public function testVerifiesServerSignature()
{
$this->setExpectedException('Surfnet\\YubikeyApiClient\\Exception\\UntrustedSignatureException', 'signature doesn\'t match');
$otpString = 'ddddddbtbhnhcjnkcfeiegrrnnednjcluulduerelthv';
$nonce = 'surfnet';
$expectedQuery = ['id' => '1234', 'otp' => $otpString, 'nonce' => $nonce];
$expectedResponse = $this->createVerificationResponse($otpString, $nonce);
$httpClient = $this->createHttpClient($expectedResponse);
$nonceGenerator = new NonceGeneratorStub('surfnet');
$signer = $this->createDummySigner($expectedQuery, false);
$otp = m::mock('Surfnet\\YubikeyApiClient\\Otp');
$otp->otp = $otpString;
$service = new VerificationService($httpClient, $nonceGenerator, $signer, '1234');
$service->verify($otp);
}
/**
* @param Otp $otp
* @return OtpVerificationResult
*/
public function verify(Otp $otp)
{
try {
$result = $this->service->verify($otp);
} catch (UntrustedSignatureException $e) {
$this->logger->alert(sprintf('Yubico responded with invalid signature (%s)', $e->getMessage()), ['exception' => $e, 'otp' => $otp->otp]);
return new OtpVerificationResult(OtpVerificationResult::ERROR_BAD_SIGNATURE);
} catch (RequestResponseMismatchException $e) {
$this->logger->alert(sprintf('Yubico request and response didn\'t match (%s)', $e->getMessage()), ['exception' => $e, 'otp' => $otp->otp]);
return new OtpVerificationResult(OtpVerificationResult::ERROR_BACKEND_ERROR);
}
if ($result->isSuccessful()) {
return $result;
}
$this->logger->critical(sprintf('Yubico responded with error status \'%s\'', $result->getError()), ['otp' => $otp->otp]);
return $result;
}
<?php
use GuzzleHttp\Client as GuzzleClient;
use Surfnet\YubikeyApiClient\Crypto\RandomNonceGenerator;
use Surfnet\YubikeyApiClient\Crypto\Signer;
use Surfnet\YubikeyApiClient\Http\ServerPoolClient;
use Surfnet\YubikeyApiClient\Otp;
use Surfnet\YubikeyApiClient\Service\OtpVerificationResult;
use Surfnet\YubikeyApiClient\Service\VerificationService;
require __DIR__ . '/../vendor/autoload.php';
const YUBIKEY_CLIENT_ID = '12345';
const YUBIKEY_CLIENT_SECRET = 'secret';
$service = new VerificationService(new ServerPoolClient(new GuzzleClient()), new RandomNonceGenerator(), new Signer(YUBIKEY_CLIENT_SECRET), YUBIKEY_CLIENT_ID);
$userInputOtp = 'cchfgeetctchcgfhlvrhrhrrlilfeklvicidfeklgvlv';
if (!Otp::isValid($userInputOtp)) {
// User-entered OTP string is not valid.
}
$otp = Otp::fromString($userInputOtp);
$result = $service->verify($otp);
if ($result->isSuccessful()) {
// Yubico verified OTP.
} else {
switch ($result->getError()) {
case OtpVerificationResult::ERROR_REPLAYED_OTP:
// ...
}
}
