[Web] remove u2f lib

data/web/inc/lib/composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "139c1e5dec323144cd778ce80fd1847e",
+    "content-hash": "6c4a1dce9b5f22b95c5cd87ecf0eb333",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -541,56 +541,6 @@
             ],
             "time": "2022-02-13T18:13:33+00:00"
         },
-        {
-            "name": "paragonie/random_compat",
-            "version": "v9.99.100",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">= 7"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "4.*|5.*",
-                "vimeo/psalm": "^1"
-            },
-            "suggest": {
-                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-            },
-            "type": "library",
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Paragon Initiative Enterprises",
-                    "email": "security@paragonie.com",
-                    "homepage": "https://paragonie.com"
-                }
-            ],
-            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-            "keywords": [
-                "csprng",
-                "polyfill",
-                "pseudorandom",
-                "random"
-            ],
-            "support": {
-                "email": "info@paragonie.com",
-                "issues": "https://github.com/paragonie/random_compat/issues",
-                "source": "https://github.com/paragonie/random_compat"
-            },
-            "time": "2020-10-15T08:29:30+00:00"
-        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -1677,47 +1627,6 @@
                 }
             ],
             "time": "2022-09-28T08:42:51+00:00"
-        },
-        {
-            "name": "yubico/u2flib-server",
-            "version": "1.0.2",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/Yubico/php-u2flib-server.git",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939",
-                "shasum": ""
-            },
-            "require": {
-                "ext-openssl": "*",
-                "paragonie/random_compat": ">= 1",
-                "php": ">=5.6"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~5.7",
-                "vimeo/psalm": "^0|^1|^2"
-            },
-            "type": "library",
-            "autoload": {
-                "classmap": [
-                    "src/"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-2-Clause"
-            ],
-            "description": "Library for U2F implementation",
-            "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "support": {
-                "issues": "https://github.com/Yubico/php-u2flib-server/issues",
-                "source": "https://github.com/Yubico/php-u2flib-server/tree/1.0.2"
-            },
-            "time": "2018-09-07T08:16:44+00:00"
         }
     ],
     "packages-dev": [],

data/web/inc/lib/vendor/composer/autoload_classmap.php

@@ -11,9 +11,4 @@ return array(
     'Stringable' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
     'UnhandledMatchError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
     'ValueError' => $vendorDir . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
-    'u2flib_server\\Error' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\RegisterRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\Registration' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\SignRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-    'u2flib_server\\U2F' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
 );

data/web/inc/lib/vendor/composer/autoload_static.php

@@ -174,11 +174,6 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
         'Stringable' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/Stringable.php',
         'UnhandledMatchError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/UnhandledMatchError.php',
         'ValueError' => __DIR__ . '/..' . '/symfony/polyfill-php80/Resources/stubs/ValueError.php',
-        'u2flib_server\\Error' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\RegisterRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\Registration' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\SignRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
-        'u2flib_server\\U2F' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
     );
 
     public static function getInitializer(ClassLoader $loader)

data/web/inc/lib/vendor/composer/installed.json

@@ -551,59 +551,6 @@
             ],
             "install-path": "../nesbot/carbon"
         },
-        {
-            "name": "paragonie/random_compat",
-            "version": "v9.99.100",
-            "version_normalized": "9.99.100.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">= 7"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "4.*|5.*",
-                "vimeo/psalm": "^1"
-            },
-            "suggest": {
-                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-            },
-            "time": "2020-10-15T08:29:30+00:00",
-            "type": "library",
-            "installation-source": "dist",
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Paragon Initiative Enterprises",
-                    "email": "security@paragonie.com",
-                    "homepage": "https://paragonie.com"
-                }
-            ],
-            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-            "keywords": [
-                "csprng",
-                "polyfill",
-                "pseudorandom",
-                "random"
-            ],
-            "support": {
-                "email": "info@paragonie.com",
-                "issues": "https://github.com/paragonie/random_compat/issues",
-                "source": "https://github.com/paragonie/random_compat"
-            },
-            "install-path": "../paragonie/random_compat"
-        },
         {
             "name": "php-mime-mail-parser/php-mime-mail-parser",
             "version": "7.0.0",
@@ -1730,46 +1677,6 @@
                 }
             ],
             "install-path": "../twig/twig"
-        },
-        {
-            "name": "yubico/u2flib-server",
-            "version": "1.0.2",
-            "version_normalized": "1.0.2.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/Yubico/php-u2flib-server.git",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/55d813acf68212ad2cadecde07551600d6971939",
-                "reference": "55d813acf68212ad2cadecde07551600d6971939",
-                "shasum": ""
-            },
-            "require": {
-                "ext-openssl": "*",
-                "paragonie/random_compat": ">= 1",
-                "php": ">=5.6"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~5.7",
-                "vimeo/psalm": "^0|^1|^2"
-            },
-            "time": "2018-09-07T08:16:44+00:00",
-            "type": "library",
-            "installation-source": "dist",
-            "autoload": {
-                "classmap": [
-                    "src/"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-2-Clause"
-            ],
-            "description": "Library for U2F implementation",
-            "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "install-path": "../yubico/u2flib-server"
         }
     ],
     "dev": true,

data/web/inc/lib/vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+        'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '8e0b1d8aee4af02311692cb031695cc2ac3850fd',
+            'reference' => 'a7e309f1c89c5579653fae00ec9655bb5f992ec6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -103,15 +103,6 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'paragonie/random_compat' => array(
-            'pretty_version' => 'v9.99.100',
-            'version' => '9.99.100.0',
-            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../paragonie/random_compat',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
         'php-mime-mail-parser/php-mime-mail-parser' => array(
             'pretty_version' => '7.0.0',
             'version' => '7.0.0.0',
@@ -253,14 +244,5 @@
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'yubico/u2flib-server' => array(
-            'pretty_version' => '1.0.2',
-            'version' => '1.0.2.0',
-            'reference' => '55d813acf68212ad2cadecde07551600d6971939',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../yubico/u2flib-server',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
     ),
 );

data/web/inc/lib/vendor/paragonie/random_compat/LICENSE

@@ -1,22 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Paragon Initiative Enterprises
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-

data/web/inc/lib/vendor/paragonie/random_compat/build-phar.sh

@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )
-
-php -dphar.readonly=0 "$basedir/other/build_phar.php" $*

data/web/inc/lib/vendor/paragonie/random_compat/composer.json

@@ -1,34 +0,0 @@
-{
-  "name":         "paragonie/random_compat",
-  "description":  "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-  "keywords": [
-    "csprng",
-    "random",
-    "polyfill",
-    "pseudorandom"
-  ],
-  "license":      "MIT",
-  "type":         "library",
-  "authors": [
-    {
-      "name":     "Paragon Initiative Enterprises",
-      "email":    "security@paragonie.com",
-      "homepage": "https://paragonie.com"
-    }
-  ],
-  "support": {
-    "issues":     "https://github.com/paragonie/random_compat/issues",
-    "email":      "info@paragonie.com",
-    "source":     "https://github.com/paragonie/random_compat"
-  },
-  "require": {
-    "php": ">= 7"
-  },
-  "require-dev": {
-    "vimeo/psalm": "^1",
-    "phpunit/phpunit": "4.*|5.*"
-  },
-  "suggest": {
-    "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-  }
-}

data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey

@@ -1,5 +0,0 @@
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm
-pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p
-+h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc
------END PUBLIC KEY-----

data/web/inc/lib/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (MingW32)
-
-iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip
-QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg
-1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW
-NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA
-NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV
-JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74=
-=B6+8
------END PGP SIGNATURE-----

data/web/inc/lib/vendor/paragonie/random_compat/lib/random.php

@@ -1,32 +0,0 @@
-<?php
-/**
- * Random_* Compatibility Library
- * for using the new PHP 7 random_* API in PHP 5 projects
- *
- * @version 2.99.99
- * @released 2018-06-06
- *
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-// NOP

