Fix missing pieces for moving to 5.0.0

web-auth · Oct 27, 2023 · 297e1fd · 297e1fd
1 parent fd39825
commit 297e1fd
Show file tree

Hide file tree

Showing 51 changed files with 567 additions and 515 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
diff --git a/src/metadata-service/src/CertificateChain/PhpCertificateChainValidator.php b/src/metadata-service/src/CertificateChain/PhpCertificateChainValidator.php
@@ -126,7 +126,7 @@ private function validateChain(array $untrustedCertificates, string $trustedCert
         $uniqueCertificates = array_map(
             static fn (Certificate $cert): string => $cert->toPEM()
                 ->string(),
-            array_merge($untrustedCertificates, [$trustedCertificate])
+            [...$untrustedCertificates, $trustedCertificate]
         );
         count(array_unique($uniqueCertificates)) === count(
             $uniqueCertificates
@@ -140,7 +140,7 @@ private function validateChain(array $untrustedCertificates, string $trustedCert
             return false;
         }
 
-        $certificates = array_merge([$trustedCertificate], $untrustedCertificates);
+        $certificates = [$trustedCertificate, ...$untrustedCertificates];
         $numCerts = count($certificates);
         for ($i = 1; $i < $numCerts; $i++) {
             if ($this->isRevoked($certificates[$i])) {

diff --git a/src/metadata-service/src/Statement/AuthenticatorGetInfo.php b/src/metadata-service/src/Statement/AuthenticatorGetInfo.php
@@ -12,7 +12,6 @@ class AuthenticatorGetInfo implements JsonSerializable
      * @param array<string|int, mixed> $info
      */
     public function __construct(
-        /** @readonly */
         public array $info = []
     ) {
     }

diff --git a/src/metadata-service/src/Statement/MetadataStatement.php b/src/metadata-service/src/Statement/MetadataStatement.php
@@ -196,35 +196,20 @@ public function __construct(
         public readonly array $tcDisplay,
         public readonly array $attestationRootCertificates,
         public readonly ?AlternativeDescriptions $alternativeDescriptions = null,
-        /** @readonly  */
         public ?string $legalHeader = null,
-        /** @readonly  */
         public ?string $aaid = null,
-        /** @readonly  */
         public ?string $aaguid = null,
-        /** @readonly  */
         public array $attestationCertificateKeyIdentifiers = [],
-        /** @readonly  */
         public array $keyProtection = [],
-        /** @readonly  */
         public ?bool $isKeyRestricted = null,
-        /** @readonly  */
         public ?bool $isFreshUserVerificationRequired = null,
-        /** @readonly  */
         public ?int $cryptoStrength = null,
-        /** @readonly  */
         public array $attachmentHint = [],
-        /** @readonly  */
         public ?string $tcDisplayContentType = null,
-        /** @readonly  */
         public array $tcDisplayPNGCharacteristics = [],
-        /** @readonly  */
         public array $ecdaaTrustAnchors = [],
-        /** @readonly  */
         public ?string $icon = null,
-        /** @readonly  */
         public array $supportedExtensions = [],
-        /** @readonly  */
         ?AuthenticatorGetInfo $authenticatorGetInfo = null,
     ) {
         $this->authenticatorGetInfo = $authenticatorGetInfo ?? AuthenticatorGetInfo::create($attestationTypes);

diff --git a/src/symfony/src/Resources/config/services.php b/src/symfony/src/Resources/config/services.php
@@ -28,7 +28,7 @@
 use Webauthn\Bundle\Service\PublicKeyCredentialRequestOptionsFactory;
 use Webauthn\Counter\ThrowExceptionIfInvalid;
 use Webauthn\Denormalizer\AttestationStatementDenormalizer;
-use Webauthn\Denormalizer\AuthenticationExtensionsClientInputsDenormalizer;
+use Webauthn\Denormalizer\AuthenticationExtensionsDenormalizer;
 use Webauthn\Denormalizer\AuthenticatorAssertionResponseDenormalizer;
 use Webauthn\Denormalizer\AuthenticatorAttestationResponseDenormalizer;
 use Webauthn\Denormalizer\AuthenticatorDataDenormalizer;
@@ -172,7 +172,7 @@
     $container->set(AttestationStatementDenormalizer::class)
         ->args([service(AttestationStatementSupportManager::class)])
     ;
-    $container->set(AuthenticationExtensionsClientInputsDenormalizer::class);
+    $container->set(AuthenticationExtensionsDenormalizer::class);
     $container->set(AuthenticatorAssertionResponseDenormalizer::class);
     $container->set(AuthenticatorAttestationResponseDenormalizer::class);
     $container->set(AuthenticatorDataDenormalizer::class);

