-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* The first implementation of mid php client. * First implementation of mid php client. * First implementation of mid php client. * Removed old mid php client. * Removed old mid php demo. * Fixed mid php client. * fixed directory structure * add missing imports to make CertificateRequestBuilderTest running * simplify MobileIdAuthenticationHashToSign * improve tests * Improved tests. * update readme * Tried to implement some tests. * fix session status polling * adjust tests * fix imports * Tried to implement some tests. * restore removed else/if * Added some imports and tests. * Create new Authentication identity method has to be implemented, TODO is also written there. * switch to php 7.1 * Added data types to make programming easier. * Implemented authenticationIdentity construction. * denote nullable return/parameter types with "?" * Fixed tests. The following test files have failing tests yet: SessionStatusPollerTest, AuthenticationRequestBuilderTest,AuthenticationResponseValidatorTest, CertificateParserTest, CertificateRequestBuilderTest, MobileIdAuthenticationHashTest,MobileIdAuthenticationHashToSignTest, MobileIdAuthenticationTest, ReadmeTest * Switched help classes of test files to php 7.1. * improve exception handling * All tests are passing, after a review, a pull request can be done. * sync php version * add link to travis * enhance travis configuration * add code cov * code coverage * reorganize directory structure * add phpunit configuration to travis * switch to mikk125 * remove comment * Added namespace and use support, exceptions support doesnt work yet. * Added namespace and use support, exceptions support doesnt work yet. * Improved tests. * Grouped languages and hashtypes classes to their own packages. * switch to PHP 7.2 * increase php version * Ordinary classes are successfully imported now, only exceptions are not found. * Ordinary classes are successfully imported now, only exceptions are not found. * Made setup methods compatible to TestCase class setup methods. * Removed one test. * fix failing tests, restructure * updated * add test * fix travis build * fix travis * cleanup * try to fix travis build * try to fix travis build * step # to change case * step # to change case * try to change HashType and Language uppercase * change language to Language * change packages to start with uppercase letter in Git * change case * change case * change case * change case * change case * clear lowercase * clear lowercase * case cleanup * typo fix * fix exception hierarchy * improve tests and make hash param compulsory * Fixed verification code calculation. * cleanup * Echo removed. * Uncommented logging echos. * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * input validation & cleanup * fix variable name * point to correct travis
- Loading branch information
Showing
1,618 changed files
with
122,857 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| language: php | ||
| php: | ||
| - '7.2' | ||
|
|
||
| before_install: | ||
| - composer install | ||
| script: vendor/phpunit/phpunit/phpunit --coverage-clover=coverage.xml --configuration phpunit.xml tests | ||
|
|
||
| after_success: | ||
| - bash <(curl -s https://codecov.io/bash) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| Manifest-Version: 1.0 | ||
| Main-Class: demo.php.mid | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,210 @@ | ||
| # mid-rest-php-client | ||
| # Mobile-ID (MID) PHP Rest Client | ||
|
|
||
| [](https://travis-ci.org/SK-EID/mid-rest-php-client) | ||
| [](https://codecov.io/gh/SK-EID/mid-rest-php-client) | ||
| [](https://opensource.org/licenses/MIT) | ||
|
|
||
| ## Running locally | ||
|
|
||
| Run `composer install` to get all the dependencies. | ||
| Then you can run tests `php vendor/phpunit/phpunit/phpunit` | ||
|
|
||
| ## Demo application | ||
|
|
||
| There is a [demo application](https://github.com/SK-EID/mid-rest-php-demo) that you can run locally. | ||
|
|
||
| ## Features | ||
|
|
||
| * Simple interface for mobile-id authentication | ||
| * Pulling user's signing certificate | ||
|
