From 2e3441b05555f5e3fb7b111357193ae86b3e042f Mon Sep 17 00:00:00 2001
From: jakani24 <janis.st44@gmail.com>
Date: Fri, 26 Apr 2024 15:39:50 +0200
Subject: [PATCH] adding add passkey to setup

---
 .../cyberhex-code/install/add_passkey.php     | 206 +++++++++++++++++-
 .../cyberhex-code/install/create_admin.php    |   2 +-
 .../php/create_admin_backend.php              | 189 ++++++++++++++++
 3 files changed, 395 insertions(+), 2 deletions(-)
 create mode 100644 src/server/cyberhex-code/system/insecure_zone/php/create_admin_backend.php

diff --git a/src/server/cyberhex-code/install/add_passkey.php b/src/server/cyberhex-code/install/add_passkey.php
index b7ffa97..f5c4018 100644
--- a/src/server/cyberhex-code/install/add_passkey.php
+++ b/src/server/cyberhex-code/install/add_passkey.php
@@ -8,7 +8,210 @@
 	 <title>Change Password</title>
 </head>
 <body>
+<script>
+//js to handle passkey
+async function createRegistration() {
+            try {
 
+                // check browser support
+                if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
+                    throw new Error('Browser not supported.');
+                }
+
+                // get create args
+                let rep = await window.fetch('/insecure_zone/php/create_admin_backend.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'});
+                const createArgs = await rep.json();
+
+                // error handling
+                if (createArgs.success === false) {
+                    throw new Error(createArgs.msg || 'unknown error occured');
+                }
+
+                // replace binary base64 data with ArrayBuffer. a other way to do this
+                // is the reviver function of JSON.parse()
+                recursiveBase64StrToArrayBuffer(createArgs);
+
+                // create credentials
+                const cred = await navigator.credentials.create(createArgs);
+
+                // create object
+                const authenticatorAttestationResponse = {
+                    transports: cred.response.getTransports  ? cred.response.getTransports() : null,
+                    clientDataJSON: cred.response.clientDataJSON  ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
+                    attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
+                };
+
+                // check auth on server side
+                rep = await window.fetch('/insecure_zone/php/create_admin_backend.php?fn=processCreate' + getGetParams(), {
+                    method  : 'POST',
+                    body    : JSON.stringify(authenticatorAttestationResponse),
+                    cache   : 'no-cache'
+                });
+                const authenticatorAttestationServerResponse = await rep.json();
+
+                // prompt server response
+                if (authenticatorAttestationServerResponse.success) {
+                    reloadServerPreview();
+                    window.alert(authenticatorAttestationServerResponse.msg || 'registration success');
+                } else {
+                    throw new Error(authenticatorAttestationServerResponse.msg);
+                }
+
+            } catch (err) {
+                reloadServerPreview();
+                window.alert(err.message || 'unknown error occured');
+            }
+        }
+
+
+
+        function queryFidoMetaDataService() {
+            window.fetch('/insecure_zone/php/create_admin_backend.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) {
+                return response.json();
+
+            }).then(function(json) {
+               if (json.success) {
+                   window.alert(json.msg);
+               } else {
+                   throw new Error(json.msg);
+               }
+            }).catch(function(err) {
+                window.alert(err.message || 'unknown error occured');
+            });
+        }
+
+        /**
+         * convert RFC 1342-like base64 strings to array buffer
+         * @param {mixed} obj
+         * @returns {undefined}
+         */
+        function recursiveBase64StrToArrayBuffer(obj) {
+            let prefix = '=?BINARY?B?';
+            let suffix = '?=';
+            if (typeof obj === 'object') {
+                for (let key in obj) {
+                    if (typeof obj[key] === 'string') {
+                        let str = obj[key];
+                        if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) {
+                            str = str.substring(prefix.length, str.length - suffix.length);
+
+                            let binary_string = window.atob(str);
+                            let len = binary_string.length;
+                            let bytes = new Uint8Array(len);
