Merge pull request #784 from nextcloud/stable21-bump-webauthn

[stable21] Bump Webauthn Lib to 3.3.9

composer/installed.json

@@ -6019,17 +6019,17 @@
         },
         {
             "name": "web-auth/cose-lib",
-            "version": "v3.3.1",
-            "version_normalized": "3.3.1.0",
+            "version": "v3.3.9",
+            "version_normalized": "3.3.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/web-auth/cose-lib.git",
-                "reference": "eea6fae63ff5c81bf98c115b1be5f38a69682c16"
+                "reference": "ed172d2dc1a6b87b5c644c07c118cd30c1b3819b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/web-auth/cose-lib/zipball/eea6fae63ff5c81bf98c115b1be5f38a69682c16",
-                "reference": "eea6fae63ff5c81bf98c115b1be5f38a69682c16",
+                "url": "https://api.github.com/repos/web-auth/cose-lib/zipball/ed172d2dc1a6b87b5c644c07c118cd30c1b3819b",
+                "reference": "ed172d2dc1a6b87b5c644c07c118cd30c1b3819b",
                 "shasum": ""
             },
             "require": {
@@ -6040,7 +6040,7 @@
                 "fgrosse/phpasn1": "^2.1",
                 "php": ">=7.2"
             },
-            "time": "2021-01-09T13:31:01+00:00",
+            "time": "2021-05-02T19:57:09+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -6069,7 +6069,7 @@
                 "RFC8152"
             ],
             "support": {
-                "source": "https://github.com/web-auth/cose-lib/tree/v3.3.1"
+                "source": "https://github.com/web-auth/cose-lib/tree/v3.3.9"
             },
             "funding": [
                 {
@@ -6085,8 +6085,8 @@
         },
         {
             "name": "web-auth/metadata-service",
-            "version": "v3.3.1",
-            "version_normalized": "3.3.1.0",
+            "version": "v3.3.9",
+            "version_normalized": "3.3.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/web-auth/webauthn-metadata-service.git",
@@ -6141,23 +6141,33 @@
                 "webauthn"
             ],
             "support": {
-                "source": "https://github.com/web-auth/webauthn-metadata-service/tree/v3.3.1"
+                "source": "https://github.com/web-auth/webauthn-metadata-service/tree/v3.3.9"
             },
+            "funding": [
+                {
+                    "url": "https://github.com/Spomky",
+                    "type": "github"
+                },
+                {
+                    "url": "https://www.patreon.com/FlorentMorselli",
+                    "type": "patreon"
+                }
+            ],
             "install-path": "../web-auth/metadata-service"
         },
         {
             "name": "web-auth/webauthn-lib",
-            "version": "v3.3.1",
-            "version_normalized": "3.3.1.0",
+            "version": "v3.3.9",
+            "version_normalized": "3.3.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/web-auth/webauthn-lib.git",
-                "reference": "e411527a41c1013512fccdfce61681eb36484c77"
+                "reference": "04b98ee3d39cb79dad68a7c15c297c085bf66bfe"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/web-auth/webauthn-lib/zipball/e411527a41c1013512fccdfce61681eb36484c77",
-                "reference": "e411527a41c1013512fccdfce61681eb36484c77",
+                "url": "https://api.github.com/repos/web-auth/webauthn-lib/zipball/04b98ee3d39cb79dad68a7c15c297c085bf66bfe",
+                "reference": "04b98ee3d39cb79dad68a7c15c297c085bf66bfe",
                 "shasum": ""
             },
             "require": {
@@ -6186,7 +6196,7 @@
                 "web-token/jwt-signature-algorithm-eddsa": "Recommended for the AndroidSafetyNet Attestation Statement support",
                 "web-token/jwt-signature-algorithm-rsa": "Mandatory for the AndroidSafetyNet Attestation Statement support"
             },
-            "time": "2021-01-09T13:31:01+00:00",
+            "time": "2021-04-19T20:22:20+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -6216,7 +6226,7 @@
                 "webauthn"
             ],
             "support": {
-                "source": "https://github.com/web-auth/webauthn-lib/tree/v3.3.1"
+                "source": "https://github.com/web-auth/webauthn-lib/tree/v3.3.9"
             },
             "funding": [
                 {