data/web/inc/lib/vendor/paragonie/random_compat/other/build_phar.php

@@ -1,57 +0,0 @@
-<?php
-$dist = dirname(__DIR__).'/dist';
-if (!is_dir($dist)) {
-    mkdir($dist, 0755);
-}
-if (file_exists($dist.'/random_compat.phar')) {
-    unlink($dist.'/random_compat.phar');
-}
-$phar = new Phar(
-    $dist.'/random_compat.phar',
-    FilesystemIterator::CURRENT_AS_FILEINFO | \FilesystemIterator::KEY_AS_FILENAME,
-    'random_compat.phar'
-);
-rename(
-    dirname(__DIR__).'/lib/random.php', 
-    dirname(__DIR__).'/lib/index.php'
-);
-$phar->buildFromDirectory(dirname(__DIR__).'/lib');
-rename(
-    dirname(__DIR__).'/lib/index.php', 
-    dirname(__DIR__).'/lib/random.php'
-);
-
-/**
- * If we pass an (optional) path to a private key as a second argument, we will
- * sign the Phar with OpenSSL.
- * 
- * If you leave this out, it will produce an unsigned .phar!
- */
-if ($argc > 1) {
-    if (!@is_readable($argv[1])) {
-        echo 'Could not read the private key file:', $argv[1], "\n";
-        exit(255);
-    }
-    $pkeyFile = file_get_contents($argv[1]);
-    
-    $private = openssl_get_privatekey($pkeyFile);
-    if ($private !== false) {
-        $pkey = '';
-        openssl_pkey_export($private, $pkey);
-        $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
-        
-        /**
-         * Save the corresponding public key to the file
-         */
-        if (!@is_readable($dist.'/random_compat.phar.pubkey')) {
-            $details = openssl_pkey_get_details($private);
-            file_put_contents(
-                $dist.'/random_compat.phar.pubkey',
-                $details['key']
-            );
-        }
-    } else {
-        echo 'An error occurred reading the private key from OpenSSL.', "\n";
-        exit(255);
-    }
-}

data/web/inc/lib/vendor/paragonie/random_compat/psalm-autoload.php

@@ -1,9 +0,0 @@
-<?php
-
-require_once 'lib/byte_safe_strings.php';
-require_once 'lib/cast_to_int.php';
-require_once 'lib/error_polyfill.php';
-require_once 'other/ide_stubs/libsodium.php';
-require_once 'lib/random.php';
-
-$int = random_int(0, 65536);

data/web/inc/lib/vendor/paragonie/random_compat/psalm.xml

@@ -1,19 +0,0 @@
-<?xml version="1.0"?>
-<psalm
-    autoloader="psalm-autoload.php"
-    stopOnFirstError="false"
-    useDocblockTypes="true"
->
-    <projectFiles>
-        <directory name="lib" />
-    </projectFiles>
-    <issueHandlers>
-        <RedundantConditionGivenDocblockType errorLevel="info" />
-        <UnresolvableInclude errorLevel="info" />
-        <DuplicateClass errorLevel="info" />
-        <InvalidOperand errorLevel="info" />
-        <UndefinedConstant errorLevel="info" />
-        <MissingReturnType errorLevel="info" />
-        <InvalidReturnType errorLevel="info" />
-    </issueHandlers>
-</psalm>

data/web/inc/lib/vendor/yubico/u2flib-server/.gitignore

@@ -1,7 +0,0 @@
-composer.lock
-vendor/
-.*.swp
-php-u2flib-server-*.tar.gz
-php-u2flib-server-*.tar.gz.sig
-apidocs/
-build/

data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml

@@ -1,23 +0,0 @@
-language: php
-sudo: false
-php:
-  - 7.0
-  - 7.1
-  - 7.2
-  - hhvm
-matrix:
-  include:
-    - php: 5.6
-      env: COVERALLS=true
-  allow_failures:
-    - php: hhvm
-
-before_script:
-  - composer install
-
-script:
-  - ./vendor/bin/psalm
-  - ./vendor/phpunit/phpunit/phpunit -c phpunit.xml
-
-after_success:
-  - test -z $COVERALLS || (composer require satooshi/php-coveralls && vendor/bin/coveralls -v)

data/web/inc/lib/vendor/yubico/u2flib-server/BLURB

@@ -1,9 +0,0 @@
-Author: Yubico
-Basename: php-u2flib-server
-Homepage: https://developers.yubico.com/php-u2flib-server
-License: BSD-2-Clause
-Name: Native U2F library in PHP
-Project: php-u2flib-server
-Summary: Native U2F library in PHP
-Yubico-Category: U2F projects
-Travis: https://travis-ci.org/Yubico/php-u2flib-server

data/web/inc/lib/vendor/yubico/u2flib-server/COPYING

@@ -1,26 +0,0 @@
-Copyright (c) 2014 Yubico AB
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-      copyright notice, this list of conditions and the following
-      disclaimer in the documentation and/or other materials provided
-      with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/web/inc/lib/vendor/yubico/u2flib-server/NEWS

@@ -1,34 +0,0 @@
-php-u2flib-server NEWS -- History of user-visible changes.
-
-* Version 1.0.2 (released 2018-09-07)
- ** Additional error checks.
- ** Add user presence check.
- ** Support single files for attestation root.
- ** Type safety, CSPRNG, avoid chr().
-
-* Version 1.0.1 (released 2017-05-09)
- ** Move examples to phps so they don't execute by default
- ** Use common challenge for multiple registrations
-
-* Version 1.0.0 (released 2016-02-19)
- ** Give an early error on openssl < 1.0
- ** Support devices with initial counter 0
- ** Fixes to examples
- ** Handle errorCode: 0 correctly
-
-* Version 0.1.0 (released 2015-03-03)
- ** Use openssl for all crypto instead of third party extensions.
- ** Properly check the request challenge on authenticate.
- ** Switch from returning error codes to throwing exceptions.
- ** Stop recommending composer for installation.
-
-* Version 0.0.2 (released 2014-10-24)
- ** Refactor the API to return objects instead of encoded objects.
- ** Add a second example that uses PDO to store registrations.
- ** Add documentation to the API.
- ** Check that randomness returned is good.
- ** Drop the unneeded mcrypt extension.
- ** More tests.
-
-* Version 0.0.1 (released 2014-10-16)
- ** Initial release.

data/web/inc/lib/vendor/yubico/u2flib-server/README

@@ -1,34 +0,0 @@
-php-u2flib-server
------------------
-
-image:https://travis-ci.org/Yubico/php-u2flib-server.svg?branch=master["Build Status", link="https://travis-ci.org/Yubico/php-u2flib-server"]
-image:https://coveralls.io/repos/Yubico/php-u2flib-server/badge.svg?branch=master&service=github["Coverage", link="https://coveralls.io/github/Yubico/php-u2flib-server?branch=master"]
-image:https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/badges/quality-score.png?b=master["Scrutinizer Code Quality", link="https://scrutinizer-ci.com/g/Yubico/php-u2flib-server/?branch=master"]
-
-=== Introduction ===
-
-Serverside U2F library for PHP. Provides functionality for registering
-tokens and authentication with said tokens.
-
-To read more about U2F and how to use a U2F library, visit
-link:http://developers.yubico.com/U2F[developers.yubico.com/U2F].
-
-=== License ===
-
-The project is licensed under a BSD license.  See the file COPYING for
-exact wording.  For any copyright year range specified as YYYY-ZZZZ in
-this package note that the range specifies every single year in that
-closed interval.
-
-=== Dependencies ===
-
-The only dependency is the openssl extension to PHP that has to be enabled.
-
-A composer.json is included in the distribution to make things simpler for
-other project using composer.
-
-=== Tests ===
-
-To run the test suite link:https://phpunit.de[PHPUnit] is required. To run it, type:
-
- $ phpunit

data/web/inc/lib/vendor/yubico/u2flib-server/README.adoc

@@ -1 +0,0 @@
-README

data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon

@@ -1,13 +0,0 @@
-destination: apidocs
-
-source:
-  - src/u2flib_server
-
-exclude:
-  - "*/tests/*"
-
-groups: none
-
-tree: false
-
-title: php-u2flib-server API

data/web/inc/lib/vendor/yubico/u2flib-server/composer.json

@@ -1,18 +0,0 @@
-{
-  "name":"yubico/u2flib-server",
-  "description":"Library for U2F implementation",
-  "homepage":"https://developers.yubico.com/php-u2flib-server",
-  "license":"BSD-2-Clause",
-  "require": {
-    "ext-openssl":"*",
-    "paragonie/random_compat": ">= 1",
-    "php": ">=5.6"
-  },
-  "autoload": {
-    "classmap": ["src/"]
-  },
-  "require-dev": {
-    "phpunit/phpunit": "~5.7",
-    "vimeo/psalm": "^0|^1|^2"
-  }
-}