+                            for (let i = 0; i < len; i++)        {
+                                bytes[i] = binary_string.charCodeAt(i);
+                            }
+                            obj[key] = bytes.buffer;
+                        }
+                    } else {
+                        recursiveBase64StrToArrayBuffer(obj[key]);
+                    }
+                }
+            }
+        }
+
+        /**
+         * Convert a ArrayBuffer to Base64
+         * @param {ArrayBuffer} buffer
+         * @returns {String}
+         */
+        function arrayBufferToBase64(buffer) {
+            let binary = '';
+            let bytes = new Uint8Array(buffer);
+            let len = bytes.byteLength;
+            for (let i = 0; i < len; i++) {
+                binary += String.fromCharCode( bytes[ i ] );
+            }
+            return window.btoa(binary);
+        }
+		
+		function ascii_to_hex(str) {
+			let hex = '';
+			for (let i = 0; i < str.length; i++) {
+				let ascii = str.charCodeAt(i).toString(16);
+				hex += ('00' + ascii).slice(-2); // Ensure each hex value is 2 characters long
+			}
+			return hex;
+		}
+        /**
+         * Get URL parameter
+         * @returns {String}
+         */
+        function getGetParams() {
+            let url = '';
+
+            url += '&apple=1';
+            url += '&yubico=1';
+            url += '&solo=1'
+            url += '&hypersecu=1';
+            url += '&google=1';
+            url += '&microsoft=1';
+            url += '&mds=1';
+
+            url += '&requireResidentKey=0';
+
+            url += '&type_usb=1';
+            url += '&type_nfc=1';
+            url += '&type_ble=1';
+            url += '&type_int=1';
+            url += '&type_hybrid=1';
+
+            url += '&fmt_android-key=1';
+            url += '&fmt_android-safetynet=1';
+            url += '&fmt_apple=1';
+            url += '&fmt_fido-u2f=1';
+            url += '&fmt_none=1';
+            url += '&fmt_packed=1';
+            url += '&fmt_tpm=1';
+
+            url += '&rpId=auth.jakach.com';
+			
+            url += '&userId=' + encodeURIComponent(ascii_to_hex(document.getElementById('username').value));
+            url += '&userName=' + encodeURIComponent(document.getElementById('username').value);
+            url += '&userDisplayName=' + encodeURIComponent(document.getElementById('username').value);
+
+            url += '&userVerification=discouraged';
+
+            return url;
+        }
+
+        function reloadServerPreview() {
+            //let iframe = document.getElementById('serverPreview');
+            //iframe.src = iframe.src;
+        }
+
+        function setAttestation(attestation) {
+            let inputEls = document.getElementsByTagName('input');
+            for (const inputEl of inputEls) {
+                if (inputEl.id && inputEl.id.match(/^(fmt|cert)\_/)) {
+                    inputEl.disabled = !attestation;
+                }
+                if (inputEl.id && inputEl.id.match(/^fmt\_/)) {
+                    inputEl.checked = attestation ? inputEl.id !== 'fmt_none' : inputEl.id === 'fmt_none';
+                }
+                if (inputEl.id && inputEl.id.match(/^cert\_/)) {
+                    inputEl.checked = attestation ? inputEl.id === 'cert_mds' : false;
+                }
+            }
+        }
+
+        /**
+         * force https on load
+         * @returns {undefined}
+         */
+        window.onload = function() {
+            if (location.protocol !== 'https:' && location.host !== 'localhost') {
+                location.href = location.href.replace('http', 'https');
+            }
+            //if (!document.getElementById('rpId').value) {
+            //    document.getElementById('rpId').value = location.hostname;
+            //}
+
+            //if (!document.getElementById('attestation_yes').checked) {
+            //    setAttestation(false);
+            //}
+        }
+</script>
 <div class="container mt-5">
     <div class="row justify-content-center">
         <div class="col-md-6">
@@ -17,9 +220,10 @@
                     <h4>Add a passkey?</h4>
                 </div>
                 <div class="card-body">
+				<input type="text" id="username" name="username" value="<?php echo($_GET["username"]); ?>" style="display:hidden"></input>
 				<p>You can add a device specific passkey which allows you to login in securely with your fingerprint / hardware key etc.</p>
 					<button type="button" class="btn btn-primary btn-block" onclick="checkRegistration()">Add a passkey</button>
-					<br>
+					<br><br>
 					<a href="end.php" class="btn btn-primary btn-block">Skip for now</a>
 
