Webauthn抽象

app/WebAuthn/WebAuthnService.php

@@ -3,20 +3,33 @@
 namespace App\WebAuthn;
 
 use App\WebAuthn\Repository\PublicKeyCredentialSourceRepositoryImpl;
+use Cose\Algorithm\Manager;
+use Cose\Algorithm\Signature\ECDSA\ES256;
+use Cose\Algorithm\Signature\RSA\RS256;
 use Cose\Algorithms;
+use Webauthn\AttestationStatement\AttestationObjectLoader;
+use Webauthn\AttestationStatement\AttestationStatementSupportManager;
+use Webauthn\AttestationStatement\NoneAttestationStatementSupport;
+use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler;
+use Webauthn\AuthenticatorAssertionResponseValidator;
+use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
 use Webauthn\PublicKeyCredentialCreationOptions;
+use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialParameters;
 use Webauthn\PublicKeyCredentialRpEntity;
 use Webauthn\PublicKeyCredentialSourceRepository;
 use Webauthn\PublicKeyCredentialUserEntity;
+use Webauthn\TokenBinding\IgnoreTokenBindingHandler;
 
 class WebAuthnService
 {
     private static $rpName = "开心鄢的录播查询小站";
-    private static $rpId = "localhost";
+    private static $rpId = "comment.sc.jerryyan.top";
     private static $timeout = 45000;
     private static $publicKeyCredentialSourceRepositoryInstance = null;
+    private static $authenticatorAssertionResponseValidator = null;
+    private static $attestationStatementSupportManager = null;
     public static function createRequestOptions(PublicKeyCredentialUserEntity $userEntity, string $challenge): PublicKeyCredentialCreationOptions
     {
         $publicKeyCredentialParametersList = [
@@ -40,6 +53,53 @@ class WebAuthnService
         return static::$publicKeyCredentialSourceRepositoryInstance;
     }
 
+    public static function getAuthenticatorAssertionResponseValidator(): AuthenticatorAssertionResponseValidator
+    {
+        if (static::$authenticatorAssertionResponseValidator === null) {
+            $algorithmManager = new Manager();
+            $algorithmManager->add(new ES256());
+            $algorithmManager->add(new RS256());
+            static::$authenticatorAssertionResponseValidator =  new AuthenticatorAssertionResponseValidator(
+                static::getPublicKeyCredentialSourceRepository(),
+                new IgnoreTokenBindingHandler(),
+                new ExtensionOutputCheckerHandler(),
+                $algorithmManager
+            );
+        }
+        return static::$authenticatorAssertionResponseValidator;
+    }
+
+    public static function getAuthenticatorAttestationResponseValidator(): AuthenticatorAttestationResponseValidator
+    {
+        return new AuthenticatorAttestationResponseValidator(
+            static::getAttestationStatementSupportManager(),
+            static::getPublicKeyCredentialSourceRepository(),
+            new IgnoreTokenBindingHandler(),
+            new ExtensionOutputCheckerHandler()
+        );
+    }
+
+    public static function getPublicKeyCredentialLoader(): PublicKeyCredentialLoader
+    {
+        return new PublicKeyCredentialLoader(
+            static::getAttestationObjectLoader()
+        );
+    }
+
+    public static function getAttestationObjectLoader(): AttestationObjectLoader
+    {
+        return new AttestationObjectLoader(static::getAttestationStatementSupportManager());
+    }
+
+    private static function getAttestationStatementSupportManager(): AttestationStatementSupportManager
+    {
+        if (static::$attestationStatementSupportManager === null) {
+            static::$attestationStatementSupportManager = new AttestationStatementSupportManager();
+            static::$attestationStatementSupportManager->add(new NoneAttestationStatementSupport());
+        }
+        return static::$attestationStatementSupportManager;
+    }
+
     private static function getRpEntity(): PublicKeyCredentialRpEntity
     {
         return new PublicKeyCredentialRpEntity(