Bugs fixed (#451)

Bugs fixed
web-auth · Jul 27, 2023 · e5adcb1 · e5adcb1
1 parent 0e945db
commit e5adcb1
Show file tree

Hide file tree

Showing 30 changed files with 213 additions and 164 deletions.
diff --git a/bin/build_styles.js b/bin/build_styles.js
@@ -22,7 +22,7 @@ glob(pattern, function (err, files) {
         const pkg = JSON.parse(fs.readFileSync(file, 'utf-8'));
 
         // Get the css source
-        const cssSourceRelative = pkg.config && pkg.config.css_source;
+        const cssSourceRelative = pkg.config?.css_source;
 
         if (!cssSourceRelative) {
             return;

diff --git a/src/metadata-service/src/CertificateChain/CertificateToolbox.php b/src/metadata-service/src/CertificateChain/CertificateToolbox.php
@@ -11,6 +11,10 @@
 
 class CertificateToolbox
 {
+    private const PEM_HEADER = '-----BEGIN ';
+
+    private const PEM_FOOTER = '-----END ';
+
     /**
      * @param string[] $data
      *
@@ -23,29 +27,29 @@ public static function fixPEMStructures(array $data, string $type = 'CERTIFICATE
 
     public static function fixPEMStructure(string $data, string $type = 'CERTIFICATE'): string
     {
-        if (str_contains($data, '-----BEGIN')) {
+        if (str_contains($data, self::PEM_HEADER)) {
             return trim($data);
         }
-        $pem = '-----BEGIN ' . $type . '-----' . PHP_EOL;
+        $pem = self::PEM_HEADER . $type . '-----' . PHP_EOL;
         $pem .= chunk_split($data, 64, PHP_EOL);
 
-        return $pem . ('-----END ' . $type . '-----' . PHP_EOL);
+        return $pem . (self::PEM_FOOTER . $type . '-----' . PHP_EOL);
     }
 
     public static function convertPEMToDER(string $data): string
     {
-        if (! str_contains($data, '-----BEGIN')) {
+        if (! str_contains($data, self::PEM_HEADER)) {
             return $data;
         }
-        $data = preg_replace('/[\-]{5}.*[\-]{5}[\r\n]*/', '', $data);
+        $data = preg_replace('/\-{5}.*\-{5}[\r\n]*/', '', $data);
         $data = preg_replace("/[\r\n]*/", '', $data);
 
         return Base64::decode(trim($data), true);
     }
 
     public static function convertDERToPEM(string $data, string $type = 'CERTIFICATE'): string
     {
-        if (str_contains($data, '-----BEGIN')) {
+        if (str_contains($data, self::PEM_HEADER)) {
             return $data;
         }
         $der = self::unusedBytesFix($data);

diff --git a/src/metadata-service/src/CertificateChain/PhpCertificateChainValidator.php b/src/metadata-service/src/CertificateChain/PhpCertificateChainValidator.php
@@ -216,16 +216,16 @@ private function retrieveRevokedSerialNumbers(string $url): array
             $crlData = $response->getBody()
                 ->getContents();
             $crl = UnspecifiedType::fromDER($crlData)->asSequence();
-            count($crl) === 3 || throw CertificateRevocationListException::create($url, 'Invalid CRL.');
+            count($crl) === 3 || throw CertificateRevocationListException::create($url);
             $tbsCertList = $crl->at(0)
                 ->asSequence();
-            count($tbsCertList) >= 6 || throw CertificateRevocationListException::create($url, 'Invalid CRL.');
+            count($tbsCertList) >= 6 || throw CertificateRevocationListException::create($url);
             $list = $tbsCertList->at(5)
                 ->asSequence();
 
             return array_map(static function (UnspecifiedType $r) use ($url): string {
                 $sequence = $r->asSequence();
-                count($sequence) >= 1 || throw CertificateRevocationListException::create($url, 'Invalid CRL.');
+                count($sequence) >= 1 || throw CertificateRevocationListException::create($url);
                 return $sequence->at(0)
                     ->asInteger()
                     ->number();

diff --git a/src/metadata-service/src/Exception/CertificateRevocationListException.php b/src/metadata-service/src/Exception/CertificateRevocationListException.php
@@ -16,7 +16,7 @@ public function __construct(
         parent::__construct($message, $previous);
     }
 
