Server IP : 104.21.14.48 / Your IP : 18.222.98.202 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/defender-security/vendor/web-auth/metadata-service/src/ |
Upload File : |
<?php declare(strict_types=1); /* * The MIT License (MIT) * * Copyright (c) 2014-2021 Spomky-Labs * * This software may be modified and distributed under the terms * of the MIT license. See the LICENSE file for details. */ namespace Webauthn\MetadataService; use Assert\Assertion; use Base64Url\Base64Url; use Jose\Component\KeyManagement\JWKFactory; use Jose\Component\Signature\Algorithm\ES256; use Jose\Component\Signature\Serializer\CompactSerializer; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; use function Safe\json_decode; use function Safe\sprintf; /** * @deprecated This class is deprecated since v3.3 and will be removed in v4.0 */ class MetadataStatementFetcher { public static function fetchTableOfContent(string $uri, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = []): MetadataTOCPayload { $content = self::fetch($uri, $client, $requestFactory, $additionalHeaders); $payload = self::getJwsPayload($content); $data = json_decode($payload, true); return MetadataTOCPayload::createFromArray($data); } public static function fetchMetadataStatement(string $uri, bool $isBase64UrlEncoded, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = [], string $hash = '', string $hashingFunction = 'sha256'): MetadataStatement { $payload = self::fetch($uri, $client, $requestFactory, $additionalHeaders); if ('' !== $hash) { Assertion::true(hash_equals($hash, hash($hashingFunction, $payload, true)), 'The hash cannot be verified. The metadata statement shall be rejected'); } $json = $isBase64UrlEncoded ? Base64Url::decode($payload) : $payload; $data = json_decode($json, true); return MetadataStatement::createFromArray($data); } private static function fetch(string $uri, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = []): string { $request = $requestFactory->createRequest('GET', $uri); foreach ($additionalHeaders as $k => $v) { $request = $request->withHeader($k, $v); } $response = $client->sendRequest($request); Assertion::eq(200, $response->getStatusCode(), sprintf('Unable to contact the server. Response code is %d', $response->getStatusCode())); $content = $response->getBody()->getContents(); Assertion::notEmpty($content, 'Unable to contact the server. The response has no content'); return $content; } private static function getJwsPayload(string $token): string { $jws = (new CompactSerializer())->unserialize($token); Assertion::eq(1, $jws->countSignatures(), 'Invalid response from the metadata service. Only one signature shall be present.'); $signature = $jws->getSignature(0); $payload = $jws->getPayload(); Assertion::notEmpty($payload, 'Invalid response from the metadata service. The token payload is empty.'); $header = $signature->getProtectedHeader(); Assertion::keyExists($header, 'alg', 'The "alg" parameter is missing.'); Assertion::eq($header['alg'], 'ES256', 'The expected "alg" parameter value should be "ES256".'); Assertion::keyExists($header, 'x5c', 'The "x5c" parameter is missing.'); Assertion::isArray($header['x5c'], 'The "x5c" parameter should be an array.'); $key = JWKFactory::createFromX5C($header['x5c']); $algorithm = new ES256(); $isValid = $algorithm->verify($key, $signature->getEncodedProtectedHeader().'.'.$jws->getEncodedPayload(), $signature->getSignature()); Assertion::true($isValid, 'Invalid response from the metadata service. The token signature is invalid.'); return $jws->getPayload(); } }