data/web/inc/lib/vendor/yubico/u2flib-server/do-source-release.sh

@@ -1,40 +0,0 @@
-#!/bin/sh
-
-set -e
-
-VERSION=$1
-PGP_KEYID=$2
-
-if [ "x$PGP_KEYID" = "x" ]; then
-  echo "try with $0 VERSION PGP_KEYID"
-  echo "example: $0 0.0.1 B2168C0A"
-  exit
-fi
-
-if ! head -3 NEWS  | grep -q "Version $VERSION .released `date -I`"; then
-  echo "You need to update date/version in NEWS"
-  exit
-fi
-
-if [ "x$YUBICO_GITHUB_REPO" = "x" ]; then
-  echo "you need to define YUBICO_GITHUB_REPO"
-  exit
-fi
-
-releasename=php-u2flib-server-${VERSION}
-
-git push
-git tag -u ${PGP_KEYID} -m $VERSION $VERSION
-git push --tags
-tmpdir=`mktemp -d /tmp/release.XXXXXX`
-releasedir=${tmpdir}/${releasename}
-mkdir -p $releasedir
-git archive $VERSION --format=tar | tar -xC $releasedir
-git2cl > $releasedir/ChangeLog
-cd $releasedir
-apigen generate
-cd -
-tar -cz --directory=$tmpdir --file=${releasename}.tar.gz $releasename
-gpg --detach-sign --default-key $PGP_KEYID ${releasename}.tar.gz
-$YUBICO_GITHUB_REPO/publish php-u2flib-server $VERSION ${releasename}.tar.gz*
-rm -rf $tmpdir