composer/installed.php

@@ -5,7 +5,7 @@
         'type' => 'library',
         'install_path' => __DIR__ . '/../',
         'aliases' => array(),
-        'reference' => 'fbc872de93b18d3e87367d00e281982eab74c5b9',
+        'reference' => '1a42635cd768a1fff54b12666cd16f2236f7acd5',
         'name' => 'nextcloud/3rdparty',
         'dev' => false,
     ),
@@ -286,7 +286,7 @@
             'type' => 'library',
             'install_path' => __DIR__ . '/../',
             'aliases' => array(),
-            'reference' => 'fbc872de93b18d3e87367d00e281982eab74c5b9',
+            'reference' => '1a42635cd768a1fff54b12666cd16f2236f7acd5',
             'dev_requirement' => false,
         ),
         'nextcloud/lognormalizer' => array(
@@ -845,30 +845,30 @@
             'dev_requirement' => false,
         ),
         'web-auth/cose-lib' => array(
-            'pretty_version' => 'v3.3.1',
-            'version' => '3.3.1.0',
+            'pretty_version' => 'v3.3.9',
+            'version' => '3.3.9.0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../web-auth/cose-lib',
             'aliases' => array(),
-            'reference' => 'eea6fae63ff5c81bf98c115b1be5f38a69682c16',
+            'reference' => 'ed172d2dc1a6b87b5c644c07c118cd30c1b3819b',
             'dev_requirement' => false,
         ),
         'web-auth/metadata-service' => array(
-            'pretty_version' => 'v3.3.1',
-            'version' => '3.3.1.0',
+            'pretty_version' => 'v3.3.9',
+            'version' => '3.3.9.0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../web-auth/metadata-service',
             'aliases' => array(),
             'reference' => '8488d3a832a38cc81c670fce05de1e515c6e64b1',
             'dev_requirement' => false,
         ),
         'web-auth/webauthn-lib' => array(
-            'pretty_version' => 'v3.3.1',
-            'version' => '3.3.1.0',
+            'pretty_version' => 'v3.3.9',
+            'version' => '3.3.9.0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../web-auth/webauthn-lib',
             'aliases' => array(),
-            'reference' => 'e411527a41c1013512fccdfce61681eb36484c77',
+            'reference' => '04b98ee3d39cb79dad68a7c15c297c085bf66bfe',
             'dev_requirement' => false,
         ),
     ),

composer/package-versions-deprecated/src/PackageVersions/Versions.php

@@ -116,10 +116,10 @@ final class Versions
   'symfony/translation' => 'v4.4.19@e1d0c67167a553556d9f974b5fa79c2448df317a',
   'symfony/translation-contracts' => 'v2.3.0@e2eaa60b558f26a4b0354e1bbb25636efaaad105',
   'thecodingmachine/safe' => 'v1.3.3@a8ab0876305a4cdaef31b2350fcb9811b5608dbc',
-  'web-auth/cose-lib' => 'v3.3.1@eea6fae63ff5c81bf98c115b1be5f38a69682c16',
-  'web-auth/metadata-service' => 'v3.3.1@8488d3a832a38cc81c670fce05de1e515c6e64b1',
-  'web-auth/webauthn-lib' => 'v3.3.1@e411527a41c1013512fccdfce61681eb36484c77',
-  'nextcloud/3rdparty' => 'dev-master@fbc872de93b18d3e87367d00e281982eab74c5b9',
+  'web-auth/cose-lib' => 'v3.3.9@ed172d2dc1a6b87b5c644c07c118cd30c1b3819b',
+  'web-auth/metadata-service' => 'v3.3.9@8488d3a832a38cc81c670fce05de1e515c6e64b1',
+  'web-auth/webauthn-lib' => 'v3.3.9@04b98ee3d39cb79dad68a7c15c297c085bf66bfe',
+  'nextcloud/3rdparty' => 'dev-master@1a42635cd768a1fff54b12666cd16f2236f7acd5',
 );
 
     private function __construct()

web-auth/cose-lib/src/Algorithm/ManagerFactory.php

@@ -14,7 +14,6 @@
 namespace Cose\Algorithm;
 
