1
0
geforkt von D3Public/oxtotp
oxwebauthn/src/Application/Model/Webauthn/Webauthn.php

166 Zeilen
5.8 KiB
PHP

<?php
declare(strict_types=1);
namespace D3\Totp\Application\Model\Webauthn;
use D3\Totp\Modules\Application\Model\d3_totp_user;
use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7Server\ServerRequestCreator;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Registry;
use Webauthn\PublicKeyCredentialCreationOptions;
2022-10-23 22:42:32 +02:00
use Webauthn\PublicKeyCredentialRequestOptions;
use Webauthn\PublicKeyCredentialRpEntity;
use Webauthn\PublicKeyCredentialSource;
use Webauthn\Server;
class Webauthn
{
public const SESSION_CREATIONS_OPTIONS = 'd3WebAuthnCreationOptions';
2022-10-23 22:42:32 +02:00
public const SESSION_ASSERTION_OPTIONS = 'd3WebAuthnAssertionOptions';
public function getCreationOptions()
{
/** @var d3_totp_user $user */
$user = oxNew(User::class);
$user->load('oxdefaultadmin');
$userEntity = $user->d3GetWebauthnUserEntity();
$credentialSourceRepository = new PublicKeyCredentials();
$credentialSources = $credentialSourceRepository->findAllForUserEntity($userEntity);
$excludeCredentials = array_map(function (PublicKeyCredentialSource $credential) {
return $credential->getPublicKeyCredentialDescriptor();
}, $credentialSources);
$server = $this->getServer();
$publicKeyCredentialCreationOptions = $server->generatePublicKeyCredentialCreationOptions(
$userEntity,
PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
$excludeCredentials
);
Registry::getSession()->setVariable(self::SESSION_CREATIONS_OPTIONS, $publicKeyCredentialCreationOptions);
return json_encode($publicKeyCredentialCreationOptions);
}
2022-10-23 22:42:32 +02:00
public function getRequestOptions()
{
/** @var d3_totp_user $user */
$user = oxNew(User::class);
$user->load('oxdefaultadmin');
$userEntity = $user->d3GetWebauthnUserEntity();
// Get the list of authenticators associated to the user
$credentialSourceRepository = oxNew(PublicKeyCredentials::class);
$credentialSources = $credentialSourceRepository->findAllForUserEntity($userEntity);
// Convert the Credential Sources into Public Key Credential Descriptors
$allowedCredentials = array_map(function (PublicKeyCredentialSource $credential) {
return $credential->getPublicKeyCredentialDescriptor();
}, $credentialSources);
$server = $this->getServer();
// We generate the set of options.
$publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value
$allowedCredentials
);
Registry::getSession()->setVariable(self::SESSION_ASSERTION_OPTIONS, $publicKeyCredentialRequestOptions);
return json_encode($publicKeyCredentialRequestOptions);
}
/**
* @return Server
*/
public function getServer()
{
$rpEntity = new PublicKeyCredentialRpEntity(
Registry::getConfig()->getActiveShop()->getFieldData('oxname'),
preg_replace('/(^www\.)(.*)/mi', '$2', $_SERVER['HTTP_HOST'])
);
return new Server($rpEntity, new PublicKeyCredentials());
}
public function saveAuthn(string $credential)
{
try {
$psr17Factory = new Psr17Factory();
$creator = new ServerRequestCreator(
$psr17Factory,
$psr17Factory,
$psr17Factory,
$psr17Factory
);
$serverRequest = $creator->fromGlobals();
$publicKeyCredentialSource = $this->getServer()->loadAndCheckAttestationResponse(
html_entity_decode($credential),
Registry::getSession()->getVariable(self::SESSION_CREATIONS_OPTIONS),
$serverRequest
);
dumpvar($publicKeyCredentialSource);
dumpvar(serialize($publicKeyCredentialSource));
dumpvar(unserialize(serialize($publicKeyCredentialSource)));
echo "<hr>";
dumpvar(bin2hex(serialize($publicKeyCredentialSource)));
dumpvar(unserialize(hex2bin(bin2hex(serialize($publicKeyCredentialSource)))));
$pkCredential = oxNew(PublicKeyCredentials::class);
$pkCredential->saveCredentialSource($publicKeyCredentialSource);
} catch (\Exception $e) {
dumpvar($e->getMessage());
dumpvar($e);
die();
}
}
2022-10-23 22:42:32 +02:00
public function assertAuthn(string $response)
{
try {
$psr17Factory = new Psr17Factory();
$creator = new ServerRequestCreator(
$psr17Factory,
$psr17Factory,
$psr17Factory,
$psr17Factory
);
$serverRequest = $creator->fromGlobals();
/** @var d3_totp_user $user */
$user = oxNew(User::class);
$user->load('oxdefaultadmin');
$userEntity = $user->d3GetWebauthnUserEntity();
$publicKeySource = $this->getServer()->loadAndCheckAssertionResponse(
html_entity_decode($response),
Registry::getSession()->getVariable(self::SESSION_ASSERTION_OPTIONS),
$userEntity,
$serverRequest
);
/*
dumpvar($publicKeySource);
dumpvar(serialize($publicKeySource));
dumpvar(unserialize(serialize($publicKeySource)));
echo "<hr>";
dumpvar(bin2hex(serialize($publicKeySource)));
dumpvar(unserialize(hex2bin(bin2hex(serialize($publicKeySource)))));
*/
dumpvar('successfully');
} catch (\Exception $e) {
dumpvar($e->getMessage());
dumpvar($e);
die();
}
}
}