/**
* @param VerifyYubikeyPublicIdCommand $command
* @return VerificationResult
*/
public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command)
{
$verifyOtpCommand = new VerifyYubikeyOtpCommand();
$verifyOtpCommand->otp = $command->otp;
$verifyOtpCommand->identityId = $command->identityId;
$verifyOtpCommand->institution = $command->institution;
$verificationResult = $this->yubikeyService->verify($verifyOtpCommand);
if (YubikeyOtp::isValid($command->otp)) {
$otp = YubikeyOtp::fromString($command->otp);
$publicId = YubikeyPublicId::fromOtp($otp);
} else {
$publicId = null;
}
if ($verificationResult->isServerError()) {
return new VerificationResult(VerificationResult::RESULT_OTP_VERIFICATION_FAILED, $publicId);
} elseif ($verificationResult->isClientError()) {
return new VerificationResult(VerificationResult::RESULT_OTP_INVALID, $publicId);
}
if ($publicId->getYubikeyPublicId() !== $command->expectedPublicId) {
$this->logger->notice('Yubikey used by registrant during vetting did not match the one used during registration.');
return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH, $publicId);
}
$this->logger->info('Yubikey used by registrant during vetting matches the one used during registration.');
return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
}
/**
* @param VerifyYubikeyOtpCommand $command
* @return ProofOfPossessionResult
*/
public function provePossession(VerifyYubikeyOtpCommand $command)
{
$verificationResult = $this->yubikeyService->verify($command);
if (!$verificationResult->isSuccessful()) {
if ($verificationResult->isClientError()) {
return ProofOfPossessionResult::invalidOtp();
} elseif ($verificationResult->isServerError()) {
return ProofOfPossessionResult::otpVerificationFailed();
}
throw new RuntimeException('Unexpected Verification result, result is not successful but has neither client nor server error');
}
$secondFactorId = Uuid::generate();
$otp = YubikeyOtp::fromString($command->otp);
$publicId = YubikeyPublicId::fromOtp($otp);
$provePossessionCommand = new ProveYubikeyPossessionCommand();
$provePossessionCommand->identityId = $command->identity;
$provePossessionCommand->secondFactorId = $secondFactorId;
$provePossessionCommand->yubikeyPublicId = $publicId->getYubikeyPublicId();
$result = $this->commandService->execute($provePossessionCommand);
if (!$result->isSuccessful()) {
return ProofOfPossessionResult::proofOfPossessionCommandFailed();
}
return ProofOfPossessionResult::secondFactorCreated($secondFactorId);
}
/**
* @test
* @group value
*/
public function it_can_check_for_equality()
{
$id = new YubikeyPublicId('01908382');
$same = new YubikeyPublicId('01908382');
$different = new YubikeyPublicId('987654322');
$this->assertTrue($id->equals($same), 'Equal YubikeyPublicId are not equal');
$this->assertFalse($id->equals($different), 'Dissimilar YubikeyPublicId are equal');
}
