From c01444711f9ad1bb5f41ae4b3aec75a1ffbf3fea Mon Sep 17 00:00:00 2001
From: jakani24 <janis.st44@gmail.com>
Date: Thu, 4 Apr 2024 21:19:46 +0200
Subject: [PATCH] u

---
 src/server/cyberhex-code/test/create_acc.html |   6 +-
 src/server/cyberhex-code/test/login.html      | 281 ++++++++++++++++++
 src/server/cyberhex-code/test/login.php       | 211 +++++++++++++
 3 files changed, 495 insertions(+), 3 deletions(-)
 create mode 100644 src/server/cyberhex-code/test/login.html
 create mode 100644 src/server/cyberhex-code/test/login.php

diff --git a/src/server/cyberhex-code/test/create_acc.html b/src/server/cyberhex-code/test/create_acc.html
index ad42458..1d1c11e 100644
--- a/src/server/cyberhex-code/test/create_acc.html
+++ b/src/server/cyberhex-code/test/create_acc.html
@@ -17,7 +17,7 @@
                 }
 
                 // get create args
-                let rep = await window.fetch('server.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'});
+                let rep = await window.fetch('create_acc.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'});
                 const createArgs = await rep.json();
 
                 // error handling
@@ -40,7 +40,7 @@
                 };
 
                 // check auth on server side
-                rep = await window.fetch('server.php?fn=processCreate' + getGetParams(), {
+                rep = await window.fetch('create_acc.php?fn=processCreate' + getGetParams(), {
                     method  : 'POST',
                     body    : JSON.stringify(authenticatorAttestationResponse),
                     cache   : 'no-cache'
@@ -64,7 +64,7 @@
 
 
         function queryFidoMetaDataService() {
-            window.fetch('server.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) {
+            window.fetch('create_acc.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) {
                 return response.json();
 
