Last active
December 4, 2019 23:23
-
-
Save My1/d450a292b43a33d9194ba05165dc17f3 to your computer and use it in GitHub Desktop.
depends on https://github.com/lbuchs/WebAuthn place in .test do not use on a key you dont want to reset.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $dbhost="use"; | |
| $dbname="your"; | |
| $dbuser="own"; | |
| $dbpass="database"; | |
| $table="table"; | |
| function bin2uuid($bin) { | |
| $uuidReadable = unpack("H*",$bin); | |
| $uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable); | |
| $uuidReadable = array_merge($uuidReadable)[0]; | |
| return $uuidReadable; | |
| } | |
| $link = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname) or die("nocon"); | |
| require_once '../WebAuthn.php'; | |
| $rk=true; | |
| $uv=true; | |
| $timeout=180; | |
| //dont ask for attestation, it's just slowing us down. | |
| $formats=array('none'); | |
| $WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats); | |
| if(isset($_POST["reg"])||isset($_GET["reg"]) && !isset($_POST["regdata"])) { | |
| if(!isset($_GET["num"])) { | |
| $num=1; | |
| } | |
| else { | |
| $num=$_GET["num"]; | |
| } | |
| $uid="RK Blowup Test $num"; | |
| $uname="User $num"; | |
| $dname="Display $num"; | |
| $exist=[]; | |
| $args = $WebAuthn->getCreateArgs($uid, $uname, $dname, $timeout, $rk,$uv,$exist); | |
| //$pargs=json_encode($args,JSON_PRETTY_PRINT); | |
| $createArgs = json_encode($args); | |
| session_start(); | |
| $_SESSION['challenge'] = $WebAuthn->getChallenge(); | |
| $_SESSION['uid']=$uid; | |
| } | |
| if(isset($_POST["regdata"])) { | |
| session_start(); | |
| $r=json_decode($_POST["regdata"]); | |
| $challenge=$_SESSION["challenge"]; | |
| $uid=$_SESSION["uid"]; | |
| $clientDataJSON = base64_decode($r->clientDataJSON); | |
| $attestationObject = base64_decode($r->attestationObject); | |
| $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge); | |
| $data->credentialId=base64_encode($data->credentialId); | |
| $data->AAGUID=bin2uuid($data->AAGUID); | |
| $data->signatureCounter=($data->signatureCounter === NULL ? 0 : $data->signatureCounter); | |
| //var_dump($data); | |
| $cols="uid,credid,pk".($data->signatureCounter ? ",counter" : '').($data->certificate ? ",cert" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",aaguid" : ''); | |
| $vals="'$uid','{$data->credentialId}','{$data->credentialPublicKey}'".($data->signatureCounter ? ",'{$data->signatureCounter}'" : '').($data->certificate ? ",'{$data->certificate}'" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",'{$data->AAGUID}'" : ''); | |
| $q="insert into webauthn ($cols) values ($vals)"; | |
| //echo $q; | |
| mysqli_query($link,$q) or die(mysqli_error($link)); | |
| header("Location: blowuprks.php?reg&num=".($_GET["num"]+1)); | |
| } | |
| echo <<<end | |
| <html> | |
| <head> | |
| <title>My1s WebAuthn test</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| </head> | |
| <body> | |
| Current number is $num | |
| end; | |
| if(isset($createArgs)) { | |
| echo <<<end | |
| <form id="regform" method="post"> | |
| <input type="text" name="uv" value="$uv" readonly> | |
| <input type="text size="100" name="regdata" id="regdata"/> | |
| </form> | |
| <button onclick="webreg()">Sign Up</button> | |
| <script> | |
| var args=$createArgs; | |
| function recursiveBase64StrToArrayBuffer(r){if("object"==typeof r)for(let t in r)if("string"==typeof r[t]){let n=r[t];if("?BINARY?B?"===n.substring(0,"?BINARY?B?".length)&&"?="===n.substring(n.length-"?=".length)){n=n.substring("?BINARY?B?".length,n.length-"?=".length);let f=window.atob(n),o=f.length,i=new Uint8Array(o);for(var e=0;e<o;e++)i[e]=f.charCodeAt(e);r[t]=i.buffer}}else recursiveBase64StrToArrayBuffer(r[t])}function arrayBufferToBase64(r){for(var e="",t=new Uint8Array(r),n=t.byteLength,f=0;f<n;f++)e+=String.fromCharCode(t[f]);return window.btoa(e)} | |
| recursiveBase64StrToArrayBuffer(args); | |
| function webreg() { | |
| navigator.credentials.create(args) | |
| .then(result => { | |
| r={}; | |
| r.clientDataJSON = result.response.clientDataJSON ? arrayBufferToBase64(result.response.clientDataJSON) : null; | |
| r.attestationObject = result.response.attestationObject ? arrayBufferToBase64(result.response.attestationObject) : null; | |
| document.getElementById("regdata").value=JSON.stringify(r); | |
| document.getElementById("regform").submit(); | |
| }) | |
| .catch(e => { | |
| window.exc=e; | |
| console.log(e.message); | |
| }); | |
| } | |
| webreg(); | |
| </script> | |
| end; | |
| } | |
| echo <<<end | |
| </body> | |
| </html> | |
| end; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment