/**
* @param VerifyYubikeyPublicIdCommand $command
* @return VerificationResult
*/
public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command)
{
$verifyOtpCommand = new VerifyYubikeyOtpCommand();
$verifyOtpCommand->otp = $command->otp;
$verifyOtpCommand->identityId = $command->identityId;
$verifyOtpCommand->institution = $command->institution;
$verificationResult = $this->yubikeyService->verify($verifyOtpCommand);
if (YubikeyOtp::isValid($command->otp)) {
$otp = YubikeyOtp::fromString($command->otp);
$publicId = YubikeyPublicId::fromOtp($otp);
} else {
$publicId = null;
}
if ($verificationResult->isServerError()) {
return new VerificationResult(VerificationResult::RESULT_OTP_VERIFICATION_FAILED, $publicId);
} elseif ($verificationResult->isClientError()) {
return new VerificationResult(VerificationResult::RESULT_OTP_INVALID, $publicId);
}
if ($publicId->getYubikeyPublicId() !== $command->expectedPublicId) {
$this->logger->notice('Yubikey used by registrant during vetting did not match the one used during registration.');
return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH, $publicId);
}
$this->logger->info('Yubikey used by registrant during vetting matches the one used during registration.');
return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
}
/**
* @dataProvider nonOtpStrings
* @param string $string
*/
public function testItDoesntAcceptInvalidOtps($string)
{
$this->assertFalse(YubikeyOtp::isValid($string));
}