             }).then(function(json) {
diff --git a/src/server/cyberhex-code/test/login.html b/src/server/cyberhex-code/test/login.html
new file mode 100644
index 0000000..2e0d636
--- /dev/null
+++ b/src/server/cyberhex-code/test/login.html
@@ -0,0 +1,281 @@
+<html>
+    <head>
+        <title>lbuchs/WebAuthn Test</title>
+        <meta charset="UTF-8">
+        <script>
+
+        /**
+         * creates a new FIDO2 registration
+         * @returns {undefined}
+         */
+       
+
+        /**
+         * checks a FIDO2 registration
+         * @returns {undefined}
+         */
+        async function checkRegistration() {
+            try {
+
+                if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
+                    throw new Error('Browser not supported.');
+                }
+
+                // get check args
+                let rep = await window.fetch('login.php?fn=getGetArgs' + getGetParams(), {method:'GET',cache:'no-cache'});
+                const getArgs = await rep.json();
+
+                // error handling
+                if (getArgs.success === false) {
+                    throw new Error(getArgs.msg);
+                }
+
+                // replace binary base64 data with ArrayBuffer. a other way to do this
+                // is the reviver function of JSON.parse()
+                recursiveBase64StrToArrayBuffer(getArgs);
+
+                // check credentials with hardware
+                const cred = await navigator.credentials.get(getArgs);
+
+                // create object for transmission to server
+                const authenticatorAttestationResponse = {
+                    id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null,
+                    clientDataJSON: cred.response.clientDataJSON  ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
+                    authenticatorData: cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null,
+                    signature: cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null,
+                    userHandle: cred.response.userHandle ? arrayBufferToBase64(cred.response.userHandle) : null
+                };
+
+                // send to server
+                rep = await window.fetch('login.php?fn=processGet' + getGetParams(), {
+                    method:'POST',
+                    body: JSON.stringify(authenticatorAttestationResponse),
+                    cache:'no-cache'
+                });
+                const authenticatorAttestationServerResponse = await rep.json();
+
+                // check server response
+                if (authenticatorAttestationServerResponse.success) {
+                    reloadServerPreview();
+                    window.alert(authenticatorAttestationServerResponse.msg || 'login success');
+                } else {
+                    throw new Error(authenticatorAttestationServerResponse.msg);
+                }
+
+            } catch (err) {
+                reloadServerPreview();
+                window.alert(err.message || 'unknown error occured');
+            }
+        }
+
+        function queryFidoMetaDataService() {
+            window.fetch('login.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) {
+                return response.json();
+
+            }).then(function(json) {
+               if (json.success) {
+                   window.alert(json.msg);
+               } else {
+                   throw new Error(json.msg);
+               }
+            }).catch(function(err) {
+                window.alert(err.message || 'unknown error occured');
+            });
+        }
+
+        /**
+         * convert RFC 1342-like base64 strings to array buffer
+         * @param {mixed} obj
+         * @returns {undefined}
+         */
+        function recursiveBase64StrToArrayBuffer(obj) {
+            let prefix = '=?BINARY?B?';
+            let suffix = '?=';
+            if (typeof obj === 'object') {
+                for (let key in obj) {
+                    if (typeof obj[key] === 'string') {
+                        let str = obj[key];
+                        if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) {
+                            str = str.substring(prefix.length, str.length - suffix.length);
+
+                            let binary_string = window.atob(str);
+                            let len = binary_string.length;
+                            let bytes = new Uint8Array(len);
+                            for (let i = 0; i < len; i++)        {
+                                bytes[i] = binary_string.charCodeAt(i);
+                            }
+                            obj[key] = bytes.buffer;
+                        }
+                    } else {
+                        recursiveBase64StrToArrayBuffer(obj[key]);
+                    }
+                }
+            }
+        }
+
+        /**
+         * Convert a ArrayBuffer to Base64
+         * @param {ArrayBuffer} buffer
+         * @returns {String}
+         */
+        function arrayBufferToBase64(buffer) {
+            let binary = '';
+            let bytes = new Uint8Array(buffer);
+            let len = bytes.byteLength;
+            for (let i = 0; i < len; i++) {
+                binary += String.fromCharCode( bytes[ i ] );
+            }
+            return window.btoa(binary);
+        }
+		
+		function ascii_to_hex(str) {
+			let hex = '';
+			for (let i = 0; i < str.length; i++) {
+				let ascii = str.charCodeAt(i).toString(16);
+				hex += ('00' + ascii).slice(-2); // Ensure each hex value is 2 characters long
+			}
+			return hex;
+		}
+        /**
+         * Get URL parameter
+         * @returns {String}
+         */
+        function getGetParams() {
+            let url = '';
+
+            url += '&apple=1';
+            url += '&yubico=1';
+            url += '&solo=1'
+            url += '&hypersecu=1';
+            url += '&google=1';
+            url += '&microsoft=1';
+            url += '&mds=1';
+
+            url += '&requireResidentKey=0';
+
+            url += '&type_usb=1';
+            url += '&type_nfc=1';
+            url += '&type_ble=1';
+            url += '&type_int=1';