data/web/inc/lib/vendor/yubico/u2flib-server/examples/assets/u2f-api.js

@@ -1,651 +0,0 @@
-// Copyright 2014-2015 Google Inc. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file or at
-// https://developers.google.com/open-source/licenses/bsd
-
-/**
- * @fileoverview The U2F api.
- */
-
-'use strict';
-
-/** Namespace for the U2F api.
- * @type {Object}
- */
-var u2f = u2f || {};
-
-/**
- * The U2F extension id
- * @type {string}
- * @const
- */
-u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
-
-/**
- * Message types for messsages to/from the extension
- * @const
- * @enum {string}
- */
-u2f.MessageTypes = {
-    'U2F_REGISTER_REQUEST': 'u2f_register_request',
-    'U2F_SIGN_REQUEST': 'u2f_sign_request',
-    'U2F_REGISTER_RESPONSE': 'u2f_register_response',
-    'U2F_SIGN_RESPONSE': 'u2f_sign_response'
-};
-
-/**
- * Response status codes
- * @const
- * @enum {number}
- */
-u2f.ErrorCodes = {
-    'OK': 0,
-    'OTHER_ERROR': 1,
-    'BAD_REQUEST': 2,
-    'CONFIGURATION_UNSUPPORTED': 3,
-    'DEVICE_INELIGIBLE': 4,
-    'TIMEOUT': 5
-};
-
-/**
- * A message type for registration requests
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   signRequests: Array<u2f.SignRequest>,
- *   registerRequests: ?Array<u2f.RegisterRequest>,
- *   timeoutSeconds: ?number,
- *   requestId: ?number
- * }}
- */
-u2f.Request;
-
-/**
- * A message for registration responses
- * @typedef {{
- *   type: u2f.MessageTypes,
- *   responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
- *   requestId: ?number
- * }}
- */
-u2f.Response;
-
-/**
- * An error object for responses
- * @typedef {{
- *   errorCode: u2f.ErrorCodes,
- *   errorMessage: ?string
- * }}
- */
-u2f.Error;
-
-/**
- * Data object for a single sign request.
- * @typedef {{
- *   version: string,
- *   challenge: string,
- *   keyHandle: string,
- *   appId: string
- * }}
- */
-u2f.SignRequest;
-
-/**
- * Data object for a sign response.
- * @typedef {{
- *   keyHandle: string,
- *   signatureData: string,
- *   clientData: string
- * }}
- */
-u2f.SignResponse;
-
-/**
- * Data object for a registration request.
- * @typedef {{
- *   version: string,
- *   challenge: string,
- *   appId: string
- * }}
- */
-u2f.RegisterRequest;
-
-/**
- * Data object for a registration response.
- * @typedef {{
- *   registrationData: string,
- *   clientData: string
- * }}
- */
-u2f.RegisterResponse;
-
-
-// Low level MessagePort API support
-
-/**
- * Sets up a MessagePort to the U2F extension using the
- * available mechanisms.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- */
-u2f.getMessagePort = function(callback) {
-    if (typeof chrome != 'undefined' && chrome.runtime) {
-        // The actual message here does not matter, but we need to get a reply
-        // for the callback to run. Thus, send an empty signature request
-        // in order to get a failure response.
-        var msg = {
-            type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-            signRequests: []
-        };
-        chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
-            if (!chrome.runtime.lastError) {
-                // We are on a whitelisted origin and can talk directly
-                // with the extension.
-                u2f.getChromeRuntimePort_(callback);
-            } else {
-                // chrome.runtime was available, but we couldn't message
-                // the extension directly, use iframe
-                u2f.getIframePort_(callback);
-            }
-        });
-    } else if (u2f.isAndroidChrome_()) {
-        u2f.getAuthenticatorPort_(callback);
-    } else {
-        // chrome.runtime was not available at all, which is normal
-        // when this origin doesn't have access to any extensions.
-        u2f.getIframePort_(callback);
-    }
-};
-
-/**
- * Detect chrome running on android based on the browser's useragent.
- * @private
- */
-u2f.isAndroidChrome_ = function() {
-    var userAgent = navigator.userAgent;
-    return userAgent.indexOf('Chrome') != -1 &&
-        userAgent.indexOf('Android') != -1;
-};
-
-/**
- * Connects directly to the extension via chrome.runtime.connect
- * @param {function(u2f.WrappedChromeRuntimePort_)} callback
- * @private
- */
-u2f.getChromeRuntimePort_ = function(callback) {
-    var port = chrome.runtime.connect(u2f.EXTENSION_ID,
-        {'includeTlsChannelId': true});
-    setTimeout(function() {
-        callback(new u2f.WrappedChromeRuntimePort_(port));
-    }, 0);
-};
-
-/**
- * Return a 'port' abstraction to the Authenticator app.
- * @param {function(u2f.WrappedAuthenticatorPort_)} callback
- * @private
- */
-u2f.getAuthenticatorPort_ = function(callback) {
-    setTimeout(function() {
-        callback(new u2f.WrappedAuthenticatorPort_());
-    }, 0);
-};
-
-/**
- * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
- * @param {Port} port
- * @constructor
- * @private
- */
-u2f.WrappedChromeRuntimePort_ = function(port) {
-    this.port_ = port;
-};
-
-/**
- * Format a return a sign request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedChromeRuntimePort_.prototype.formatSignRequest_ =
-    function(signRequests, timeoutSeconds, reqId) {
-        return {
-            type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-            signRequests: signRequests,
-            timeoutSeconds: timeoutSeconds,
-            requestId: reqId
-        };
-    };
-
-/**
- * Format a return a register request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {Array<u2f.RegisterRequest>} signRequests
- * @param {number} timeoutSeconds
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedChromeRuntimePort_.prototype.formatRegisterRequest_ =
-    function(signRequests, registerRequests, timeoutSeconds, reqId) {
-        return {
-            type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-            signRequests: signRequests,
-            registerRequests: registerRequests,
-            timeoutSeconds: timeoutSeconds,
-            requestId: reqId
-        };
-    };
-
-/**
- * Posts a message on the underlying channel.
- * @param {Object} message
- */
-u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
-    this.port_.postMessage(message);
-};
-
-/**
- * Emulates the HTML 5 addEventListener interface. Works only for the
- * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
-    function(eventName, handler) {
-        var name = eventName.toLowerCase();
-        if (name == 'message' || name == 'onmessage') {
-            this.port_.onMessage.addListener(function(message) {
-                // Emulate a minimal MessageEvent object
-                handler({'data': message});
-            });
-        } else {
-            console.error('WrappedChromeRuntimePort only supports onMessage');
-        }
-    };
-
-/**
- * Wrap the Authenticator app with a MessagePort interface.
- * @constructor
- * @private
- */
-u2f.WrappedAuthenticatorPort_ = function() {
-    this.requestId_ = -1;
-    this.requestObject_ = null;
-}
-
-/**
- * Launch the Authenticator intent.
- * @param {Object} message
- */
-u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
-    var intentLocation = /** @type {string} */ (message);
-    document.location = intentLocation;
-};
-
-/**
- * Emulates the HTML 5 addEventListener interface.
- * @param {string} eventName
- * @param {function({data: Object})} handler
- */
-u2f.WrappedAuthenticatorPort_.prototype.addEventListener =
-    function(eventName, handler) {
-        var name = eventName.toLowerCase();
-        if (name == 'message') {
-            var self = this;
-            /* Register a callback to that executes when
-             * chrome injects the response. */
-            window.addEventListener(
-                'message', self.onRequestUpdate_.bind(self, handler), false);
-        } else {
-            console.error('WrappedAuthenticatorPort only supports message');
-        }
-    };
-
-/**
- * Callback invoked  when a response is received from the Authenticator.
- * @param function({data: Object}) callback
- * @param {Object} message message Object
- */
-u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
-    function(callback, message) {
-        var messageObject = JSON.parse(message.data);
-        var intentUrl = messageObject['intentURL'];
-
-        var errorCode = messageObject['errorCode'];
-        var responseObject = null;
-        if (messageObject.hasOwnProperty('data')) {
-            responseObject = /** @type {Object} */ (
-                JSON.parse(messageObject['data']));
-            responseObject['requestId'] = this.requestId_;
-        }
-
-        /* Sign responses from the authenticator do not conform to U2F,
-         * convert to U2F here. */
-        responseObject = this.doResponseFixups_(responseObject);
-        callback({'data': responseObject});
-    };
-
-/**
- * Fixup the response provided by the Authenticator to conform with
- * the U2F spec.
- * @param {Object} responseData
- * @return {Object} the U2F compliant response object
- */
-u2f.WrappedAuthenticatorPort_.prototype.doResponseFixups_ =
-    function(responseObject) {
-        if (responseObject.hasOwnProperty('responseData')) {
-            return responseObject;
-        } else if (this.requestObject_['type'] != u2f.MessageTypes.U2F_SIGN_REQUEST) {
-            // Only sign responses require fixups.  If this is not a response
-            // to a sign request, then an internal error has occurred.
-            return {
-                'type': u2f.MessageTypes.U2F_REGISTER_RESPONSE,
-                'responseData': {
-                    'errorCode': u2f.ErrorCodes.OTHER_ERROR,
-                    'errorMessage': 'Internal error: invalid response from Authenticator'
-                }
-            };
-        }
-
-        /* Non-conformant sign response, do fixups. */
-        var encodedChallengeObject = responseObject['challenge'];
-        if (typeof encodedChallengeObject !== 'undefined') {
-            var challengeObject = JSON.parse(atob(encodedChallengeObject));
-            var serverChallenge = challengeObject['challenge'];
-            var challengesList = this.requestObject_['signData'];
-            var requestChallengeObject = null;
-            for (var i = 0; i < challengesList.length; i++) {
-                var challengeObject = challengesList[i];
-                if (challengeObject['keyHandle'] == responseObject['keyHandle']) {
-                    requestChallengeObject = challengeObject;
-                    break;
-                }
-            }
-        }
-        var responseData = {
-            'errorCode': responseObject['resultCode'],
-            'keyHandle': responseObject['keyHandle'],
-            'signatureData': responseObject['signature'],
-            'clientData': encodedChallengeObject
-        };
-        return {
-            'type': u2f.MessageTypes.U2F_SIGN_RESPONSE,
-            'responseData': responseData,
-            'requestId': responseObject['requestId']
-        }
-    };
-
-/**
- * Base URL for intents to Authenticator.
- * @const
- * @private
- */
-u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
-    'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
-
-/**
- * Format a return a sign request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {number} timeoutSeconds (ignored for now)
- * @param {number} reqId
- * @return {string}
- */
-u2f.WrappedAuthenticatorPort_.prototype.formatSignRequest_ =
-    function(signRequests, timeoutSeconds, reqId) {
-        if (!signRequests || signRequests.length == 0) {
-            return null;
-        }
-        /* TODO(fixme): stash away requestId, as the authenticator app does
-         * not return it for sign responses. */
-        this.requestId_ = reqId;
-        /* TODO(fixme): stash away the signRequests, to deal with the legacy
-         * response format returned by the Authenticator app. */
-        this.requestObject_ = {
-            'type': u2f.MessageTypes.U2F_SIGN_REQUEST,
-            'signData': signRequests,
-            'requestId': reqId,
-            'timeout': timeoutSeconds
-        };
-
-        var appId = signRequests[0]['appId'];
-        var intentUrl =
-            u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-            ';S.appId=' + encodeURIComponent(appId) +
-            ';S.eventId=' + reqId +
-            ';S.challenges=' +
-            encodeURIComponent(
-                JSON.stringify(this.getBrowserDataList_(signRequests))) + ';end';
-        return intentUrl;
-    };
-
-/**
- * Get the browser data objects from the challenge list
- * @param {Array} challenges list of challenges
- * @return {Array} list of browser data objects
- * @private
- */
-u2f.WrappedAuthenticatorPort_
-    .prototype.getBrowserDataList_ = function(challenges) {
-    return challenges
-        .map(function(challenge) {
-            var browserData = {
-                'typ': 'navigator.id.getAssertion',
-                'challenge': challenge['challenge']
-            };
-            var challengeObject = {
-                'challenge' : browserData,
-                'keyHandle' : challenge['keyHandle']
-            };
-            return challengeObject;
-        });
-};
-
-/**
- * Format a return a register request.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {Array<u2f.RegisterRequest>} enrollChallenges
- * @param {number} timeoutSeconds (ignored for now)
- * @param {number} reqId
- * @return {Object}
- */
-u2f.WrappedAuthenticatorPort_.prototype.formatRegisterRequest_ =
-    function(signRequests, enrollChallenges, timeoutSeconds, reqId) {
-        if (!enrollChallenges || enrollChallenges.length == 0) {
-            return null;
-        }
-        // Assume the appId is the same for all enroll challenges.
-        var appId = enrollChallenges[0]['appId'];
-        var registerRequests = [];
-        for (var i = 0; i < enrollChallenges.length; i++) {
-            var registerRequest = {
-                'challenge': enrollChallenges[i]['challenge'],
-                'version': enrollChallenges[i]['version']
-            };
-            if (enrollChallenges[i]['appId'] != appId) {
-                // Only include the appId when it differs from the first appId.
-                registerRequest['appId'] = enrollChallenges[i]['appId'];
-            }
-            registerRequests.push(registerRequest);
-        }
-        var registeredKeys = [];
-        if (signRequests) {
-            for (i = 0; i < signRequests.length; i++) {
-                var key = {
-                    'keyHandle': signRequests[i]['keyHandle'],
-                    'version': signRequests[i]['version']
-                };
-                // Only include the appId when it differs from the appId that's
-                // being registered now.
-                if (signRequests[i]['appId'] != appId) {
-                    key['appId'] = signRequests[i]['appId'];
-                }
-                registeredKeys.push(key);
-            }
-        }
-        var request = {
-            'type': u2f.MessageTypes.U2F_REGISTER_REQUEST,
-            'appId': appId,
-            'registerRequests': registerRequests,
-            'registeredKeys': registeredKeys,
-            'requestId': reqId,
-            'timeoutSeconds': timeoutSeconds
-        };
-        var intentUrl =
-            u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-            ';S.request=' + encodeURIComponent(JSON.stringify(request)) +
-            ';end';
-        /* TODO(fixme): stash away requestId, this is is not necessary for
-         * register requests, but here to keep parity with sign.
-         */
-        this.requestId_ = reqId;
-        return intentUrl;
-    };
-
-
-/**
- * Sets up an embedded trampoline iframe, sourced from the extension.
- * @param {function(MessagePort)} callback
- * @private
- */
-u2f.getIframePort_ = function(callback) {
-    // Create the iframe
-    var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
-    var iframe = document.createElement('iframe');
-    iframe.src = iframeOrigin + '/u2f-comms.html';
-    iframe.setAttribute('style', 'display:none');
-    document.body.appendChild(iframe);
-
-    var channel = new MessageChannel();
-    var ready = function(message) {
-        if (message.data == 'ready') {
-            channel.port1.removeEventListener('message', ready);
-            callback(channel.port1);
-        } else {
-            console.error('First event on iframe port was not "ready"');
-        }
-    };
-    channel.port1.addEventListener('message', ready);
-    channel.port1.start();
-
-    iframe.addEventListener('load', function() {
-        // Deliver the port to the iframe and initialize
-        iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
-    });
-};
-
-
-// High-level JS API
-
-/**
- * Default extension response timeout in seconds.
- * @const
- */
-u2f.EXTENSION_TIMEOUT_SEC = 30;
-
-/**
- * A singleton instance for a MessagePort to the extension.
- * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
- * @private
- */
-u2f.port_ = null;
-
-/**
- * Callbacks waiting for a port
- * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
- * @private
- */
-u2f.waitingForPort_ = [];
-
-/**
- * A counter for requestIds.
- * @type {number}
- * @private
- */
-u2f.reqCounter_ = 0;
-
-/**
- * A map from requestIds to client callbacks
- * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
- *                       |function((u2f.Error|u2f.SignResponse)))>}
- * @private
- */
-u2f.callbackMap_ = {};
-
-/**
- * Creates or retrieves the MessagePort singleton to use.
- * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
- * @private
- */
-u2f.getPortSingleton_ = function(callback) {
-    if (u2f.port_) {
-        callback(u2f.port_);
-    } else {
-        if (u2f.waitingForPort_.length == 0) {
-            u2f.getMessagePort(function(port) {
-                u2f.port_ = port;
-                u2f.port_.addEventListener('message',
-                    /** @type {function(Event)} */ (u2f.responseHandler_));
-
-                // Careful, here be async callbacks. Maybe.
-                while (u2f.waitingForPort_.length)
-                    u2f.waitingForPort_.shift()(u2f.port_);
-            });
-        }
-        u2f.waitingForPort_.push(callback);
-    }
-};
-
-/**
- * Handles response messages from the extension.
- * @param {MessageEvent.<u2f.Response>} message
- * @private
- */
-u2f.responseHandler_ = function(message) {
-    var response = message.data;
-    var reqId = response['requestId'];
-    if (!reqId || !u2f.callbackMap_[reqId]) {
-        console.error('Unknown or missing requestId in response.');
-        return;
-    }
-    var cb = u2f.callbackMap_[reqId];
-    delete u2f.callbackMap_[reqId];
-    cb(response['responseData']);
-};
-
-/**
- * Dispatches an array of sign requests to available U2F tokens.
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {function((u2f.Error|u2f.SignResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.sign = function(signRequests, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-        var reqId = ++u2f.reqCounter_;
-        u2f.callbackMap_[reqId] = callback;
-        var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-        var req = port.formatSignRequest_(signRequests, timeoutSeconds, reqId);
-        port.postMessage(req);
-    });
-};
-
-/**
- * Dispatches register requests to available U2F tokens. An array of sign
- * requests identifies already registered tokens.
- * @param {Array<u2f.RegisterRequest>} registerRequests
- * @param {Array<u2f.SignRequest>} signRequests
- * @param {function((u2f.Error|u2f.RegisterResponse))} callback
- * @param {number=} opt_timeoutSeconds
- */
-u2f.register = function(registerRequests, signRequests,
-                        callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-        var reqId = ++u2f.reqCounter_;
-        u2f.callbackMap_[reqId] = callback;
-        var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-        var req = port.formatRegisterRequest_(
-            signRequests, registerRequests, timeoutSeconds, reqId);
-        port.postMessage(req);
-    });
-};

