ar_security_crypt - Code Metrics - Inspection of "[WIP] Add new crypt module" - Ariadne-CMS/ariadne - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#125)

by Robbert

created 2016-07-13 13:37 UTC

ar_security_crypt A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	114
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	3

Importance

Changes	3
Bugs	0	Features	1

Metric	Value
c	3
b	0
f	1
dl	0
loc	114
rs	10
wmc	19
lcom	1
cbo	3

7 Methods

Rating	Name	Size	Complexity
A	__construct()	2	1
A	key()	17	3
A	passphrase()	8	1
B	encrypt()	23	5
A	generateKey()	5	1
A	keyRawToInternal()	12	2
B	decrypt()	24	6

<?php


/*
 * crypto library
 * design choices:
 * - never return the exceptions from the lower levels
 * - keys creation from pre generated keys is done with a closure to inject in into a Key object
 *   and not by using the 'insecure' method in the defuse library
 */

ar_pinp::allow('ar_security_crypt');

use Defuse\Crypto as DC;

class ar_security_crypt extends arBase {
	private $secret;
	private $method;
	const USEKEY  = 1;
	const USEPASS = 2;

	private function keyRawToInternal($rawkey) {
		static $key;
		static $func;
		if (is_null($key)) {
			$key = DC\Key::createNewRandomKey();
			$func = function($rawkey) {
				return new self($rawkey);

			};
			$func = $func->bindto($key,$key);
		}
		return $func($rawkey);
	}

	public function __construct() {
	}

	public function key($key) {
		$key = base64_decode($key,true);
		if ($key === false) {
			return ar('error')->raiseError('Invalid key encoding',1000);
		}

		try {
			$key = $this->keyRawToInternal($key);
		} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
			return ar('error')->raiseError('Invalid key', 1000);
		}
		$ret = new self();
		// hide key from most error related stackdumps
		$ret->secret = function() use ($key) { return $key; };
		$ret->method = self::USEKEY;
		return $ret;
	}

	public function passphrase($pass)
	{
		$ret = new self();
		// hide pass from most error related stackdumps
		$ret->secret = function() use ($pass) { return $pass; };
		$ret->method = self::USEPASS;
		return $ret;
	}

	/*
	 * keybytes are hardcoded to 32 bytes
	 * 3 options:
	 * A) base64 encoded key
	 * B) key in the format for defuse
	 * C) not a key
	 * Only A and C are 'implemented'
	 */

	public function encrypt($data) {
		if (!isset($this->method)) {
			return ar('error')->raiseError('use key or passphrase to init crypt engine',1000);
		}

		if (!is_scalar($data)) {
			return ar('error')->raiseError('Data should be a scalar datatype',1000);
		}

		try {
			$secret = $this->secret;
			if ($this->method === self::USEKEY ) {
				$ciphertext = DC\Crypto::encrypt($data, $secret(), true);
			} else {
				$ciphertext = DC\Crypto::encryptWithPassword($data, $secret(), true);

			}
		} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
			return ar('error')->raiseError('enviroment is broken', 1000);
		}

		return base64_encode($ciphertext);
	}

	public function decrypt($data){
		if (!isset($this->method)) {
			return ar('error')->raiseError('use key or passphrase to init crypt engine',1000);
		}
		$data = base64_decode($data,true);

		if ($data === false ) {
			return ar('error')->raiseError('Invalid data, not properly base64 encoded',1000);
		}

		try {
			$secret = $this->secret;
			if ($this->method === self::USEKEY ) {
				$decrypted = DC\Crypto::decrypt($data, $secret(), true);
			} else {
				$decrypted = DC\Crypto::decryptWithPassword($data, $secret(), true);
			}
		} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
			return ar('error')->raiseError('enviroment is broken', 1000);
		} catch (DC\Exception\WrongKeyOrModifiedCiphertextException $ex) {
			return ar('error')->raiseError('wrong key of data has been tampered with', 1000);
		}
		return $decrypted;
	}

	public function generateKey(){
		$key   = DC\Key::createNewRandomKey();
		$bytes = $key->getRawBytes();
		return base64_encode($bytes);
	}

