Tiqr / tiqr-server-libphp

library/tiqr/Tiqr/OATH/OCRA.php

Braces +42 added lines, -28 removed lines

@@ -97,12 +97,15 @@ 
         $cryptoFunction = $components[1];
         $dataInput = strtolower($components[2]); // lower here so we can do case insensitive comparisons
         
-        if(stripos($cryptoFunction, "sha1")!==false)
-            $crypto = "sha1";
-        if(stripos($cryptoFunction, "sha256")!==false)
-            $crypto = "sha256";
-        if(stripos($cryptoFunction, "sha512")!==false)
-            $crypto = "sha512";
+        if(stripos($cryptoFunction, "sha1")!==false) {
+                    $crypto = "sha1";
+        }
+        if(stripos($cryptoFunction, "sha256")!==false) {
+                    $crypto = "sha256";
+        }
+        if(stripos($cryptoFunction, "sha512")!==false) {
+                    $crypto = "sha512";
+        }
         
         $codeDigits = substr($cryptoFunction, strrpos($cryptoFunction, "-")+1);
                 
@@ -110,63 +113,73 @@ 
         // Counter
         if($dataInput[0] == "c" ) {
             // Fix the length of the HEX string
-            while(strlen($counter) < 16)
-                $counter = "0" . $counter;
+            while(strlen($counter) < 16) {
+                            $counter = "0" . $counter;
+            }
             $counterLength=8;
         }
         // Question
         if($dataInput[0] == "q" ||
                 stripos($dataInput, "-q")!==false) {
-            while(strlen($question) < 256)
-                $question = $question . "0";
+            while(strlen($question) < 256) {
+                            $question = $question . "0";
+            }
             $questionLength=128;
         }
 
         // Password
         if(stripos($dataInput, "psha1")!==false) {
-            while(strlen($password) < 40)
-                $password = "0" . $password;
+            while(strlen($password) < 40) {
+                            $password = "0" . $password;
+            }
             $passwordLength=20;
         }
     
         if(stripos($dataInput, "psha256")!==false) {
-            while(strlen($password) < 64)
-                $password = "0" . $password;
+            while(strlen($password) < 64) {
+                            $password = "0" . $password;
+            }
             $passwordLength=32;
         }
         
         if(stripos($dataInput, "psha512")!==false) {
-            while(strlen($password) < 128)
-                $password = "0" . $password;
+            while(strlen($password) < 128) {
+                            $password = "0" . $password;
+            }
             $passwordLength=64;
         }
         
         // sessionInformation
         if(stripos($dataInput, "s064") !==false) {
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+            while(strlen($sessionInformation) < 128) {
+                            $sessionInformation = "0" . $sessionInformation;
+            }
 
             $sessionInformationLength=64;
         } else if(stripos($dataInput, "s128") !==false) {
-            while(strlen($sessionInformation) < 256)
-                $sessionInformation = "0" . $sessionInformation;
+            while(strlen($sessionInformation) < 256) {
+                            $sessionInformation = "0" . $sessionInformation;
+            }
         
             $sessionInformationLength=128;
         } else if(stripos($dataInput, "s256") !==false) {
-            while(strlen($sessionInformation) < 512)
-                $sessionInformation = "0" . $sessionInformation;
+            while(strlen($sessionInformation) < 512) {
+                            $sessionInformation = "0" . $sessionInformation;
+            }
         
             $sessionInformationLength=256;
         } else if(stripos($dataInput, "s512") !==false) {
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+            while(strlen($sessionInformation) < 128) {
+                            $sessionInformation = "0" . $sessionInformation;
+            }
         
             $sessionInformationLength=64;
         } else if (stripos($dataInput, "s") !== false ) {
             // deviation from spec. Officially 's' without a length indicator is not in the reference implementation.
             // RFC is ambigious. However we have supported this in Tiqr since day 1, so we continue to support it.
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+            while(strlen($sessionInformation) < 128) {
+                            $sessionInformation = "0" . $sessionInformation;
+            }
             
             $sessionInformationLength=64;
         }
@@ -176,8 +189,9 @@ 
         // TimeStamp
         if($dataInput[0] == "t" ||
                 stripos($dataInput, "-t") !== false) {
-            while(strlen($timeStamp) < 16)
-                $timeStamp = "0" . $timeStamp;
+            while(strlen($timeStamp) < 16) {
+                            $timeStamp = "0" . $timeStamp;
+            }
             $timeStampLength=8;
         }
 

Indentation +8 added lines, -8 removed lines

@@ -46,8 +46,8 @@ 
             $keyBytes,
             $text)
     {
-         $hash = hash_hmac ($crypto, $text, $keyBytes);
-         return $hash;
+            $hash = hash_hmac ($crypto, $text, $keyBytes);
+            return $hash;
     }
 
     /**
@@ -83,12 +83,12 @@ 
      * {@link truncationDigits} digits
      */
     static function generateOCRA($ocraSuite,
-                                 $key,
-                                 $counter,
-                                 $question,
-                                 $password,
-                                 $sessionInformation,
-                                 $timeStamp)
+                                    $key,
+                                    $counter,
+                                    $question,
+                                    $password,
+                                    $sessionInformation,
+                                    $timeStamp)
     {
         $codeDigits = 0;
         $crypto = "";

Spacing +70 added lines, -70 removed lines

@@ -37,7 +37,7 @@ 
             $keyBytes,
             $text)
     {
-         $hash = hash_hmac ($crypto, $text, $keyBytes);
+         $hash = hash_hmac($crypto, $text, $keyBytes);
          return $hash;
     }
 
@@ -48,7 +48,7 @@ 
      *
      * @return String a string with raw bytes
      */
-    private static function _hexStr2Bytes($hex){
+    private static function _hexStr2Bytes($hex) {
         return pack("H*", $hex);
     }
 
@@ -97,95 +97,95 @@ 
         $cryptoFunction = $components[1];
         $dataInput = strtolower($components[2]); // lower here so we can do case insensitive comparisons
         
-        if(stripos($cryptoFunction, "sha1")!==false)
+        if (stripos($cryptoFunction, "sha1") !== false)
             $crypto = "sha1";
-        if(stripos($cryptoFunction, "sha256")!==false)
+        if (stripos($cryptoFunction, "sha256") !== false)
             $crypto = "sha256";
-        if(stripos($cryptoFunction, "sha512")!==false)
+        if (stripos($cryptoFunction, "sha512") !== false)
             $crypto = "sha512";
         
-        $codeDigits = substr($cryptoFunction, strrpos($cryptoFunction, "-")+1);
+        $codeDigits = substr($cryptoFunction, strrpos($cryptoFunction, "-") + 1);
                 
         // The size of the byte array message to be encrypted
         // Counter
-        if($dataInput[0] == "c" ) {
+        if ($dataInput[0] == "c") {
             // Fix the length of the HEX string
-            while(strlen($counter) < 16)
-                $counter = "0" . $counter;
-            $counterLength=8;
+            while (strlen($counter) < 16)
+                $counter = "0".$counter;
+            $counterLength = 8;
         }
         // Question
-        if($dataInput[0] == "q" ||
-                stripos($dataInput, "-q")!==false) {
-            while(strlen($question) < 256)
-                $question = $question . "0";
-            $questionLength=128;
+        if ($dataInput[0] == "q" ||
+                stripos($dataInput, "-q") !== false) {
+            while (strlen($question) < 256)
+                $question = $question."0";
+            $questionLength = 128;
         }
 
         // Password
-        if(stripos($dataInput, "psha1")!==false) {
-            while(strlen($password) < 40)
-                $password = "0" . $password;
-            $passwordLength=20;
+        if (stripos($dataInput, "psha1") !== false) {
+            while (strlen($password) < 40)
+                $password = "0".$password;
+            $passwordLength = 20;
         }
     
