diff --git a/src/server/cyberhex-code/test/server.php b/src/server/cyberhex-code/test/server.php index 111b703..412762a 100644 --- a/src/server/cyberhex-code/test/server.php +++ b/src/server/cyberhex-code/test/server.php @@ -191,9 +191,6 @@ try { $_SESSION['registrations'][] = $data; $msg = 'registration success.'; - if ($data->rootValid === false) { - $msg = 'registration ok, but certificate does not match any of the selected root ca.'; - } $return = new stdClass(); $return->success = true; diff --git a/src/server/cyberhex-code/test/user.html b/src/server/cyberhex-code/test/user.html index eb4970b..0053441 100644 --- a/src/server/cyberhex-code/test/user.html +++ b/src/server/cyberhex-code/test/user.html @@ -206,29 +206,29 @@ function getGetParams() { let url = ''; - url += '&apple=' + (document.getElementById('cert_apple').checked ? '1' : '0'); - url += '&yubico=' + (document.getElementById('cert_yubico').checked ? '1' : '0'); - url += '&solo=' + (document.getElementById('cert_solo').checked ? '1' : '0'); - url += '&hypersecu=' + (document.getElementById('cert_hypersecu').checked ? '1' : '0'); - url += '&google=' + (document.getElementById('cert_google').checked ? '1' : '0'); - url += 'µsoft=' + (document.getElementById('cert_microsoft').checked ? '1' : '0'); - url += '&mds=' + (document.getElementById('cert_mds').checked ? '1' : '0'); + url += '&apple=1'; + url += '&yubico=1'; + url += '&solo=1' + url += '&hypersecu=1'; + url += '&google=1'; + url += 'µsoft=1'; + url += '&mds=1'; - url += '&requireResidentKey=' + (document.getElementById('requireResidentKey').checked ? '1' : '0'); + url += '&requireResidentKey=0'; - url += '&type_usb=' + (document.getElementById('type_usb').checked ? '1' : '0'); - url += '&type_nfc=' + (document.getElementById('type_nfc').checked ? '1' : '0'); - url += '&type_ble=' + (document.getElementById('type_ble').checked ? '1' : '0'); - url += '&type_int=' + (document.getElementById('type_int').checked ? '1' : '0'); - url += '&type_hybrid=' + (document.getElementById('type_hybrid').checked ? '1' : '0'); + url += '&type_usb=1'; + url += '&type_nfc=1'; + url += '&type_ble=1'; + url += '&type_int=1'; + url += '&type_hybrid=1'; - url += '&fmt_android-key=' + (document.getElementById('fmt_android-key').checked ? '1' : '0'); - url += '&fmt_android-safetynet=' + (document.getElementById('fmt_android-safetynet').checked ? '1' : '0'); - url += '&fmt_apple=' + (document.getElementById('fmt_apple').checked ? '1' : '0'); - url += '&fmt_fido-u2f=' + (document.getElementById('fmt_fido-u2f').checked ? '1' : '0'); - url += '&fmt_none=' + (document.getElementById('fmt_none').checked ? '1' : '0'); - url += '&fmt_packed=' + (document.getElementById('fmt_packed').checked ? '1' : '0'); - url += '&fmt_tpm=' + (document.getElementById('fmt_tpm').checked ? '1' : '0'); + url += '&fmt_android-key=1'; + url += '&fmt_android-safetynet=1'; + url += '&fmt_apple=1'; + url += '&fmt_fido-u2f=1'; + url += '&fmt_none=1'; + url += '&fmt_packed=1'; + url += '&fmt_tpm=1'; url += '&rpId=' + encodeURIComponent(document.getElementById('rpId').value); @@ -236,15 +236,7 @@ url += '&userName=' + encodeURIComponent(document.getElementById('userName').value); url += '&userDisplayName=' + encodeURIComponent(document.getElementById('userDisplayName').value); - if (document.getElementById('userVerification_required').checked) { - url += '&userVerification=required'; - - } else if (document.getElementById('userVerification_preferred').checked) { - url += '&userVerification=preferred'; - - } else if (document.getElementById('userVerification_discouraged').checked) { - url += '&userVerification=discouraged'; - } + url += '&userVerification=discouraged'; return url; } @@ -346,191 +338,6 @@ -
 
- -
- - -
- -
 
-
Relying Party
-

A valid domain string that identifies the - WebAuthn Relying Party
on whose behalf a given registration or authentication ceremony is being performed.

-
- - -
- -
 
-
User
-
- - - You get the user ID back when checking registration (as userHandle), if you're using client-side discoverable credentials. - You can identify with this ID the user who wants to login. - A user handle is an opaque byte sequence with a maximum size of 64 bytes, and is not meant to be displayed to the user. - The user handle MUST NOT contain personally identifying information about the user, such as a username or e-mail address. -
-
- - - only for display, i.e., aiding the user in determining the difference between user accounts with similar display names. -
-
- - - A human-palatable name for the user account, intended only for display. -
- -
 
-
user verification
-
- - -
- -
- - -
- -
- - -
- -
 
-
type of authenticator
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
- -
 
-
attestation
-
- - -
-
- - -
- -
 
-
attestation statement format
-
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- - -
 
-
attestation root certificates
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
(Nothing checked = accept all)
-
 
- -
- -
- -
 
-
If you select a root ca, direct attestation is required to validate your client with the root.
- The browser may warn you that he will provide informations about your device.
- When not checking against any root ca (deselect all certificates), - the client may change the assertion from the authenticator (for instance, using an anonymization CA),
- the browser may not warn about providing informations about your device. -
-
- Copyright © 2023 Lukas Buchs - license therms -
-