web-base/Core/Objects/TwoFactor/AuthenticationData.class.php

<?php

namespace Core\Objects\TwoFactor;

use Core\Objects\ApiObject;

class AuthenticationData extends ApiObject {

  use CBORDecoder;

  const FLAG_USER_PRESENT = 1;
  const FLAG_USER_VERIFIED = 4;
  const FLAG_ATTESTED_DATA_INCLUDED = 64;
  const FLAG_EXTENSION_DATA_INCLUDED = 128;

  private string $rpIDHash;
  private int $flags;
  private int $signCount;
  private string $aaguid;
  private string $credentialID;
  private array $extensions;
  private PublicKey $publicKey;

  public function __construct(string $buffer) {

    $bufferLength = strlen($buffer);
    if ($bufferLength < 32 + 1 + 4) {
      throw new \Exception("Invalid authentication data buffer size");
    }

    $offset = 0;
    $this->rpIDHash = substr($buffer, $offset, 32); $offset += 32;
    $this->flags = ord(substr($buffer, $offset, 1)); $offset += 1;
    $this->signCount = unpack("N", substr($buffer, $offset, 4))[1]; $offset += 4;

    if ($this->attestedCredentialData()) {
      $this->aaguid = substr($buffer, $offset, 16); $offset += 16;
      $credentialIdLength = unpack("n",  substr($buffer, $offset, 4))[1]; $offset += 2;
      $this->credentialID = substr($buffer, $offset, $credentialIdLength); $offset += $credentialIdLength;

      if ($offset < $bufferLength) {
        $publicKeyData = $this->decode(substr($buffer, $offset));
        $this->publicKey = new PublicKey($publicKeyData);
        // TODO: we should add $publicKeyData->length to $offset, but it's not implemented yet?;
      }
    }

    if ($this->hasExtensionData()) {
      // not supported yet
    }
  }

  public function jsonSerialize(): array {
    return [
      "rpIDHash" => base64_encode($this->rpIDHash),
      "flags" => $this->flags,
      "signCount" => $this->signCount,
      "aaguid" => base64_encode($this->aaguid),
      "credentialID" => base64_encode($this->credentialID),
      "publicKey" => $this->publicKey->jsonSerialize()
    ];
  }

  public function getHash(): string {
    return $this->rpIDHash;
  }

  public function verifyIntegrity(string $rp): bool {
    return $this->rpIDHash === hash("sha256", $rp, true);
  }

  public function isUserPresent(): bool {
    return boolval($this->flags & self::FLAG_USER_PRESENT);
  }

  public function isUserVerified(): bool {
		return boolval($this->flags & self::FLAG_USER_VERIFIED);
	}

  public function attestedCredentialData(): bool {
		return boolval($this->flags & self::FLAG_ATTESTED_DATA_INCLUDED);
	}

  public function hasExtensionData(): bool {
		return boolval($this->flags & self::FLAG_EXTENSION_DATA_INCLUDED);
	}

  public function getPublicKey(): PublicKey {
    return $this->publicKey;
  }

  public function getCredentialID(): string {
    return $this->credentialID;
  }
}
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`<?php`

Namespace and ClassPath rewrites 2022-11-18 18:06:46 +01:00			`namespace Core\Objects\TwoFactor;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00
Namespace and ClassPath rewrites 2022-11-18 18:06:46 +01:00			`use Core\Objects\ApiObject;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00
			`class AuthenticationData extends ApiObject {`

few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`use CBORDecoder;`

			`const FLAG_USER_PRESENT = 1;`
			`const FLAG_USER_VERIFIED = 4;`
			`const FLAG_ATTESTED_DATA_INCLUDED = 64;`
			`const FLAG_EXTENSION_DATA_INCLUDED = 128;`

Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`private string $rpIDHash;`
			`private int $flags;`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`private int $signCount;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`private string $aaguid;`
			`private string $credentialID;`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`private array $extensions;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`private PublicKey $publicKey;`

			`public function __construct(string $buffer) {`

few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`$bufferLength = strlen($buffer);`
			`if ($bufferLength < 32 + 1 + 4) {`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`throw new \Exception("Invalid authentication data buffer size");`
			`}`

			`$offset = 0;`
			`$this->rpIDHash = substr($buffer, $offset, 32); $offset += 32;`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`$this->flags = ord(substr($buffer, $offset, 1)); $offset += 1;`
			`$this->signCount = unpack("N", substr($buffer, $offset, 4))[1]; $offset += 4;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`if ($this->attestedCredentialData()) {`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`$this->aaguid = substr($buffer, $offset, 16); $offset += 16;`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`$credentialIdLength = unpack("n", substr($buffer, $offset, 4))[1]; $offset += 2;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`$this->credentialID = substr($buffer, $offset, $credentialIdLength); $offset += $credentialIdLength;`

few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`if ($offset < $bufferLength) {`
			`$publicKeyData = $this->decode(substr($buffer, $offset));`
			`$this->publicKey = new PublicKey($publicKeyData);`
			`// TODO: we should add $publicKeyData->length to $offset, but it's not implemented yet?;`
			`}`
			`}`

			`if ($this->hasExtensionData()) {`
			`// not supported yet`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`}`
			`}`

			`public function jsonSerialize(): array {`
			`return [`
			`"rpIDHash" => base64_encode($this->rpIDHash),`
			`"flags" => $this->flags,`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`"signCount" => $this->signCount,`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`"aaguid" => base64_encode($this->aaguid),`
			`"credentialID" => base64_encode($this->credentialID),`
			`"publicKey" => $this->publicKey->jsonSerialize()`
			`];`
			`}`

			`public function getHash(): string {`
			`return $this->rpIDHash;`
			`}`

			`public function verifyIntegrity(string $rp): bool {`
			`return $this->rpIDHash === hash("sha256", $rp, true);`
			`}`

			`public function isUserPresent(): bool {`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`return boolval($this->flags & self::FLAG_USER_PRESENT);`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`}`

			`public function isUserVerified(): bool {`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`return boolval($this->flags & self::FLAG_USER_VERIFIED);`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`}`

			`public function attestedCredentialData(): bool {`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`return boolval($this->flags & self::FLAG_ATTESTED_DATA_INCLUDED);`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`}`

			`public function hasExtensionData(): bool {`
few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`return boolval($this->flags & self::FLAG_EXTENSION_DATA_INCLUDED);`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`}`

			`public function getPublicKey(): PublicKey {`
			`return $this->publicKey;`
			`}`

few bugfixes, fido/u2f still WIP 2024-04-07 18:29:33 +02:00			`public function getCredentialID(): string {`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`return $this->credentialID;`
			`}`
			`}`