janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

u

Browse Source
This commit is contained in:
jakani24
2024-04-04 20:48:10 +02:00
parent e7fe841654
commit 2e0c42c51e
2 changed files with 21 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/server/cyberhex-code/test/server.php
View File

@@ -191,9 +191,6 @@ try {
$_SESSION['registrations'][] = $data; $_SESSION['registrations'][] = $data;
$msg = 'registration success.'; $msg = 'registration success.';
if ($data->rootValid === false) {
$msg = 'registration ok, but certificate does not match any of the selected root ca.';
}
$return = new stdClass(); $return = new stdClass();
$return->success = true; $return->success = true;

233
src/server/cyberhex-code/test/user.html
View File

@@ -206,29 +206,29 @@
function getGetParams() { function getGetParams() {
let url = ''; let url = '';
url += '&apple=' + (document.getElementById('cert_apple').checked ? '1' : '0'); url += '&apple=1';
url += '&yubico=' + (document.getElementById('cert_yubico').checked ? '1' : '0'); url += '&yubico=1';
url += '&solo=' + (document.getElementById('cert_solo').checked ? '1' : '0'); url += '&solo=1'
url += '&hypersecu=' + (document.getElementById('cert_hypersecu').checked ? '1' : '0'); url += '&hypersecu=1';
url += '&google=' + (document.getElementById('cert_google').checked ? '1' : '0'); url += '&google=1';
url += '&microsoft=' + (document.getElementById('cert_microsoft').checked ? '1' : '0'); url += '&microsoft=1';
url += '&mds=' + (document.getElementById('cert_mds').checked ? '1' : '0'); url += '&mds=1';
url += '&requireResidentKey=' + (document.getElementById('requireResidentKey').checked ? '1' : '0'); url += '&requireResidentKey=0';
url += '&type_usb=' + (document.getElementById('type_usb').checked ? '1' : '0'); url += '&type_usb=1';
url += '&type_nfc=' + (document.getElementById('type_nfc').checked ? '1' : '0'); url += '&type_nfc=1';
url += '&type_ble=' + (document.getElementById('type_ble').checked ? '1' : '0'); url += '&type_ble=1';
url += '&type_int=' + (document.getElementById('type_int').checked ? '1' : '0'); url += '&type_int=1';
url += '&type_hybrid=' + (document.getElementById('type_hybrid').checked ? '1' : '0'); url += '&type_hybrid=1';
url += '&fmt_android-key=' + (document.getElementById('fmt_android-key').checked ? '1' : '0'); url += '&fmt_android-key=1';
url += '&fmt_android-safetynet=' + (document.getElementById('fmt_android-safetynet').checked ? '1' : '0'); url += '&fmt_android-safetynet=1';
url += '&fmt_apple=' + (document.getElementById('fmt_apple').checked ? '1' : '0'); url += '&fmt_apple=1';
url += '&fmt_fido-u2f=' + (document.getElementById('fmt_fido-u2f').checked ? '1' : '0'); url += '&fmt_fido-u2f=1';
url += '&fmt_none=' + (document.getElementById('fmt_none').checked ? '1' : '0'); url += '&fmt_none=1';
url += '&fmt_packed=' + (document.getElementById('fmt_packed').checked ? '1' : '0'); url += '&fmt_packed=1';
url += '&fmt_tpm=' + (document.getElementById('fmt_tpm').checked ? '1' : '0'); url += '&fmt_tpm=1';
url += '&rpId=' + encodeURIComponent(document.getElementById('rpId').value); url += '&rpId=' + encodeURIComponent(document.getElementById('rpId').value);
@@ -236,15 +236,7 @@
url += '&userName=' + encodeURIComponent(document.getElementById('userName').value); url += '&userName=' + encodeURIComponent(document.getElementById('userName').value);
url += '&userDisplayName=' + encodeURIComponent(document.getElementById('userDisplayName').value); url += '&userDisplayName=' + encodeURIComponent(document.getElementById('userDisplayName').value);
if (document.getElementById('userVerification_required').checked) {
url += '&userVerification=required';
} else if (document.getElementById('userVerification_preferred').checked) {
url += '&userVerification=preferred';