-    public static function create(string $url, string $message, ?Throwable $previous = null): self
+    public static function create(string $url, string $message = 'Invalid CRL.', ?Throwable $previous = null): self
     {
         return new self($url, $message, $previous);
     }

diff --git a/src/metadata-service/src/Exception/MetadataStatementLoadingException.php b/src/metadata-service/src/Exception/MetadataStatementLoadingException.php
@@ -8,8 +8,10 @@
 
 final class MetadataStatementLoadingException extends MetadataStatementException
 {
-    public static function create(string $message, ?Throwable $previous = null): self
-    {
+    public static function create(
+        string $message = 'Unable to load the metadata statement',
+        ?Throwable $previous = null
+    ): self {
         return new self($message, $previous);
     }
 }
diff --git a/src/metadata-service/src/Service/DistantResourceMetadataService.php b/src/metadata-service/src/Service/DistantResourceMetadataService.php
@@ -56,9 +56,7 @@ public static function create(
     public function list(): iterable
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
         $aaguid = $this->statement->getAaguid();
         if ($aaguid === null) {
             yield from [];
@@ -70,19 +68,15 @@ public function list(): iterable
     public function has(string $aaguid): bool
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
 
         return $aaguid === $this->statement->getAaguid();
     }
 
     public function get(string $aaguid): MetadataStatement
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
 
         if ($aaguid === $this->statement->getAaguid()) {
             $this->dispatcher->dispatch(MetadataStatementFound::create($this->statement));

diff --git a/src/metadata-service/src/Service/FidoAllianceCompliantMetadataService.php b/src/metadata-service/src/Service/FidoAllianceCompliantMetadataService.php
@@ -144,6 +144,7 @@ private function loadData(): void
                 }
             }
         } catch (Throwable) {
+            // Nothing to do
         }
 
         $this->loaded = true;

diff --git a/src/metadata-service/src/Service/FolderResourceMetadataService.php b/src/metadata-service/src/Service/FolderResourceMetadataService.php
@@ -8,8 +8,8 @@
 use function file_get_contents;
 use InvalidArgumentException;
 use function is_array;
-use RuntimeException;
 use function sprintf;
+use Webauthn\MetadataService\Exception\MetadataStatementLoadingException;
 use Webauthn\MetadataService\Statement\MetadataStatement;
 
 final class FolderResourceMetadataService implements MetadataService
@@ -28,7 +28,7 @@ public function __construct(string $rootPath)
     public function list(): iterable
     {
         $files = glob($this->rootPath . DIRECTORY_SEPARATOR . '*');
-        is_array($files) || throw new RuntimeException('Unable to read files.');
+        is_array($files) || throw MetadataStatementLoadingException::create('Unable to read files.');
         foreach ($files as $file) {
             if (is_dir($file) || ! is_readable($file)) {
                 continue;
@@ -54,7 +54,7 @@ public function get(string $aaguid): MetadataStatement
         $filename = $this->rootPath . DIRECTORY_SEPARATOR . $aaguid;
         $data = trim(file_get_contents($filename));
         $mds = MetadataStatement::createFromString($data);
-        $mds->getAaguid() !== null || throw new RuntimeException('Invalid Metadata Statement.');
+        $mds->getAaguid() !== null || throw MetadataStatementLoadingException::create('Invalid Metadata Statement.');
 
