public function testVerifiesServerSignature() { $this->setExpectedException('Surfnet\\YubikeyApiClient\\Exception\\UntrustedSignatureException', 'signature doesn\'t match'); $otpString = 'ddddddbtbhnhcjnkcfeiegrrnnednjcluulduerelthv'; $nonce = 'surfnet'; $expectedQuery = ['id' => '1234', 'otp' => $otpString, 'nonce' => $nonce]; $expectedResponse = $this->createVerificationResponse($otpString, $nonce); $httpClient = $this->createHttpClient($expectedResponse); $nonceGenerator = new NonceGeneratorStub('surfnet'); $signer = $this->createDummySigner($expectedQuery, false); $otp = m::mock('Surfnet\\YubikeyApiClient\\Otp'); $otp->otp = $otpString; $service = new VerificationService($httpClient, $nonceGenerator, $signer, '1234'); $service->verify($otp); }
/** * @param Otp $otp * @return OtpVerificationResult */ public function verify(Otp $otp) { try { $result = $this->service->verify($otp); } catch (UntrustedSignatureException $e) { $this->logger->alert(sprintf('Yubico responded with invalid signature (%s)', $e->getMessage()), ['exception' => $e, 'otp' => $otp->otp]); return new OtpVerificationResult(OtpVerificationResult::ERROR_BAD_SIGNATURE); } catch (RequestResponseMismatchException $e) { $this->logger->alert(sprintf('Yubico request and response didn\'t match (%s)', $e->getMessage()), ['exception' => $e, 'otp' => $otp->otp]); return new OtpVerificationResult(OtpVerificationResult::ERROR_BACKEND_ERROR); } if ($result->isSuccessful()) { return $result; } $this->logger->critical(sprintf('Yubico responded with error status \'%s\'', $result->getError()), ['otp' => $otp->otp]); return $result; }
<?php use GuzzleHttp\Client as GuzzleClient; use Surfnet\YubikeyApiClient\Crypto\RandomNonceGenerator; use Surfnet\YubikeyApiClient\Crypto\Signer; use Surfnet\YubikeyApiClient\Http\ServerPoolClient; use Surfnet\YubikeyApiClient\Otp; use Surfnet\YubikeyApiClient\Service\OtpVerificationResult; use Surfnet\YubikeyApiClient\Service\VerificationService; require __DIR__ . '/../vendor/autoload.php'; const YUBIKEY_CLIENT_ID = '12345'; const YUBIKEY_CLIENT_SECRET = 'secret'; $service = new VerificationService(new ServerPoolClient(new GuzzleClient()), new RandomNonceGenerator(), new Signer(YUBIKEY_CLIENT_SECRET), YUBIKEY_CLIENT_ID); $userInputOtp = 'cchfgeetctchcgfhlvrhrhrrlilfeklvicidfeklgvlv'; if (!Otp::isValid($userInputOtp)) { // User-entered OTP string is not valid. } $otp = Otp::fromString($userInputOtp); $result = $service->verify($otp); if ($result->isSuccessful()) { // Yubico verified OTP. } else { switch ($result->getError()) { case OtpVerificationResult::ERROR_REPLAYED_OTP: // ... } }