OATH_OCRAParser - Code Metrics - Inspection of "e3abb600534965e62aa0b9bc8e0e7a9c2e90d47e" - Tiqr/tiqr-server-libphp - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — develop (e3abb6)

by Pieter van der

created 2022-03-29 20:43 UTC

OATH_OCRAParser B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	237
Duplicated Lines	0 %

Test Coverage

Coverage

58.27%

Importance

Changes

Metric	Value
wmc	48
eloc	148
c	0
b	0
f	0
dl	0
loc	237
ccs	74
cts	127
cp	0.5827
rs	8.5599

5 Methods

Rating	Name	Size	Complexity
A	__construct()	2	1
A	generateChallenge()	26	4
A	generateSessionInformation()	15	2
D	parseOCRASuite()	133	38
A	constEqual()	12	3

How to fix Complexity

<?php

require_once ( __DIR__ . "/../Tiqr/Random.php");

class OATH_OCRAParser {

	private $key = NULL;


	private $OCRASuite = NULL;

	private $OCRAVersion = NULL;

	private $CryptoFunctionType = NULL;
	private $CryptoFunctionHash = NULL;
	private $CryptoFunctionHashLength = NULL;
	private $CryptoFunctionTruncation = NULL;

	private $C = FALSE;
	private $Q = FALSE;
	private $QType = 'N';
	private $QLength = 8;

	private $P = FALSE;
	private $PType = 'SHA1';
	private $PLength = 20;

	private $S = FALSE;
	private $SLength = 64;

	private $T = FALSE;
	private $TLength = 60; // 1M
	private $TPeriods = array('H' => 3600, 'M' => 60, 'S' => 1);

	private $supportedHashFunctions = array('SHA1' => 20, 'SHA256' => 32, 'SHA512' => 64);


	public function __construct($ocraSuite) {
		$this->parseOCRASuite($ocraSuite);
	}

	/**
	 * Inspired by https://github.com/bdauvergne/python-oath
	 */
	private function parseOCRASuite($ocraSuite) {
		if (!is_string($ocraSuite)) {
			throw new Exception('OCRASuite not in string format: ' . var_export($ocraSuite, TRUE));
		}

		$ocraSuite = strtoupper($ocraSuite);
		$this->OCRASuite = $ocraSuite;

		$s = explode(':', $ocraSuite);
		if (count($s) != 3) {
			throw new Exception('Invalid OCRASuite format: ' . var_export($ocraSuite, TRUE));
		}

		$algo = explode('-', $s[0]);
		if (count($algo) != 2) {
			throw new Exception('Invalid OCRA version: ' . var_export($s[0], TRUE));
		}

		if ($algo[0] !== 'OCRA') {
			throw new Exception('Unsupported OCRA algorithm: ' . var_export($algo[0], TRUE));
		}

		if ($algo[1] !== '1') {
			throw new Exception('Unsupported OCRA version: ' . var_export($algo[1], TRUE));
		}
		$this->OCRAVersion = $algo[1];

		$cf = explode('-', $s[1]);
		if (count($cf) != 3) {
			throw new Exception('Invalid OCRA suite crypto function: ' . var_export($s[1], TRUE));
		}

		if ($cf[0] !== 'HOTP') {
			throw new Exception('Unsupported OCRA suite crypto function: ' . var_export($cf[0], TRUE));
		}
		$this->CryptoFunctionType = $cf[0];

		if (!array_key_exists($cf[1], $this->supportedHashFunctions)) {
			throw new Exception('Unsupported hash function in OCRA suite crypto function: ' . var_export($cf[1], TRUE));
		}
		$this->CryptoFunctionHash = $cf[1];
		$this->CryptoFunctionHashLength = $this->supportedHashFunctions[$cf[1]];

		if (!preg_match('/^\d+$/', $cf[2]) || (($cf[2] < 4 || $cf[2] > 10) && $cf[2] != 0)) {
			throw new Exception('Invalid OCRA suite crypto function truncation length: ' . var_export($cf[2], TRUE));
		}
		$this->CryptoFunctionTruncation = intval($cf[2]);

		$di = explode('-', $s[2]);
		if (count($cf) == 0) {
			throw new Exception('Invalid OCRA suite data input: ' . var_export($s[2], TRUE));
		}

		$data_input = array();
		foreach($di as $elem) {
			$letter = $elem[0];
			if (array_key_exists($letter, $data_input)) {
				throw new Exception('Duplicate field in OCRA suite data input: ' . var_export($elem, TRUE));
			}
			$data_input[$letter] = 1;

			if ($letter === 'C' && strlen($elem) == 1) {
				$this->C = TRUE;
			} elseif ($letter === 'Q') {
				if (strlen($elem) == 1) {
					$this->Q = TRUE;
				} elseif (preg_match('/^Q([AHN])(\d+)$/', $elem, $match)) {
					$q_len = intval($match[2]);
					if ($q_len < 4 || $q_len > 64) {
						throw new Exception('Invalid OCRA suite data input question length: ' . var_export($q_len, TRUE));
					}
					$this->Q = TRUE;
					$this->QType = $match[1];
					$this->QLength = $q_len;
				} else {
					throw new Exception('Invalid OCRA suite data input question: ' . var_export($elem, TRUE));
				}
			} elseif ($letter === 'P') {
				if (strlen($elem) == 1) {
					$this->P = TRUE;
				} else {
					$p_algo = substr($elem, 1);
					if (!array_key_exists($p_algo, $this->supportedHashFunctions)) {
						throw new Exception('Unsupported OCRA suite PIN hash function: ' . var_export($elem, TRUE));
					}
					$this->P = TRUE;
					$this->PType = $p_algo;
					$this->PLength = $this->supportedHashFunctions[$p_algo];
				}
			} elseif ($letter === 'S') {
				if (strlen($elem) == 1) {
					$this->S = TRUE;
				} elseif (preg_match('/^S(\d+)$/', $elem, $match)) {
					$s_len = intval($match[1]);
					if ($s_len <= 0 || $s_len > 512) {
						throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($s_len, TRUE));
					}

					$this->S = TRUE;
					$this->SLength = $s_len;
				} else {
					throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($elem, TRUE));
				}
			} elseif ($letter === 'T') {
				if (strlen($elem) == 1) {
					$this->T = TRUE;
				} elseif (preg_match('/^T(\d+[HMS])+$/', $elem)) {
					preg_match_all('/(\d+)([HMS])/', $elem, $match);

					if (count($match[1]) !== count(array_unique($match[2]))) {
						throw new Exception('Duplicate definitions in OCRA suite data input timestamp: ' . var_export($elem, TRUE));
					}

					$length = 0;
					for ($i = 0; $i < count($match[1]); $i++) {
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
						$length += intval($match[1][$i]) * $this->TPeriods[$match[2][$i]];
					}
					if ($length <= 0) {
						throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
					}

					$this->T = TRUE;
					$this->TLength = $length;
				} else {
					throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
				}
			} else {
				throw new Exception('Unsupported OCRA suite data input field: ' . var_export($elem, TRUE));
			}
		}

		if (!$this->Q) {
			throw new Exception('OCRA suite data input question not defined: ' . var_export($s[2], TRUE));
		}
	}

	public function generateChallenge() {
		$q_length = $this->QLength;
		$q_type = $this->QType;

        $bytes = Tiqr_Random::randomBytes($q_length);

		switch($q_type) {
			case 'A':
				$challenge = base64_encode($bytes);
				$tr = implode("", unpack('H*', $bytes));
				$challenge = rtrim(strtr($challenge, '+/', $tr), '=');
				break;
			case 'H':
				$challenge = implode("", unpack('H*', $bytes));
				break;
			case 'N':
				$challenge = implode("", unpack('N*', $bytes));
				break;
			default:
				throw new Exception('Unsupported OCRASuite challenge type: ' . var_export($q_type, TRUE));
				break;
		}

		$challenge = substr($challenge, 0, $q_length);

		return $challenge;
	}


	public function generateSessionInformation() {
		if (!$this->S) {
			throw new Exception('Session information not defined in OCRASuite: ' . var_export($this->OCRASuite, TRUE));
		}

		$s_length = $this->SLength;
        $bytes = Tiqr_Random::randomBytes($s_length);

		// The OCRA spec doesn't specify that the session data should be hexadecimal.
		// However the reference implementation in the RFC does treat it as hex.
		$session = bin2hex($bytes);
		
		$session = substr($session, 0, $s_length);
		
		return $session;
	}


	/**
	 * Constant time string comparison, see http://codahale.com/a-lesson-in-timing-attacks/
	 */
	public static function constEqual($s1, $s2) {
		if (strlen($s1) != strlen($s2)) {
			return FALSE;
		}