-        if(stripos($dataInput, "psha256")!==false) {
-            while(strlen($password) < 64)
-                $password = "0" . $password;
-            $passwordLength=32;
+        if (stripos($dataInput, "psha256") !== false) {
+            while (strlen($password) < 64)
+                $password = "0".$password;
+            $passwordLength = 32;
         }
         
-        if(stripos($dataInput, "psha512")!==false) {
-            while(strlen($password) < 128)
-                $password = "0" . $password;
-            $passwordLength=64;
+        if (stripos($dataInput, "psha512") !== false) {
+            while (strlen($password) < 128)
+                $password = "0".$password;
+            $passwordLength = 64;
         }
         
         // sessionInformation
-        if(stripos($dataInput, "s064") !==false) {
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+        if (stripos($dataInput, "s064") !== false) {
+            while (strlen($sessionInformation) < 128)
+                $sessionInformation = "0".$sessionInformation;
 
-            $sessionInformationLength=64;
-        } else if(stripos($dataInput, "s128") !==false) {
-            while(strlen($sessionInformation) < 256)
-                $sessionInformation = "0" . $sessionInformation;
+            $sessionInformationLength = 64;
+        } else if (stripos($dataInput, "s128") !== false) {
+            while (strlen($sessionInformation) < 256)
+                $sessionInformation = "0".$sessionInformation;
         
-            $sessionInformationLength=128;
-        } else if(stripos($dataInput, "s256") !==false) {
-            while(strlen($sessionInformation) < 512)
-                $sessionInformation = "0" . $sessionInformation;
+            $sessionInformationLength = 128;
+        } else if (stripos($dataInput, "s256") !== false) {
+            while (strlen($sessionInformation) < 512)
+                $sessionInformation = "0".$sessionInformation;
         
-            $sessionInformationLength=256;
-        } else if(stripos($dataInput, "s512") !==false) {
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+            $sessionInformationLength = 256;
+        } else if (stripos($dataInput, "s512") !== false) {
+            while (strlen($sessionInformation) < 128)
+                $sessionInformation = "0".$sessionInformation;
         
-            $sessionInformationLength=64;
-        } else if (stripos($dataInput, "s") !== false ) {
+            $sessionInformationLength = 64;
+        } else if (stripos($dataInput, "s") !== false) {
             // deviation from spec. Officially 's' without a length indicator is not in the reference implementation.
             // RFC is ambigious. However we have supported this in Tiqr since day 1, so we continue to support it.
-            while(strlen($sessionInformation) < 128)
-                $sessionInformation = "0" . $sessionInformation;
+            while (strlen($sessionInformation) < 128)
+                $sessionInformation = "0".$sessionInformation;
             
-            $sessionInformationLength=64;
+            $sessionInformationLength = 64;
         }
         
         
              
         // TimeStamp
-        if($dataInput[0] == "t" ||
+        if ($dataInput[0] == "t" ||
                 stripos($dataInput, "-t") !== false) {
-            while(strlen($timeStamp) < 16)
-                $timeStamp = "0" . $timeStamp;
-            $timeStampLength=8;
+            while (strlen($timeStamp) < 16)
+                $timeStamp = "0".$timeStamp;
+            $timeStampLength = 8;
         }
 
         // Put the bytes of "ocraSuite" parameters into the message
         
-        $msg = array_fill(0,$ocraSuiteLength+$counterLength+$questionLength+$passwordLength+$sessionInformationLength+$timeStampLength+1, 0);
+        $msg = array_fill(0, $ocraSuiteLength + $counterLength + $questionLength + $passwordLength + $sessionInformationLength + $timeStampLength + 1, 0);
                 
-        for($i=0;$i<strlen($ocraSuite);$i++) {
+        for ($i = 0; $i < strlen($ocraSuite); $i++) {
             $msg[$i] = $ocraSuite[$i];
         }
         
@@ -194,9 +194,9 @@ 
 
         // Put the bytes of "Counter" to the message
         // Input is HEX encoded
-        if($counterLength > 0 ) {
+        if ($counterLength > 0) {
             $bArray = self::_hexStr2Bytes($counter);
-            for ($i=0;$i<strlen($bArray);$i++) {
+            for ($i = 0; $i < strlen($bArray); $i++) {
                 $msg [$i + $ocraSuiteLength + 1] = $bArray[$i];
             }
         }
@@ -204,36 +204,36 @@ 
 
         // Put the bytes of "question" to the message
         // Input is text encoded
-        if($questionLength > 0 ) {
+        if ($questionLength > 0) {
             $bArray = self::_hexStr2Bytes($question);
-            for ($i=0;$i<strlen($bArray);$i++) {
+            for ($i = 0; $i < strlen($bArray); $i++) {
                 $msg [$i + $ocraSuiteLength + 1 + $counterLength] = $bArray[$i];
             }
         }
 
         // Put the bytes of "password" to the message
         // Input is HEX encoded
-        if($passwordLength > 0){
+        if ($passwordLength > 0) {
             $bArray = self::_hexStr2Bytes($password);
-            for ($i=0;$i<strlen($bArray);$i++) {
+            for ($i = 0; $i < strlen($bArray); $i++) {
                 $msg [$i + $ocraSuiteLength + 1 + $counterLength + $questionLength] = $bArray[$i];
             }
         }
 
         // Put the bytes of "sessionInformation" to the message
         // Input is text encoded
-        if($sessionInformationLength > 0 ){
+        if ($sessionInformationLength > 0) {
             $bArray = self::_hexStr2Bytes($sessionInformation);
-            for ($i=0;$i<strlen($bArray);$i++) {
+            for ($i = 0; $i < strlen($bArray); $i++) {
                 $msg [$i + $ocraSuiteLength + 1 + $counterLength + $questionLength + $passwordLength] = $bArray[$i];
             }
         }
 
         // Put the bytes of "time" to the message
         // Input is text value of minutes
-        if($timeStampLength > 0){
+        if ($timeStampLength > 0) {
             $bArray = self::_hexStr2Bytes($timeStamp);
-            for ($i=0;$i<strlen($bArray);$i++) {
+            for ($i = 0; $i < strlen($bArray); $i++) {
                 $msg [$i + $ocraSuiteLength + 1 + $counterLength + $questionLength + $passwordLength + $sessionInformationLength] = $bArray[$i];
             }
         }
@@ -260,23 +260,23 @@ 
     static function _oath_truncate($hash, $length = 6)
     {
         // Convert to dec
-        foreach(str_split($hash,2) as $hex)
+        foreach (str_split($hash, 2) as $hex)
         {
-            $hmac_result[]=hexdec($hex);
+            $hmac_result[] = hexdec($hex);
         }
     
         // Find offset
         $offset = $hmac_result[count($hmac_result) - 1] & 0xf;
     
         $v = strval(
-            (($hmac_result[$offset+0] & 0x7f) << 24 ) |
-            (($hmac_result[$offset+1] & 0xff) << 16 ) |
-            (($hmac_result[$offset+2] & 0xff) << 8 ) |
-            ($hmac_result[$offset+3] & 0xff)
+            (($hmac_result[$offset + 0] & 0x7f) << 24) |
+            (($hmac_result[$offset + 1] & 0xff) << 16) |
+            (($hmac_result[$offset + 2] & 0xff) << 8) |
+            ($hmac_result[$offset + 3] & 0xff)
         );
 
         // Prefix truncated string with 0's to ensure it always has the required length
-        $v=str_pad($v, $length, "0", STR_PAD_LEFT);
+        $v = str_pad($v, $length, "0", STR_PAD_LEFT);
 