 				</div>
diff --git a/src/server/cyberhex-code/install/create_admin.php b/src/server/cyberhex-code/install/create_admin.php
index 5e24bf6..2051c49 100644
--- a/src/server/cyberhex-code/install/create_admin.php
+++ b/src/server/cyberhex-code/install/create_admin.php
@@ -62,7 +62,7 @@
 							$stmt->close();
 							$conn->close();
 							echo '<br><div class="alert alert-success" role="alert">
-								Admin user created successfully! <a href="add_passkey.php">Continue installation</a>
+								Admin user created successfully! <a href="add_passkey.php?username='.$username.'">Continue installation</a>
 							</div>';
 						}
 
diff --git a/src/server/cyberhex-code/system/insecure_zone/php/create_admin_backend.php b/src/server/cyberhex-code/system/insecure_zone/php/create_admin_backend.php
new file mode 100644
index 0000000..abb638c
--- /dev/null
+++ b/src/server/cyberhex-code/system/insecure_zone/php/create_admin_backend.php
@@ -0,0 +1,189 @@
+<?php
+//with db:
+
+require_once 'WebAuthn.php';
+// Assuming you've already established a database connection here
+include "../../../config.php";
+$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
+if ($conn->connect_error) {
+	$success=0;
+	die("Connection failed: " . $conn->connect_error);
+}
+try {
+	session_start();
+	
+    // read get argument and post body
+    $fn = filter_input(INPUT_GET, 'fn');
+    $requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
+    $userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
+
+    $userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS);
+    $userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
+    $userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
+
+    $userId = preg_replace('/[^0-9a-f]/i', '', $userId);
+    $userName = preg_replace('/[^0-9a-z]/i', '', $userName);
+    $userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
+
+    $post = trim(file_get_contents('php://input'));
+    if ($post) {
+        $post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
+    }
+
+    if ($fn !== 'getStoredDataHtml') {
+
+        // Formats
+        $formats = [];
+        //if (filter_input(INPUT_GET, 'fmt_android-key')) {
+            $formats[] = 'android-key';
+        //}
+        ///if (filter_input(INPUT_GET, 'fmt_android-safetynet')) {
+            $formats[] = 'android-safetynet';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_apple')) {
+            $formats[] = 'apple';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_fido-u2f')) {
+            $formats[] = 'fido-u2f';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_none')) {
+            $formats[] = 'none';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_packed')) {
+            $formats[] = 'packed';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_tpm')) {
+            $formats[] = 'tpm';
+        //}
+
+		$rpId=$_SERVER['SERVER_NAME'];
+		
+		$typeUsb = true;
+		$typeNfc = true;
+		$typeBle = true;
+		$typeInt = true;
+		$typeHyb = true;
+
+        // cross-platform: true, if type internal is not allowed
+        //                 false, if only internal is allowed
+        //                 null, if internal and cross-platform is allowed
+        $crossPlatformAttachment = null;
+        if (($typeUsb || $typeNfc || $typeBle || $typeHyb) && !$typeInt) {
+            $crossPlatformAttachment = true;
+
+        } else if (!$typeUsb && !$typeNfc && !$typeBle && !$typeHyb && $typeInt) {
+            $crossPlatformAttachment = false;
+        }
+
+
+        // new Instance of the server library.
+        // make sure that $rpId is the domain name.
+        $WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId, $formats);
+
+        // add root certificates to validate new registrations
+        //if (filter_input(INPUT_GET, 'solo')) {
+            $WebAuthn->addRootCertificates('rootCertificates/solo.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'apple')) {
+            $WebAuthn->addRootCertificates('rootCertificates/apple.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'yubico')) {
+            $WebAuthn->addRootCertificates('rootCertificates/yubico.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'hypersecu')) {
+            $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'google')) {
+            $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem');
+            $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'microsoft')) {
+            $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'mds')) {
+            $WebAuthn->addRootCertificates('rootCertificates/mds');
+        //}
+
+    }
+
+    // Handle different functions
+    if ($fn === 'getCreateArgs') {
+        $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment);
+
+        header('Content-Type: application/json');
+        print(json_encode($createArgs));
+
+        // save challange to session. you have to deliver it to processGet later.
+        $_SESSION['challenge'] = $WebAuthn->getChallenge();
+
+    } else if ($fn === 'getGetArgs') {
+        $ids = [];
+
+        if ($requireResidentKey) {
+            if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) {
+                throw new Exception('we do not have any registrations in session to check the registration');
+            }
+
+        } else {
+            // load registrations from session stored there by processCreate.
+            // normaly you have to load the credential Id's for a username
+            // from the database.
+            if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
+                foreach ($_SESSION['registrations'] as $reg) {
+                    if ($reg->userId === $userId) {
+                        $ids[] = $reg->credentialId;
+                    }
+                }
+            }
+
+            if (count($ids) === 0) {
+                throw new Exception('no registrations in session for userId ' . $userId);
+            }
+        }
+
+        $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification);
+
+        header('Content-Type: application/json');
+        print(json_encode($getArgs));
+
+        // save challange to session. you have to deliver it to processGet later.
+        $_SESSION['challenge'] = $WebAuthn->getChallenge();
+    } else if ($fn === 'processCreate') {
+        // Process create
+		$challenge = $_SESSION['challenge'];
+        $clientDataJSON = base64_decode($post->clientDataJSON);
+        $attestationObject = base64_decode($post->attestationObject);
+
+        // Process create and store data in the database
+        $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, $userVerification === 'required', true, false);
+	
+		// add user infos
+        $data->userId = $userId;
+        $data->userName = $userName;
+        $data->userDisplayName = $userDisplayName;
+		$data->email="a@a.com";
+		$data->perms="11111111111111111";
+		$data->password="...";
+
+        // Store registration data in the database
+        $stmt = $conn->prepare("INSERT INTO users (email,perms,password,username,user_hex_id, credential_id, public_key, counter) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
+		//var_dump($data);
+        $stmt->execute([$data->email,$data->perms,$data->email, $data->userName, $userId, $data->credentialId, $data->credentialPublicKey, $data->signatureCounter]);
+
+        $msg = 'registration success.';
+        $return = new stdClass();
+        $return->success = true;
+        $return->msg = $msg;
+        header('Content-Type: application/json');
+        print(json_encode($return));
+    } 
+
+} catch (Throwable $ex) {
+    $return = new stdClass();
+    $return->success = false;
+    $return->msg = $ex->getMessage();
+
+    header('Content-Type: application/json');
+    print(json_encode($return));
+}
+?>
\ No newline at end of file