         return $mds;
     }

diff --git a/src/metadata-service/src/Service/LocalResourceMetadataService.php b/src/metadata-service/src/Service/LocalResourceMetadataService.php
@@ -40,9 +40,7 @@ public static function create(string $filename, bool $isBase64Encoded = false):
     public function list(): iterable
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
         $aaguid = $this->statement->getAaguid();
         if ($aaguid === null) {
             yield from [];
@@ -54,19 +52,15 @@ public function list(): iterable
     public function has(string $aaguid): bool
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
 
         return $aaguid === $this->statement->getAaguid();
     }
 
     public function get(string $aaguid): MetadataStatement
     {
         $this->loadData();
-        $this->statement !== null || throw MetadataStatementLoadingException::create(
-            'Unable to load the metadata statement'
-        );
+        $this->statement !== null || throw MetadataStatementLoadingException::create();
 
         if ($aaguid === $this->statement->getAaguid()) {
             $this->dispatcher->dispatch(MetadataStatementFound::create($this->statement));

diff --git a/src/metadata-service/src/Statement/MetadataStatement.php b/src/metadata-service/src/Statement/MetadataStatement.php
@@ -20,20 +20,64 @@ class MetadataStatement implements JsonSerializable
 {
     final public const KEY_PROTECTION_SOFTWARE = 'software';
 
+    final public const KEY_PROTECTION_SOFTWARE_INT = 0x0001;
+
     final public const KEY_PROTECTION_HARDWARE = 'hardware';
 
+    final public const KEY_PROTECTION_HARDWARE_INT = 0x0002;
+
     final public const KEY_PROTECTION_TEE = 'tee';
 
+    final public const KEY_PROTECTION_TEE_INT = 0x0004;
+
     final public const KEY_PROTECTION_SECURE_ELEMENT = 'secure_element';
 
+    final public const KEY_PROTECTION_SECURE_ELEMENT_INT = 0x0008;
+
     final public const KEY_PROTECTION_REMOTE_HANDLE = 'remote_handle';
 
+    final public const KEY_PROTECTION_REMOTE_HANDLE_INT = 0x0010;
+
+    final public const KEY_PROTECTION_TYPES = [
+        self::KEY_PROTECTION_SOFTWARE,
+        self::KEY_PROTECTION_HARDWARE,
+        self::KEY_PROTECTION_TEE,
+        self::KEY_PROTECTION_SECURE_ELEMENT,
+        self::KEY_PROTECTION_REMOTE_HANDLE,
+    ];
+
+    final public const KEY_PROTECTION_TYPES_INT = [
+        self::KEY_PROTECTION_SOFTWARE_INT,
+        self::KEY_PROTECTION_HARDWARE_INT,
+        self::KEY_PROTECTION_TEE_INT,
+        self::KEY_PROTECTION_SECURE_ELEMENT_INT,
+        self::KEY_PROTECTION_REMOTE_HANDLE_INT,
+    ];
+
     final public const MATCHER_PROTECTION_SOFTWARE = 'software';
 
+    final public const MATCHER_PROTECTION_SOFTWARE_INT = 0x0001;
+
     final public const MATCHER_PROTECTION_TEE = 'tee';
 
+    final public const MATCHER_PROTECTION_TEE_INT = 0x0002;
+
     final public const MATCHER_PROTECTION_ON_CHIP = 'on_chip';
 
+    final public const MATCHER_PROTECTION_ON_CHIP_INT = 0x0004;
+
+    final public const MATCHER_PROTECTION_TYPES = [
+        self::MATCHER_PROTECTION_SOFTWARE,
+        self::MATCHER_PROTECTION_TEE,
+        self::MATCHER_PROTECTION_ON_CHIP,
+    ];
+
+    final public const MATCHER_PROTECTION_TYPES_INT = [
+        self::MATCHER_PROTECTION_SOFTWARE_INT,
+        self::MATCHER_PROTECTION_TEE_INT,
+        self::MATCHER_PROTECTION_ON_CHIP_INT,
+    ];
+
     final public const ATTACHMENT_HINT_INTERNAL = 'internal';
 
     final public const ATTACHMENT_HINT_EXTERNAL = 'external';
@@ -442,7 +486,9 @@ public static function createFromArray(array $data): self
             $data['protocolFamily'],
             $data['schema'],
             array_map(static function ($upv): Version {
-                is_array($upv) || throw MetadataStatementLoadingException::create('Invalid Metadata Statement');
+                is_array($upv) || throw MetadataStatementLoadingException::create(
+                    'Invalid Metadata Statement. The parameter "upv" shall be a list of objects.'
+                );
 
                 return Version::createFromArray($upv);
             }, $data['upv']),
@@ -451,7 +497,7 @@ public static function createFromArray(array $data): self
             $data['attestationTypes'],
             array_map(static function ($userVerificationDetails): VerificationMethodANDCombinations {
                 is_array($userVerificationDetails) || throw MetadataStatementLoadingException::create(
-                    'Invalid Metadata Statement'
+                    'Invalid Metadata Statement. The parameter "userVerificationDetails" shall be a list of objects.'
                 );
 
                 return VerificationMethodANDCombinations::createFromArray($userVerificationDetails);
@@ -478,7 +524,7 @@ public static function createFromArray(array $data): self
         if (isset($data['tcDisplayPNGCharacteristics'])) {
             $tcDisplayPNGCharacteristics = $data['tcDisplayPNGCharacteristics'];
             is_array($tcDisplayPNGCharacteristics) || throw MetadataStatementLoadingException::create(
-                'Invalid Metadata Statement'
+                'Invalid Metadata Statement. The parameter "tcDisplayPNGCharacteristics" shall be a list of objects.'
             );
             foreach ($tcDisplayPNGCharacteristics as $tcDisplayPNGCharacteristic) {
                 is_array($tcDisplayPNGCharacteristic) || throw MetadataStatementLoadingException::create(

diff --git a/src/metadata-service/src/Statement/VerificationMethodDescriptor.php b/src/metadata-service/src/Statement/VerificationMethodDescriptor.php
@@ -17,30 +17,88 @@ class VerificationMethodDescriptor implements JsonSerializable
 {
     final public const USER_VERIFY_PRESENCE_INTERNAL = 'presence_internal';
 
+    final public const USER_VERIFY_PRESENCE_INTERNAL_INT = 0x00000001;
+
     final public const USER_VERIFY_FINGERPRINT_INTERNAL = 'fingerprint_internal';
 
+    final public const USER_VERIFY_FINGERPRINT_INTERNAL_INT = 0x00000002;
+
     final public const USER_VERIFY_PASSCODE_INTERNAL = 'passcode_internal';
 
+    final public const USER_VERIFY_PASSCODE_INTERNAL_INT = 0x00000004;
+
     final public const USER_VERIFY_VOICEPRINT_INTERNAL = 'voiceprint_internal';
 
+    final public const USER_VERIFY_VOICEPRINT_INTERNAL_INT = 0x00000008;
+
     final public const USER_VERIFY_FACEPRINT_INTERNAL = 'faceprint_internal';
 
+    final public const USER_VERIFY_FACEPRINT_INTERNAL_INT = 0x00000010;
+
     final public const USER_VERIFY_LOCATION_INTERNAL = 'location_internal';
 
+    final public const USER_VERIFY_LOCATION_INTERNAL_INT = 0x00000020;
+
     final public const USER_VERIFY_EYEPRINT_INTERNAL = 'eyeprint_internal';
 
+    final public const USER_VERIFY_EYEPRINT_INTERNAL_INT = 0x00000040;
+
     final public const USER_VERIFY_PATTERN_INTERNAL = 'pattern_internal';
 
+    final public const USER_VERIFY_PATTERN_INTERNAL_INT = 0x00000080;
+
     final public const USER_VERIFY_HANDPRINT_INTERNAL = 'handprint_internal';
 
