OtpGenerator::generate() - Code Metrics - Inspection of "Release 1.x -> master" - OpenConext/Stepup-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#36)

by Boy

created 2016-06-08 11:47 UTC

OtpGenerator::generate() C

↳ Parent: OtpGenerator

Complexity

Conditions	7
Paths	8

Size

Total Lines	43
Code Lines	21

Duplication

Lines	0
Ratio	0 %

Importance

Changes	7
Bugs	0	Features	1

Metric	Value
c	7
b	0
f	1
dl	0
loc	43
rs	6.7272
cc	7
eloc	21
nc	8
nop	1

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupBundle\Security;

use Surfnet\StepupBundle\Exception\InvalidArgumentException;
use Surfnet\StepupBundle\Security\Exception\OtpGenerationRuntimeException;

/**
 * A stand-alone class for securely generating OTPs.
 */
final class OtpGenerator
{
    /**
     * The characters used in the OTP. Must be a power of two characters long to ensure all characters have equal chance
     * of being included.
     */
    const CHARACTER_SET = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';

    /**
     * The 32 possible characters in the Base32 alphabet can be represented in exactly 5 bits
     */
    const BITS_PER_CHARACTER = 5;

    /**
     * Securely generate a 8-character OTP containing only characters from the OtpGenerator::CHARACTER_SET constant.
     * Based on https://gist.github.com/pmeulen/3dff8bab3227ed340dd1
     *
     * @param int $length The length of the OTP to generate
     * @return string
     * @throws OtpGenerationRuntimeException
     */
    public static function generate($length)
    {
        if (!is_int($length)) {
            throw InvalidArgumentException::invalidType('int', 'length', $length);
        }

        if ($length <= 0) {
            throw new InvalidArgumentException('Expected positive integer $length');
        }

        $bitsPerValue = self::BITS_PER_CHARACTER;
        $randomBytesRequired = (int) ceil($length * $bitsPerValue / 8);
        $cryptoStrong = false;
        $randomBytes = openssl_random_pseudo_bytes($randomBytesRequired, $cryptoStrong); // Generate random bytes

        if ($cryptoStrong === false) {
            throw new OtpGenerationRuntimeException('openssl_random_pseudo_bytes() is not cryptographically strong');
        }

        if ($randomBytes === false) {
            throw new OtpGenerationRuntimeException('openssl_random_pseudo_bytes() failed');
        }

        // Transform each byte $random_bytes into $random_bits where each byte
        // is converted to its 8 character ASCII binary representation.
        // This allows us to work with the individual bits using the php string functions
        // Not very efficient, but easy to understand.
        $randomBits = '';
        for ($i = 0; $i < $randomBytesRequired; $i++) {
            $randomBits .= str_pad(decbin(ord($randomBytes[$i])), 8, '0', STR_PAD_LEFT);
        }

        // Get 'bits' form $random_bits string in blocks of 5 bits, convert bits to value [0..32> and use
        // this as offset in self::CHARACTER_SET to pick the character
        $password = '';
        for ($i = 0; $i < $length; $i++) {
            $randomValueBin = substr($randomBits, $i * $bitsPerValue, $bitsPerValue);

            $password .= substr(self::CHARACTER_SET, bindec($randomValueBin), 1);
        }

        return $password;
    }
}


1			<?php
2
3			/**
4			* Copyright 2014 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupBundle\Security;
20
21			use Surfnet\StepupBundle\Exception\InvalidArgumentException;
22			use Surfnet\StepupBundle\Security\Exception\OtpGenerationRuntimeException;
23
24			/**
25			* A stand-alone class for securely generating OTPs.
26			*/
27			final class OtpGenerator
28			{
29			/**
30			* The characters used in the OTP. Must be a power of two characters long to ensure all characters have equal chance
31			* of being included.
32			*/
33			const CHARACTER_SET = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
34
35			/**
36			* The 32 possible characters in the Base32 alphabet can be represented in exactly 5 bits
37			*/
38			const BITS_PER_CHARACTER = 5;
39
40			/**
41			* Securely generate a 8-character OTP containing only characters from the OtpGenerator::CHARACTER_SET constant.
42			* Based on https://gist.github.com/pmeulen/3dff8bab3227ed340dd1
43			*
44			* @param int $length The length of the OTP to generate
45			* @return string
46			* @throws OtpGenerationRuntimeException
47			*/
48			public static function generate($length)
49			{
50			if (!is_int($length)) {
51			throw InvalidArgumentException::invalidType('int', 'length', $length);
52			}
53
54			if ($length <= 0) {
55			throw new InvalidArgumentException('Expected positive integer $length');
56			}
57
58			$bitsPerValue = self::BITS_PER_CHARACTER;
59			$randomBytesRequired = (int) ceil($length * $bitsPerValue / 8);
60			$cryptoStrong = false;
61			$randomBytes = openssl_random_pseudo_bytes($randomBytesRequired, $cryptoStrong); // Generate random bytes
62
63			if ($cryptoStrong === false) {
64			throw new OtpGenerationRuntimeException('openssl_random_pseudo_bytes() is not cryptographically strong');
65			}
66
67			if ($randomBytes === false) {
68			throw new OtpGenerationRuntimeException('openssl_random_pseudo_bytes() failed');
69			}
70
71			// Transform each byte $random_bytes into $random_bits where each byte
72			// is converted to its 8 character ASCII binary representation.
73			// This allows us to work with the individual bits using the php string functions
74			// Not very efficient, but easy to understand.
75			$randomBits = '';
76			for ($i = 0; $i < $randomBytesRequired; $i++) {
77			$randomBits .= str_pad(decbin(ord($randomBytes[$i])), 8, '0', STR_PAD_LEFT);
78			}
79
80			// Get 'bits' form $random_bits string in blocks of 5 bits, convert bits to value [0..32> and use
81			// this as offset in self::CHARACTER_SET to pick the character
82			$password = '';
83			for ($i = 0; $i < $length; $i++) {
84			$randomValueBin = substr($randomBits, $i * $bitsPerValue, $bitsPerValue);
85
86			$password .= substr(self::CHARACTER_SET, bindec($randomValueBin), 1);
87			}
88
89			return $password;
90			}
91			}
92

OpenConext / Stepup-bundle

GitHub Access Token became invalid

Pull Request — master (#36)

OtpGenerator::generate() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like