refactoring

This commit is contained in:
Roland Gruber 2019-12-21 15:13:48 +01:00
parent de19770211
commit eae502c629
2 changed files with 105 additions and 107 deletions

View File

@ -13,8 +13,6 @@ use \htmlOutputText;
use \htmlDiv;
use \LAMException;
use Webauthn\PublicKeyCredentialCreationOptions;
use function LAM\LOGIN\WEBAUTHN\hasTokensRegistered;
use function LAM\LOGIN\WEBAUTHN\storeNewRegistration;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -580,7 +578,7 @@ class WebauthnProvider extends BaseProvider {
}
$response = base64_decode($_POST['sig_response']);
$registrationObject = PublicKeyCredentialCreationOptions::createFromString($_SESSION['webauthn_registration']);
if (storeNewRegistration($registrationObject, $response)) {
if ($webauthnManager->storeNewRegistration($registrationObject, $response)) {
return true;
}
logNewMessage(LOG_ERR, 'Webauthn authentication failed');

View File

@ -119,6 +119,44 @@ class WebauthnManager {
return $registrationObject;
}
/**
* Verifies the registration and stores it in the database.
*
* @param PublicKeyCredentialCreationOptions $registration registration object
* @param string $clientResponse client response
* @return bool true if response is valid and registration succeeded
*/
public function storeNewRegistration($registration, $clientResponse) {
$decoder = $this->getCborDecoder();
$tokenBindingHandler = new IgnoreTokenBindingHandler();
$attestationSupportManager = $this->getAttestationSupportManager($decoder);
$attestationObjectLoader = $this->getAttestationObjectLoader($attestationSupportManager, $decoder);
$publicKeyCredentialLoader = $this->getPublicKeyCredentialLoader($attestationObjectLoader, $decoder);
$extensionOutputCheckerHandler = $this->getExtensionOutputChecker();
$repository = new PublicKeyCredentialSourceRepositorySQLite();
$responseValidator = new AuthenticatorAttestationResponseValidator(
$attestationSupportManager, $repository, $tokenBindingHandler, $extensionOutputCheckerHandler);
try {
$publicKeyCredential = $publicKeyCredentialLoader->load($clientResponse);
$authenticatorAttestationResponse = $publicKeyCredential->getResponse();
if (!$authenticatorAttestationResponse instanceof AuthenticatorAttestationResponse) {
logNewMessage(LOG_ERR, 'Invalid webauthn response: ' . $clientResponse);
return false;
}
$symfonyRequest = Request::createFromGlobals();
$psr17Factory = new Psr17Factory();
$psrFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
$psr7Request = $psrFactory->createRequest($symfonyRequest);
$publicKeyCredentialSource = $responseValidator->check($authenticatorAttestationResponse, $registration, $psr7Request);
$repository->saveCredentialSource($publicKeyCredentialSource);
return true;
}
catch (\Throwable $exception) {
logNewMessage(LOG_ERR, 'Webauthn validation failed: ' . $exception->getMessage() . $exception->getTraceAsString());
}
return false;
}
/**
* Returns the user entity for the registration.
*
@ -182,70 +220,21 @@ class WebauthnManager {
}
/**
* Returns the webauthn database.
*
* @return PublicKeyCredentialSourceRepositorySQLite database
*/
public function getDatabase() {
return new PublicKeyCredentialSourceRepositorySQLite();
}
}
/**
* Verifies the registration and stores it in the database.
*
* @param PublicKeyCredentialCreationOptions $registration registration object
* @param string $clientResponse client response
* @return bool true if response is valid and registration succeeded
*/
function storeNewRegistration($registration, $clientResponse) {
$decoder = getCborDecoder();
$tokenBindingHandler = new IgnoreTokenBindingHandler();
$attestationSupportManager = getAttestationSupportManager($decoder);
$attestationObjectLoader = getAttestationObjectLoader($attestationSupportManager, $decoder);
$publicKeyCredentialLoader = getPublicKeyCredentialLoader($attestationObjectLoader, $decoder);
$extensionOutputCheckerHandler = getExtensionOutputChecker();
$repository = new PublicKeyCredentialSourceRepositorySQLite();
$responseValidator = new AuthenticatorAttestationResponseValidator(
$attestationSupportManager, $repository, $tokenBindingHandler, $extensionOutputCheckerHandler);
try {
$publicKeyCredential = $publicKeyCredentialLoader->load($clientResponse);
$authenticatorAttestationResponse = $publicKeyCredential->getResponse();
if (!$authenticatorAttestationResponse instanceof AuthenticatorAttestationResponse) {
logNewMessage(LOG_ERR, 'Invalid webauthn response: ' . $clientResponse);
return false;
}
$symfonyRequest = Request::createFromGlobals();
$psr17Factory = new Psr17Factory();
$psrFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
$psr7Request = $psrFactory->createRequest($symfonyRequest);
$publicKeyCredentialSource = $responseValidator->check($authenticatorAttestationResponse, $registration, $psr7Request);
$repository->saveCredentialSource($publicKeyCredentialSource);
return true;
}
catch (\Throwable $exception) {
logNewMessage(LOG_ERR, 'Webauthn validation failed: ' . $exception->getMessage() . $exception->getTraceAsString());
}
return false;
}
/**
* Returns a CBOR decoder.
*
* @return Decoder decoder
*/
function getCborDecoder() {
private function getCborDecoder() {
return new Decoder(new TagObjectManager(), new OtherObjectManager());
}
}
/**
/**
* Creates the attestation support manager.
*
* @param Decoder $decoder decoder
* @return AttestationStatementSupportManager manager
*/
function getAttestationSupportManager($decoder) {
private function getAttestationSupportManager($decoder) {
$manager = new AttestationStatementSupportManager();
$manager->add(new NoneAttestationStatementSupport());
$manager->add(new FidoU2FAttestationStatementSupport());
@ -262,38 +251,49 @@ function getAttestationSupportManager($decoder) {
$coseManager->add(new RS512());
$manager->add(new PackedAttestationStatementSupport($decoder, $coseManager));
return $manager;
}
}
/**
/**
* Returns the attestation object loader.
*
* @param AttestationStatementSupportManager $manager support manager
* @param Decoder $decoder decoder
* @return AttestationObjectLoader attestation object loader
*/
function getAttestationObjectLoader($manager, $decoder) {
private function getAttestationObjectLoader($manager, $decoder) {
return new AttestationObjectLoader($manager, $decoder);
}
}
/**
/**
* Creates the public key credential loader.
*
* @param AttestationObjectLoader $attestationObjectLoader attestation object loader
* @param Decoder $decoder decoder
* @return PublicKeyCredentialLoader public key credential loader
*/
function getPublicKeyCredentialLoader($attestationObjectLoader, $decoder) {
private function getPublicKeyCredentialLoader($attestationObjectLoader, $decoder) {
return new PublicKeyCredentialLoader($attestationObjectLoader, $decoder);
}
}
/**
/**
* Returns the extension output checker handler.
* No extensions are checked at this time.
*
* @return ExtensionOutputCheckerHandler handler
*/
function getExtensionOutputChecker() {
function getExtensionOutputChecker() {
return new ExtensionOutputCheckerHandler();
}
/**
* Returns the webauthn database.
*
* @return PublicKeyCredentialSourceRepositorySQLite database
*/
public function getDatabase() {
return new PublicKeyCredentialSourceRepositorySQLite();
}
}
/**