+            url += '&type_hybrid=1';
+
+            url += '&fmt_android-key=1';
+            url += '&fmt_android-safetynet=1';
+            url += '&fmt_apple=1';
+            url += '&fmt_fido-u2f=1';
+            url += '&fmt_none=1';
+            url += '&fmt_packed=1';
+            url += '&fmt_tpm=1';
+
+            url += '&rpId=auth.jakach.com';
+
+            url += '&userId=' + encodeURIComponent(ascii_to_hex(document.getElementById('userName').value));
+            url += '&userName=' + encodeURIComponent(document.getElementById('userName').value);
+            url += '&userDisplayName=' + encodeURIComponent(document.getElementById('userName').value);
+
+            url += '&userVerification=discouraged';
+
+            return url;
+        }
+
+        function reloadServerPreview() {
+            //let iframe = document.getElementById('serverPreview');
+            //iframe.src = iframe.src;
+        }
+
+        function setAttestation(attestation) {
+            let inputEls = document.getElementsByTagName('input');
+            for (const inputEl of inputEls) {
+                if (inputEl.id && inputEl.id.match(/^(fmt|cert)\_/)) {
+                    inputEl.disabled = !attestation;
+                }
+                if (inputEl.id && inputEl.id.match(/^fmt\_/)) {
+                    inputEl.checked = attestation ? inputEl.id !== 'fmt_none' : inputEl.id === 'fmt_none';
+                }
+                if (inputEl.id && inputEl.id.match(/^cert\_/)) {
+                    inputEl.checked = attestation ? inputEl.id === 'cert_mds' : false;
+                }
+            }
+        }
+
+        /**
+         * force https on load
+         * @returns {undefined}
+         */
+        window.onload = function() {
+            if (location.protocol !== 'https:' && location.host !== 'localhost') {
+                location.href = location.href.replace('http', 'https');
+            }
+        }
+
+        </script>
+        <style>
+            body {
+                font-family:sans-serif;
+                margin: 0 20px;
+                padding: 0;
+            }
+            .splitter {
+                display: flex;
+                flex-direction: row;
+                flex-wrap: wrap;
+                margin: 0;
+                padding: 0;
+            }
+            .splitter > .form {
+                flex: 1;
+                min-width: 600px;
+            }
+            .splitter > .serverPreview {
+                width: 740px;
+                min-height: 700px;
+                margin: 0;
+                padding: 0;
+                border: 1px solid grey;
+                display: flex;
+                flex-direction: column;
+            }
+
+            .splitter > .serverPreview iframe {
+                width: 700px;
+                flex: 1;
+                border: 0;
+            }
+
+        </style>
+    </head>
+    <body>
+        <h1 style="margin: 40px 10px 2px 0;">lbuchs/WebAuthn</h1>
+        <div style="font-style: italic;">A simple PHP WebAuthn (FIDO2) server library.</div>
+        <div class="splitter">
+            <div class="form">
+                <div>&nbsp;</div>
+                <div>&nbsp;</div>
+                <div>Simple working demo for the <a href="https://github.com/lbuchs/WebAuthn">lbuchs/WebAuthn</a> library.</div>
+                <div>
+                    <div>&nbsp;</div>
+                    <table>
+                        <tbody><tr>
+                                <td>
+                                    <button type="button" onclick="checkRegistration()">&#10068; check registration</button>
+                                </td>
+
+                            </tr>
+                        </tbody>
+                    </table>
+
+                    <div style="font-weight: bold">User</div>
+                    <div style="margin-bottom:12px">
+                        <label for="userName">User Name:</label>
+                        <input type="text" id="userName" name="userName" value="demo" required pattern="[0-9a-zA-Z]{2,}">
+                        <i style="font-size: 0.8em;">only for display, i.e., aiding the user in determining the difference between user accounts with similar display names.</i>
+                    </div>
+                </div>
+            </div>
+            <div class="serverPreview">
+                <p style="margin-left:10px;font-weight: bold;">Here you can see what's saved on the server:</p>
+                <iframe src="login.php?fn=getStoredDataHtml" id="serverPreview"></iframe>
+            </div>
+        <div>
+    </body>
+</html>
diff --git a/src/server/cyberhex-code/test/login.php b/src/server/cyberhex-code/test/login.php
new file mode 100644
index 0000000..82dfd28
--- /dev/null
+++ b/src/server/cyberhex-code/test/login.php
@@ -0,0 +1,211 @@
+<?php
+require_once 'WebAuthn.php';
+try {
+    session_start();
+
+    // read get argument and post body
+    $fn = filter_input(INPUT_GET, 'fn');
+    $requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
+    $userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
+
+    $userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS);
+    $userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
+    $userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
+
+    $userId = preg_replace('/[^0-9a-f]/i', '', $userId);
+    $userName = preg_replace('/[^0-9a-z]/i', '', $userName);
+    $userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
+
+    $post = trim(file_get_contents('php://input'));
+    if ($post) {
+        $post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
+    }
+
+    if ($fn !== 'getStoredDataHtml') {
+
+        // Formats
+        $formats = [];
+        //if (filter_input(INPUT_GET, 'fmt_android-key')) {
+            $formats[] = 'android-key';
+        //}
+        ///if (filter_input(INPUT_GET, 'fmt_android-safetynet')) {
+            $formats[] = 'android-safetynet';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_apple')) {
+            $formats[] = 'apple';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_fido-u2f')) {