}


1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2016-07-08 14:40 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 15 and the first side effect is on line 11. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2
3			/*
4			* crypto library
5			* design choices:
6			* - never return the exceptions from the lower levels
7			* - keys creation from pre generated keys is done with a closure to inject in into a Key object
8			* and not by using the 'insecure' method in the defuse library
9			*/
10
11			ar_pinp::allow('ar_security_crypt');
12
13			use Defuse\Crypto as DC;
14
15			class ar_security_crypt extends arBase {
16			private $secret;
17			private $method;
18			const USEKEY = 1;
19			const USEPASS = 2;
20
21			private function keyRawToInternal($rawkey) {
22			static $key;
23			static $func;
24			if (is_null($key)) {
25			$key = DC\Key::createNewRandomKey();
26			$func = function($rawkey) {
27			return new self($rawkey);
			0 ignored issues – show Unused Code introduced 2016-07-08 14:40 UTC by Report Bug Copy Issue Report The call to `ar_security_crypt::__construct()` has too many arguments starting with `$rawkey`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
28			};
29			$func = $func->bindto($key,$key);
30			}
31			return $func($rawkey);
32			}
33
34			public function __construct() {
35			}
36
37			public function key($key) {
38			$key = base64_decode($key,true);
39			if ($key === false) {
40			return ar('error')->raiseError('Invalid key encoding',1000);
41			}
42
43			try {
44			$key = $this->keyRawToInternal($key);
45			} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
46			return ar('error')->raiseError('Invalid key', 1000);
47			}
48			$ret = new self();
49			// hide key from most error related stackdumps
50			$ret->secret = function() use ($key) { return $key; };
51			$ret->method = self::USEKEY;
52			return $ret;
53			}
54
55			public function passphrase($pass)
56			{
57			$ret = new self();
58			// hide pass from most error related stackdumps
59			$ret->secret = function() use ($pass) { return $pass; };
60			$ret->method = self::USEPASS;
61			return $ret;
62			}
63
64			/*
65			* keybytes are hardcoded to 32 bytes
66			* 3 options:
67			* A) base64 encoded key
68			* B) key in the format for defuse
69			* C) not a key
70			* Only A and C are 'implemented'
71			*/
72
73			public function encrypt($data) {
74			if (!isset($this->method)) {
75			return ar('error')->raiseError('use key or passphrase to init crypt engine',1000);
76			}
77
78			if (!is_scalar($data)) {
79			return ar('error')->raiseError('Data should be a scalar datatype',1000);
80			}
81
82			try {
83			$secret = $this->secret;
84			if ($this->method === self::USEKEY ) {
85			$ciphertext = DC\Crypto::encrypt($data, $secret(), true);
86			} else {
87			$ciphertext = DC\Crypto::encryptWithPassword($data, $secret(), true);
88
89			}
90			} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
91			return ar('error')->raiseError('enviroment is broken', 1000);
92			}
93
94			return base64_encode($ciphertext);
95			}
96
97			public function decrypt($data){
98			if (!isset($this->method)) {
99			return ar('error')->raiseError('use key or passphrase to init crypt engine',1000);
100			}
101			$data = base64_decode($data,true);
102
103			if ($data === false ) {
104			return ar('error')->raiseError('Invalid data, not properly base64 encoded',1000);
105			}
106
107			try {
108			$secret = $this->secret;
109			if ($this->method === self::USEKEY ) {
110			$decrypted = DC\Crypto::decrypt($data, $secret(), true);
111			} else {
112			$decrypted = DC\Crypto::decryptWithPassword($data, $secret(), true);
113			}
114			} catch (DC\Exception\EnvironmentIsBrokenException $ex) {
115			return ar('error')->raiseError('enviroment is broken', 1000);
116			} catch (DC\Exception\WrongKeyOrModifiedCiphertextException $ex) {
117			return ar('error')->raiseError('wrong key of data has been tampered with', 1000);
118			}
119			return $decrypted;
120			}
121
122			public function generateKey(){
123			$key = DC\Key::createNewRandomKey();
124			$bytes = $key->getRawBytes();
125			return base64_encode($bytes);
126			}
127
128			}
129

Ariadne-CMS / ariadne

Pull Request — master (#125)

ar_security_crypt A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

7 Methods

Duplication Side-by-Side

Filter issues like