data/web/inc/lib/vendor/yubico/u2flib-server/examples/cli/u2f-server.phps

@@ -1,83 +0,0 @@
-#!/usr/bin/php
-<?php
-
- /* Copyright (c) 2015 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a basic example of a u2f-server command line that can be used 
- * with the u2f-host binary to perform regitrations and authentications.
- */ 
-
-require_once('../../src/u2flib_server/U2F.php');
-
-$options = getopt("rao:R:");
-$mode;
-$challenge;
-$response;
-$result;
-$regs;
-
-if(array_key_exists('r', $options)) {
-  $mode = "register";
-} elseif(array_key_exists('a', $options)) {
-  if(!array_key_exists('R', $options)) {
-    print "a registration must be supplied with -R";
-    exit(1);
-  }
-  $regs = json_decode('[' . $options['R'] . ']');
-  $mode = "authenticate";
-} else {
-  print "-r or -a must be used\n";
-  exit(1);
-}
-if(!array_key_exists('o', $options)) {
-  print "origin must be supplied with -o\n";
-  exit(1);
-}
-
-$u2f = new u2flib_server\U2F($options['o']);
-
-if($mode === "register") {
-  $challenge = $u2f->getRegisterData();
-} elseif($mode === "authenticate") {
-  $challenge = $u2f->getAuthenticateData($regs);
-}
-
-print json_encode($challenge[0]) . "\n";
-$response = fgets(STDIN);
-
-if($mode === "register") {
-  $result = $u2f->doRegister($challenge[0], json_decode($response));
-} elseif($mode === "authenticate") {
-  $result = $u2f->doAuthenticate($challenge, $regs, json_decode($response));
-}
-
-print json_encode($result) . "\n";
-
-?>

data/web/inc/lib/vendor/yubico/u2flib-server/examples/localstorage/index.phps

@@ -1,186 +0,0 @@
-<?php
-/**
- * Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a minimal example of U2F registration and authentication.
- * The data that has to be stored between registration and authentication
- * is stored in browser localStorage, so there's nothing real-world
- * about this.
- */
-require_once('../../src/u2flib_server/U2F.php');
-$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
-$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
-?>
-<html>
-<head>
-    <title>PHP U2F Demo</title>
-
-    <script src="../assets/u2f-api.js"></script>
-
-    <script>
-        function addRegistration(reg) {
-            var existing = localStorage.getItem('u2fregistration');
-            var regobj = JSON.parse(reg);
-            var data = null;
-            if(existing) {
-                data = JSON.parse(existing);
-                if(Array.isArray(data)) {
-                    for (var i = 0; i < data.length; i++) {
-                        if(data[i].keyHandle === regobj.keyHandle) {
-                            data.splice(i,1);
-                            break;
-                        }
-                    }
-                    data.push(regobj);
-                } else {
-                    data = null;
-                }
-            }
-            if(data == null) {
-                data = [regobj];
-            }
-            localStorage.setItem('u2fregistration', JSON.stringify(data));
-        }
-        <?php
-        function fixupArray($data) {
-            $ret = array();
-            $decoded = json_decode($data);
-            foreach ($decoded as $d) {
-                $ret[] = json_encode($d);
-            }
-            return $ret;
-        }
-        if($_SERVER['REQUEST_METHOD'] === 'POST') {
-            if(isset($_POST['startRegister'])) {
-                $regs = json_decode($_POST['registrations']) ? : array();
-                list($data, $reqs) = $u2f->getRegisterData($regs);
-                echo "var request = " . json_encode($data) . ";\n";
-                echo "var signs = " . json_encode($reqs) . ";\n";
-        ?>
-        setTimeout(function() {
-            console.log("Register: ", request);
-            u2f.register([request], signs, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('doRegister');
-                var req = document.getElementById('request');
-                console.log("Register callback", data);
-                if(data.errorCode && data.errorCode != 0) {
-                    alert("registration failed with errror: " + data.errorCode);
-                    return;
-                }
-                reg.value=JSON.stringify(data);
-                req.value=JSON.stringify(request);
-                form.submit();
-            });
-        }, 1000);
-        <?php
-            } else if($_POST['doRegister']) {
-                try {
-                    $data = $u2f->doRegister(json_decode($_POST['request']), json_decode($_POST['doRegister']));
-                    echo "var registration = '" . json_encode($data) . "';\n";
-        ?>
-        addRegistration(registration);
-        alert("registration successful!");
-        <?php
-                } catch(u2flib_server\Error $e) {
-                    echo "alert('error:" . $e->getMessage() . "');\n";
-                }
-            } else if(isset($_POST['startAuthenticate'])) {
-                $regs = json_decode($_POST['registrations']);
-                $data = $u2f->getAuthenticateData($regs);
-                echo "var registrations = " . $_POST['registrations'] . ";\n";
-                echo "var request = " . json_encode($data) . ";\n";
-        ?>
-        setTimeout(function() {
-            console.log("sign: ", request);
-            u2f.sign(request, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('doAuthenticate');
-                var req = document.getElementById('request');
-                var regs = document.getElementById('registrations');
-                console.log("Authenticate callback", data);
-                reg.value=JSON.stringify(data);
-                req.value=JSON.stringify(request);
-                regs.value=JSON.stringify(registrations);
-                form.submit();
-            });
-        }, 1000);
-        <?php
-            } else if($_POST['doAuthenticate']) {
-                $reqs = json_decode($_POST['request']);
-                $regs = json_decode($_POST['registrations']);
-                try {
-                    $data = $u2f->doAuthenticate($reqs, $regs, json_decode($_POST['doAuthenticate']));
-                    echo "var registration = '" . json_encode($data) . "';\n";
-                    echo "addRegistration(registration);\n";
-                    echo "alert('Authentication successful, counter:" . $data->counter . "');\n";
-                } catch(u2flib_server\Error $e) {
-                    echo "alert('error:" . $e->getMessage() . "');\n";
-                }
-            }
-        }
-        ?>
-    </script>
-
-</head>
-<body>
-<form method="POST" id="form">
-    <button name="startRegister" type="submit">Register</button>
-    <input type="hidden" name="doRegister" id="doRegister"/>
-    <button name="startAuthenticate" type="submit" id="startAuthenticate">Authenticate</button>
-    <input type="hidden" name="doAuthenticate" id="doAuthenticate"/>
-    <input type="hidden" name="request" id="request"/>
-    <input type="hidden" name="registrations" id="registrations"/>
-</form>
-
-<p>
-    <span id="registered">0</span> Authenticators currently registered.
-</p>
-
-<script>
-    var reg = localStorage.getItem('u2fregistration');
-    var auth = document.getElementById('startAuthenticate');
-    if(reg == null) {
-        auth.disabled = true;
-    } else {
-        var regs = document.getElementById('registrations');
-        decoded = JSON.parse(reg);
-        if(!Array.isArray(decoded)) {
-            auth.disabled = true;
-        } else {
-            regs.value = reg;
-            console.log("set the registrations to : ", reg);
-            var regged = document.getElementById('registered');
-            regged.innerHTML = decoded.length;
-        }
-    }
-</script>
-</body>
-</html>