		$result = TRUE;
		$length = strlen($s1);
		for ($i = 0; $i < $length; $i++) {
			$result &= ($s1[$i] == $s2[$i]);
		}

		return (boolean)$result;
	}

}


1		<?php
2
3		require_once ( __DIR__ . "/../Tiqr/Random.php");
4
5		class OATH_OCRAParser {
6
7		private $key = NULL;
		0 ignored issues – show introduced 2022-02-04 14:35 UTC by Report Bug Copy Issue Report The private property `$key` is not used, and could be removed. Loading history...
8
9		private $OCRASuite = NULL;
10
11		private $OCRAVersion = NULL;
12
13		private $CryptoFunctionType = NULL;
14		private $CryptoFunctionHash = NULL;
15		private $CryptoFunctionHashLength = NULL;
16		private $CryptoFunctionTruncation = NULL;
17
18		private $C = FALSE;
19		private $Q = FALSE;
20		private $QType = 'N';
21		private $QLength = 8;
22
23		private $P = FALSE;
24		private $PType = 'SHA1';
25		private $PLength = 20;
26
27		private $S = FALSE;
28		private $SLength = 64;
29
30		private $T = FALSE;
31		private $TLength = 60; // 1M
32		private $TPeriods = array('H' => 3600, 'M' => 60, 'S' => 1);
33
34		private $supportedHashFunctions = array('SHA1' => 20, 'SHA256' => 32, 'SHA512' => 64);
35
36
37	8	public function __construct($ocraSuite) {
38	8	$this->parseOCRASuite($ocraSuite);
39	8	}
40
41		/**
42		* Inspired by https://github.com/bdauvergne/python-oath
43		*/
44	8	private function parseOCRASuite($ocraSuite) {
45	8	if (!is_string($ocraSuite)) {
46		throw new Exception('OCRASuite not in string format: ' . var_export($ocraSuite, TRUE));
47		}
48
49	8	$ocraSuite = strtoupper($ocraSuite);
50	8	$this->OCRASuite = $ocraSuite;
51
52	8	$s = explode(':', $ocraSuite);
53	8	if (count($s) != 3) {
54		throw new Exception('Invalid OCRASuite format: ' . var_export($ocraSuite, TRUE));
55		}
56
57	8	$algo = explode('-', $s[0]);
58	8	if (count($algo) != 2) {
59		throw new Exception('Invalid OCRA version: ' . var_export($s[0], TRUE));
60		}
61
62	8	if ($algo[0] !== 'OCRA') {
63		throw new Exception('Unsupported OCRA algorithm: ' . var_export($algo[0], TRUE));
64		}
65
66	8	if ($algo[1] !== '1') {
67		throw new Exception('Unsupported OCRA version: ' . var_export($algo[1], TRUE));
68		}
69	8	$this->OCRAVersion = $algo[1];
70
71	8	$cf = explode('-', $s[1]);
72	8	if (count($cf) != 3) {
73		throw new Exception('Invalid OCRA suite crypto function: ' . var_export($s[1], TRUE));
74		}
75
76	8	if ($cf[0] !== 'HOTP') {
77		throw new Exception('Unsupported OCRA suite crypto function: ' . var_export($cf[0], TRUE));
78		}
79	8	$this->CryptoFunctionType = $cf[0];
80
81	8	if (!array_key_exists($cf[1], $this->supportedHashFunctions)) {
82		throw new Exception('Unsupported hash function in OCRA suite crypto function: ' . var_export($cf[1], TRUE));
83		}
84	8	$this->CryptoFunctionHash = $cf[1];
85	8	$this->CryptoFunctionHashLength = $this->supportedHashFunctions[$cf[1]];
86
87	8	if (!preg_match('/^\d+$/', $cf[2]) \|\| (($cf[2] < 4 \|\| $cf[2] > 10) && $cf[2] != 0)) {
88		throw new Exception('Invalid OCRA suite crypto function truncation length: ' . var_export($cf[2], TRUE));
89		}
90	8	$this->CryptoFunctionTruncation = intval($cf[2]);
91
92	8	$di = explode('-', $s[2]);
93	8	if (count($cf) == 0) {
94		throw new Exception('Invalid OCRA suite data input: ' . var_export($s[2], TRUE));
95		}
96
97	8	$data_input = array();
98	8	foreach($di as $elem) {
99	8	$letter = $elem[0];
100	8	if (array_key_exists($letter, $data_input)) {
101		throw new Exception('Duplicate field in OCRA suite data input: ' . var_export($elem, TRUE));
102		}
103	8	$data_input[$letter] = 1;
104
105	8	if ($letter === 'C' && strlen($elem) == 1) {
106		$this->C = TRUE;
107	8	} elseif ($letter === 'Q') {
108	8	if (strlen($elem) == 1) {
109		$this->Q = TRUE;
110	8	} elseif (preg_match('/^Q([AHN])(\d+)$/', $elem, $match)) {
111	8	$q_len = intval($match[2]);
112	8	if ($q_len < 4 \|\| $q_len > 64) {
113		throw new Exception('Invalid OCRA suite data input question length: ' . var_export($q_len, TRUE));
114		}
115	8	$this->Q = TRUE;
116	8	$this->QType = $match[1];
117	8	$this->QLength = $q_len;
118		} else {
119	8	throw new Exception('Invalid OCRA suite data input question: ' . var_export($elem, TRUE));
