addRootCertificates('rootCertificates/solo.pem'); //} //if (filter_input(INPUT_GET, 'apple')) { $WebAuthn->addRootCertificates('rootCertificates/apple.pem'); //} //if (filter_input(INPUT_GET, 'yubico')) { $WebAuthn->addRootCertificates('rootCertificates/yubico.pem'); //} //if (filter_input(INPUT_GET, 'hypersecu')) { $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem'); //} //if (filter_input(INPUT_GET, 'google')) { $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem'); $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem'); //} //if (filter_input(INPUT_GET, 'microsoft')) { $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem'); //} //if (filter_input(INPUT_GET, 'mds')) { $WebAuthn->addRootCertificates('rootCertificates/mds'); //} } // ------------------------------------ // request for create arguments // ------------------------------------ if ($fn === 'getCreateArgs') { $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment); header('Content-Type: application/json'); print(json_encode($createArgs)); // save challange to session. you have to deliver it to processGet later. $_SESSION['challenge'] = $WebAuthn->getChallenge(); // ------------------------------------ // request for get arguments // ------------------------------------ } else if ($fn === 'getGetArgs') { $ids = []; if ($requireResidentKey) { if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) { throw new Exception('we do not have any registrations in session to check the registration'); } } else { // load registrations from session stored there by processCreate. // normaly you have to load the credential Id's for a username // from the database. if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) { foreach ($_SESSION['registrations'] as $reg) { if ($reg->userId === $userId) { $ids[] = $reg->credentialId; } } } if (count($ids) === 0) { throw new Exception('no registrations in session for userId ' . $userId); } } $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification); header('Content-Type: application/json'); print(json_encode($getArgs)); // save challange to session. you have to deliver it to processGet later. $_SESSION['challenge'] = $WebAuthn->getChallenge(); }else if ($fn === 'processGet') { $clientDataJSON = base64_decode($post->clientDataJSON); $authenticatorData = base64_decode($post->authenticatorData); $signature = base64_decode($post->signature); $userHandle = base64_decode($post->userHandle); $id = base64_decode($post->id); $challenge = $_SESSION['challenge'] ?? ''; $credentialPublicKey = null; // looking up correspondending public key of the credential id // you should also validate that only ids of the given user name // are taken for the login. if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) { foreach ($_SESSION['registrations'] as $reg) { if ($reg->credentialId === $id) { $credentialPublicKey = $reg->credentialPublicKey; break; } } } if ($credentialPublicKey === null) { throw new Exception('Public Key for credential ID not found!'); } // if we have resident key, we have to verify that the userHandle is the provided userId at registration if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) { throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')'); } // process the get request. throws WebAuthnException if it fails $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required'); //we have authenticated the user! $return = new stdClass(); $return->success = true; header('Content-Type: application/json'); print(json_encode($return)); } } catch (Throwable $ex) { $return = new stdClass(); $return->success = false; $return->msg = $ex->getMessage(); header('Content-Type: application/json'); print(json_encode($return)); } ?> getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification); header('Content-Type: application/json'); print(json_encode($createArgs)); // Save challenge to session or somewhere else if needed } else if ($fn === 'getGetArgs') { // Get get arguments // Retrieve credential IDs from the database based on $userId $ids = []; // Fetch credential IDs from the database $getArgs = $WebAuthn->getGetArgs($ids, 60*4); header('Content-Type: application/json'); print(json_encode($getArgs)); // Save challenge to session or somewhere else if needed } else if ($fn === 'processGet') { // Process get // Retrieve registration data from the database based on credential ID $id = base64_decode($post->id); $stmt = $conn->prepare("SELECT * FROM registrations WHERE credentialId = ?"); $stmt->execute([$id]); $registration = $stmt->fetch(PDO::FETCH_ASSOC); if (!$registration) { throw new Exception('Public Key for credential ID not found!'); } $clientDataJSON = base64_decode($post->clientDataJSON); $authenticatorData = base64_decode($post->authenticatorData); $signature = base64_decode($post->signature); $userHandle = base64_decode($post->userHandle); $challenge = $_SESSION['challenge'] ?? ''; $credentialPublicKey = $registration['publicKey']; // Process the get request $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required'); // Authentication success $return = new stdClass(); $return->success = true; header('Content-Type: application/json'); print(json_encode($return)); } } catch (Throwable $ex) { $return = new stdClass(); $return->success = false; $return->msg = $ex->getMessage(); header('Content-Type: application/json'); print(json_encode($return)); } */ ?>