data/web/inc/lib/vendor/yubico/u2flib-server/examples/pdo/index.phps

@@ -1,204 +0,0 @@
-<?php
-/**
- * Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This is a simple example using PDO and a sqlite database for storing
- * registrations. It supports multiple registrations associated with each user.
- */
-
-require_once('../../src/u2flib_server/U2F.php');
-
-$dbfile = '/var/tmp/u2f-pdo.sqlite';
-
-$pdo = new PDO("sqlite:$dbfile");
-$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
-
-$pdo->exec("create table if not exists users (id integer primary key, name varchar(255))");
-$pdo->exec("create table if not exists registrations (id integer primary key, user_id integer, keyHandle varchar(255), publicKey varchar(255), certificate text, counter integer)");
-
-$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
-$u2f = new u2flib_server\U2F($scheme . $_SERVER['HTTP_HOST']);
-
-session_start();
-
-function createAndGetUser($name) {
-    global $pdo;
-    $sel = $pdo->prepare("select * from users where name = ?");
-    $sel->execute(array($name));
-    $user = $sel->fetch();
-    if(!$user) {
-        $ins = $pdo->prepare("insert into users (name) values(?)");
-        $ins->execute(array($name));
-        $sel->execute(array($name));
-        $user = $sel->fetch();
-    }
-    return $user;
-}
-
-function getRegs($user_id) {
-    global $pdo;
-    $sel = $pdo->prepare("select * from registrations where user_id = ?");
-    $sel->execute(array($user_id));
-    return $sel->fetchAll();
-}
-
-function addReg($user_id, $reg) {
-    global $pdo;
-    $ins = $pdo->prepare("insert into registrations (user_id, keyHandle, publicKey, certificate, counter) values (?, ?, ?, ?, ?)");
-    $ins->execute(array($user_id, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
-}
-
-function updateReg($reg) {
-    global $pdo;
-    $upd = $pdo->prepare("update registrations set counter = ? where id = ?");
-    $upd->execute(array($reg->counter, $reg->id));
-}
-
-?>
-
-<html>
-<head>
-    <title>PHP U2F example</title>
-
-    <script src="../assets/u2f-api.js"></script>
-
-    <script>
-        <?php
-
-        if($_SERVER['REQUEST_METHOD'] === 'POST') {
-          if(!$_POST['username']) {
-            echo "alert('no username provided!');";
-          } else if(!isset($_POST['action']) && !isset($_POST['register2']) && !isset($_POST['authenticate2'])) {
-            echo "alert('no action provided!');";
-          } else {
-            $user = createAndGetUser($_POST['username']);
-
-            if(isset($_POST['action'])) {
-              switch($_POST['action']):
-                case 'register':
-                  try {
-                    $data = $u2f->getRegisterData(getRegs($user->id));
-
-                    list($req,$sigs) = $data;
-                    $_SESSION['regReq'] = json_encode($req);
-                    echo "var req = " . json_encode($req) . ";";
-                    echo "var sigs = " . json_encode($sigs) . ";";
-                    echo "var username = '" . $user->name . "';";
-        ?>
-        setTimeout(function() {
-            console.log("Register: ", req);
-            u2f.register([req], sigs, function(data) {
-                var form = document.getElementById('form');
-                var reg = document.getElementById('register2');
-                var user = document.getElementById('username');
-                console.log("Register callback", data);
-                if(data.errorCode && errorCode != 0) {
-                    alert("registration failed with errror: " + data.errorCode);
-                    return;
-                }
-                reg.value = JSON.stringify(data);
-                user.value = username;
-                form.submit();
-            });
-        }, 1000);
-        <?php
-                  } catch( Exception $e ) {
-                    echo "alert('error: " . $e->getMessage() . "');";
-                  }
-
-                  break;
-
-                case 'authenticate':
-                  try {
-                    $reqs = json_encode($u2f->getAuthenticateData(getRegs($user->id)));
-
-                    $_SESSION['authReq'] = $reqs;
-                    echo "var req = $reqs;";
-                    echo "var username = '" . $user->name . "';";
-        ?>
-        setTimeout(function() {
-            console.log("sign: ", req);
-            u2f.sign(req, function(data) {
-                var form = document.getElementById('form');
-                var auth = document.getElementById('authenticate2');
-                var user = document.getElementById('username');
-                console.log("Authenticate callback", data);
-                auth.value=JSON.stringify(data);
-                user.value = username;
-                form.submit();
-            });
-        }, 1000);
-        <?php
-                  } catch( Exception $e ) {
-                    echo "alert('error: " . $e->getMessage() . "');";
-                  }
-
-                  break;
-
-              endswitch;
-            } else if($_POST['register2']) {
-              try {
-                $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['register2']));
-                addReg($user->id, $reg);
-              } catch( Exception $e ) {
-                echo "alert('error: " . $e->getMessage() . "');";
-              } finally {
-                $_SESSION['regReq'] = null;
-              }
-            } else if($_POST['authenticate2']) {
-              try {
-                $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($user->id), json_decode($_POST['authenticate2']));
-                updateReg($reg);
-                echo "alert('success: " . $reg->counter . "');";
-              } catch( Exception $e ) {
-                echo "alert('error: " . $e->getMessage() . "');";
-              } finally {
-                $_SESSION['authReq'] = null;
-              }
-            }
-          }
-        }
-        ?>
-    </script>
-</head>
-<body>
-
-<form method="POST" id="form">
-    username: <input name="username" id="username"/><br/>
-    register: <input value="register" name="action" type="radio"/><br/>
-    authenticate: <input value="authenticate" name="action" type="radio"/><br/>
-    <input type="hidden" name="register2" id="register2"/>
-    <input type="hidden" name="authenticate2" id="authenticate2"/>
-    <button type="submit">Submit!</button>
-</form>
-
-</body>
-</html>

data/web/inc/lib/vendor/yubico/u2flib-server/phpunit.xml

@@ -1,9 +0,0 @@
-<phpunit
-    colors="true">
-    <testsuite name="tests">
-        <directory suffix="test.php">tests</directory>
-    </testsuite>
-    <logging>
-        <log type="coverage-clover" target="build/logs/clover.xml"/>
-    </logging>
-</phpunit>