} else if (document.getElementById('userVerification_discouraged').checked) {
url += '&userVerification=discouraged'; url += '&userVerification=discouraged';
}
return url; return url;
} }
@@ -346,191 +338,6 @@
</tr> </tr>
</tbody> </tbody>
</table> </table>
<div>&nbsp;</div>
<div>
<input type="checkbox" id="requireResidentKey" name="requireResidentKey">
<label for="requireResidentKey">Use Client-side discoverable Credentials / Passkeys
<i style="font-size: 0.8em;">Warning: most client-side modules and authenticators don't allow to delete single client side credentials.
You have to reset the full device to remove the credentials again.</i>
</label>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">Relying Party</div>
<p style="margin:0 0 5px 0;font-size:0.9em;font-style: italic;">A valid domain string that identifies the
WebAuthn Relying Party<br/>on whose behalf a given registration or authentication ceremony is being performed.</p>
<div>
<label for="rpId">RP ID:</label>
<input type="text" id="rpId" name="rpId" value="">
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">User</div>
<div style="margin-bottom:12px">
<label for="userId">User ID (Hex):</label>
<input type="text" id="userId" name="userId" value="64656d6f64656d6f" required pattern="[0-9a-fA-F]{2,}">
<i style="font-size: 0.8em;">You get the user ID back when checking registration (as userHandle), if you're using client-side discoverable credentials.
You can identify with this ID the user who wants to login.
A user handle is an opaque byte sequence with a maximum size of 64 bytes, and is not meant to be displayed to the user.
The user handle MUST NOT contain personally identifying information about the user, such as a username or e-mail address.</i>
</div>
<div style="margin-bottom:12px">
<label for="userName">User Name:</label>
<input type="text" id="userName" name="userName" value="demo" required pattern="[0-9a-zA-Z]{2,}">
<i style="font-size: 0.8em;">only for display, i.e., aiding the user in determining the difference between user accounts with similar display names.</i>
</div>
<div style="margin-bottom:6px">
<label for="userDisplayName">User Display Name:</label>
<input type="text" id="userDisplayName" name="userDisplayName" value="Demo Demolin" required>
<i style="font-size: 0.8em;">A human-palatable name for the user account, intended only for display.</i>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">user verification</div>
<div>
<input type="radio" id="userVerification_required" name="userVerification">
<label for="userVerification_required">required <i style="font-size: 0.8em;">User verification is required (e.g. by pin), the operation will fail if the response does not have the UV flag.</i></label>
</div>
<div>
<input type="radio" id="userVerification_preferred" name="userVerification">
<label for="userVerification_preferred">preferred <i style="font-size: 0.8em;">user verification is prefered, the operation will not fail if the response does not have the UV flag.</i></label>
</div>
<div>
<input type="radio" id="userVerification_discouraged" name="userVerification" checked>
<label for="userVerification_discouraged">discouraged <i style="font-size: 0.8em;">user verification should not be employed as to minimize the user interaction during the process.</i></label>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">type of authenticator</div>
<div>
<input type="checkbox" id="type_usb" name="type_usb" checked>
<label for="type_usb">USB</label>
</div>
<div>
<input type="checkbox" id="type_nfc" name="type_nfc" checked>
<label for="type_nfc">NFC</label>
</div>
<div>
<input type="checkbox" id="type_ble" name="type_ble" checked>
<label for="type_ble">BLE</label>
</div>
<div>
<input type="checkbox" id="type_hybrid" name="type_hybrid" checked>
