diff --git a/src/server/cyberhex-code/test/create_acc.html b/src/server/cyberhex-code/test/create_acc.html new file mode 100644 index 0000000..f388df6 --- /dev/null +++ b/src/server/cyberhex-code/test/create_acc.html @@ -0,0 +1,279 @@ + + + lbuchs/WebAuthn Test + + + + + +

lbuchs/WebAuthn

+
A simple PHP WebAuthn (FIDO2) server library.
+
+
+
 
+
 
+
Simple working demo for the lbuchs/WebAuthn library.
+
+
 
+ + + + + +
+ +
+ +
User
+
+ + + only for display, i.e., aiding the user in determining the difference between user accounts with similar display names. +
+
+
+
+ + diff --git a/src/server/cyberhex-code/test/create_acc.php b/src/server/cyberhex-code/test/create_acc.php new file mode 100644 index 0000000..7e8aee5 --- /dev/null +++ b/src/server/cyberhex-code/test/create_acc.php @@ -0,0 +1,248 @@ +addRootCertificates('rootCertificates/solo.pem'); + //} + //if (filter_input(INPUT_GET, 'apple')) { + $WebAuthn->addRootCertificates('rootCertificates/apple.pem'); + //} + //if (filter_input(INPUT_GET, 'yubico')) { + $WebAuthn->addRootCertificates('rootCertificates/yubico.pem'); + //} + //if (filter_input(INPUT_GET, 'hypersecu')) { + $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem'); + //} + //if (filter_input(INPUT_GET, 'google')) { + $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem'); + $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem'); + //} + //if (filter_input(INPUT_GET, 'microsoft')) { + $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem'); + //} + //if (filter_input(INPUT_GET, 'mds')) { + $WebAuthn->addRootCertificates('rootCertificates/mds'); + //} + + } + + // ------------------------------------ + // request for create arguments + // ------------------------------------ + + if ($fn === 'getCreateArgs') { + $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment); + + header('Content-Type: application/json'); + print(json_encode($createArgs)); + + // save challange to session. you have to deliver it to processGet later. + $_SESSION['challenge'] = $WebAuthn->getChallenge(); + + + + // ------------------------------------ + // request for get arguments + // ------------------------------------ + + } else if ($fn === 'getGetArgs') { + $ids = []; + + if ($requireResidentKey) { + if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) { + throw new Exception('we do not have any registrations in session to check the registration'); + } + + } else { + // load registrations from session stored there by processCreate. + // normaly you have to load the credential Id's for a username + // from the database. + if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) { + foreach ($_SESSION['registrations'] as $reg) { + if ($reg->userId === $userId) { + $ids[] = $reg->credentialId; + } + } + } + + if (count($ids) === 0) { + throw new Exception('no registrations in session for userId ' . $userId); + } + } + + $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification); + + header('Content-Type: application/json'); + print(json_encode($getArgs)); + + // save challange to session. you have to deliver it to processGet later. + $_SESSION['challenge'] = $WebAuthn->getChallenge(); + + + + // ------------------------------------ + // process create + // ------------------------------------ + + } else if ($fn === 'processCreate') { + $clientDataJSON = base64_decode($post->clientDataJSON); + $attestationObject = base64_decode($post->attestationObject); + $challenge = $_SESSION['challenge']; + + // processCreate returns data to be stored for future logins. + // in this example we store it in the php session. + // Normaly you have to store the data in a database connected + // with the user name. + $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, $userVerification === 'required', true, false); + + // add user infos + $data->userId = $userId; + $data->userName = $userName; + $data->userDisplayName = $userDisplayName; + + if (!isset($_SESSION['registrations']) || !array_key_exists('registrations', $_SESSION) || !is_array($_SESSION['registrations'])) { + $_SESSION['registrations'] = []; + } + $_SESSION['registrations'][] = $data; + + $msg = 'registration success.'; + + $return = new stdClass(); + $return->success = true; + $return->msg = $msg; + + header('Content-Type: application/json'); + print(json_encode($return)); + + + + // ------------------------------------ + // proccess get + // ------------------------------------ + + } else if ($fn === 'processGet') { + $clientDataJSON = base64_decode($post->clientDataJSON); + $authenticatorData = base64_decode($post->authenticatorData); + $signature = base64_decode($post->signature); + $userHandle = base64_decode($post->userHandle); + $id = base64_decode($post->id); + $challenge = $_SESSION['challenge'] ?? ''; + $credentialPublicKey = null; + + // looking up correspondending public key of the credential id + // you should also validate that only ids of the given user name + // are taken for the login. + if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) { + foreach ($_SESSION['registrations'] as $reg) { + if ($reg->credentialId === $id) { + $credentialPublicKey = $reg->credentialPublicKey; + break; + } + } + } + + if ($credentialPublicKey === null) { + throw new Exception('Public Key for credential ID not found!'); + } + + // if we have resident key, we have to verify that the userHandle is the provided userId at registration + if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) { + throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')'); + } + + // process the get request. throws WebAuthnException if it fails + $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required'); + + $return = new stdClass(); + $return->success = true; + + header('Content-Type: application/json'); + print(json_encode($return)); + + // ------------------------------------ + // proccess clear registrations + // ------------------------------------ + + } + +} catch (Throwable $ex) { + $return = new stdClass(); + $return->success = false; + $return->msg = $ex->getMessage(); + + header('Content-Type: application/json'); + print(json_encode($return)); +} + +?> \ No newline at end of file diff --git a/src/server/cyberhex-code/test/server.php b/src/server/cyberhex-code/test/server.php index 2a5d50c..d640a79 100644 --- a/src/server/cyberhex-code/test/server.php +++ b/src/server/cyberhex-code/test/server.php @@ -48,13 +48,6 @@ try { //} $rpId=$_SERVER['SERVER_NAME']; - // types selected on front end - //$typeUsb = !!filter_input(INPUT_GET, 'type_usb'); - //$typeNfc = !!filter_input(INPUT_GET, 'type_nfc'); - //$typeBle = !!filter_input(INPUT_GET, 'type_ble'); - //$typeInt = !!filter_input(INPUT_GET, 'type_int'); - //$typeHyb = !!filter_input(INPUT_GET, 'type_hybrid'); - $typeUsb = true; $typeNfc = true;