Joomla CMS  4.2.2
Documentation des API du CMS Joomla en version 4.2.2
Fonctions membres publiques | Champs de données | Fonctions membres privées | Attributs privés
Référence de la classe Server
+ Graphe d'héritage de Server:

Fonctions membres publiques

 __construct (PublicKeyCredentialRpEntity $relayingParty, PublicKeyCredentialSourceRepository $publicKeyCredentialSourceRepository, ?MetadataStatementRepository $metadataStatementRepository)
 
 setSelectedAlgorithms (array $selectedAlgorithms)
 
 setTokenBindingHandler (TokenBindingNotSupportedHandler $tokenBindingHandler)
 
 addAlgorithm (string $alias, Algorithm $algorithm)
 
 setExtensionOutputCheckerHandler (ExtensionOutputCheckerHandler $extensionOutputCheckerHandler)
 
 generatePublicKeyCredentialRequestOptions (?string $userVerification=PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, array $allowedPublicKeyDescriptors=[], ?AuthenticationExtensionsClientInputs $extensions=null)
 
 generatePublicKeyCredentialCreationOptions (PublicKeyCredentialUserEntity $userEntity, ?string $attestationMode=PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE, array $excludedPublicKeyDescriptors=[], ?AuthenticatorSelectionCriteria $criteria=null, ?AuthenticationExtensionsClientInputs $extensions=null)
 
 loadAndCheckAttestationResponse (string $data, PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions, ServerRequestInterface $serverRequest)
 
 loadAndCheckAssertionResponse (string $data, PublicKeyCredentialRequestOptions $publicKeyCredentialRequestOptions, ?PublicKeyCredentialUserEntity $userEntity, ServerRequestInterface $serverRequest)
 
 enforceAndroidSafetyNetVerification (ClientInterface $client, string $apiKey, RequestFactoryInterface $requestFactory)
 
- Fonctions membres publiques hérités de Server
 __construct (PublicKeyCredentialRpEntity $relayingParty, PublicKeyCredentialSourceRepository $publicKeyCredentialSourceRepository, ?MetadataStatementRepository $metadataStatementRepository)
 
 setSelectedAlgorithms (array $selectedAlgorithms)
 
 setTokenBindingHandler (TokenBindingNotSupportedHandler $tokenBindingHandler)
 
 addAlgorithm (string $alias, Algorithm $algorithm)
 
 setExtensionOutputCheckerHandler (ExtensionOutputCheckerHandler $extensionOutputCheckerHandler)
 
 generatePublicKeyCredentialCreationOptions (PublicKeyCredentialUserEntity $userEntity, ?string $attestationMode=PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE, array $excludedPublicKeyDescriptors=[], ?AuthenticatorSelectionCriteria $criteria=null, ?AuthenticationExtensionsClientInputs $extensions=null)
 
 generatePublicKeyCredentialRequestOptions (?string $userVerification=PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, array $allowedPublicKeyDescriptors=[], ?AuthenticationExtensionsClientInputs $extensions=null)
 
 loadAndCheckAttestationResponse (string $data, PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions, ServerRequestInterface $serverRequest)
 
 loadAndCheckAssertionResponse (string $data, PublicKeyCredentialRequestOptions $publicKeyCredentialRequestOptions, ?PublicKeyCredentialUserEntity $userEntity, ServerRequestInterface $serverRequest)
 
 enforceAndroidSafetyNetVerification (ClientInterface $client, string $apiKey, RequestFactoryInterface $requestFactory)
 

Champs de données

 $timeout = 60000
 
 $challengeSize = 32
 
- Champs de données hérités de Server
 $timeout = 60000
 
 $challengeSize = 32
 

Fonctions membres privées

 getAttestationStatementSupportManager ()
 

Attributs privés

 $rpEntity
 
 $coseAlgorithmManagerFactory
 
 $publicKeyCredentialSourceRepository
 
 $tokenBindingHandler
 
 $extensionOutputCheckerHandler
 
 $selectedAlgorithms
 
 $metadataStatementRepository
 
 $httpClient
 
 $googleApiKey
 
 $requestFactory
 

Description détaillée

Customised WebAuthn server object.