120		}
121	8	} elseif ($letter === 'P') {
122		if (strlen($elem) == 1) {
123		$this->P = TRUE;
124		} else {
125		$p_algo = substr($elem, 1);
126		if (!array_key_exists($p_algo, $this->supportedHashFunctions)) {
127		throw new Exception('Unsupported OCRA suite PIN hash function: ' . var_export($elem, TRUE));
128		}
129		$this->P = TRUE;
130		$this->PType = $p_algo;
131		$this->PLength = $this->supportedHashFunctions[$p_algo];
132		}
133	8	} elseif ($letter === 'S') {
134	8	if (strlen($elem) == 1) {
135	8	$this->S = TRUE;
136		} elseif (preg_match('/^S(\d+)$/', $elem, $match)) {
137		$s_len = intval($match[1]);
138		if ($s_len <= 0 \|\| $s_len > 512) {
139		throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($s_len, TRUE));
140		}
141
142		$this->S = TRUE;
143		$this->SLength = $s_len;
144		} else {
145	8	throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($elem, TRUE));
146		}
147		} elseif ($letter === 'T') {
148		if (strlen($elem) == 1) {
149		$this->T = TRUE;
150		} elseif (preg_match('/^T(\d+[HMS])+$/', $elem)) {
151		preg_match_all('/(\d+)([HMS])/', $elem, $match);
152
153		if (count($match[1]) !== count(array_unique($match[2]))) {
154		throw new Exception('Duplicate definitions in OCRA suite data input timestamp: ' . var_export($elem, TRUE));
155		}
156
157		$length = 0;
158		for ($i = 0; $i < count($match[1]); $i++) {
		0 ignored issues – show Performance Best Practice introduced 2022-02-04 14:35 UTC by Report Bug Copy Issue Report It seems like you are calling the size function `count()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
159		$length += intval($match[1][$i]) * $this->TPeriods[$match[2][$i]];
160		}
161		if ($length <= 0) {
162		throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
163		}
164
165		$this->T = TRUE;
166		$this->TLength = $length;
167		} else {
168		throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
169		}
170		} else {
171	8	throw new Exception('Unsupported OCRA suite data input field: ' . var_export($elem, TRUE));
172		}
173		}
174
175	8	if (!$this->Q) {
176		throw new Exception('OCRA suite data input question not defined: ' . var_export($s[2], TRUE));
177		}
178	8	}
179
180	2	public function generateChallenge() {
181	2	$q_length = $this->QLength;
182	2	$q_type = $this->QType;
183
184	2	$bytes = Tiqr_Random::randomBytes($q_length);
185
186	2	switch($q_type) {
187	2	case 'A':
188		$challenge = base64_encode($bytes);
189		$tr = implode("", unpack('H*', $bytes));
190		$challenge = rtrim(strtr($challenge, '+/', $tr), '=');
191		break;
192	2	case 'H':
193	2	$challenge = implode("", unpack('H*', $bytes));
194	2	break;
195		case 'N':
196		$challenge = implode("", unpack('N*', $bytes));
197		break;
198		default:
199		throw new Exception('Unsupported OCRASuite challenge type: ' . var_export($q_type, TRUE));
200		break;
201		}
202
203	2	$challenge = substr($challenge, 0, $q_length);
204
205	2	return $challenge;
206		}
207
208
209	4	public function generateSessionInformation() {
210	4	if (!$this->S) {
211		throw new Exception('Session information not defined in OCRASuite: ' . var_export($this->OCRASuite, TRUE));
212		}
213
214	4	$s_length = $this->SLength;
215	4	$bytes = Tiqr_Random::randomBytes($s_length);
216
217		// The OCRA spec doesn't specify that the session data should be hexadecimal.
218		// However the reference implementation in the RFC does treat it as hex.
219	4	$session = bin2hex($bytes);
220
221	4	$session = substr($session, 0, $s_length);
222
223	4	return $session;
224		}
225
226
227		/**
228		* Constant time string comparison, see http://codahale.com/a-lesson-in-timing-attacks/
229		*/
230	3	public static function constEqual($s1, $s2) {
231	3	if (strlen($s1) != strlen($s2)) {
232	1	return FALSE;
233		}
234
235	3	$result = TRUE;
236	3	$length = strlen($s1);
237	3	for ($i = 0; $i < $length; $i++) {
238	3	$result &= ($s1[$i] == $s2[$i]);
239		}
240
241	3	return (boolean)$result;
242		}
243
244		}
245

Tiqr / tiqr-server-libphp

Branch — develop (e3abb6)

OATH_OCRAParser B

Complexity

Size/Duplication

Test Coverage

Importance

5 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like