dump("HOBA: Challenge failed");
setFailCookie();
exit(1);
}
$kid = base64url_decode($kidB64);
$tbsOrigin = "https://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT'];
$sigText = genTbsBlob($nonceB64, $GLOBALS['alg'], $tbsOrigin, $kidB64, $chalB64);
dbLogin();
$device = dbGetDeviceByKid($kid);
if (!$device) {
dump("HOBA: kid not found");
setFailCookie();
dbLogout();
exit(1);
}
$pem = jwkToPem($device['pubKey']);
$verified = openssl_verify($sigText, $sig, $pem, OPENSSL_ALGO_SHA256);
if ($verified) {
dump("HOBA: Key Verification Successful");
$user = dbGetDeviceByKid($kid);
$t = time() + $GLOBALS['sessionTimeout'];
$chocolate = getCookieVal($user['kid'], $user['did']);
dbAddDeviceSession($user['kid'], $user['did'], $chocolate, $t);
setSuccessCookie($chocolate, $t);
header("Hobareg: regok", true, 200);
dump("HOBA: Login Successful");
} else {
setFailCookie();
dump("HOBA: Login failed, Verification failure");
}
dbLogout();
setFailCookie();
exit(1);
}
}
}
//dump("kidB64:" . $kidB64 . " chalB64:" . $chalB64 . " nonceB64:" . $nonceB64 ." sig:" . $sig);
if (checkChal($chalB64, getPeer())) {
dump("HOBA: Challenge accepted");
} else {
dump("HOBA: Challenge failed");
setFailCookie();
exit(1);
}
$tbsOrigin = "https://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT'];
$sigText = genTbsBlob($nonceB64, $GLOBALS['alg'], $tbsOrigin, $kidB64, $chalB64);
$pem = jwkToPem($pubKey);
$verified = openssl_verify($sigText, $sig, $pem, OPENSSL_ALGO_SHA256);
dbLogin();
if ($verified) {
dump("HOBA: Key Verification Successful");
$newUser = dbRegisterKey($kid, $pubKey, $did);
if (!$newUser) {
dump("HOBA: Register failed, verification passed but kid already registered");
exit(1);
}
$t = time() + $GLOBALS['sessionTimeout'];
$chocolate = getCookieVal($kid, $did);
dbAddDeviceSession($kid, $did, $chocolate, $t);
setSuccessCookie($chocolate, $t);
header("Hobareg: regok", true, 200);
dump("HOBA: Registration Successful");