+    final public const USER_VERIFY_HANDPRINT_INTERNAL_INT = 0x00000100;
+
     final public const USER_VERIFY_PASSCODE_EXTERNAL = 'passcode_external';
 
+    final public const USER_VERIFY_PASSCODE_EXTERNAL_INT = 0x00000800;
+
     final public const USER_VERIFY_PATTERN_EXTERNAL = 'pattern_external';
 
+    final public const USER_VERIFY_PATTERN_EXTERNAL_INT = 0x00001000;
+
     final public const USER_VERIFY_NONE = 'none';
 
+    final public const USER_VERIFY_NONE_INT = 0x00000200;
+
     final public const USER_VERIFY_ALL = 'all';
 
+    final public const USER_VERIFY_ALL_INT = 0x00000400;
+
+    final public const USER_VERIFICATION_METHODS = [
+        self::USER_VERIFY_PRESENCE_INTERNAL,
+        self::USER_VERIFY_FINGERPRINT_INTERNAL,
+        self::USER_VERIFY_PASSCODE_INTERNAL,
+        self::USER_VERIFY_VOICEPRINT_INTERNAL,
+        self::USER_VERIFY_FACEPRINT_INTERNAL,
+        self::USER_VERIFY_LOCATION_INTERNAL,
+        self::USER_VERIFY_EYEPRINT_INTERNAL,
+        self::USER_VERIFY_PATTERN_INTERNAL,
+        self::USER_VERIFY_HANDPRINT_INTERNAL,
+        self::USER_VERIFY_PASSCODE_EXTERNAL,
+        self::USER_VERIFY_PATTERN_EXTERNAL,
+        self::USER_VERIFY_NONE,
+        self::USER_VERIFY_ALL,
+    ];
+
+    final public const USER_VERIFICATION_METHODS_INT = [
+        self::USER_VERIFY_PRESENCE_INTERNAL_INT,
+        self::USER_VERIFY_FINGERPRINT_INTERNAL_INT,
+        self::USER_VERIFY_PASSCODE_INTERNAL_INT,
+        self::USER_VERIFY_VOICEPRINT_INTERNAL_INT,
+        self::USER_VERIFY_FACEPRINT_INTERNAL_INT,
+        self::USER_VERIFY_LOCATION_INTERNAL_INT,
+        self::USER_VERIFY_EYEPRINT_INTERNAL_INT,
+        self::USER_VERIFY_PATTERN_INTERNAL_INT,
+        self::USER_VERIFY_HANDPRINT_INTERNAL_INT,
+        self::USER_VERIFY_PASSCODE_EXTERNAL_INT,
+        self::USER_VERIFY_PATTERN_EXTERNAL_INT,
+        self::USER_VERIFY_NONE_INT,
+        self::USER_VERIFY_ALL_INT,
+    ];
+
     private readonly string $userVerificationMethod;
 
     public function __construct(

diff --git a/src/stimulus/assets/dist/controller.js b/src/stimulus/assets/dist/controller.js
@@ -3,13 +3,14 @@ import { startAuthentication, startRegistration } from '@simplewebauthn/browser'
 
 class default_1 extends Controller {
     connect() {
+        var _a, _b;
         const options = {
             requestResultUrl: this.requestResultUrlValue,
             requestOptionsUrl: this.requestOptionsUrlValue,
-            requestSuccessRedirectUri: this.requestSuccessRedirectUriValue || null,
+            requestSuccessRedirectUri: (_a = this.requestSuccessRedirectUriValue) !== null && _a !== void 0 ? _a : null,
             creationResultUrl: this.creationResultUrlValue,
             creationOptionsUrl: this.creationOptionsUrlValue,
-            creationSuccessRedirectUri: this.creationSuccessRedirectUriValue || null,
+            creationSuccessRedirectUri: (_b = this.creationSuccessRedirectUriValue) !== null && _b !== void 0 ? _b : null,
         };
         this._dispatchEvent('webauthn:connect', { options });
     }