data/web/inc/lib/vendor/yubico/u2flib-server/psalm.xml

@@ -1,48 +0,0 @@
-<?xml version="1.0"?>
-<psalm
-    totallyTyped="false"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns="https://getpsalm.org/schema/config"
-    xsi:schemaLocation="https://getpsalm.org/schema/config file:///mnt/share/php-u2flib-server/vendor/vimeo/psalm/config.xsd"
->
-    <projectFiles>
-        <directory name="src" />
-        <ignoreFiles>
-            <directory name="vendor" />
-        </ignoreFiles>
-    </projectFiles>
-
-    <issueHandlers>
-        <LessSpecificReturnType errorLevel="info" />
-
-        <!-- level 3 issues - slightly lazy code writing, but provably low false-negatives -->
-
-        <DeprecatedMethod errorLevel="info" />
-        <DeprecatedProperty errorLevel="info" />
-        <DeprecatedClass errorLevel="info" />
-        <DeprecatedInterface errorLevel="info" />
-
-        <MissingClosureReturnType errorLevel="info" />
-        <MissingReturnType errorLevel="info" />
-        <MissingPropertyType errorLevel="info" />
-        <InvalidDocblock errorLevel="info" />
-        <MisplacedRequiredParam errorLevel="info" />
-
-        <PropertyNotSetInConstructor errorLevel="info" />
-        <MissingConstructor errorLevel="info" />
-        <MissingClosureParamType errorLevel="info" />
-        <MissingParamType errorLevel="info" />
-
-        <RedundantCondition errorLevel="info" />
-
-        <DocblockTypeContradiction errorLevel="suppress" />
-        <RedundantConditionGivenDocblockType errorLevel="suppress" />
-
-        <UnresolvableInclude errorLevel="info" />
-
-        <RawObjectIteration errorLevel="info" />
-
-        <!-- psalm seems to wrongly complain about this, set the errorLevel to info for now -->
-        <UndefinedConstant errorLevel="info" />
-    </issueHandlers>
-</psalm>