<label for="type_hybrid">hybrid <i style="font-size: 0.8em;">Passkeys via mobile device, ...</i></label>
</div>
<div>
<input type="checkbox" id="type_int" name="type_int" checked>
<label for="type_int">internal <i style="font-size: 0.8em;">Passkeys on the device, Windows Hello, Android SafetyNet, Apple, ...</i></label>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">attestation</div>
<div>
<input type="radio" id="attestation_yes" value="yes" name="attestation" onchange="setAttestation(this.value === 'yes')" checked>
<label for="attestation_yes">yes</label>
</div>
<div>
<input type="radio" id="attestation_no" value="no" name="attestation" onchange="setAttestation(this.value === 'yes')">
<label for="attestation_no">no</label>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">attestation statement format</div>
<div>
<input type="checkbox" id="fmt_android-key" name="fmt_android-key" checked>
<label for="fmt_android-key">android-key</label>
</div>
<div>
<input type="checkbox" id="fmt_android-safetynet" name="fmt_android-safetynet" checked>
<label for="fmt_android-safetynet">android-safetynet</label>
</div>
<div>
<input type="checkbox" id="fmt_apple" name="fmt_apple" checked>
<label for="fmt_apple">apple</label>
</div>
<div>
<input type="checkbox" id="fmt_fido-u2f" name="fmt_fido-u2f" checked>
<label for="fmt_fido-u2f">fido-u2f</label>
</div>
<div>
<input type="checkbox" id="fmt_none" name="fmt_none">
<label for="fmt_none">none</label>
</div>
<div>
<input type="checkbox" id="fmt_packed" name="fmt_packed" checked>
<label for="fmt_packed">packed</label>
</div>
<div>
<input type="checkbox" id="fmt_tpm" name="fmt_tpm" checked>
<label for="fmt_tpm">tpm</label>
</div>
<div>&nbsp;</div>
<div style="font-weight: bold">attestation root certificates</div>
<div>
<input type="checkbox" id="cert_mds" name="mds" checked>
<label for="cert_mds">Accept keys signed by <a href="https://fidoalliance.org/metadata/" target="_blank">FIDO Alliance Metadata Service</a></label>
</div>
<div>
<input type="checkbox" id="cert_apple" name="apple">
<label for="cert_apple">Accept keys signed by apple root ca</label>
</div>
<div>
<input type="checkbox" id="cert_yubico" name="yubico">
<label for="cert_yubico">Accept keys signed by yubico root ca</label>
</div>
<div>
<input type="checkbox" id="cert_solo" name="solo">
<label for="cert_solo">Accept keys signed by solokeys root ca</label>
</div>
<div>
<input type="checkbox" id="cert_hypersecu" name="hypersecu">
<label for="cert_hypersecu">Accept keys signed by hypersecu root ca</label>
</div>
<div>
<input type="checkbox" id="cert_google" name="google">
<label for="cert_google">Accept keys signed by google root ca</label>
</div>
<div>
<input type="checkbox" id="cert_microsoft" name="microsoft">
<label for="cert_microsoft">Accept keys signed by Microsofts collection of trusted TPM root ca</label>
</div>
<div style="font-size: 0.7em">(Nothing checked = accept all)</div>
<div>&nbsp;</div>
<div>
<button type="button" onclick="queryFidoMetaDataService()">&#128472; update root certificates from FIDO Alliance Metadata Service (MDS)</button>
</div>
<div>&nbsp;</div>
<div>If you select a root ca, direct attestation is required to validate your client with the root.<br>
The browser may warn you that he will provide informations about your device.<br>
When not checking against any root ca (deselect all certificates),
the client may change the assertion from the authenticator (for instance, using an anonymization CA),<br>
the browser may not warn about providing informations about your device.
</div>
<div style="margin-top:20px;font-size: 0.7em;font-style: italic">
Copyright &copy; 2023 Lukas Buchs - <a href="https://raw.githubusercontent.com/lbuchs/WebAuthn/master/LICENSE">license therms</a>
</div>
</div> </div>
</div> </div>
<div class="serverPreview"> <div class="serverPreview">