Proyectos de Subversion Moodle

Rev

Rev 1 | Mostrar el archivo completo | | | Autoría | Ultima modificación | Ver Log |

Rev 1 Rev 1441
Línea 28... Línea 28...
28 
    private $_rpIdHash;
 28 
    private $_rpIdHash;
29 
    private $_challenge;
 29 
    private $_challenge;
30 
    private $_signatureCounter;
 30 
    private $_signatureCounter;
31 
    private $_caFiles;
 31 
    private $_caFiles;
32 
    private $_formats;
 32 
    private $_formats;
- 
 
 33 
    private $_androidKeyHashes;
Línea 33... Línea 34...
33 
 
 34 
 
34 
    /**
 35 
    /**
35 
     * Initialize a new WebAuthn server
 36 
     * Initialize a new WebAuthn server
36 
     * @param string $rpName the relying party name
 37 
     * @param string $rpName the relying party name
Línea 89... Línea 90...
89 
            $this->_caFiles[] = \realpath($path);
 90 
            $this->_caFiles[] = \realpath($path);
90 
        }
 91 
        }
91 
    }
 92 
    }
Línea 92... Línea 93...
92 
 
 93 
 
- 
 
 94 
    /**
- 
 
 95 
     * add key hashes for android verification
- 
 
 96 
     * @param array<string> $hashes
- 
 
 97 
     * @return void
- 
 
 98 
     */
- 
 
 99 
    public function addAndroidKeyHashes($hashes) {
- 
 
 100 
        if (!\is_array($this->_androidKeyHashes)) {
- 
 
 101 
            $this->_androidKeyHashes = [];
- 
 
 102 
        }
- 
 
 103 
 
- 
 
 104 
        foreach ($hashes as $hash) {
- 
 
 105 
            if (is_string($hash)) {
- 
 
 106 
                $this->_androidKeyHashes[] = $hash;
- 
 
 107 
            }
- 
 
 108 
        }
- 
 
 109 
    }
- 
 
 110 
 
93 
    /**
 111 
    /**
94 
     * Returns the generated challenge to save for later validation
 112 
     * Returns the generated challenge to save for later validation
95 
     * @return ByteBuffer
 113 
     * @return ByteBuffer
96 
     */
 114 
     */
97 
    public function getChallenge() {
 115 
    public function getChallenge() {
Línea 395... Línea 413...
395 
        $data->signatureCounter = $this->_signatureCounter;
 413 
        $data->signatureCounter = $this->_signatureCounter;
396 
        $data->AAGUID = $attestationObject->getAuthenticatorData()->getAAGUID();
 414 
        $data->AAGUID = $attestationObject->getAuthenticatorData()->getAAGUID();
397 
        $data->rootValid = $rootValid;
 415 
        $data->rootValid = $rootValid;
398 
        $data->userPresent = $userPresent;
 416 
        $data->userPresent = $userPresent;
399 
        $data->userVerified = $userVerified;
 417 
        $data->userVerified = $userVerified;
- 
 
 418 
    	$data->isBackupEligible = $attestationObject->getAuthenticatorData()->getIsBackupEligible();
- 
 
 419 
        $data->isBackedUp = $attestationObject->getAuthenticatorData()->getIsBackup();
400 
        return $data;
 420 
        return $data;
401 
    }
 421 
    }
Línea 402... Línea 422...
402 
 
 422 
 
Línea 599... Línea 619...
599 
     * @param string $origin
 619 
     * @param string $origin
600 
     * @return boolean
 620 
     * @return boolean
601 
     * @throws WebAuthnException
 621 
     * @throws WebAuthnException
602 
     */
 622 
     */
603 
    private function _checkOrigin($origin) {
 623 
    private function _checkOrigin($origin) {
- 
 
 624 
        if (str_starts_with($origin, 'android:apk-key-hash:')) {
- 
 
 625 
            return $this->_checkAndroidKeyHashes($origin);
- 
 
 626 
        }
- 
 
 627 
 
604 
        // https://www.w3.org/TR/webauthn/#rp-id
 628 
        // https://www.w3.org/TR/webauthn/#rp-id
Línea 605... Línea 629...
605 
 
 629 
 
606 
        // The origin's scheme must be https
 630 
        // The origin's scheme must be https
607 
        if ($this->_rpId !== 'localhost' && \parse_url($origin, PHP_URL_SCHEME) !== 'https') {
 631 
        if ($this->_rpId !== 'localhost' && \parse_url($origin, PHP_URL_SCHEME) !== 'https') {
Línea 616... Línea 640...
616 
        // domain suffix of the origin's effective domain.
 640 
        // domain suffix of the origin's effective domain.
617 
        return \preg_match('/' . \preg_quote($this->_rpId) . '$/i', $host) === 1;
 641 
        return \preg_match('/' . \preg_quote($this->_rpId) . '$/i', $host) === 1;
618 
    }
 642 
    }
Línea 619... Línea 643...
619 
 
 643 
 
- 
 
 644 
    /**
- 
 
 645 
     * checks if the origin value contains a known android key hash
- 
 
 646 
     * @param string $origin
- 
 
 647 
     * @return boolean
- 
 
 648 
     */
- 
 
 649 
    private function _checkAndroidKeyHashes($origin) {
- 
 
 650 
        $parts = explode('android:apk-key-hash:', $origin);
- 
 
 651 
        if (count($parts) !== 2) {
- 
 
 652 
            return false;
- 
 
 653 
        }
- 
 
 654 
        return in_array($parts[1], $this->_androidKeyHashes, true);
- 
 
 655 
    }
- 
 
 656 
 
620 
    /**
 657 
    /**
621 
     * generates a new challange
 658 
     * generates a new challange
622 
     * @param int $length
 659 
     * @param int $length
623 
     * @return string
 660 
     * @return string
624 
     * @throws WebAuthnException
 661 
     * @throws WebAuthnException