         $v = substr($v, strlen($v) - $length);
         return $v;

library/tiqr/Tiqr/Service.php

Braces +3 added lines, -1 removed lines

@@ -453,7 +453,9 @@
             $sessionId = session_id(); 
         }
         $status = $this->_stateStorage->getValue("enrollstatus".$sessionId);
-        if (is_null($status)) return self::ENROLLMENT_STATUS_IDLE;
+        if (is_null($status)) {
+            return self::ENROLLMENT_STATUS_IDLE;
+        }
         return $status;
     }
         

Indentation +39 added lines, -39 removed lines

@@ -538,17 +538,17 @@ 
         }
 
         $metadata = array("service"=>
-                               array("displayName"       => $this->_name,
-                                     "identifier"        => $this->_identifier,
-                                     "logoUrl"           => $this->_logoUrl,
-                                     "infoUrl"           => $this->_infoUrl,
-                                     "authenticationUrl" => $authenticationUrl,
-                                     "ocraSuite"         => $this->_ocraSuite,
-                                     "enrollmentUrl"     => $enrollmentUrl
-                               ),
-                          "identity"=>
-                               array("identifier" =>$data["userId"],
-                                     "displayName"=>$data["displayName"]));
+                                array("displayName"       => $this->_name,
+                                        "identifier"        => $this->_identifier,
+                                        "logoUrl"           => $this->_logoUrl,
+                                        "infoUrl"           => $this->_infoUrl,
+                                        "authenticationUrl" => $authenticationUrl,
+                                        "ocraSuite"         => $this->_ocraSuite,
+                                        "enrollmentUrl"     => $enrollmentUrl
+                                ),
+                            "identity"=>
+                                array("identifier" =>$data["userId"],
+                                        "displayName"=>$data["displayName"]));
 
         $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
 
@@ -571,18 +571,18 @@ 
      */
     public function getEnrollmentSecret($enrollmentKey)
     {
-         $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
-         $secret = $this->_uniqueSessionKey(self::PREFIX_ENROLLMENT_SECRET);
-         $enrollmentData = [
-             "userId" => $data["userId"],
-             "sessionId" => $data["sessionId"]
-         ];
-         $this->_stateStorage->setValue(
-             self::PREFIX_ENROLLMENT_SECRET . $secret,
-             $enrollmentData,
-             self::ENROLLMENT_EXPIRE
-         );
-         return $secret;
+            $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
+            $secret = $this->_uniqueSessionKey(self::PREFIX_ENROLLMENT_SECRET);
+            $enrollmentData = [
+                "userId" => $data["userId"],
+                "sessionId" => $data["sessionId"]
+            ];
+            $this->_stateStorage->setValue(
+                self::PREFIX_ENROLLMENT_SECRET . $secret,
+                $enrollmentData,
+                self::ENROLLMENT_EXPIRE
+            );
+            return $secret;
     } 
 
     /**
@@ -597,13 +597,13 @@ 
      */
     public function validateEnrollmentSecret($enrollmentSecret)
     {
-         $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
-         if (is_array($data)) { 
-             // Secret is valid, application may accept the user secret. 
-             $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_PROCESSED);
-             return $data["userId"];
-         }
-         return false;
+            $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
+            if (is_array($data)) { 
+                // Secret is valid, application may accept the user secret. 
+                $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_PROCESSED);
+                return $data["userId"];
+            }
+            return false;
     }
     
     /**
@@ -620,13 +620,13 @@ 
      */
     public function finalizeEnrollment($enrollmentSecret) 
     {
-         $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
-         if (is_array($data)) {
-             // Enrollment is finalized, destroy our session data.
-             $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED);
-             $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
-         }
-         return true;
+            $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
+            if (is_array($data)) {
+                // Enrollment is finalized, destroy our session data.
+                $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED);
+                $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret);
+            }
+            return true;
     }
 
     /**
@@ -662,7 +662,7 @@ 
 
         $challengeUserId = NULL;
         if (isset($state["userId"])) {
-          $challengeUserId = $state["userId"];
+            $challengeUserId = $state["userId"];
         }
         // Check if we're dealing with a second factor
         if ($challengeUserId!=NULL && ($userId != $challengeUserId)) {
@@ -801,6 +801,6 @@ 
      */
     protected function _setEnrollmentStatus($sessionId, $status)
     {
-       $this->_stateStorage->setValue("enrollstatus".$sessionId, $status, self::ENROLLMENT_EXPIRE);
+        $this->_stateStorage->setValue("enrollstatus".$sessionId, $status, self::ENROLLMENT_EXPIRE);
     }
 }

Spacing +34 added lines, -34 removed lines

@@ -68,12 +68,12 @@ 
     /**
      * Enrollment status codes
      */
-    const ENROLLMENT_STATUS_IDLE = 1;        // Nothing happens
+    const ENROLLMENT_STATUS_IDLE = 1; // Nothing happens
     const ENROLLMENT_STATUS_INITIALIZED = 2; // An enrollment session has begun
-    const ENROLLMENT_STATUS_RETRIEVED = 3;   // The device has retrieved the metadata
-    const ENROLLMENT_STATUS_PROCESSED = 4;   // The device has snet back a secret
-    const ENROLLMENT_STATUS_FINALIZED = 5;   // The application has stored the secret
-    const ENROLLMENT_STATUS_VALIDATED = 6;   // A first succesful authentication was performed
+    const ENROLLMENT_STATUS_RETRIEVED = 3; // The device has retrieved the metadata
+    const ENROLLMENT_STATUS_PROCESSED = 4; // The device has snet back a secret
+    const ENROLLMENT_STATUS_FINALIZED = 5; // The application has stored the secret
+    const ENROLLMENT_STATUS_VALIDATED = 6; // A first succesful authentication was performed
 
     const PREFIX_ENROLLMENT_SECRET = 'enrollsecret';
     const PREFIX_ENROLLMENT = 'enroll';
@@ -156,7 +156,7 @@ 
      * @param array $options
      * @param int $version The protocol version to use (defaults to the latest)
      */
-    public function __construct($options=array(), $version = 2)
+    public function __construct($options = array(), $version = 2)
     {
         $this->_options = $options;
         
@@ -294,7 +294,7 @@ 
 
             $message = new $class($this->_options);
             $message->setId(time());
-            $message->setText("Please authenticate for " . $this->_name);
+            $message->setText("Please authenticate for ".$this->_name);
             $message->setAddress($notificationAddress);
             $message->setCustomProperty('challenge', $this->_getChallengeUrl($sessionKey));
             $message->send();
@@ -362,13 +362,13 @@ 
      * @param String $spIdentifier If SP and IDP are 2 different things, pass the url/identifier of the SP the user is logging into.
      *                             For setups where IDP==SP, just leave this blank.
      */
-    public function startAuthenticationSession($userId="", $sessionId="", $spIdentifier="")
+    public function startAuthenticationSession($userId = "", $sessionId = "", $spIdentifier = "")
     {
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id();
         }
 
-        if ($spIdentifier=="") {
+        if ($spIdentifier == "") {
             $spIdentifier = $this->_identifier;
         }
 
@@ -378,11 +378,11 @@ 
         
         $data = array("sessionId"=>$sessionId, "challenge"=>$challenge, "spIdentifier" => $spIdentifier);
         
-        if ($userId!="") {
+        if ($userId != "") {
             $data["userId"] = $userId;
         }
         
