From 9e38fd27ab86ea9a45f9c65b0d75b14fb705fe44 Mon Sep 17 00:00:00 2001
From: jakani24 <janis.st44@gmail.com>
Date: Fri, 26 Apr 2024 14:36:34 +0200
Subject: [PATCH] Update login.php

---
 src/server/cyberhex-code/test/login.php | 140 +++++++++++++++++++-----
 1 file changed, 113 insertions(+), 27 deletions(-)

diff --git a/src/server/cyberhex-code/test/login.php b/src/server/cyberhex-code/test/login.php
index bf6294b..9aaf524 100644
--- a/src/server/cyberhex-code/test/login.php
+++ b/src/server/cyberhex-code/test/login.php
@@ -1,5 +1,5 @@
 <?php
-
+/*
 require_once 'WebAuthn.php';
 try {
     session_start();
@@ -201,25 +201,18 @@ try {
     header('Content-Type: application/json');
     print(json_encode($return));
 }
-
+*/
 ?>
-
-
-
-
-
-
-
-
-
 <?php
 //with db:
-/*
+
 require_once 'WebAuthn.php';
 // Assuming you've already established a database connection here
 
 try {
-    // Read input parameters
+    session_start();
+
+    // read get argument and post body
     $fn = filter_input(INPUT_GET, 'fn');
     $requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
     $userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
@@ -228,7 +221,6 @@ try {
     $userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
     $userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
 
-    // Validate and sanitize input
     $userId = preg_replace('/[^0-9a-f]/i', '', $userId);
     $userName = preg_replace('/[^0-9a-z]/i', '', $userName);
     $userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
@@ -238,11 +230,81 @@ try {
         $post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
     }
 
-    // Initialize WebAuthn
-    $rpId=$_SERVER['SERVER_NAME'];
-    $WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId);
+    if ($fn !== 'getStoredDataHtml') {
 
-    // Other configurations...
+        // Formats
+        $formats = [];
+        //if (filter_input(INPUT_GET, 'fmt_android-key')) {
+            $formats[] = 'android-key';
+        //}
+        ///if (filter_input(INPUT_GET, 'fmt_android-safetynet')) {
+            $formats[] = 'android-safetynet';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_apple')) {
+            $formats[] = 'apple';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_fido-u2f')) {
+            $formats[] = 'fido-u2f';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_none')) {
+            $formats[] = 'none';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_packed')) {
+            $formats[] = 'packed';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_tpm')) {
+            $formats[] = 'tpm';
+        //}
+
+		$rpId=$_SERVER['SERVER_NAME'];
+		
+		$typeUsb = true;
+		$typeNfc = true;
+		$typeBle = true;
+		$typeInt = true;
+		$typeHyb = true;
+
+        // cross-platform: true, if type internal is not allowed
+        //                 false, if only internal is allowed
+        //                 null, if internal and cross-platform is allowed
+        $crossPlatformAttachment = null;
+        if (($typeUsb || $typeNfc || $typeBle || $typeHyb) && !$typeInt) {
+            $crossPlatformAttachment = true;
+
+        } else if (!$typeUsb && !$typeNfc && !$typeBle && !$typeHyb && $typeInt) {
+            $crossPlatformAttachment = false;
+        }
+
+
+        // new Instance of the server library.
+        // make sure that $rpId is the domain name.
+        $WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId, $formats);
+
+        // add root certificates to validate new registrations
+        //if (filter_input(INPUT_GET, 'solo')) {
+            $WebAuthn->addRootCertificates('rootCertificates/solo.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'apple')) {
+            $WebAuthn->addRootCertificates('rootCertificates/apple.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'yubico')) {
+            $WebAuthn->addRootCertificates('rootCertificates/yubico.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'hypersecu')) {
+            $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'google')) {
+            $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem');
+            $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'microsoft')) {
+            $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'mds')) {
+            $WebAuthn->addRootCertificates('rootCertificates/mds');
+        //}
+
+    }
 
     // Handle different functions
     if ($fn === 'getCreateArgs') {
@@ -253,19 +315,43 @@ try {
 
         // Save challenge to session or somewhere else if needed
     } else if ($fn === 'getGetArgs') {
-        // Get get arguments
-        // Retrieve credential IDs from the database based on $userId
-        $ids = []; // Fetch credential IDs from the database
-        $getArgs = $WebAuthn->getGetArgs($ids, 60*4);
+        $ids = [];
+
+        if ($requireResidentKey) {
+            if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) {
+                throw new Exception('we do not have any registrations in session to check the registration');
+            }
+
+        } else {
+            // load registrations from session stored there by processCreate.
+            // normaly you have to load the credential Id's for a username
+            // from the database.
+            if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
+                foreach ($_SESSION['registrations'] as $reg) {
+                    if ($reg->userId === $userId) {
+                        $ids[] = $reg->credentialId;
+                    }
+                }
+            }
+
+            if (count($ids) === 0) {
+                throw new Exception('no registrations in session for userId ' . $userId);
+            }
+        }
+
+        $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification);
+
         header('Content-Type: application/json');
         print(json_encode($getArgs));
 
-        // Save challenge to session or somewhere else if needed
-    } else if ($fn === 'processGet') {
+        // save challange to session. you have to deliver it to processGet later.
+        $_SESSION['challenge'] = $WebAuthn->getChallenge();
+
+    }else if ($fn === 'processGet') {
         // Process get
         // Retrieve registration data from the database based on credential ID
         $id = base64_decode($post->id);
-        $stmt = $conn->prepare("SELECT * FROM registrations WHERE credentialId = ?");
+        $stmt = $conn->prepare("SELECT * FROM user WHERE credential_id = ?");
         $stmt->execute([$id]);
         $registration = $stmt->fetch(PDO::FETCH_ASSOC);
         
@@ -278,7 +364,7 @@ try {
         $signature = base64_decode($post->signature);
         $userHandle = base64_decode($post->userHandle);
         $challenge = $_SESSION['challenge'] ?? '';
-        $credentialPublicKey = $registration['publicKey'];
+        $credentialPublicKey = $registration['public_key'];
 
         // Process the get request
         $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
@@ -298,5 +384,5 @@ try {
     header('Content-Type: application/json');
     print(json_encode($return));
 }
-*/
+
 ?>