diff --git a/composer.json b/composer.json index ec1a67f4..6055148a 100644 --- a/composer.json +++ b/composer.json @@ -69,7 +69,7 @@ "symfony/serializer": "^6.1", "symfony/uid": "^6.1", "symfony/validator": "^6.1", - "web-auth/cose-lib": "^4.0.12", + "web-auth/cose-lib": "^4.2.3", "web-token/jwt-signature": "^3.1" }, "replace": { diff --git a/src/webauthn/composer.json b/src/webauthn/composer.json index 5da51983..1c672ac3 100644 --- a/src/webauthn/composer.json +++ b/src/webauthn/composer.json @@ -31,7 +31,7 @@ "psr/log": "^1.0|^2.0|^3.0", "spomky-labs/cbor-php": "^3.0", "symfony/uid": "^6.1", - "web-auth/cose-lib": "^4.0.12", + "web-auth/cose-lib": "^4.2.3", "web-auth/metadata-service": "self.version" }, "autoload": { diff --git a/src/webauthn/src/AuthenticatorDataLoader.php b/src/webauthn/src/AuthenticatorDataLoader.php index 43dd809c..e087e0ff 100644 --- a/src/webauthn/src/AuthenticatorDataLoader.php +++ b/src/webauthn/src/AuthenticatorDataLoader.php @@ -107,7 +107,7 @@ private function fixIncorrectEdDSAKey(string $data): string ); $correctX = ByteStringObject::create($keyBytes); $correctKey = MapObject::create() - ->add(UnsignedIntegerObject::create(1), ByteStringObject::create('OKP')) + ->add(UnsignedIntegerObject::create(1), TextStringObject::create('OKP')) ->add(UnsignedIntegerObject::create(3), NegativeIntegerObject::create(-8)) ->add(NegativeIntegerObject::create(-1), TextStringObject::create('Ed25519')) ->add(NegativeIntegerObject::create(-2), $correctX); diff --git a/tests/library/Functional/AssertionTest.php b/tests/library/Functional/AssertionTest.php index b17b0257..e7222754 100644 --- a/tests/library/Functional/AssertionTest.php +++ b/tests/library/Functional/AssertionTest.php @@ -8,6 +8,8 @@ use PHPUnit\Framework\Attributes\Test; use Symfony\Component\Uid\Uuid; use Webauthn\AuthenticatorAssertionResponse; +use Webauthn\AuthenticatorAttestationResponse; +use Webauthn\PublicKeyCredentialCreationOptions; use Webauthn\PublicKeyCredentialDescriptor; use Webauthn\PublicKeyCredentialRequestOptions; @@ -155,4 +157,36 @@ public function anAssertionWithUserHandleCanBeVerified(): void ); static::assertSame(1_548_765_641, $publicKeyCredentialSource->getCounter()); } + + #[Test] + public function aPreviouslyFixedKeyCanBeVerified(): void + { + $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromString( + '{"rp": {"name": "Tuleap","id": "tuleap-web.tuleap-aio-dev.docker"},"user": {"name": "admin","id": "MTAx","displayName": "Site Administrator"},"challenge": "sNZel5OhIwA5vR4wdVkwiGHR6QEnNhYOqi97OHQrc2A","pubKeyCredParams": [{"type": "public-key","alg": -8},{"type": "public-key","alg": -7},{"type": "public-key","alg": -257}],"attestation": "none"}' + ); + $publicKeyCredential = $this->getPublicKeyCredentialLoader() + ->load( + '{"clientExtensionResults": {},"id": "31ivJEY3jmIoxWuGZ7pZjDuBW5n1PAMeG-e0drfhayCzOsuNaCG3PH43i-OebKT0jqY-bAFCEUh1JCCATSPa9N5QIUwwSlUQO9Pb5X1_yXJnY9q7GYfm3LvR4Yk6-HKj4MpBj6cbVOZyoLZQtd2lDEU7pSTcbTZBELQlODGSlbQ","rawId": "31ivJEY3jmIoxWuGZ7pZjDuBW5n1PAMeG-e0drfhayCzOsuNaCG3PH43i-OebKT0jqY-bAFCEUh1JCCATSPa9N5QIUwwSlUQO9Pb5X1_yXJnY9q7GYfm3LvR4Yk6-HKj4MpBj6cbVOZyoLZQtd2lDEU7pSTcbTZBELQlODGSlbQ","response": {"attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVkBBxawLfvD1MyjfrwvZRZlmxIhDbnhAYq58TqWkGOOpv2oRQAAAAEvwFefgRNH6rEWu1qNuSAqAIDfWK8kRjeOYijFa4ZnulmMO4FbmfU8Ax4b57R2t-FrILM6y41oIbc8fjeL455spPSOpj5sAUIRSHUkIIBNI9r03lAhTDBKVRA709vlfX_Jcmdj2rsZh-bcu9HhiTr4cqPgykGPpxtU5nKgtlC13aUMRTulJNxtNkEQtCU4MZKVtKMBY09LUAMnIGdFZDI1NTE5IZggGC0YVhiMGPEYGxjCGD8DFBiuGMAYLhhjCRjKGKYY3xhSGBgYnhhnGKEYIQwYPBjeGG0YwRidGIcY8Rjs","clientDataJSON": "eyJjaGFsbGVuZ2UiOiJzTlplbDVPaEl3QTV2UjR3ZFZrd2lHSFI2UUVuTmhZT3FpOTdPSFFyYzJBIiwib3JpZ2luIjoiaHR0cHM6Ly90dWxlYXAtd2ViLnR1bGVhcC1haW8tZGV2LmRvY2tlciIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ"},"type": "public-key"}' + ); + static::assertInstanceOf(AuthenticatorAttestationResponse::class, $publicKeyCredential->getResponse()); + $source = $this->getAuthenticatorAttestationResponseValidator() + ->check($publicKeyCredential->getResponse(), $publicKeyCredentialCreationOptions, 'localhost'); + + $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString( + '{"challenge": "2MSn916xPaaOcp86sSYBVsqYzROi4Y8H7Brl_8D5Drc","allowCredentials": [{"type": "public-key","id": "31ivJEY3jmIoxWuGZ7pZjDuBW5n1PAMeG-e0drfhayCzOsuNaCG3PH43i-OebKT0jqY-bAFCEUh1JCCATSPa9N5QIUwwSlUQO9Pb5X1_yXJnY9q7GYfm3LvR4Yk6-HKj4MpBj6cbVOZyoLZQtd2lDEU7pSTcbTZBELQlODGSlbQ"}]}' + ); + $publicKeyCredential = $this->getPublicKeyCredentialLoader() + ->load( + '{"id": "31ivJEY3jmIoxWuGZ7pZjDuBW5n1PAMeG-e0drfhayCzOsuNaCG3PH43i-OebKT0jqY-bAFCEUh1JCCATSPa9N5QIUwwSlUQO9Pb5X1_yXJnY9q7GYfm3LvR4Yk6-HKj4MpBj6cbVOZyoLZQtd2lDEU7pSTcbTZBELQlODGSlbQ","rawId": "31ivJEY3jmIoxWuGZ7pZjDuBW5n1PAMeG-e0drfhayCzOsuNaCG3PH43i-OebKT0jqY-bAFCEUh1JCCATSPa9N5QIUwwSlUQO9Pb5X1_yXJnY9q7GYfm3LvR4Yk6-HKj4MpBj6cbVOZyoLZQtd2lDEU7pSTcbTZBELQlODGSlbQ","response": {"authenticatorData": "FrAt-8PUzKN-vC9lFmWbEiENueEBirnxOpaQY46m_agFAAAAAg","clientDataJSON": "eyJjaGFsbGVuZ2UiOiIyTVNuOTE2eFBhYU9jcDg2c1NZQlZzcVl6Uk9pNFk4SDdCcmxfOEQ1RHJjIiwib3JpZ2luIjoiaHR0cHM6Ly90dWxlYXAtd2ViLnR1bGVhcC1haW8tZGV2LmRvY2tlciIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ","signature": "eK5Yk9G8LjEsaEbK9Qq9Ovcx_Nf9xbRU5EURdMsiqJSQMpSCMHhcOBwfhPxx_zuPfYPxv_mRPgtPrX0vNQ3YAg"},"type": "public-key","clientExtensionResults": {}}' + ); + static::assertInstanceOf(AuthenticatorAssertionResponse::class, $publicKeyCredential->getResponse()); + $this->getAuthenticatorAssertionResponseValidator() + ->check( + $source, + $publicKeyCredential->getResponse(), + $publicKeyCredentialRequestOptions, + 'tuleap-web.tuleap-aio-dev.docker', + '101' + ); + } }