-        $this->_stateStorage->setValue(self::PREFIX_CHALLENGE . $sessionKey, $data, self::CHALLENGE_EXPIRE);
+        $this->_stateStorage->setValue(self::PREFIX_CHALLENGE.$sessionKey, $data, self::CHALLENGE_EXPIRE);
        
         return $sessionKey;
     }
@@ -402,9 +402,9 @@ 
      *                           to php session)
      * @return String The enrollment key
      */
-    public function startEnrollmentSession($userId, $displayName, $sessionId="")
+    public function startEnrollmentSession($userId, $displayName, $sessionId = "")
     {
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id();
         }
         $enrollmentKey = $this->_uniqueSessionKey(self::PREFIX_ENROLLMENT);
@@ -413,7 +413,7 @@ 
             "displayName" => $displayName,
             "sessionId" => $sessionId
         ];
-        $this->_stateStorage->setValue(self::PREFIX_ENROLLMENT . $enrollmentKey, $data, self::ENROLLMENT_EXPIRE);
+        $this->_stateStorage->setValue(self::PREFIX_ENROLLMENT.$enrollmentKey, $data, self::ENROLLMENT_EXPIRE);
         $this->_setEnrollmentStatus($sessionId, self::ENROLLMENT_STATUS_INITIALIZED);
 
         return $enrollmentKey;
@@ -424,9 +424,9 @@ 
      * @param $sessionId The application's session identifier (defaults
      *                   to php session)
      */
-    public function resetEnrollmentSession($sessionId="")
+    public function resetEnrollmentSession($sessionId = "")
     {
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id();
         }
 
@@ -471,9 +471,9 @@ 
      *               A first successful authentication was performed 
      *               (todo: currently not used)
      */
-    public function getEnrollmentStatus($sessionId="")
+    public function getEnrollmentStatus($sessionId = "")
     { 
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id(); 
         }
         $status = $this->_stateStorage->getValue("enrollstatus".$sessionId);
@@ -532,7 +532,7 @@ 
      */
     public function getEnrollmentMetadata($enrollmentKey, $authenticationUrl, $enrollmentUrl)
     {
-        $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
+        $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT.$enrollmentKey);
         if (!is_array($data)) {
             return false;
         }
@@ -550,7 +550,7 @@ 
                                array("identifier" =>$data["userId"],
                                      "displayName"=>$data["displayName"]));
 
-        $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
+        $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT.$enrollmentKey);
 
         $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_RETRIEVED);
         return $metadata;
@@ -571,14 +571,14 @@ 
      */
     public function getEnrollmentSecret($enrollmentKey)
     {
-         $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey);
+         $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT.$enrollmentKey);
          $secret = $this->_uniqueSessionKey(self::PREFIX_ENROLLMENT_SECRET);
          $enrollmentData = [
              "userId" => $data["userId"],
              "sessionId" => $data["sessionId"]
          ];
          $this->_stateStorage->setValue(
-             self::PREFIX_ENROLLMENT_SECRET . $secret,
+             self::PREFIX_ENROLLMENT_SECRET.$secret,
              $enrollmentData,
              self::ENROLLMENT_EXPIRE
          );
@@ -652,7 +652,7 @@ 
      */
     public function authenticate($userId, $userSecret, $sessionKey, $response)
     {
-        $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE . $sessionKey);
+        $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE.$sessionKey);
         if (is_null($state)) {
             return self::AUTH_RESULT_INVALID_CHALLENGE;
         }
@@ -665,7 +665,7 @@ 
           $challengeUserId = $state["userId"];
         }
         // Check if we're dealing with a second factor
-        if ($challengeUserId!=NULL && ($userId != $challengeUserId)) {
+        if ($challengeUserId != NULL && ($userId != $challengeUserId)) {
             return self::AUTH_RESULT_INVALID_USERID; // only allowed to authenticate against the user that's authenticated in the first factor
         }
 
@@ -680,7 +680,7 @@ 
             $this->_stateStorage->setValue("authenticated_".$sessionId, $userId, self::LOGIN_EXPIRE);
             
             // Clean up the challenge.
-            $this->_stateStorage->unsetValue(self::PREFIX_CHALLENGE . $sessionKey);
+            $this->_stateStorage->unsetValue(self::PREFIX_CHALLENGE.$sessionKey);
             
             return self::AUTH_RESULT_AUTHENTICATED;
         }
@@ -692,9 +692,9 @@ 
      * @param String $sessionId The application's session identifier (defaults
      *                          to the php session).
      */
-    public function logout($sessionId="")
+    public function logout($sessionId = "")
     {
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id(); 
         }
         
@@ -729,9 +729,9 @@ 
      * @return mixed An array with user data if a user was logged in or NULL if
      *               no user is logged in.
      */
-    public function getAuthenticatedUser($sessionId="")
+    public function getAuthenticatedUser($sessionId = "")
     {
-        if ($sessionId=="") {
+        if ($sessionId == "") {
             $sessionId = session_id(); 
         }
         
@@ -749,12 +749,12 @@ 
      */
     protected function _getChallengeUrl($sessionKey)
     {                
-        $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE . $sessionKey);
+        $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE.$sessionKey);
         if (is_null($state)) {
             return false;
         }
         
-        $userId   = NULL;
+        $userId = NULL;
         $challenge = $state["challenge"];
         if (isset($state["userId"])) {
             $userId = $state["userId"];
@@ -762,7 +762,7 @@ 
         $spIdentifier = $state["spIdentifier"];
         
         // Last bit is the spIdentifier
-        return $this->_protocolAuth."://".(!is_null($userId)?urlencode($userId).'@':'').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion;
+        return $this->_protocolAuth."://".(!is_null($userId) ?urlencode($userId).'@' : '').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion;
     }
 
     /**
@@ -786,7 +786,7 @@ 
     protected function _uniqueSessionKey($prefix)
     {      
         $value = 1;
-        while ($value!=NULL) {
+        while ($value != NULL) {
             $sessionKey = $this->_ocraWrapper->generateSessionKey();
             $value = $this->_stateStorage->getValue($prefix.$sessionKey);
         }

library/tiqr/Tiqr/Message/Exception/MismatchSenderId.php

Spacing +1 added lines, -1 removed lines

@@ -35,7 +35,7 @@
      * @param boolean   $temporary  temporary failure?
      * @param Exception $parent     parent exception
      */
-    public function __construct($message, $temporary=false, Exception $parent=null)
+    public function __construct($message, $temporary = false, Exception $parent = null)
     {
         parent::__construct($message, $parent);
         $this->_temporary = $temporary;

library/tiqr/Tiqr/Message/Exception.php

Indentation +4 added lines, -4 removed lines

@@ -29,8 +29,8 @@
      * @param string    $message    exception message
      * @param Exception $parent     parent exception
      */
-     public function __construct($message, $parent=null)
-     {
-         parent::__construct($message, 0, $parent);
-     }
+        public function __construct($message, $parent=null)
+        {
+            parent::__construct($message, 0, $parent);
+        }
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -29,7 +29,7 @@
      * @param string    $message    exception message
      * @param Exception $parent     parent exception
      */
-     public function __construct($message, $parent=null)
+     public function __construct($message, $parent = null)
      {
          parent::__construct($message, 0, $parent);
      }

library/tiqr/Tiqr/UserStorage/Encryption/Dummy.php

Indentation +1 added lines, -1 removed lines

@@ -57,7 +57,7 @@
     }
     
     /**
-      * Decrypts the given data.
+     * Decrypts the given data.
      *
      * @param String $data Data to decrypt.
      *

