diff --git a/LICENSE b/LICENSE
index 38449bd..0580d1b 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
MIT License
-Copyright © 2021 Lukas Buchs
+Copyright © 2022 Lukas Buchs
Copyright © 2018 Thomas Bleeker (CBOR & ByteBuffer part)
Permission is hereby granted, free of charge, to any person obtaining a copy
diff --git a/_test/client.html b/_test/client.html
index 127d6f8..46dee4b 100644
--- a/_test/client.html
+++ b/_test/client.html
@@ -1,6 +1,6 @@
@@ -513,7 +513,7 @@
lbuchs/WebAuthn
the browser may not warn about providing informations about your device.
diff --git a/_test/server.php b/_test/server.php
index 1a9fd62..c1e59ae 100644
--- a/_test/server.php
+++ b/_test/server.php
@@ -1,7 +1,7 @@
0 && htmlspecialchars($value) === '') {
+ } else if (is_string($value) && strlen($value) > 0 && htmlspecialchars($value, ENT_QUOTES) === '') {
$value = chunk_split(bin2hex($value), 64);
}
$html .= '' . htmlspecialchars($key) . ' | ' . nl2br(htmlspecialchars($value)) . ' | ';
diff --git a/src/Attestation/Format/AndroidSafetyNet.php b/src/Attestation/Format/AndroidSafetyNet.php
index a027ca9..adc74ee 100644
--- a/src/Attestation/Format/AndroidSafetyNet.php
+++ b/src/Attestation/Format/AndroidSafetyNet.php
@@ -52,7 +52,7 @@ public function __construct($AttestionObject, AuthenticatorData $authenticatorDa
throw new WebAuthnException('invalid JWS payload', WebAuthnException::INVALID_DATA);
}
- if (!$header->x5c || !is_array($header->x5c) || count($header->x5c) === 0) {
+ if (!isset($header->x5c) || !is_array($header->x5c) || count($header->x5c) === 0) {
throw new WebAuthnException('No X.509 signature in JWS Header', WebAuthnException::INVALID_DATA);
}
@@ -89,7 +89,7 @@ public function validateAttestation($clientDataHash) {
// Verify that the nonce in the response is identical to the Base64 encoding
// of the SHA-256 hash of the concatenation of authenticatorData and clientDataHash.
- if (!$this->_payload->nonce || $this->_payload->nonce !== \base64_encode(\hash('SHA256', $this->_authenticatorData->getBinary() . $clientDataHash, true))) {
+ if (empty($this->_payload->nonce) || $this->_payload->nonce !== \base64_encode(\hash('SHA256', $this->_authenticatorData->getBinary() . $clientDataHash, true))) {
throw new WebAuthnException('invalid nonce in JWS payload', WebAuthnException::INVALID_DATA);
}
@@ -100,7 +100,7 @@ public function validateAttestation($clientDataHash) {
}
// Verify that the ctsProfileMatch attribute in the payload of response is true.
- if (!$this->_payload->ctsProfileMatch) {
+ if (empty($this->_payload->ctsProfileMatch)) {
throw new WebAuthnException('invalid ctsProfileMatch in payload', WebAuthnException::INVALID_DATA);
}
diff --git a/src/Attestation/Format/Apple.php b/src/Attestation/Format/Apple.php
index e1f19f0..e4f38e0 100644
--- a/src/Attestation/Format/Apple.php
+++ b/src/Attestation/Format/Apple.php
@@ -105,7 +105,7 @@ protected function _validateOverX5c($clientDataHash) {
// Verify that nonce equals the value of the extension with OID ( 1.2.840.113635.100.8.2 ) in credCert.
$parsedCredCert = openssl_x509_parse($credCert);
- $nonceExtension = isset($parsedCredCert['extensions']['1.2.840.113635.100.8.2']) ? $parsedCredCert['extensions']['1.2.840.113635.100.8.2'] : '';
+ $nonceExtension = $parsedCredCert['extensions']['1.2.840.113635.100.8.2'] ?? '';
// nonce padded by ASN.1 string: 30 24 A1 22 04 20
// 30 — type tag indicating sequence