|
||
| This PHP client cannot be used to create digitally signed containers as | ||
| there no library like [DigiDoc4J](https://github.com/open-eid/digidoc4j) exists for PHP. | ||
|
|
||
| ## Requirements | ||
|
|
||
| * PHP 7.2 or later | ||
|
|
||
| ## Installation | ||
|
|
||
| The recommended way to install Mobile-ID PHP Client is through [Composer](https://getcomposer.org/) | ||
|
|
||
| ``` | ||
| composer require sk-id-solutions/mobile-id-php-client "~1.0" | ||
| ``` | ||
|
|
||
| ## How to use it | ||
|
|
||
| Here are examples of authentication with Mobile-ID PHP client | ||
|
|
||
| ### You need to have Composer auto loading available for your application | ||
|
|
||
| ```PHP | ||
| require_once __DIR__ . '/vendor/autoload.php'; | ||
| ``` | ||
|
|
||
| ### Example of authentication | ||
|
|
||
|
|
||
| ```PHP | ||
| // step #1 - validate user input | ||
|
|
||
| try { | ||
| $phoneNumber = MidInputUtil::getValidatedPhoneNumber($_GET['phoneNumber']); | ||
| $nationalIdentityNumber = MidInputUtil::getValidatedNationalIdentityNumber($_GET['nationalIdentityNumber']); | ||
| } | ||
| catch (InvalidPhoneNumberException $e) { | ||
| die('The phone number you entered is invalid'); | ||
| } | ||
| catch (InvalidNationalIdentityNumberException $e) { | ||
| die('The national identity number you entered is invalid'); | ||
| } | ||
|
|
||
| // step #2 - create client with long-polling | ||
|
|
||
| $client = MobileIdClient::newBuilder() | ||
| ->withRelyingPartyUUID("00000000-0000-0000-0000-000000000000") | ||
| ->withRelyingPartyName("DEMO") | ||
| ->withHostUrl("https://tsp.demo.sk.ee/mid-api") | ||
| ->withLongPollingTimeoutSeconds(60) | ||
| ->withPollingSleepTimeoutSeconds(2) | ||
| ->build(); | ||
|
|
||
|
|
||
| // step #3 - generate hash & calculate verification code and display to user | ||
|
|
||
| $authenticationHash = MobileIdAuthenticationHashToSign::generateRandomHashOfDefaultType(); | ||
| $verificationCode = $authenticationHash->calculateVerificationCode(); | ||
|
|
||
| // step #4 - display $verificationCode (4 digit code) to user | ||
|
|
||
| echo 'Verification code: '.$verificationCode."\n"; | ||
|
|
||
| // step #5 - create request to be sent to user's phone | ||
|
|
||
| $request = AuthenticationRequest::newBuilder() | ||
| ->withPhoneNumber($phoneNumber) | ||
| ->withNationalIdentityNumber($nationalIdentityNumber) | ||
| ->withHashToSign($authenticationHash) | ||
| ->withLanguage(ENG::asType()) | ||
| ->withDisplayText("Log into self-service?") | ||
| ->withDisplayTextFormat(DisplayTextFormat::GSM7) | ||
| ->build(); | ||
|
|
||
| // step #6 - send request to user's phone and catch possible errors | ||
|
|
||
| try { | ||
| $response = $client->getMobileIdConnector()->initAuthentication($request); | ||
| } | ||
| catch (NotMidClientException $e) { | ||
| die("You are not a Mobile-ID client or your Mobile-ID certificates are revoked. Please contact your mobile operator."); | ||
| } | ||
| catch (UnauthorizedException $e) { | ||
| die('Integration error with Mobile-ID. Invalid MID credentials'); | ||
| } | ||
| catch (MissingOrInvalidParameterException $e) { | ||
| die('Problem with MID integration'); | ||
| } | ||
| catch (MidInternalErrorException $e) { | ||
| die('MID internal error'); | ||
| } | ||
|
|
||
| // step #7 - keep polling for session status until we have a final status from phone | ||
|
|
||
| $finalSessionStatus = $client | ||
| ->getSessionStatusPoller() | ||
| ->fetchFinalSessionStatus($response->getSessionID()); | ||
|
|
||
| // step #8 - parse authenticated person out of the response and get it validated | ||
|
|
||
| try { | ||
| $authenticatedPerson = $client | ||
| ->createMobileIdAuthentication($finalSessionStatus, $authenticationHash) | ||
| ->getValidatedAuthenticationResult() | ||
| ->getAuthenticationIdentity(); | ||
| } | ||
| catch (UserCancellationException $e) { | ||
| die("You cancelled operation from your phone."); | ||
| } | ||
| catch (MidSessionTimeoutException $e) { | ||
| die("You didn't type in PIN code into your phone or there was a communication error."); | ||
| } | ||
| catch (PhoneNotAvailableException $e) { | ||