library/tiqr/Tiqr/Message/Exception/SendFailure.php

Spacing +1 added lines, -1 removed lines

@@ -35,7 +35,7 @@
      * @param boolean   $temporary  temporary failure?
      * @param Exception $parent     parent exception
      */
-    public function __construct($message, $temporary=false, Exception $parent=null)
+    public function __construct($message, $temporary = false, Exception $parent = null)
     {
         parent::__construct($message, $parent);
         $this->_temporary = $temporary;

library/tiqr/Tiqr/Message/FCM.php

Indentation +3 added lines, -3 removed lines

@@ -97,9 +97,9 @@
 
         // Wait and retry once in case of a 502 Bad Gateway error
         if ($statusCode === 502 && !($retry)) {
-          sleep(2);
-          $this->_sendFirebase($deviceToken, $alert, $challenge, $apiKey, true);
-          return;
+            sleep(2);
+            $this->_sendFirebase($deviceToken, $alert, $challenge, $apiKey, true);
+            return;
         }
 
         if ($statusCode !== 200) {

Spacing +5 added lines, -5 removed lines

@@ -57,7 +57,7 @@ 
      *
      * @throws Tiqr_Message_Exception_SendFailure
      */
-    private function _sendFirebase($deviceToken, $alert, $challenge, $apiKey, $retry=false)
+    private function _sendFirebase($deviceToken, $alert, $challenge, $apiKey, $retry = false)
     {
         $msg = array(
             'challenge' => $challenge,
@@ -71,7 +71,7 @@ 
         );
 
         $headers = array(
-            'Authorization: key=' . $apiKey,
+            'Authorization: key='.$apiKey,
             'Content-Type: application/json',
         );
 
@@ -84,7 +84,7 @@ 
         $result = curl_exec($ch);
         $errors = curl_error($ch);
         $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-        $remoteip = curl_getinfo($ch,CURLINFO_PRIMARY_IP);
+        $remoteip = curl_getinfo($ch, CURLINFO_PRIMARY_IP);
         curl_close($ch);
 
         if ($result === false) {
@@ -92,7 +92,7 @@ 
         }
 
         if (!empty($errors)) {
-            throw new Tiqr_Message_Exception_SendFailure("Http error occurred: ". $errors, true);
+            throw new Tiqr_Message_Exception_SendFailure("Http error occurred: ".$errors, true);
         }
 
         // Wait and retry once in case of a 502 Bad Gateway error
@@ -110,7 +110,7 @@ 
         $response = json_decode($result, true);
         foreach ($response['results'] as $k => $v) {
             if (isset($v['error'])) {
-                throw new Tiqr_Message_Exception_SendFailure("Error in FCM response: " . $v['error'], true);
+                throw new Tiqr_Message_Exception_SendFailure("Error in FCM response: ".$v['error'], true);
             }
         }
     }

library/tiqr/Tiqr/AutoLoader.php

Indentation +96 added lines, -96 removed lines

@@ -1,100 +1,100 @@
 <?php
 class Tiqr_AutoLoader {
 
-	protected static $instance;
-
-	protected $tiqrPath;
-	protected $qrcodePath;
-	protected $zendPath;
-
-	protected function __construct($options) {
-		if ($options !== NULL) {
-			$this->setOptions($options);
-		}
-		spl_autoload_register(array(__CLASS__, 'autoload'));
-	}
-
-	public static function getInstance($options = NULL) {
-		if (null === self::$instance) {
-			self::$instance = new self($options);
-		}
-
-		return self::$instance;
-	}
-
-	public static function autoload($className) {
-		if($className === NULL) {
-			return;
-		}
-
-		$self = self::getInstance();
-
-		$substr5 = substr($className, 0, 5);
-
-		if ($substr5 === 'Tiqr_' || $substr5 === 'OATH_') {
-			$file = $self->tiqrPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
-		} elseif ($className === 'QRcode') {
-			$file = $self->qrcodePath . DIRECTORY_SEPARATOR . 'qrlib.php';
-		} elseif ($substr5 === 'Zend_') {
-			$file = $self->zendPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
-		} else {
-			return;
-		}
-
-		if (file_exists($file)) {
-			require_once($file);
-		}
-	}
-
-	public function setOptions($options) {
-		if (isset($options["tiqr.path"])) {
-			$tiqr_dir = $options["tiqr.path"];
-			$tiqr_path = realpath($tiqr_dir);
-		} else {
-			$tiqr_dir = dirname(__FILE__);
-			$tiqr_path = $tiqr_dir;
-		}
-		if (is_dir($tiqr_path)) {
-			$this->tiqrPath = $tiqr_path;
-		} else {
-			throw new Exception('Directory not found: ' . var_export($tiqr_dir, TRUE));
-		}
-
-		if (isset($options["phpqrcode.path"])) {
-			$qrcode_dir = $options["phpqrcode.path"];
-			$qrcode_path = realpath($qrcode_dir);
-		} else {
-			$qrcode_dir = dirname(dirname(dirname(__FILE__))) . '/phpqrcode';
-			$qrcode_path = $qrcode_dir;
-		}
-
-		if (is_dir($qrcode_path)) {
-			$this->qrcodePath = $qrcode_path;
-		} else {
-			throw new Exception('Directory not found: ' . var_export($qrcode_dir, TRUE));
-		}
-
-		if (isset($options["zend.path"])) {
-			$zend_dir = $options["zend.path"];
-			$zend_path = realpath($zend_dir);
-		} else {
-			$zend_dir = dirname(dirname(dirname(__FILE__))) . "/zend";
-			$zend_path = $zend_dir;
-		}
-		if (is_dir($zend_path)) {
-			$this->zendPath = $zend_path;
-		} else {
-			throw new Exception('Directory not found: ' . var_export($zend_dir, TRUE));
-		}
-	}
-
-
-	public function setIncludePath() {
-		set_include_path(implode(PATH_SEPARATOR, array(
-			$this->tiqrPath,
-			$this->zendPath,
-			$this->qrcodePath,
-			get_include_path(),
-		)));
-	}
+    protected static $instance;
+
+    protected $tiqrPath;
+    protected $qrcodePath;
+    protected $zendPath;
+
+    protected function __construct($options) {
+        if ($options !== NULL) {
+            $this->setOptions($options);
+        }
+        spl_autoload_register(array(__CLASS__, 'autoload'));
+    }
+
+    public static function getInstance($options = NULL) {
+        if (null === self::$instance) {
+            self::$instance = new self($options);
+        }
+
+        return self::$instance;
+    }
+
+    public static function autoload($className) {
+        if($className === NULL) {
+            return;
+        }
+
+        $self = self::getInstance();
+
+        $substr5 = substr($className, 0, 5);
+
+        if ($substr5 === 'Tiqr_' || $substr5 === 'OATH_') {
+            $file = $self->tiqrPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
+        } elseif ($className === 'QRcode') {
+            $file = $self->qrcodePath . DIRECTORY_SEPARATOR . 'qrlib.php';
+        } elseif ($substr5 === 'Zend_') {
+            $file = $self->zendPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
+        } else {
+            return;
+        }
+
+        if (file_exists($file)) {
+            require_once($file);
+        }
+    }
+
+    public function setOptions($options) {
+        if (isset($options["tiqr.path"])) {
+            $tiqr_dir = $options["tiqr.path"];
+            $tiqr_path = realpath($tiqr_dir);
+        } else {
+            $tiqr_dir = dirname(__FILE__);
+            $tiqr_path = $tiqr_dir;
+        }
+        if (is_dir($tiqr_path)) {
+            $this->tiqrPath = $tiqr_path;
+        } else {
+            throw new Exception('Directory not found: ' . var_export($tiqr_dir, TRUE));
+        }
+
+        if (isset($options["phpqrcode.path"])) {
+            $qrcode_dir = $options["phpqrcode.path"];
+            $qrcode_path = realpath($qrcode_dir);
+        } else {
+            $qrcode_dir = dirname(dirname(dirname(__FILE__))) . '/phpqrcode';
+            $qrcode_path = $qrcode_dir;
+        }
+
+        if (is_dir($qrcode_path)) {
+            $this->qrcodePath = $qrcode_path;
+        } else {
+            throw new Exception('Directory not found: ' . var_export($qrcode_dir, TRUE));
+        }
+
+        if (isset($options["zend.path"])) {
+            $zend_dir = $options["zend.path"];
+            $zend_path = realpath($zend_dir);
+        } else {
+            $zend_dir = dirname(dirname(dirname(__FILE__))) . "/zend";
+            $zend_path = $zend_dir;
+        }
+        if (is_dir($zend_path)) {
+            $this->zendPath = $zend_path;
+        } else {
+            throw new Exception('Directory not found: ' . var_export($zend_dir, TRUE));
+        }
+    }
+
+
+    public function setIncludePath() {
+        set_include_path(implode(PATH_SEPARATOR, array(
+            $this->tiqrPath,
+            $this->zendPath,
+            $this->qrcodePath,
+            get_include_path(),
+        )));
+    }
 }

