/** * @param VerifyYubikeyPublicIdCommand $command * @return VerificationResult */ public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command) { $verifyOtpCommand = new VerifyYubikeyOtpCommand(); $verifyOtpCommand->otp = $command->otp; $verifyOtpCommand->identityId = $command->identityId; $verifyOtpCommand->institution = $command->institution; $verificationResult = $this->yubikeyService->verify($verifyOtpCommand); if (YubikeyOtp::isValid($command->otp)) { $otp = YubikeyOtp::fromString($command->otp); $publicId = YubikeyPublicId::fromOtp($otp); } else { $publicId = null; } if ($verificationResult->isServerError()) { return new VerificationResult(VerificationResult::RESULT_OTP_VERIFICATION_FAILED, $publicId); } elseif ($verificationResult->isClientError()) { return new VerificationResult(VerificationResult::RESULT_OTP_INVALID, $publicId); } if ($publicId->getYubikeyPublicId() !== $command->expectedPublicId) { $this->logger->notice('Yubikey used by registrant during vetting did not match the one used during registration.'); return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH, $publicId); } $this->logger->info('Yubikey used by registrant during vetting matches the one used during registration.'); return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId); }
/** * @param VerifyYubikeyOtpCommand $command * @return ProofOfPossessionResult */ public function provePossession(VerifyYubikeyOtpCommand $command) { $verificationResult = $this->yubikeyService->verify($command); if (!$verificationResult->isSuccessful()) { if ($verificationResult->isClientError()) { return ProofOfPossessionResult::invalidOtp(); } elseif ($verificationResult->isServerError()) { return ProofOfPossessionResult::otpVerificationFailed(); } throw new RuntimeException('Unexpected Verification result, result is not successful but has neither client nor server error'); } $secondFactorId = Uuid::generate(); $otp = YubikeyOtp::fromString($command->otp); $publicId = YubikeyPublicId::fromOtp($otp); $provePossessionCommand = new ProveYubikeyPossessionCommand(); $provePossessionCommand->identityId = $command->identity; $provePossessionCommand->secondFactorId = $secondFactorId; $provePossessionCommand->yubikeyPublicId = $publicId->getYubikeyPublicId(); $result = $this->commandService->execute($provePossessionCommand); if (!$result->isSuccessful()) { return ProofOfPossessionResult::proofOfPossessionCommandFailed(); } return ProofOfPossessionResult::secondFactorCreated($secondFactorId); }
/** * @test * @group value * @dataProvider otpProvider * * @param string $otpString * @param string $yubikeyPublicId */ public function it_accepts_valid_modhex_formats($otpString, $yubikeyPublicId) { $otp = YubikeyOtp::fromString($otpString); $id = YubikeyPublicId::fromOtp($otp); $this->assertEquals($yubikeyPublicId, $id->getYubikeyPublicId()); }