| die("Unable to reach your phone. Please make sure your phone has mobile coverage."); | ||
| } | ||
| catch (DeliveryException $e) { | ||
| die("Communication error. Unable to reach your phone."); | ||
| } | ||
| catch (InvalidUserConfigurationException $e) { | ||
| die("Mobile-ID configuration on your SIM card differs from what is configured on service provider's side. Please contact your mobile operator."); | ||
| } | ||
| catch (MidSessionNotFoundException | MissingOrInvalidParameterException | UnauthorizedException $e) { | ||
| die("Client side error with mobile-ID integration. Error code:". $e->getCode()); | ||
| } | ||
| catch (NotMidClientException $e) { | ||
| // if user is not MID client then this exception is thrown and caught already during first request (see above) | ||
| die("You are not a Mobile-ID client or your Mobile-ID certificates are revoked. Please contact your mobile operator."); | ||
| } | ||
| catch (MidInternalErrorException $internalError) { | ||
| die("Something went wrong with Mobile-ID service"); | ||
| } | ||
|
|
||
| # step #9 - read out authenticated person details | ||
|
|
||
| echo 'Welcome, '.$authenticatedPerson->getGivenName().' '.$authenticatedPerson->getSurName().' '; | ||
| echo ' (ID code '.$authenticatedPerson->getIdentityCode().') '; | ||
| echo 'from '. $authenticatedPerson->getCountry(). '!'; | ||
| ``` | ||
|
|
||
| In reality authentication cannot be handled by a single request to back-end | ||
| as there is need to display verification code to the user. | ||
| See the demo application for a more detailed real-world example. | ||
|
|
||
|
|
||
| ## Long polling | ||
|
|
||
| If you don't set a positive value either to longPollingTimeoutSeconds or pollingSleepTimeoutSeconds | ||
| then pollingSleepTimeoutSeconds defaults to value 3 seconds. | ||
|
|
||
| ## Certificates | ||
|
|
||
| The client also supports to ask for a user's mobile-id signing certificate. | ||
|
|
||
| ```PHP | ||
|
|
||
| $client = MobileIdClient::newBuilder() | ||
| ->withRelyingPartyUUID("00000000-0000-0000-0000-000000000000") | ||
| ->withRelyingPartyName("DEMO") | ||
| ->withHostUrl("https://tsp.demo.sk.ee/mid-api") | ||
| ->build(); | ||
|
|
||
| $request = CertificateRequest::newBuilder() | ||
| ->withPhoneNumber("+37200000766") | ||
| ->withNationalIdentityNumber("60001019906") | ||
| ->build(); | ||
|
|
||
| try { | ||
| $response = $client->getMobileIdConnector()->pullCertificate($request); | ||
| $person = $client->parseMobileIdIdentity($response); | ||
|
|
||
| echo 'This is a Mobile-ID user.'; | ||
| echo 'Name, '.$person->getGivenName().' '.$person->getSurName().' '; | ||
| echo ' (ID code '.$person->getIdentityCode().') '; | ||
| echo 'from '. $person->getCountry(). '!'; | ||
| } | ||
| catch (NotMidClientException $e) { | ||
| // if user is not MID client then this exception is thrown and caught already during first request (see above) | ||
| die("You are not a Mobile-ID client or your Mobile-ID certificates are revoked. Please contact your mobile operator."); | ||
| } | ||
| catch (MissingOrInvalidParameterException | UnauthorizedException $e) { | ||
| die("Client side error with mobile-ID integration. Error code:". $e->getCode()); | ||
| } | ||
| catch (MidInternalErrorException $internalError) { | ||
| die("Something went wrong with Mobile-ID service"); | ||
| } | ||
|
|
||
| ``` | ||
|
|
||
| ## Signing | ||
|
|
||
| Signing is not supported with PHP library. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| { | ||
| "name": "sk-id-solutions/mobile-id-php-client", | ||
| "type": "library", | ||
| "description": "Mobile-ID Relying Party PHP Api v5 client", | ||
| "license": "MIT", | ||
|
|
||
| "require": { | ||
| "php": "^7.2", | ||
| "ext-openssl": "*", | ||
| "ext-curl": "*", | ||
| "ext-json": "*" | ||
| }, | ||
| "require-dev": { | ||
| "phpunit/phpunit": "7.0" | ||
| }, | ||
| "autoload": { | ||
| "psr-4": { | ||
| "Sk\\Mid\\": "src/" | ||
| } | ||
| }, | ||
| "autoload-dev": { | ||
| "psr-4": { | ||
| "Sk\\Mid\\Tests\\": "tests/" | ||
| } | ||
| } | ||
| } | ||
|
|
Oops, something went wrong.