Spacing +9 added lines, -9 removed lines

@@ -23,7 +23,7 @@ 
 	}
 
 	public static function autoload($className) {
-		if($className === NULL) {
+		if ($className === NULL) {
 			return;
 		}
 
@@ -32,11 +32,11 @@ 
 		$substr5 = substr($className, 0, 5);
 
 		if ($substr5 === 'Tiqr_' || $substr5 === 'OATH_') {
-			$file = $self->tiqrPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
+			$file = $self->tiqrPath.DIRECTORY_SEPARATOR.str_replace('_', DIRECTORY_SEPARATOR, $className).'.php';
 		} elseif ($className === 'QRcode') {
-			$file = $self->qrcodePath . DIRECTORY_SEPARATOR . 'qrlib.php';
+			$file = $self->qrcodePath.DIRECTORY_SEPARATOR.'qrlib.php';
 		} elseif ($substr5 === 'Zend_') {
-			$file = $self->zendPath . DIRECTORY_SEPARATOR . str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
+			$file = $self->zendPath.DIRECTORY_SEPARATOR.str_replace('_', DIRECTORY_SEPARATOR, $className).'.php';
 		} else {
 			return;
 		}
@@ -57,34 +57,34 @@ 
 		if (is_dir($tiqr_path)) {
 			$this->tiqrPath = $tiqr_path;
 		} else {
-			throw new Exception('Directory not found: ' . var_export($tiqr_dir, TRUE));
+			throw new Exception('Directory not found: '.var_export($tiqr_dir, TRUE));
 		}
 
 		if (isset($options["phpqrcode.path"])) {
 			$qrcode_dir = $options["phpqrcode.path"];
 			$qrcode_path = realpath($qrcode_dir);
 		} else {
-			$qrcode_dir = dirname(dirname(dirname(__FILE__))) . '/phpqrcode';
+			$qrcode_dir = dirname(dirname(dirname(__FILE__))).'/phpqrcode';
 			$qrcode_path = $qrcode_dir;
 		}
 
 		if (is_dir($qrcode_path)) {
 			$this->qrcodePath = $qrcode_path;
 		} else {
-			throw new Exception('Directory not found: ' . var_export($qrcode_dir, TRUE));
+			throw new Exception('Directory not found: '.var_export($qrcode_dir, TRUE));
 		}
 
 		if (isset($options["zend.path"])) {
 			$zend_dir = $options["zend.path"];
 			$zend_path = realpath($zend_dir);
 		} else {
-			$zend_dir = dirname(dirname(dirname(__FILE__))) . "/zend";
+			$zend_dir = dirname(dirname(dirname(__FILE__)))."/zend";
 			$zend_path = $zend_dir;
 		}
 		if (is_dir($zend_path)) {
 			$this->zendPath = $zend_path;
 		} else {
-			throw new Exception('Directory not found: ' . var_export($zend_dir, TRUE));
+			throw new Exception('Directory not found: '.var_export($zend_dir, TRUE));
 		}
 	}
 

library/tiqr/OATH/OCRAParser.php

Indentation +229 added lines, -229 removed lines

@@ -4,241 +4,241 @@
 
 class OATH_OCRAParser {
 
-	private $key = NULL;
-
-	private $OCRASuite = NULL;
-
-	private $OCRAVersion = NULL;
-
-	private $CryptoFunctionType = NULL;
-	private $CryptoFunctionHash = NULL;
-	private $CryptoFunctionHashLength = NULL;
-	private $CryptoFunctionTruncation = NULL;
-
-	private $C = FALSE;
-	private $Q = FALSE;
-	private $QType = 'N';
-	private $QLength = 8;
-
-	private $P = FALSE;
-	private $PType = 'SHA1';
-	private $PLength = 20;
-
-	private $S = FALSE;
-	private $SLength = 64;
-
-	private $T = FALSE;
-	private $TLength = 60; // 1M
-	private $TPeriods = array('H' => 3600, 'M' => 60, 'S' => 1);
-
-	private $supportedHashFunctions = array('SHA1' => 20, 'SHA256' => 32, 'SHA512' => 64);
-
-
-	public function __construct($ocraSuite) {
-		$this->parseOCRASuite($ocraSuite);
-	}
-
-	/**
-	 * Inspired by https://github.com/bdauvergne/python-oath
-	 */
-	private function parseOCRASuite($ocraSuite) {
-		if (!is_string($ocraSuite)) {
-			throw new Exception('OCRASuite not in string format: ' . var_export($ocraSuite, TRUE));
-		}
-
-		$ocraSuite = strtoupper($ocraSuite);
-		$this->OCRASuite = $ocraSuite;
-
-		$s = explode(':', $ocraSuite);
-		if (count($s) != 3) {
-			throw new Exception('Invalid OCRASuite format: ' . var_export($ocraSuite, TRUE));
-		}
-
-		$algo = explode('-', $s[0]);
-		if (count($algo) != 2) {
-			throw new Exception('Invalid OCRA version: ' . var_export($s[0], TRUE));
-		}
-
-		if ($algo[0] !== 'OCRA') {
-			throw new Exception('Unsupported OCRA algorithm: ' . var_export($algo[0], TRUE));
-		}
-
-		if ($algo[1] !== '1') {
-			throw new Exception('Unsupported OCRA version: ' . var_export($algo[1], TRUE));
-		}
-		$this->OCRAVersion = $algo[1];
-
-		$cf = explode('-', $s[1]);
-		if (count($cf) != 3) {
-			throw new Exception('Invalid OCRA suite crypto function: ' . var_export($s[1], TRUE));
-		}
-
-		if ($cf[0] !== 'HOTP') {
-			throw new Exception('Unsupported OCRA suite crypto function: ' . var_export($cf[0], TRUE));
-		}
-		$this->CryptoFunctionType = $cf[0];
-
-		if (!array_key_exists($cf[1], $this->supportedHashFunctions)) {
-			throw new Exception('Unsupported hash function in OCRA suite crypto function: ' . var_export($cf[1], TRUE));
-		}
-		$this->CryptoFunctionHash = $cf[1];
-		$this->CryptoFunctionHashLength = $this->supportedHashFunctions[$cf[1]];
-
-		if (!preg_match('/^\d+$/', $cf[2]) || (($cf[2] < 4 || $cf[2] > 10) && $cf[2] != 0)) {
-			throw new Exception('Invalid OCRA suite crypto function truncation length: ' . var_export($cf[2], TRUE));
-		}
-		$this->CryptoFunctionTruncation = intval($cf[2]);
-
-		$di = explode('-', $s[2]);
-		if (count($cf) == 0) {
-			throw new Exception('Invalid OCRA suite data input: ' . var_export($s[2], TRUE));
-		}
-
-		$data_input = array();
-		foreach($di as $elem) {
-			$letter = $elem[0];
-			if (array_key_exists($letter, $data_input)) {
-				throw new Exception('Duplicate field in OCRA suite data input: ' . var_export($elem, TRUE));
-			}
-			$data_input[$letter] = 1;
-
-			if ($letter === 'C' && strlen($elem) == 1) {
-				$this->C = TRUE;
-			} elseif ($letter === 'Q') {
-				if (strlen($elem) == 1) {
-					$this->Q = TRUE;
-				} elseif (preg_match('/^Q([AHN])(\d+)$/', $elem, $match)) {
-					$q_len = intval($match[2]);
-					if ($q_len < 4 || $q_len > 64) {
-						throw new Exception('Invalid OCRA suite data input question length: ' . var_export($q_len, TRUE));
-					}
-					$this->Q = TRUE;
-					$this->QType = $match[1];
-					$this->QLength = $q_len;
-				} else {
-					throw new Exception('Invalid OCRA suite data input question: ' . var_export($elem, TRUE));
-				}
-			} elseif ($letter === 'P') {
-				if (strlen($elem) == 1) {
-					$this->P = TRUE;
-				} else {
-					$p_algo = substr($elem, 1);
-					if (!array_key_exists($p_algo, $this->supportedHashFunctions)) {
-						throw new Exception('Unsupported OCRA suite PIN hash function: ' . var_export($elem, TRUE));
-					}
-					$this->P = TRUE;
-					$this->PType = $p_algo;
-					$this->PLength = $this->supportedHashFunctions[$p_algo];
-				}
-			} elseif ($letter === 'S') {
-				if (strlen($elem) == 1) {
-					$this->S = TRUE;
-				} elseif (preg_match('/^S(\d+)$/', $elem, $match)) {
-					$s_len = intval($match[1]);
-					if ($s_len <= 0 || $s_len > 512) {
-						throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($s_len, TRUE));
-					}
-
-					$this->S = TRUE;
-					$this->SLength = $s_len;
-				} else {
-					throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($elem, TRUE));
-				}
-			} elseif ($letter === 'T') {
-				if (strlen($elem) == 1) {
-					$this->T = TRUE;
-				} elseif (preg_match('/^T(\d+[HMS])+$/', $elem)) {
-					preg_match_all('/(\d+)([HMS])/', $elem, $match);
-
-					if (count($match[1]) !== count(array_unique($match[2]))) {
-						throw new Exception('Duplicate definitions in OCRA suite data input timestamp: ' . var_export($elem, TRUE));
-					}
-
-					$length = 0;
-					for ($i = 0; $i < count($match[1]); $i++) {
-						$length += intval($match[1][$i]) * $this->TPeriods[$match[2][$i]];
-					}
-					if ($length <= 0) {
-						throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
-					}
-
-					$this->T = TRUE;
-					$this->TLength = $length;
-				} else {
-					throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
-				}
-			} else {
-				throw new Exception('Unsupported OCRA suite data input field: ' . var_export($elem, TRUE));
-			}
-		}
-
-		if (!$this->Q) {
-			throw new Exception('OCRA suite data input question not defined: ' . var_export($s[2], TRUE));
-		}
-	}
-
-	public function generateChallenge() {
-		$q_length = $this->QLength;
-		$q_type = $this->QType;
+    private $key = NULL;
+
+    private $OCRASuite = NULL;
+
+    private $OCRAVersion = NULL;
+
+    private $CryptoFunctionType = NULL;
+    private $CryptoFunctionHash = NULL;
+    private $CryptoFunctionHashLength = NULL;
+    private $CryptoFunctionTruncation = NULL;
+
+    private $C = FALSE;
+    private $Q = FALSE;
+    private $QType = 'N';
+    private $QLength = 8;
+
+    private $P = FALSE;
+    private $PType = 'SHA1';
+    private $PLength = 20;
+
+    private $S = FALSE;
+    private $SLength = 64;
+
+    private $T = FALSE;
+    private $TLength = 60; // 1M
+    private $TPeriods = array('H' => 3600, 'M' => 60, 'S' => 1);
+
+    private $supportedHashFunctions = array('SHA1' => 20, 'SHA256' => 32, 'SHA512' => 64);
+
+
+    public function __construct($ocraSuite) {
+        $this->parseOCRASuite($ocraSuite);
+    }
+
+    /**
+     * Inspired by https://github.com/bdauvergne/python-oath
+     */
+    private function parseOCRASuite($ocraSuite) {
+        if (!is_string($ocraSuite)) {
+            throw new Exception('OCRASuite not in string format: ' . var_export($ocraSuite, TRUE));
+        }
+
+        $ocraSuite = strtoupper($ocraSuite);
+        $this->OCRASuite = $ocraSuite;
+
+        $s = explode(':', $ocraSuite);
+        if (count($s) != 3) {
+            throw new Exception('Invalid OCRASuite format: ' . var_export($ocraSuite, TRUE));
+        }
+
+        $algo = explode('-', $s[0]);
+        if (count($algo) != 2) {
+            throw new Exception('Invalid OCRA version: ' . var_export($s[0], TRUE));
+        }
+
+        if ($algo[0] !== 'OCRA') {
+            throw new Exception('Unsupported OCRA algorithm: ' . var_export($algo[0], TRUE));
+        }
+
+        if ($algo[1] !== '1') {
+            throw new Exception('Unsupported OCRA version: ' . var_export($algo[1], TRUE));
+        }
+        $this->OCRAVersion = $algo[1];
+
+        $cf = explode('-', $s[1]);
+        if (count($cf) != 3) {
+            throw new Exception('Invalid OCRA suite crypto function: ' . var_export($s[1], TRUE));
+        }
+
+        if ($cf[0] !== 'HOTP') {
+            throw new Exception('Unsupported OCRA suite crypto function: ' . var_export($cf[0], TRUE));
+        }
+        $this->CryptoFunctionType = $cf[0];
+
+        if (!array_key_exists($cf[1], $this->supportedHashFunctions)) {
+            throw new Exception('Unsupported hash function in OCRA suite crypto function: ' . var_export($cf[1], TRUE));
+        }
+        $this->CryptoFunctionHash = $cf[1];
+        $this->CryptoFunctionHashLength = $this->supportedHashFunctions[$cf[1]];
+
+        if (!preg_match('/^\d+$/', $cf[2]) || (($cf[2] < 4 || $cf[2] > 10) && $cf[2] != 0)) {
+            throw new Exception('Invalid OCRA suite crypto function truncation length: ' . var_export($cf[2], TRUE));
+        }
+        $this->CryptoFunctionTruncation = intval($cf[2]);
+
+        $di = explode('-', $s[2]);
+        if (count($cf) == 0) {
+            throw new Exception('Invalid OCRA suite data input: ' . var_export($s[2], TRUE));
+        }
+
+        $data_input = array();
+        foreach($di as $elem) {
+            $letter = $elem[0];
+            if (array_key_exists($letter, $data_input)) {
+                throw new Exception('Duplicate field in OCRA suite data input: ' . var_export($elem, TRUE));
+            }
+            $data_input[$letter] = 1;
+
+            if ($letter === 'C' && strlen($elem) == 1) {
+                $this->C = TRUE;
+            } elseif ($letter === 'Q') {
+                if (strlen($elem) == 1) {
+                    $this->Q = TRUE;
+                } elseif (preg_match('/^Q([AHN])(\d+)$/', $elem, $match)) {
+                    $q_len = intval($match[2]);
+                    if ($q_len < 4 || $q_len > 64) {
+                        throw new Exception('Invalid OCRA suite data input question length: ' . var_export($q_len, TRUE));
+                    }
+                    $this->Q = TRUE;
+                    $this->QType = $match[1];
+                    $this->QLength = $q_len;
+                } else {
+                    throw new Exception('Invalid OCRA suite data input question: ' . var_export($elem, TRUE));
+                }
+            } elseif ($letter === 'P') {
+                if (strlen($elem) == 1) {
+                    $this->P = TRUE;
+                } else {
+                    $p_algo = substr($elem, 1);
+                    if (!array_key_exists($p_algo, $this->supportedHashFunctions)) {
+                        throw new Exception('Unsupported OCRA suite PIN hash function: ' . var_export($elem, TRUE));
+                    }
+                    $this->P = TRUE;
+                    $this->PType = $p_algo;
+                    $this->PLength = $this->supportedHashFunctions[$p_algo];
+                }
+            } elseif ($letter === 'S') {
+                if (strlen($elem) == 1) {
+                    $this->S = TRUE;
+                } elseif (preg_match('/^S(\d+)$/', $elem, $match)) {
+                    $s_len = intval($match[1]);
+                    if ($s_len <= 0 || $s_len > 512) {
+                        throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($s_len, TRUE));
+                    }
+
+                    $this->S = TRUE;
+                    $this->SLength = $s_len;
+                } else {
+                    throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($elem, TRUE));
+                }
+            } elseif ($letter === 'T') {
+                if (strlen($elem) == 1) {
+                    $this->T = TRUE;
+                } elseif (preg_match('/^T(\d+[HMS])+$/', $elem)) {
+                    preg_match_all('/(\d+)([HMS])/', $elem, $match);
+
+                    if (count($match[1]) !== count(array_unique($match[2]))) {
+                        throw new Exception('Duplicate definitions in OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+                    }
+
+                    $length = 0;
+                    for ($i = 0; $i < count($match[1]); $i++) {
+                        $length += intval($match[1][$i]) * $this->TPeriods[$match[2][$i]];
+                    }
+                    if ($length <= 0) {
+                        throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+                    }
+
+                    $this->T = TRUE;
+                    $this->TLength = $length;
+                } else {
+                    throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+                }
+            } else {
+                throw new Exception('Unsupported OCRA suite data input field: ' . var_export($elem, TRUE));
+            }
+        }
+
+        if (!$this->Q) {
+            throw new Exception('OCRA suite data input question not defined: ' . var_export($s[2], TRUE));
+        }
+    }
+
+    public function generateChallenge() {
+        $q_length = $this->QLength;
+        $q_type = $this->QType;
 
