OctAnalyzer::analyze() - Code Metrics - Inspection of "WIP JoseFrameworkBundle" - Spomky-Labs/jose - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — v7 ( 477009...5356df )

by Florent

created 2017-09-04 22:40 UTC

OctAnalyzer::analyze() B

↳ Parent: OctAnalyzer

Complexity

Conditions	6
Paths	9

Size

Total Lines	26
Code Lines	19

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	26
rs	8.439
c	0
b	0
f	0
cc	6
eloc	19
nc	9
nop	2

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2017 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Component\KeyManagement\KeyAnalyzer;

use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use ZxcvbnPhp\Zxcvbn;

final class OctAnalyzer implements JWKAnalyzerInterface
{
    /**
     * {@inheritdoc}
     */
    public function analyze(JWK $jwk, array &$messages)
    {
        if ('oct' !== $jwk->get('kty')) {
            return;
        }
        $k = Base64Url::decode($jwk->get('k'));
        $kLength = 8 * mb_strlen($k, '8bit');
        if ($kLength < 128) {
            $messages[] = 'The key length is less than 128 bits.';
        }

        if (class_exists(Zxcvbn::class)) {
            $zxcvbn = new Zxcvbn();
            $strength = $zxcvbn->passwordStrength($k);
            switch (true) {
                case $strength['score'] < 3:
                    $messages[] = 'The octet string is weak and easily guessable. Please change your key as soon as possible.';
                    break;
                case $strength['score'] === 3:
                    $messages[] = 'The octet string is safe, but a longer key is preferable.';
                    break;
                default:
                    break;
            }
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2017 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Component\KeyManagement\KeyAnalyzer;
15
16			use Base64Url\Base64Url;
17			use Jose\Component\Core\JWK;
18			use ZxcvbnPhp\Zxcvbn;
19
20			final class OctAnalyzer implements JWKAnalyzerInterface
21			{
22			/**
23			* {@inheritdoc}
24			*/
25			public function analyze(JWK $jwk, array &$messages)
26			{
27			if ('oct' !== $jwk->get('kty')) {
28			return;
29			}
30			$k = Base64Url::decode($jwk->get('k'));
31			$kLength = 8 * mb_strlen($k, '8bit');
32			if ($kLength < 128) {
33			$messages[] = 'The key length is less than 128 bits.';
34			}
35
36			if (class_exists(Zxcvbn::class)) {
37			$zxcvbn = new Zxcvbn();
38			$strength = $zxcvbn->passwordStrength($k);
39			switch (true) {
40			case $strength['score'] < 3:
41			$messages[] = 'The octet string is weak and easily guessable. Please change your key as soon as possible.';
42			break;
43			case $strength['score'] === 3:
44			$messages[] = 'The octet string is safe, but a longer key is preferable.';
45			break;
46			default:
47			break;
48			}
49			}
50			}
51			}
52

Spomky-Labs / jose

Push — v7 ( 477009...5356df )

OctAnalyzer::analyze() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like