|
||||
private function getAttestationSupportManager($decoder) {
|
||||
$manager = new AttestationStatementSupportManager();
|
||||
$manager->add(new NoneAttestationStatementSupport());
|
||||
$manager->add(new FidoU2FAttestationStatementSupport());
|
||||
|
|
@ -271,7 +260,7 @@ function getAttestationSupportManager($decoder) {
|
|||
* @param Decoder $decoder decoder
|
||||
* @return AttestationObjectLoader attestation object loader
|
||||
*/
|
||||
function getAttestationObjectLoader($manager, $decoder) {
|
||||
private function getAttestationObjectLoader($manager, $decoder) {
|
||||
return new AttestationObjectLoader($manager, $decoder);
|
||||
}
|
||||
|
||||
|
|
@ -282,7 +271,7 @@ function getAttestationObjectLoader($manager, $decoder) {
|
|||
* @param Decoder $decoder decoder
|
||||
* @return PublicKeyCredentialLoader public key credential loader
|
||||
*/
|
||||
function getPublicKeyCredentialLoader($attestationObjectLoader, $decoder) {
|
||||
private function getPublicKeyCredentialLoader($attestationObjectLoader, $decoder) {
|
||||
return new PublicKeyCredentialLoader($attestationObjectLoader, $decoder);
|
||||
}
|
||||
|
||||
|
|
@ -296,6 +285,17 @@ function getExtensionOutputChecker() {
|
|||
return new ExtensionOutputCheckerHandler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the webauthn database.
|
||||
*
|
||||
* @return PublicKeyCredentialSourceRepositorySQLite database
|
||||
*/
|
||||
public function getDatabase() {
|
||||
return new PublicKeyCredentialSourceRepositorySQLite();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Stores the public key credentials in the SQLite database.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue