\Davidearl\WebAuthnWebAuthn

Summary

Methods

Properties

Constants

__construct()
cancel()
prepareChallengeForRegistration()
register()
prepareForLogin()
authenticate()

No public properties found

ES256
RS256

getUrlSuffix()

No protected properties found

N/A

arrayToString()
stringToArray()
pubkeyToPem()
COSEECDHAtoPKCS()
randomBytes()
oops()

No private properties found

N/A

File: lib/plugin/webauth/vendor/davidearl/webauthn/WebAuthn/WebAuthn.php
Package: davidearl\webauthn A class to help manage keys via the webauthn protocol. Webauthn allows for browser logins using a physical key (such as a Yubikey 2) or, in due course, biometrics such as fingerprints, that support the protocol. This is based on the Javascript example at https://webauthn.bin.coffee/, but offers a PHP server side. You need to store a webauthn string (which does not need to be indexed) in user records in your database, the value of which is consulted and amended by the various functions in this class. Errors are thrown as simple Exception, with code 0 for user errors (such as validation failure) or 1 for programming errors (wrong argument types etc) Dependencies ------------ - You will need to include https://github.com/2tvenom/CBOREncode - openssl that supports SHA256
Class hierarchy: \Davidearl\WebAuthn\WebAuthn

Constants

ES256

ES256

RS256

RS256

Methods

__construct()

__construct(string  $appid)

construct object on which to operate

Parameters

string

$appid

a string identifying your app, typically the domain of your website which people are using the key to log in to. If you have the URL (ie including the https:// on the front) to hand, give that; if it's not https, well what are you doing using this code?

cancel()

cancel() : string

cancel all keys for a user

Returns

string —

to store as the user's webauthn field in your database

prepareChallengeForRegistration()

prepareChallengeForRegistration(  $username,   $userid) : string

generate a challenge ready for registering a hardware key, fingerprint or whatever:

Parameters

	$username	string by which the user is known potentially displayed on the hardware key
	$userid	string by which the user can be uniquely identified. Don't use email address as this can change, user perhaps the database record id

Returns

string —

pass this JSON string back to the browser

register()

register(string  $info, string  $userwebauthn) : string

registers a new key for a user requires info from the hardware via javascript given below

Parameters

string	$info	supplied to the PHP script via a POST, constructed by the Javascript given below, ultimately provided by the key
string	$userwebauthn	the exisitng webauthn field for the user from your database (it's actaully a JSON string, but that's entirely internal to this code)

Returns

string —

modified to store in the user's webauthn field in your database

prepareForLogin()

prepareForLogin(string  $userwebauthn) : string

generates a new key string for the physical key, fingerprint reader or whatever to respond to on login

Parameters

string

$userwebauthn

the existing webauthn field for the user from your database

Returns

string —

to pass to javascript webauthnAuthenticate

authenticate()

authenticate(string  $info, string  $userwebauthn) : boolean

validates a response for login or 2fa requires info from the hardware via javascript given below

Parameters

string	$info	supplied to the PHP script via a POST, constructed by the Javascript given below, ultimately provided by the key
string	$userwebauthn	the exisiting webauthn field for the user from your database (it's actaully a JSON string, but that's entirely internal to this code)

Returns

boolean —

true for valid authentication or false for failed validation

getUrlSuffix()

getUrlSuffix()

arrayToString()

arrayToString(array  $a) : string

convert an array of uint8's to a binary string

Parameters

array

to be converted (array of unsigned 8 bit integers)

Returns

string —

converted to bytes

stringToArray()

stringToArray(string  $s) : array

convert a binary string to an array of uint8's

Parameters

string

to be converted

Returns

array —

converted to array of unsigned integers

pubkeyToPem()

pubkeyToPem(string  $key) : string

convert a public key from the hardware to PEM format

Parameters

string

$key

to be converted to PEM format

Returns

string —

converted to PEM format

COSEECDHAtoPKCS()

COSEECDHAtoPKCS(  $binary) : string

Convert COSE ECDHA to PKCS

Parameters

$binary

Returns

string —

converted public key

randomBytes()

randomBytes(integer  $length) : string

shim for random_bytes which doesn't exist pre php7

Parameters

integer

$length

the number of bytes required

Returns

string —

length cryptographically random bytes

oops()

oops(string  $s, integer  $c)

just an abbreviation to throw an error: never returns

Parameters

string	$s	error message
integer	$c	error code (0 for user error, 1 for incorrect usage)