data/web/inc/lib/vendor/yubico/u2flib-server/src/u2flib_server/U2F.php

@@ -1,563 +0,0 @@
-<?php
-/* Copyright (c) 2014 Yubico AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *
- *   * Redistributions in binary form must reproduce the above
- *     copyright notice, this list of conditions and the following
- *     disclaimer in the documentation and/or other materials provided
- *     with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-namespace u2flib_server;
-
-/** Constant for the version of the u2f protocol */
-const U2F_VERSION = "U2F_V2";
-
-/** Constant for the type value in registration clientData */
-const REQUEST_TYPE_REGISTER = "navigator.id.finishEnrollment";
-
-/** Constant for the type value in authentication clientData */
-const REQUEST_TYPE_AUTHENTICATE = "navigator.id.getAssertion";
-
-/** Error for the authentication message not matching any outstanding
- * authentication request */
-const ERR_NO_MATCHING_REQUEST = 1;
-
-/** Error for the authentication message not matching any registration */
-const ERR_NO_MATCHING_REGISTRATION = 2;
-
-/** Error for the signature on the authentication message not verifying with
- * the correct key */
-const ERR_AUTHENTICATION_FAILURE = 3;
-
-/** Error for the challenge in the registration message not matching the
- * registration challenge */
-const ERR_UNMATCHED_CHALLENGE = 4;
-
-/** Error for the attestation signature on the registration message not
- * verifying */
-const ERR_ATTESTATION_SIGNATURE = 5;
-
-/** Error for the attestation verification not verifying */
-const ERR_ATTESTATION_VERIFICATION = 6;
-
-/** Error for not getting good random from the system */
-const ERR_BAD_RANDOM = 7;
-
-/** Error when the counter is lower than expected */
-const ERR_COUNTER_TOO_LOW = 8;
-
-/** Error decoding public key */
-const ERR_PUBKEY_DECODE = 9;
-
-/** Error user-agent returned error */
-const ERR_BAD_UA_RETURNING = 10;
-
-/** Error old OpenSSL version */
-const ERR_OLD_OPENSSL = 11;
-
-/** Error for the origin not matching the appId */
-const ERR_NO_MATCHING_ORIGIN = 12;
-
-/** Error for the type in clientData being invalid */
-const ERR_BAD_TYPE = 13;
-
-/** Error for bad user presence byte value */
-const ERR_BAD_USER_PRESENCE = 14;
-
-/** @internal */
-const PUBKEY_LEN = 65;
-
-class U2F
-{
-    /** @var string  */
-    private $appId;
-
-    /** @var null|string */
-    private $attestDir;
-
-    /** @internal */
-    private $FIXCERTS = array(
-        '349bca1031f8c82c4ceca38b9cebf1a69df9fb3b94eed99eb3fb9aa3822d26e8',
-        'dd574527df608e47ae45fbba75a2afdd5c20fd94a02419381813cd55a2a3398f',
-        '1d8764f0f7cd1352df6150045c8f638e517270e8b5dda1c63ade9c2280240cae',
-        'd0edc9a91a1677435a953390865d208c55b3183c6759c9b5a7ff494c322558eb',
-        '6073c436dcd064a48127ddbf6032ac1a66fd59a0c24434f070d4e564c124c897',
-        'ca993121846c464d666096d35f13bf44c1b05af205f9b4a1e00cf6cc10c5e511'
-    );
-
-    /**
-     * @param string $appId Application id for the running application
-     * @param string|null $attestDir Directory where trusted attestation roots may be found
-     * @throws Error If OpenSSL older than 1.0.0 is used
-     */
-    public function __construct($appId, $attestDir = null)
-    {
-        if(OPENSSL_VERSION_NUMBER < 0x10000000) {
-            throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
-        }
-        $this->appId = $appId;
-        $this->attestDir = $attestDir;
-    }
-
-    /**
-     * Called to get a registration request to send to a user.
-     * Returns an array of one registration request and a array of sign requests.
-     *
-     * @param array $registrations List of current registrations for this
-     * user, to prevent the user from registering the same authenticator several
-     * times.
-     * @return array An array of two elements, the first containing a
-     * RegisterRequest the second being an array of SignRequest
-     * @throws Error
-     */
-    public function getRegisterData(array $registrations = array())
-    {
-        $challenge = $this->createChallenge();
-        $request = new RegisterRequest($challenge, $this->appId);
-        $signs = $this->getAuthenticateData($registrations);
-        return array($request, $signs);
-    }
-
-    /**
-     * Called to verify and unpack a registration message.
-     *
-     * @param RegisterRequest $request this is a reply to
-     * @param object $response response from a user
-     * @param bool $includeCert set to true if the attestation certificate should be
-     * included in the returned Registration object
-     * @return Registration
-     * @throws Error
-     */
-    public function doRegister($request, $response, $includeCert = true)
-    {
-        if( !is_object( $request ) ) {
-            throw new \InvalidArgumentException('$request of doRegister() method only accepts object.');
-        }
-
-        if( !is_object( $response ) ) {
-            throw new \InvalidArgumentException('$response of doRegister() method only accepts object.');
-        }
-
-        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
-            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
-        }
-
-        if( !is_bool( $includeCert ) ) {
-            throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.');
-        }
-
-        $rawReg = $this->base64u_decode($response->registrationData);
-        $regData = array_values(unpack('C*', $rawReg));
-        $clientData = $this->base64u_decode($response->clientData);
-        $cli = json_decode($clientData);
-
-        if($cli->challenge !== $request->challenge) {
-            throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE );
-        }
-
-        if(isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) {
-            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
-        }
-
-        if(isset($cli->origin) && $cli->origin !== $request->appId) {
-            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
-        }
-
-        $registration = new Registration();
-        $offs = 1;
-        $pubKey = substr($rawReg, $offs, PUBKEY_LEN);
-        $offs += PUBKEY_LEN;
-        // decode the pubKey to make sure it's good
-        $tmpKey = $this->pubkey_to_pem($pubKey);
-        if($tmpKey === null) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-        $registration->publicKey = base64_encode($pubKey);
-        $khLen = $regData[$offs++];
-        $kh = substr($rawReg, $offs, $khLen);
-        $offs += $khLen;
-        $registration->keyHandle = $this->base64u_encode($kh);
-
-        // length of certificate is stored in byte 3 and 4 (excluding the first 4 bytes)
-        $certLen = 4;
-        $certLen += ($regData[$offs + 2] << 8);
-        $certLen += $regData[$offs + 3];
-
-        $rawCert = $this->fixSignatureUnusedBits(substr($rawReg, $offs, $certLen));
-        $offs += $certLen;
-        $pemCert  = "-----BEGIN CERTIFICATE-----\r\n";
-        $pemCert .= chunk_split(base64_encode($rawCert), 64);
-        $pemCert .= "-----END CERTIFICATE-----";
-        if($includeCert) {
-            $registration->certificate = base64_encode($rawCert);
-        }
-        if($this->attestDir) {
-            if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
-                throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
-            }
-        }
-
-        if(!openssl_pkey_get_public($pemCert)) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-        $signature = substr($rawReg, $offs);
-
-        $dataToVerify  = pack('C', 0);
-        $dataToVerify .= hash('sha256', $request->appId, true);
-        $dataToVerify .= hash('sha256', $clientData, true);
-        $dataToVerify .= $kh;
-        $dataToVerify .= $pubKey;
-
-        if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) {
-            return $registration;
-        } else {
-            throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE );
-        }
-    }
-
-    /**
-     * Called to get an authentication request.
-     *
-     * @param array $registrations An array of the registrations to create authentication requests for.
-     * @return array An array of SignRequest
-     * @throws Error
-     */
-    public function getAuthenticateData(array $registrations)
-    {
-        $sigs = array();
-        $challenge = $this->createChallenge();
-        foreach ($registrations as $reg) {
-            if( !is_object( $reg ) ) {
-                throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.');
-            }
-            /** @var Registration $reg */
-
-            $sig = new SignRequest();
-            $sig->appId = $this->appId;
-            $sig->keyHandle = $reg->keyHandle;
-            $sig->challenge = $challenge;
-            $sigs[] = $sig;
-        }
-        return $sigs;
-    }
-
-    /**
-     * Called to verify an authentication response
-     *
-     * @param array $requests An array of outstanding authentication requests
-     * @param array $registrations An array of current registrations
-     * @param object $response A response from the authenticator
-     * @return Registration
-     * @throws Error
-     *
-     * The Registration object returned on success contains an updated counter
-     * that should be saved for future authentications.
-     * If the Error returned is ERR_COUNTER_TOO_LOW this is an indication of
-     * token cloning or similar and appropriate action should be taken.
-     */
-    public function doAuthenticate(array $requests, array $registrations, $response)
-    {
-        if( !is_object( $response ) ) {
-            throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.');
-        }
-
-        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
-            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
-        }
-
-        /** @var object|null $req */
-        $req = null;
-
-        /** @var object|null $reg */
-        $reg = null;
-
-        $clientData = $this->base64u_decode($response->clientData);
-        $decodedClient = json_decode($clientData);
-
-        if(isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) {
-            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
-        }
-
-        foreach ($requests as $req) {
-            if( !is_object( $req ) ) {
-                throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.');
-            }
-
-            if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) {
-                break;
-            }
-
-            $req = null;
-        }
-        if($req === null) {
-            throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST );
-        }
-        if(isset($decodedClient->origin) && $decodedClient->origin !== $req->appId) {
-            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
-        }
-        foreach ($registrations as $reg) {
-            if( !is_object( $reg ) ) {
-                throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.');
-            }
-
-            if($reg->keyHandle === $response->keyHandle) {
-                break;
-            }
-            $reg = null;
-        }
-        if($reg === null) {
-            throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION );
-        }
-        $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey));
-        if($pemKey === null) {
-            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
-        }
-
-        $signData = $this->base64u_decode($response->signatureData);
-        $dataToVerify  = hash('sha256', $req->appId, true);
-        $dataToVerify .= substr($signData, 0, 5);
-        $dataToVerify .= hash('sha256', $clientData, true);
-        $signature = substr($signData, 5);
-
-        if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) {
-            $upb = unpack("Cupb", substr($signData, 0, 1)); 
-            if($upb['upb'] !== 1) { 
-                throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE );
-            }
-            $ctr = unpack("Nctr", substr($signData, 1, 4));
-            $counter = $ctr['ctr'];
-            /* TODO: wrap-around should be handled somehow.. */
-            if($counter > $reg->counter) {
-                $reg->counter = $counter;
-                return self::castObjectToRegistration($reg);
-            } else {
-                throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW );
-            }
-        } else {
-            throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE );
-        }
-    }
-
-    /**
-     * @param object $object
-     * @return Registration
-     */
-    protected static function castObjectToRegistration($object)
-    {
-        $reg = new Registration();
-        if (property_exists($object, 'publicKey')) {
-            $reg->publicKey = $object->publicKey;
-        }
-        if (property_exists($object, 'certificate')) {
-            $reg->certificate = $object->certificate;
-        }
-        if (property_exists($object, 'counter')) {
-            $reg->counter = $object->counter;
-        }
-        if (property_exists($object, 'keyHandle')) {
-            $reg->keyHandle = $object->keyHandle;
-        }
-        return $reg;
-    }
-
-    /**
-     * @return array
-     */
-    private function get_certs()
-    {
-        $files = array();
-        $dir = $this->attestDir;
-        if($dir !== null && is_dir($dir) && $handle = opendir($dir)) {
-            while(false !== ($entry = readdir($handle))) {
-                if(is_file("$dir/$entry")) {
-                    $files[] = "$dir/$entry";
-                }
-            }
-            closedir($handle);
-        } elseif (is_file("$dir")) {
-            $files[] = "$dir";
-        }
-        return $files;
-    }
-
-    /**
-     * @param string $data
-     * @return string
-     */
-    private function base64u_encode($data)
-    {
-        return trim(strtr(base64_encode($data), '+/', '-_'), '=');
-    }
-
-    /**
-     * @param string $data
-     * @return string
-     */
-    private function base64u_decode($data)
-    {
-        return base64_decode(strtr($data, '-_', '+/'));
-    }
-
-    /**
-     * @param string $key
-     * @return null|string
-     */
-    private function pubkey_to_pem($key)
-    {
-        if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") {
-            return null;
-        }
-
-        /*
-         * Convert the public key to binary DER format first
-         * Using the ECC SubjectPublicKeyInfo OIDs from RFC 5480
-         *
-         *  SEQUENCE(2 elem)                        30 59
-         *   SEQUENCE(2 elem)                       30 13
-         *    OID1.2.840.10045.2.1 (id-ecPublicKey) 06 07 2a 86 48 ce 3d 02 01
-         *    OID1.2.840.10045.3.1.7 (secp256r1)    06 08 2a 86 48 ce 3d 03 01 07
-         *   BIT STRING(520 bit)                    03 42 ..key..
-         */
-        $der  = "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01";
-        $der .= "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42";
-        $der .= "\0".$key;
-
-        $pem  = "-----BEGIN PUBLIC KEY-----\r\n";
-        $pem .= chunk_split(base64_encode($der), 64);
-        $pem .= "-----END PUBLIC KEY-----";
-
-        return $pem;
-    }
-
-    /**
-     * @return string
-     * @throws Error
-     */
-    private function createChallenge()
-    {
-        $challenge = random_bytes(32);
-        $challenge = $this->base64u_encode( $challenge );
-
-        return $challenge;
-    }
-
-    /**
-     * Fixes a certificate where the signature contains unused bits.
-     *
-     * @param string $cert
-     * @return mixed
-     */
-    private function fixSignatureUnusedBits($cert)
-    {
-        if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) {
-            $cert[strlen($cert) - 257] = "\0";
-        }
-        return $cert;
-    }
-}
-
-/**
- * Class for building a registration request
- *
- * @package u2flib_server
- */
-class RegisterRequest
-{
-    /** @var string Protocol version */
-    public $version = U2F_VERSION;
-
-    /** @var string Registration challenge */
-    public $challenge;
-
-    /** @var string Application id */
-    public $appId;
-
-    /**
-     * @param string $challenge
-     * @param string $appId
-     * @internal
-     */
-    public function __construct($challenge, $appId)
-    {
-        $this->challenge = $challenge;
-        $this->appId = $appId;
-    }
-}
-
-/**
- * Class for building up an authentication request
- *
- * @package u2flib_server
- */
-class SignRequest
-{
-    /** @var string Protocol version */
-    public $version = U2F_VERSION;
-
-    /** @var string Authentication challenge */
-    public $challenge = '';
-
-    /** @var string Key handle of a registered authenticator */
-    public $keyHandle = '';
-
-    /** @var string Application id */
-    public $appId = '';
-}
-
-/**
- * Class returned for successful registrations
- *
- * @package u2flib_server
- */
-class Registration
-{
-    /** @var string The key handle of the registered authenticator */
-    public $keyHandle = '';
-
-    /** @var string The public key of the registered authenticator */
-    public $publicKey = '';
-
-    /** @var string The attestation certificate of the registered authenticator */
-    public $certificate = '';
-
-    /** @var int The counter associated with this registration */
-    public $counter = -1;
-}
-
-/**
- * Error class, returned on errors
- *
- * @package u2flib_server
- */
-class Error extends \Exception
-{
-    /**
-     * Override constructor and make message and code mandatory
-     * @param string $message
-     * @param int $code
-     * @param \Exception|null $previous
-     */
-    public function __construct($message, $code, \Exception $previous = null) {
-        parent::__construct($message, $code, $previous);
-    }
-}