diff --git a/src/symfony/src/Security/Authentication/Token/WebauthnToken.php b/src/symfony/src/Security/Authentication/Token/WebauthnToken.php
@@ -5,7 +5,7 @@
 namespace Webauthn\Bundle\Security\Authentication\Token;
 
 use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
-use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientOutputs;
+use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\Bundle\Security\Authorization\Voter\IsUserPresentVoter;
 use Webauthn\Bundle\Security\Authorization\Voter\IsUserVerifiedVoter;
 use Webauthn\PublicKeyCredentialDescriptor;
@@ -23,7 +23,7 @@ public function __construct(
         private readonly int $reservedForFutureUse1,
         private readonly int $reservedForFutureUse2,
         private readonly int $signCount,
-        private readonly ?AuthenticationExtensionsClientOutputs $extensions,
+        private readonly null|AuthenticationExtensions $extensions,
         private readonly string $firewallName,
         array $roles = [],
         private readonly bool $isBackupEligible = false,
@@ -133,7 +133,7 @@ public function isBackedUp(): bool
         return $this->isBackedUp;
     }
 
-    public function getExtensions(): ?AuthenticationExtensionsClientOutputs
+    public function getExtensions(): ?AuthenticationExtensions
     {
         return $this->extensions;
     }

diff --git a/src/symfony/src/Security/Authentication/Token/WebauthnTokenInterface.php b/src/symfony/src/Security/Authentication/Token/WebauthnTokenInterface.php
@@ -5,7 +5,7 @@
 namespace Webauthn\Bundle\Security\Authentication\Token;
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientOutputs;
+use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\PublicKeyCredentialDescriptor;
 use Webauthn\PublicKeyCredentialOptions;
 use Webauthn\PublicKeyCredentialUserEntity;
@@ -34,7 +34,7 @@ public function getReservedForFutureUse2(): int;
 
     public function getSignCount(): int;
 
-    public function getExtensions(): ?AuthenticationExtensionsClientOutputs;
+    public function getExtensions(): ?AuthenticationExtensions;
 
     public function getFirewallName(): string;
 }
diff --git a/src/symfony/src/Service/PublicKeyCredentialCreationOptionsFactory.php b/src/symfony/src/Service/PublicKeyCredentialCreationOptionsFactory.php
@@ -7,6 +7,7 @@
 use InvalidArgumentException;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use Webauthn\AuthenticationExtensions\AuthenticationExtension;
+use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientInputs;
 use Webauthn\AuthenticatorSelectionCriteria;
 use Webauthn\Bundle\Event\PublicKeyCredentialCreationOptionsCreatedEvent;
@@ -57,9 +58,9 @@ public function create(
         string $key,
         PublicKeyCredentialUserEntity $userEntity,
         array $excludeCredentials = [],
-        ?AuthenticatorSelectionCriteria $authenticatorSelection = null,
-        ?string $attestationConveyance = null,
-        ?AuthenticationExtensionsClientInputs $authenticationExtensionsClientInputs = null
+        null|AuthenticatorSelectionCriteria $authenticatorSelection = null,
+        null|string $attestationConveyance = null,
+        null|AuthenticationExtensions $authenticationExtensionsClientInputs = null
     ): PublicKeyCredentialCreationOptions {
         array_key_exists($key, $this->profiles) || throw new InvalidArgumentException(sprintf(
             'The profile with key "%s" does not exist.',
@@ -102,7 +103,7 @@ public function create(
     /**
      * @param mixed[] $profile
      */
-    private function createExtensions(array $profile): AuthenticationExtensionsClientInputs
+    private function createExtensions(array $profile): AuthenticationExtensions
     {
         return AuthenticationExtensionsClientInputs::create(
             array_map(

diff --git a/src/symfony/src/Service/PublicKeyCredentialRequestOptionsFactory.php b/src/symfony/src/Service/PublicKeyCredentialRequestOptionsFactory.php
@@ -7,6 +7,7 @@
 use InvalidArgumentException;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use Webauthn\AuthenticationExtensions\AuthenticationExtension;
+use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientInputs;
 use Webauthn\Bundle\Event\PublicKeyCredentialRequestOptionsCreatedEvent;
 use Webauthn\MetadataService\Event\CanDispatchEvents;
@@ -47,8 +48,8 @@ public function __construct(
     public function create(
         string $key,
         array $allowCredentials,
-        ?string $userVerification = null,
-        ?AuthenticationExtensionsClientInputs $authenticationExtensionsClientInputs = null
+        null|string $userVerification = null,
+        null|AuthenticationExtensions $authenticationExtensionsClientInputs = null
     ): PublicKeyCredentialRequestOptions {
         array_key_exists($key, $this->profiles) || throw new InvalidArgumentException(sprintf(
             'The profile with key "%s" does not exist.',
@@ -95,7 +96,7 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v
     /**
      * @param mixed[] $profile
      */
-    private function createExtensions(array $profile): AuthenticationExtensionsClientInputs
+    private function createExtensions(array $profile): AuthenticationExtensions
     {
         return AuthenticationExtensionsClientInputs::create(
             array_map(

diff --git a/src/webauthn/src/AuthenticationExtensions/AuthenticationExtensions.php b/src/webauthn/src/AuthenticationExtensions/AuthenticationExtensions.php
@@ -0,0 +1,158 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Webauthn\AuthenticationExtensions;
+
+use ArrayAccess;
+use ArrayIterator;
+use Countable;
+use Iterator;
+use IteratorAggregate;
+use JsonSerializable;
+use Webauthn\Exception\AuthenticationExtensionException;
+use function array_key_exists;
+use function count;
+use function is_string;
+use const COUNT_NORMAL;
+
+/**
+ * @implements IteratorAggregate<AuthenticationExtension>
+ * @final
+ */
+class AuthenticationExtensions implements JsonSerializable, Countable, IteratorAggregate, ArrayAccess
+{
+    /**
+     * @var array<string, AuthenticationExtension>
+     * @readonly
+     */
+    public array $extensions;
+
+    /**
+     * @param array<string|int, mixed|AuthenticationExtension> $extensions
+     */
+    public function __construct(array $extensions = [])
+    {
+        $list = [];
+        foreach ($extensions as $key => $extension) {
+            if ($extension instanceof AuthenticationExtension) {
+                $list[$extension->name] = $extension;
+
+                continue;
+            }
+            if (is_string($key)) {
+                $list[$key] = AuthenticationExtension::create($key, $extension);
+                continue;
+            }
+            throw new AuthenticationExtensionException('Invalid extension');
+        }
+        $this->extensions = $list;
+    }
+
+    /**
+     * @param array<string|int, AuthenticationExtension> $extensions
+     */
+    public static function create(array $extensions = []): static
+    {
+        return new static($extensions);
+    }
+
+    /**
+     * @deprecated since 4.7.0. Please use the property directly.
+     * @infection-ignore-all
+     */
+    public function add(AuthenticationExtension ...$extensions): static
+    {
+        foreach ($extensions as $extension) {
+            $this->extensions[$extension->name] = $extension;
+        }
+
+        return $this;
+    }
+
+    /**
+     * @param array<string, mixed> $json
+     * @deprecated since 4.8.0. Please use {Webauthn\Denormalizer\WebauthnSerializerFactory} for converting the object.
+     * @infection-ignore-all
+     */
+    public static function createFromArray(array $json): static
+    {
+        return static::create(
+            array_map(
+                static fn (string $key, mixed $value): AuthenticationExtension => AuthenticationExtension::create(
+                    $key,
+                    $value
+                ),
+                array_keys($json),
+                $json
+            )
+        );
+    }
+
+    public function has(string $key): bool
+    {
+        return array_key_exists($key, $this->extensions);
+    }
+
+    public function get(string $key): AuthenticationExtension
+    {
+        $this->has($key) || throw AuthenticationExtensionException::create(sprintf(
+            'The extension with key "%s" is not available',
+            $key
+        ));
+
+        return $this->extensions[$key];
+    }
+
+    /**
+     * @return array<string, AuthenticationExtension>
+     */
+    public function jsonSerialize(): array
+    {
+        return $this->extensions;
+    }
+
+    /**
+     * @return Iterator<string, AuthenticationExtension>
+     */
+    public function getIterator(): Iterator
+    {
+        return new ArrayIterator($this->extensions);
+    }
+
+    public function count(int $mode = COUNT_NORMAL): int
+    {
+        return count($this->extensions, $mode);
+    }
+
+    public function offsetExists(mixed $offset): bool
+    {
+        return array_key_exists($offset, $this->extensions);
+    }
+
+    public function offsetGet(mixed $offset): mixed
+    {
+        return $this->extensions[$offset];
+    }
+
+    public function offsetSet(mixed $offset, mixed $value): void
+    {
+        if ($value === null) {
+            return;
+        }
+        if ($value instanceof AuthenticationExtension) {
+            $this->extensions[$value->name] = $value;
+            return;
+        }
+        if (is_string($offset)) {
+            $this->extensions[$offset] = AuthenticationExtension::create($offset, $value);
+            return;
+        }
+        throw new AuthenticationExtensionException('Invalid extension');
+    }
+
+    public function offsetUnset(mixed $offset): void
+    {
+        unset($this->extensions[$offset]);
+    }
+}