We had to fork the server object from the WebAuthn server package to address an issue with PHP 8.

We are currently using an older version of the WebAuthn library (2.x) which was written before PHP 8 was developed. We cannot upgrade the WebAuthn library to a newer major version because of Joomla's Semantic Versioning promise.

The FidoU2FAttestationStatementSupport and AndroidKeyAttestationStatementSupport classes force an assertion on the result of the openssl_pkey_get_public() function, assuming it will return a resource. However, starting with PHP 8.0 this function returns an OpenSSLAsymmetricKey object and the assertion fails. As a result, you cannot use Android or FIDO U2F keys with WebAuthn.

The assertion check is in a private method, therefore we have to fork both attestation support classes to change the assertion. The assertion takes place through a third party library we cannot (and should not!) modify.

The assertions objects, however, are injected to the attestation support manager in a private method of the Server object. Because literally everything in this class is private we have no option than to fork the entire class to apply our two forked attestation support classes.

This is marked as deprecated because we'll be able to upgrade the WebAuthn library on Joomla 5.

Depuis
4.2.0
Obsolète:
5.0 We will upgrade the WebAuthn library to version 3 or later and this will go away.

Documentation des constructeurs et destructeur

◆ __construct()

__construct ( PublicKeyCredentialRpEntity  $relayingParty,
PublicKeyCredentialSourceRepository  $publicKeyCredentialSourceRepository,
?MetadataStatementRepository  $metadataStatementRepository 
)

Overridden constructor.

Paramètres
PublicKeyCredentialRpEntity$relayingPartyObvious
PublicKeyCredentialSourceRepository$publicKeyCredentialSourceRepositoryObvious
MetadataStatementRepository | null$metadataStatementRepositoryObvious
Depuis
4.2.0

Documentation des fonctions membres

◆ addAlgorithm()

addAlgorithm ( string  $alias,
Algorithm  $algorithm 
)
Paramètres
string$aliasObvious
Algorithm$algorithmObvious
Renvoie
void
Depuis
4.2.0

◆ enforceAndroidSafetyNetVerification()

enforceAndroidSafetyNetVerification ( ClientInterface  $client,
string  $apiKey,
RequestFactoryInterface  $requestFactory 
)
Paramètres
ClientInterface$clientObvious
string$apiKeyObvious
RequestFactoryInterface$requestFactoryObvious
Renvoie
void
Depuis
4.2.0

Références $client.

◆ generatePublicKeyCredentialCreationOptions()

generatePublicKeyCredentialCreationOptions ( PublicKeyCredentialUserEntity  $userEntity,
?string  $attestationMode = PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
array  $excludedPublicKeyDescriptors = [],
?AuthenticatorSelectionCriteria  $criteria = null,
?AuthenticationExtensionsClientInputs  $extensions = null 
)
Paramètres
PublicKeyCredentialUserEntity$userEntityObvious
string | null$attestationModeObvious
PublicKeyCredentialDescriptor[]$excludedPublicKeyDescriptors Obvious
AuthenticatorSelectionCriteria | null$criteriaObvious
AuthenticationExtensionsClientInputs | null$extensionsObvious
Renvoie
PublicKeyCredentialCreationOptions
Exceptions

Références PublicKeyCredentialDescriptor\CREDENTIAL_TYPE_PUBLIC_KEY.

◆ generatePublicKeyCredentialRequestOptions()

generatePublicKeyCredentialRequestOptions ( ?string  $userVerification = PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED,
array  $allowedPublicKeyDescriptors = [],
?AuthenticationExtensionsClientInputs  $extensions = null 
)
Paramètres
string | null$userVerificationObvious
PublicKeyCredentialDescriptor[]$allowedPublicKeyDescriptors Obvious
AuthenticationExtensionsClientInputs | null$extensionsObvious
Renvoie
PublicKeyCredentialRequestOptions
Exceptions

◆ getAttestationStatementSupportManager()

getAttestationStatementSupportManager ( )
private
Renvoie
AttestationStatementSupportManager
Depuis
4.2.0

Work around a third party library (web-token/jwt-signature-algorithm-eddsa) bug.

On PHP 8 libsodium is compiled into PHP, it is not an extension. However, the third party library does not check if the libsodium function are available; it checks if the "sodium" extension is loaded. This of course causes an immediate failure with a Runtime exception EVEN IF the attested data isn't attested by Android Safety Net. Therefore we have to not even load the AndroidSafetyNetAttestationStatementSupport class in this case...

Références null.

◆ loadAndCheckAssertionResponse()

loadAndCheckAssertionResponse ( string  $data,
PublicKeyCredentialRequestOptions  $publicKeyCredentialRequestOptions,
?PublicKeyCredentialUserEntity  $userEntity,
ServerRequestInterface  $serverRequest 
)
Paramètres
string$dataObvious
PublicKeyCredentialRequestOptions$publicKeyCredentialRequestOptionsObvious
PublicKeyCredentialUserEntity | null$userEntityObvious
ServerRequestInterface$serverRequestObvious
Renvoie
PublicKeyCredentialSource
Exceptions

Références $data, $this, AuthenticatorAssertionResponseValidator\check(), class, PublicKeyCredentialUserEntity\getId(), Assertion\isInstanceOf(), et null.

◆ loadAndCheckAttestationResponse()

loadAndCheckAttestationResponse ( string  $data,
PublicKeyCredentialCreationOptions  $publicKeyCredentialCreationOptions,
ServerRequestInterface  $serverRequest 
)
Paramètres
string$dataObvious
PublicKeyCredentialCreationOptions$publicKeyCredentialCreationOptionsObvious
ServerRequestInterface$serverRequestObvious
Renvoie
PublicKeyCredentialSource
Exceptions

Références $data, class, et Assertion\isInstanceOf().

◆ setExtensionOutputCheckerHandler()

setExtensionOutputCheckerHandler ( ExtensionOutputCheckerHandler  $extensionOutputCheckerHandler)
Paramètres
ExtensionOutputCheckerHandler$extensionOutputCheckerHandlerObvious
Renvoie
void
Depuis
4.2.0

◆ setSelectedAlgorithms()

setSelectedAlgorithms ( array  $selectedAlgorithms)
Paramètres
string[]$selectedAlgorithms Obvious
Renvoie
void
Depuis
4.2.0

◆ setTokenBindingHandler()

setTokenBindingHandler ( TokenBindingNotSupportedHandler  $tokenBindingHandler)
Paramètres
TokenBindingNotSupportedHandler$tokenBindingHandlerObvious
Renvoie
void
Depuis
4.2.0

Documentation des champs

◆ $challengeSize

$challengeSize = 32

◆ $coseAlgorithmManagerFactory

$coseAlgorithmManagerFactory
private

◆ $extensionOutputCheckerHandler

$extensionOutputCheckerHandler
private

◆ $googleApiKey

$googleApiKey
private

◆ $httpClient

$httpClient
private

◆ $metadataStatementRepository

$metadataStatementRepository
private

◆ $publicKeyCredentialSourceRepository

$publicKeyCredentialSourceRepository
private

◆ $requestFactory

$requestFactory
private

◆ $rpEntity

$rpEntity
private

◆ $selectedAlgorithms

$selectedAlgorithms
private

◆ $timeout

$timeout = 60000

◆ $tokenBindingHandler

$tokenBindingHandler
private
La documentation de cette classe a été générée à partir du fichier suivant :