/**
* @expectedException u2flib_server\Error
* @expectedExceptionCode u2flib_server\ERR_BAD_UA_RETURNING
*/
public function testDoAuthenticateUAError()
{
$reqs = array(json_decode('{"version":"U2F_V2","challenge":"fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g","keyHandle":"CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w","appId":"http://demo.example.com"}'));
$regs = array(json_decode('{"keyHandle":"CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w","publicKey":"BC0SaFZWC9uH7wamOwduP93kUH2I2hEvyY0Srfj4A258pZSlV0iPoFIH+bd4yhncaqdoPLdEDl5Y\\/yaFORPUe3c=","certificate":"MIIC4jCBywIBATANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgQ0EwHhcNMTQwNTE1MTI1ODU0WhcNMTQwNjE0MTI1ODU0WjAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgRUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATbCtv1IcdczmPcpuHoJQYNlOYnVBlPnSSvJhq+rZlEH5WjcZEKOiDnPpFeE+i+OAV61XqjfnaQj6\\/iipS2MOudMA0GCSqGSIb3DQEBCwUAA4ICAQCVQGtQYX2thKO064gP4zAPLaIKANklBO5y+mffWFEPC0cCnD5BKUqTrCmFiS2keoEyKFdxAe+oQogWljeR1d\\/gj8k8jbDNiXCC7HnTxnhzKTLlq2y9Vp\\/VRZHOwd2NZNzpnB9ePNKvUaWCGK\\/gN+cynnYFdwJ75iSgMVYb\\/RnFcdPwnsBzBU68hbhTnu\\/FvJxWo7rZJ2q7qXpA10eLVXJr4\\/4oSXEk9I\\/0IIHqOP98Ck\\/fAoI5gYI7ygndyqoPJ\\/Wkg1VsmjmbFToWY9xb+axbvPefvg+KojwxE6MySMpYh\\/h7oKEKamCWk19dJp5jHQmumkHlvQhH\\/uUJmyD9EuLmQH+6SmEzZg0Oc9uw1aKamhcNNDCFakJGnv80j1+HbDXnqE0168FBqorS2hmqeaJfNSyg\\/SXT950lGC36tLy7BzQ8jYG99Ok32znp0UVbIEEvLSci3JJ0ipLVg\\/0J+xOb4zl6a1z65nae4OTj7628\\/UJFmtSU0X6Np9gF1dNizxXPlH0fW1ggRCCQcb5m6ZqrdDJwUx1p7Ydm9AlPyiUwwmN5ADyxmzk\\/AOCoiO96UVvnvUlk2kF7JMNxIv3R0SCzP5fTl7KqGByeA3d7W375o6DWIIEsOI+dJd7pyPXdakecZQRaVubC6\\/ICl+G52OEkdp8jYjkDS8j3NAdJ1udNmg==", "counter":3}'));
$resp = json_decode('{"errorCode": "5"}');
$this->u2f->doAuthenticate($reqs, $regs, $resp);
}
/**
* Validates the users input token.
*
* @since 0.1-dev
*
* @param WP_User $user WP_User object of the logged-in user.
* @return boolean
*/
public function validate_authentication($user)
{
$requests = get_user_meta($user->ID, self::AUTH_DATA_USER_META_KEY, true);
$response = json_decode(stripslashes($_REQUEST['u2f_response']));
$keys = self::get_security_keys($user->ID);
try {
$reg = self::$u2f->doAuthenticate($requests, $keys, $response);
$reg->last_used = current_time('timestamp');
self::update_security_key($user->ID, $reg);
return true;
} catch (Exception $e) {
return false;
}
}
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This is a minimal example of U2F registration and authentication.
* The data that has to be stored between registration and authentication
* is stored in browser localStorage, so there's nothing real-world
* about this.
*/
require_once '../../src/u2flib_server/U2F.php';
$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
?>
<html>
<head>
<title>PHP U2F Demo</title>
<script src="../assets/u2f-api.js"></script>
<script>
function addRegistration(reg) {
var existing = localStorage.getItem('u2fregistration');
var regobj = JSON.parse(reg);
var data = null;
if(existing) {
data = JSON.parse(existing);
if(Array.isArray(data)) {
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This is a simple example using PDO and a sqlite database for storing
* registrations. It supports multiple registrations associated with each user.
*/
require_once '../../src/u2flib_server/U2F.php';
$dbfile = '/var/tmp/u2f-pdo.sqlite';
$pdo = new PDO("sqlite:{$dbfile}");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$pdo->exec("create table if not exists users (id integer primary key, name varchar(255))");
$pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)");
$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
session_start();
function createAndGetUser($name)
{
global $pdo;
$sel = $pdo->prepare("select * from users where name = ?");
$sel->execute(array($name));
$user = $sel->fetch();
if (!$user) {
$ins = $pdo->prepare("insert into users (name) values(?)");
$ins->execute(array($name));
$sel->execute(array($name));
$user = $sel->fetch();
}
return $user;
}
if (array_key_exists('r', $options)) {
$mode = "register";
} elseif (array_key_exists('a', $options)) {
if (!array_key_exists('R', $options)) {
print "a registration must be supplied with -R";
exit(1);
}
$regs = json_decode('[' . $options['R'] . ']');
$mode = "authenticate";
} else {
print "-r or -a must be used\n";
exit(1);
}
if (!array_key_exists('o', $options)) {
print "origin must be supplied with -o\n";
exit(1);
}
$u2f = new u2flib_server\U2F($options['o']);
if ($mode === "register") {
$challenge = $u2f->getRegisterData();
} elseif ($mode === "authenticate") {
$challenge = $u2f->getAuthenticateData($regs);
}
print json_encode($challenge[0]) . "\n";
$response = fgets(STDIN);
if ($mode === "register") {
$result = $u2f->doRegister($challenge[0], json_decode($response));
} elseif ($mode === "authenticate") {
$result = $u2f->doAuthenticate($challenge, $regs, json_decode($response));
}
print json_encode($result) . "\n";
