fix: complete transport pool and deterministic generation in SimpleFakeCredentialGenerator (#823)

* fix: use all transport types and deterministic generation in SimpleFakeCredentialGenerator

Include hybrid, internal and smart-card transports in the fake
credential pool so generated credentials are indistinguishable from
real ones. Replace random generation with a deterministic HMAC-based
seed derived from the username and a server secret, ensuring stable
responses across requests without relying on cache.

* fix: inject cache service into SimpleFakeCredentialGenerator

Use CacheItemPoolInterface with nullOnInvalid() instead of hardcoded
null so the cache is actually used when available in the container.

* fix: inject cache service into SimpleFakeCredentialGenerator and fix coding standards

Use CacheItemPoolInterface with nullOnInvalid() instead of hardcoded
null so the cache is actually used when available in the container.
Apply coding standards fixes across the codebase.

* Refactor: Clean up imports and remove duplicates across denormalizer and service classes

- Removed duplicate function imports and organized them in multiple denormalizer classes including CredentialRecordDenormalizer, ExtensionDescriptorDenormalizer, and others.
- Ensured consistent use of function imports such as `array_key_exists`, `assert`, `count`, and `in_array`.
- Updated import statements in various service classes like DistantResourceMetadataService, FidoAllianceCompliantMetadataService, and others for better clarity and maintainability.
- Cleaned up unused imports in test files and ensured proper organization of function imports.

Author: Spomky

src/symfony/src/Resources/config/services.php

@@ -2,6 +2,7 @@
 
 declare(strict_types=1);
 
+use Psr\Cache\CacheItemPoolInterface;
 use Psr\Log\NullLogger;
 use Symfony\Component\Clock\NativeClock;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
@@ -82,7 +83,9 @@
         ->factory([service(CeremonyStepManagerFactory::class), 'conditionalCreateCeremony'])
     ;
 
-    $service->set(SimpleFakeCredentialGenerator::class);
+    $service->set(SimpleFakeCredentialGenerator::class)
+        ->args([service(CacheItemPoolInterface::class)->nullOnInvalid(), param('kernel.secret')])
+    ;
 
     $service
         ->set('webauthn.ceremony_step_manager.request')

src/webauthn/src/SimpleFakeCredentialGenerator.php

@@ -5,14 +5,15 @@
 namespace Webauthn;
 
 use function count;
-use function is_int;
+use function ord;
 use Psr\Cache\CacheItemPoolInterface;
 use Symfony\Component\HttpFoundation\Request;
 
 final readonly class SimpleFakeCredentialGenerator implements FakeCredentialGenerator
 {
     public function __construct(
-        private null|CacheItemPoolInterface $cache = null
+        private null|CacheItemPoolInterface $cache = null,
+        private string $secret = '',
     ) {
     }
 
@@ -48,18 +49,27 @@ private function generateCredentials(string $username): array
             PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_USB,
             PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_NFC,
             PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_BLE,
+            PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_HYBRID,
+            PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_INTERNAL,
+            PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_SMART_CARD,
         ];
+        $seed = hash('sha256', $username . $this->secret, true);
+        $count = (ord($seed[0]) % 3) + 1;
+
         $credentials = [];
-        for ($i = 0; $i < random_int(1, 3); $i++) {
-            $randomTransportKeys = array_rand($transports, random_int(1, count($transports)));
-            if (is_int($randomTransportKeys)) {
-                $randomTransportKeys = [$randomTransportKeys];
+        for ($i = 0; $i < $count; $i++) {
+            $credSeed = hash('sha256', $seed . pack('N', $i), true);
+            $transportCount = (ord($credSeed[0]) % 2) + 1;
+            $selectedTransports = [];
+            for ($j = 0; $j < $transportCount; $j++) {
+                $index = ord($credSeed[$j + 1]) % count($transports);
+                $selectedTransports[] = $transports[$index];
             }
-            $randomTransports = array_values(array_intersect_key($transports, array_flip($randomTransportKeys)));
+            $selectedTransports = array_values(array_unique($selectedTransports));
             $credentials[] = PublicKeyCredentialDescriptor::create(
                 PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY,
-                hash('sha256', random_bytes(16) . $username),
-                $randomTransports
+                hash('sha256', $credSeed . $username),
+                $selectedTransports
             );
         }