/** * @expectedException u2flib_server\Error * @expectedExceptionCode u2flib_server\ERR_BAD_UA_RETURNING */ public function testDoAuthenticateUAError() { $reqs = array(json_decode('{"version":"U2F_V2","challenge":"fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g","keyHandle":"CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w","appId":"http://demo.example.com"}')); $regs = array(json_decode('{"keyHandle":"CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w","publicKey":"BC0SaFZWC9uH7wamOwduP93kUH2I2hEvyY0Srfj4A258pZSlV0iPoFIH+bd4yhncaqdoPLdEDl5Y\\/yaFORPUe3c=","certificate":"MIIC4jCBywIBATANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgQ0EwHhcNMTQwNTE1MTI1ODU0WhcNMTQwNjE0MTI1ODU0WjAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgRUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATbCtv1IcdczmPcpuHoJQYNlOYnVBlPnSSvJhq+rZlEH5WjcZEKOiDnPpFeE+i+OAV61XqjfnaQj6\\/iipS2MOudMA0GCSqGSIb3DQEBCwUAA4ICAQCVQGtQYX2thKO064gP4zAPLaIKANklBO5y+mffWFEPC0cCnD5BKUqTrCmFiS2keoEyKFdxAe+oQogWljeR1d\\/gj8k8jbDNiXCC7HnTxnhzKTLlq2y9Vp\\/VRZHOwd2NZNzpnB9ePNKvUaWCGK\\/gN+cynnYFdwJ75iSgMVYb\\/RnFcdPwnsBzBU68hbhTnu\\/FvJxWo7rZJ2q7qXpA10eLVXJr4\\/4oSXEk9I\\/0IIHqOP98Ck\\/fAoI5gYI7ygndyqoPJ\\/Wkg1VsmjmbFToWY9xb+axbvPefvg+KojwxE6MySMpYh\\/h7oKEKamCWk19dJp5jHQmumkHlvQhH\\/uUJmyD9EuLmQH+6SmEzZg0Oc9uw1aKamhcNNDCFakJGnv80j1+HbDXnqE0168FBqorS2hmqeaJfNSyg\\/SXT950lGC36tLy7BzQ8jYG99Ok32znp0UVbIEEvLSci3JJ0ipLVg\\/0J+xOb4zl6a1z65nae4OTj7628\\/UJFmtSU0X6Np9gF1dNizxXPlH0fW1ggRCCQcb5m6ZqrdDJwUx1p7Ydm9AlPyiUwwmN5ADyxmzk\\/AOCoiO96UVvnvUlk2kF7JMNxIv3R0SCzP5fTl7KqGByeA3d7W375o6DWIIEsOI+dJd7pyPXdakecZQRaVubC6\\/ICl+G52OEkdp8jYjkDS8j3NAdJ1udNmg==", "counter":3}')); $resp = json_decode('{"errorCode": "5"}'); $this->u2f->doAuthenticate($reqs, $regs, $resp); }
/** * Validates the users input token. * * @since 0.1-dev * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ public function validate_authentication($user) { $requests = get_user_meta($user->ID, self::AUTH_DATA_USER_META_KEY, true); $response = json_decode(stripslashes($_REQUEST['u2f_response'])); $keys = self::get_security_keys($user->ID); try { $reg = self::$u2f->doAuthenticate($requests, $keys, $response); $reg->last_used = current_time('timestamp'); self::update_security_key($user->ID, $reg); return true; } catch (Exception $e) { return false; } }
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * This is a minimal example of U2F registration and authentication. * The data that has to be stored between registration and authentication * is stored in browser localStorage, so there's nothing real-world * about this. */ require_once '../../src/u2flib_server/U2F.php'; $scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; $u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']); ?> <html> <head> <title>PHP U2F Demo</title> <script src="../assets/u2f-api.js"></script> <script> function addRegistration(reg) { var existing = localStorage.getItem('u2fregistration'); var regobj = JSON.parse(reg); var data = null; if(existing) { data = JSON.parse(existing); if(Array.isArray(data)) {
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** * This is a simple example using PDO and a sqlite database for storing * registrations. It supports multiple registrations associated with each user. */ require_once '../../src/u2flib_server/U2F.php'; $dbfile = '/var/tmp/u2f-pdo.sqlite'; $pdo = new PDO("sqlite:{$dbfile}"); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ); $pdo->exec("create table if not exists users (id integer primary key, name varchar(255))"); $pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)"); $scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; $u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']); session_start(); function createAndGetUser($name) { global $pdo; $sel = $pdo->prepare("select * from users where name = ?"); $sel->execute(array($name)); $user = $sel->fetch(); if (!$user) { $ins = $pdo->prepare("insert into users (name) values(?)"); $ins->execute(array($name)); $sel->execute(array($name)); $user = $sel->fetch(); } return $user; }
if (array_key_exists('r', $options)) { $mode = "register"; } elseif (array_key_exists('a', $options)) { if (!array_key_exists('R', $options)) { print "a registration must be supplied with -R"; exit(1); } $regs = json_decode('[' . $options['R'] . ']'); $mode = "authenticate"; } else { print "-r or -a must be used\n"; exit(1); } if (!array_key_exists('o', $options)) { print "origin must be supplied with -o\n"; exit(1); } $u2f = new u2flib_server\U2F($options['o']); if ($mode === "register") { $challenge = $u2f->getRegisterData(); } elseif ($mode === "authenticate") { $challenge = $u2f->getAuthenticateData($regs); } print json_encode($challenge[0]) . "\n"; $response = fgets(STDIN); if ($mode === "register") { $result = $u2f->doRegister($challenge[0], json_decode($response)); } elseif ($mode === "authenticate") { $result = $u2f->doAuthenticate($challenge, $regs, json_decode($response)); } print json_encode($result) . "\n";