+            $formats[] = 'fido-u2f';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_none')) {
+            $formats[] = 'none';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_packed')) {
+            $formats[] = 'packed';
+        //}
+        //if (filter_input(INPUT_GET, 'fmt_tpm')) {
+            $formats[] = 'tpm';
+        //}
+
+		$rpId=$_SERVER['SERVER_NAME'];
+		
+		$typeUsb = true;
+		$typeNfc = true;
+		$typeBle = true;
+		$typeInt = true;
+		$typeHyb = true;
+
+        // cross-platform: true, if type internal is not allowed
+        //                 false, if only internal is allowed
+        //                 null, if internal and cross-platform is allowed
+        $crossPlatformAttachment = null;
+        if (($typeUsb || $typeNfc || $typeBle || $typeHyb) && !$typeInt) {
+            $crossPlatformAttachment = true;
+
+        } else if (!$typeUsb && !$typeNfc && !$typeBle && !$typeHyb && $typeInt) {
+            $crossPlatformAttachment = false;
+        }
+
+
+        // new Instance of the server library.
+        // make sure that $rpId is the domain name.
+        $WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId, $formats);
+
+        // add root certificates to validate new registrations
+        //if (filter_input(INPUT_GET, 'solo')) {
+            $WebAuthn->addRootCertificates('rootCertificates/solo.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'apple')) {
+            $WebAuthn->addRootCertificates('rootCertificates/apple.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'yubico')) {
+            $WebAuthn->addRootCertificates('rootCertificates/yubico.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'hypersecu')) {
+            $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'google')) {
+            $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem');
+            $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'microsoft')) {
+            $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem');
+        //}
+        //if (filter_input(INPUT_GET, 'mds')) {
+            $WebAuthn->addRootCertificates('rootCertificates/mds');
+        //}
+
+    }
+
+    // ------------------------------------
+    // request for create arguments
+    // ------------------------------------
+
+    if ($fn === 'getCreateArgs') {
+        $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment);
+
+        header('Content-Type: application/json');
+        print(json_encode($createArgs));
+
+        // save challange to session. you have to deliver it to processGet later.
+        $_SESSION['challenge'] = $WebAuthn->getChallenge();
+
+
+
+    // ------------------------------------
+    // request for get arguments
+    // ------------------------------------
+
+    } else if ($fn === 'getGetArgs') {
+        $ids = [];
+
+        if ($requireResidentKey) {
+            if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) {
+                throw new Exception('we do not have any registrations in session to check the registration');
+            }
+
+        } else {
+            // load registrations from session stored there by processCreate.
+            // normaly you have to load the credential Id's for a username
+            // from the database.
+            if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
+                foreach ($_SESSION['registrations'] as $reg) {
+                    if ($reg->userId === $userId) {
+                        $ids[] = $reg->credentialId;
+                    }
+                }
+            }
+
+            if (count($ids) === 0) {
+                throw new Exception('no registrations in session for userId ' . $userId);
+            }
+        }
+
+        $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification);
+
+        header('Content-Type: application/json');
+        print(json_encode($getArgs));
+
+        // save challange to session. you have to deliver it to processGet later.
+        $_SESSION['challenge'] = $WebAuthn->getChallenge();
+
+
+
+    // ------------------------------------
+    // process create
+    // ------------------------------------
+
+    }else if ($fn === 'processGet') {
+        $clientDataJSON = base64_decode($post->clientDataJSON);
+        $authenticatorData = base64_decode($post->authenticatorData);
+        $signature = base64_decode($post->signature);
+        $userHandle = base64_decode($post->userHandle);
+        $id = base64_decode($post->id);
+        $challenge = $_SESSION['challenge'] ?? '';
+        $credentialPublicKey = null;
+
+        // looking up correspondending public key of the credential id
+        // you should also validate that only ids of the given user name
+        // are taken for the login.
+        if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
+            foreach ($_SESSION['registrations'] as $reg) {
+                if ($reg->credentialId === $id) {
+                    $credentialPublicKey = $reg->credentialPublicKey;
+                    break;
+                }
+            }
+        }
+
+        if ($credentialPublicKey === null) {
+            throw new Exception('Public Key for credential ID not found!');
+        }
+
+        // if we have resident key, we have to verify that the userHandle is the provided userId at registration
+        if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) {
+            throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')');
+        }
+
+        // process the get request. throws WebAuthnException if it fails
+        $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
+
+        $return = new stdClass();
+        $return->success = true;
+
+        header('Content-Type: application/json');
+        print(json_encode($return));
+
+    // ------------------------------------
+    // proccess clear registrations
+    // ------------------------------------
+
+    }
+} catch (Throwable $ex) {
+    $return = new stdClass();
+    $return->success = false;
+    $return->msg = $ex->getMessage();
+
+    header('Content-Type: application/json');
+    print(json_encode($return));
+}
+
+?>
\ No newline at end of file