 use Assert\Assertion;
-use function Safe\sprintf;
 
 class ManagerFactory
 {

web-auth/cose-lib/src/Algorithm/Signature/ECDSA/ECDSA.php

@@ -17,7 +17,6 @@
 use Cose\Algorithm\Signature\Signature;
 use Cose\Key\Ec2Key;
 use Cose\Key\Key;
-use function Safe\openssl_sign;
 
 abstract class ECDSA implements Signature
 {

web-auth/cose-lib/src/Algorithm/Signature/ECDSA/ECSignature.php

@@ -19,7 +19,6 @@
 use InvalidArgumentException;
 use function mb_strlen;
 use function mb_substr;
-use function Safe\hex2bin;
 use function str_pad;
 use const STR_PAD_LEFT;
 
@@ -53,12 +52,17 @@ public static function toAsn1(string $signature, int $length): string
         $totalLength = $lengthR + $lengthS + self::BYTE_SIZE + self::BYTE_SIZE;
         $lengthPrefix = $totalLength > self::ASN1_MAX_SINGLE_BYTE ? self::ASN1_LENGTH_2BYTES : '';
 
-        return hex2bin(
+        $bin = hex2bin(
             self::ASN1_SEQUENCE
             .$lengthPrefix.dechex($totalLength)
             .self::ASN1_INTEGER.dechex($lengthR).$pointR
             .self::ASN1_INTEGER.dechex($lengthS).$pointS
         );
+        if (false === $bin) {
+            throw new InvalidArgumentException('Unable to convert into ASN.1');
+        }
+
+        return $bin;
     }
 
     public static function fromAsn1(string $signature, int $length): string
@@ -78,7 +82,12 @@ public static function fromAsn1(string $signature, int $length): string
         $pointR = self::retrievePositiveInteger(self::readAsn1Integer($message, $position));
         $pointS = self::retrievePositiveInteger(self::readAsn1Integer($message, $position));
 
-        return hex2bin(str_pad($pointR, $length, '0', STR_PAD_LEFT).str_pad($pointS, $length, '0', STR_PAD_LEFT));
+        $bin = hex2bin(str_pad($pointR, $length, '0', STR_PAD_LEFT).str_pad($pointS, $length, '0', STR_PAD_LEFT));
+        if (false === $bin) {
+            throw new InvalidArgumentException('Unable to convert from ASN.1');
+        }
+
+        return $bin;
     }
 
     private static function octetLength(string $data): int

web-auth/cose-lib/src/Algorithm/Signature/RSA/PSSRSA.php

@@ -27,7 +27,6 @@
 use function ord;
 use function random_bytes;
 use RuntimeException;
-use function Safe\pack;
 use function str_pad;
 use function str_repeat;
 

web-auth/cose-lib/src/Algorithm/Signature/RSA/RSA.php

@@ -17,7 +17,7 @@
 use Cose\Algorithm\Signature\Signature;
 use Cose\Key\Key;
 use Cose\Key\RsaKey;
-use function Safe\openssl_sign;
+use InvalidArgumentException;
 
 abstract class RSA implements Signature
 {
@@ -26,7 +26,9 @@ public function sign(string $data, Key $key): string
         $key = $this->handleKey($key);
         Assertion::true($key->isPrivate(), 'The key is not private');
 
-        openssl_sign($data, $signature, $key->asPem(), $this->getHashAlgorithm());
+        if (false === openssl_sign($data, $signature, $key->asPem(), $this->getHashAlgorithm())) {
+            throw new InvalidArgumentException('Unable to sign the data');
+        }
 
         return $signature;
     }

web-auth/cose-lib/src/Key/Ec2Key.php

@@ -21,7 +21,6 @@
 use FG\ASN1\Universal\ObjectIdentifier;
 use FG\ASN1\Universal\OctetString;
 use FG\ASN1\Universal\Sequence;
-use function Safe\sprintf;
 
 class Ec2Key extends Key
 {

web-auth/cose-lib/src/Key/Key.php

@@ -15,7 +15,6 @@
 
 use function array_key_exists;
 use Assert\Assertion;
-use function Safe\sprintf;
 
 class Key
 {