         $bytes = Tiqr_Random::randomBytes($q_length);
 
-		switch($q_type) {
-			case 'A':
-				$challenge = base64_encode($bytes);
-				$tr = implode("", unpack('H*', $bytes));
-				$challenge = rtrim(strtr($challenge, '+/', $tr), '=');
-				break;
-			case 'H':
-				$challenge = implode("", unpack('H*', $bytes));
-				break;
-			case 'N':
-				$challenge = implode("", unpack('N*', $bytes));
-				break;
-			default:
-				throw new Exception('Unsupported OCRASuite challenge type: ' . var_export($q_type, TRUE));
-				break;
-		}
-
-		$challenge = substr($challenge, 0, $q_length);
-
-		return $challenge;
-	}
-
-
-	public function generateSessionInformation() {
-		if (!$this->S) {
-			throw new Exception('Session information not defined in OCRASuite: ' . var_export($this->OCRASuite, TRUE));
-		}
-
-		$s_length = $this->SLength;
+        switch($q_type) {
+            case 'A':
+                $challenge = base64_encode($bytes);
+                $tr = implode("", unpack('H*', $bytes));
+                $challenge = rtrim(strtr($challenge, '+/', $tr), '=');
+                break;
+            case 'H':
+                $challenge = implode("", unpack('H*', $bytes));
+                break;
+            case 'N':
+                $challenge = implode("", unpack('N*', $bytes));
+                break;
+            default:
+                throw new Exception('Unsupported OCRASuite challenge type: ' . var_export($q_type, TRUE));
+                break;
+        }
+
+        $challenge = substr($challenge, 0, $q_length);
+
+        return $challenge;
+    }
+
+
+    public function generateSessionInformation() {
+        if (!$this->S) {
+            throw new Exception('Session information not defined in OCRASuite: ' . var_export($this->OCRASuite, TRUE));
+        }
+
+        $s_length = $this->SLength;
         $bytes = Tiqr_Random::randomBytes($s_length);
 
-		// The OCRA spec doesn't specify that the session data should be hexadecimal.
-		// However the reference implementation in the RFC does treat it as hex.
-		$session = bin2hex($bytes);
+        // The OCRA spec doesn't specify that the session data should be hexadecimal.
+        // However the reference implementation in the RFC does treat it as hex.
+        $session = bin2hex($bytes);
 		
-		$session = substr($session, 0, $s_length);
+        $session = substr($session, 0, $s_length);
 		
-		return $session;
-	}
-
-
-	/**
-	 * Constant time string comparison, see http://codahale.com/a-lesson-in-timing-attacks/
-	 */
-	public static function constEqual($s1, $s2) {
-		if (strlen($s1) != strlen($s2)) {
-			return FALSE;
-		}
-
-		$result = TRUE;
-		$length = strlen($s1);
-		for ($i = 0; $i < $length; $i++) {
-			$result &= ($s1[$i] == $s2[$i]);
-		}
-
-		return (boolean)$result;
-	}
+        return $session;
+    }
+
+
+    /**
+     * Constant time string comparison, see http://codahale.com/a-lesson-in-timing-attacks/
+     */
+    public static function constEqual($s1, $s2) {
+        if (strlen($s1) != strlen($s2)) {
+            return FALSE;
+        }
+
+        $result = TRUE;
+        $length = strlen($s1);
+        for ($i = 0; $i < $length; $i++) {
+            $result &= ($s1[$i] == $s2[$i]);
+        }
+
+        return (boolean)$result;
+    }
 
 }

Spacing +27 added lines, -27 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-require_once ( __DIR__ . "/../Tiqr/Random.php");
+require_once (__DIR__."/../Tiqr/Random.php");
 
 class OATH_OCRAParser {
 
@@ -43,7 +43,7 @@ 
 	 */
 	private function parseOCRASuite($ocraSuite) {
 		if (!is_string($ocraSuite)) {
-			throw new Exception('OCRASuite not in string format: ' . var_export($ocraSuite, TRUE));
+			throw new Exception('OCRASuite not in string format: '.var_export($ocraSuite, TRUE));
 		}
 
 		$ocraSuite = strtoupper($ocraSuite);
@@ -51,54 +51,54 @@ 
 
 		$s = explode(':', $ocraSuite);
 		if (count($s) != 3) {
-			throw new Exception('Invalid OCRASuite format: ' . var_export($ocraSuite, TRUE));
+			throw new Exception('Invalid OCRASuite format: '.var_export($ocraSuite, TRUE));
 		}
 
 		$algo = explode('-', $s[0]);
 		if (count($algo) != 2) {
-			throw new Exception('Invalid OCRA version: ' . var_export($s[0], TRUE));
+			throw new Exception('Invalid OCRA version: '.var_export($s[0], TRUE));
 		}
 
 		if ($algo[0] !== 'OCRA') {
-			throw new Exception('Unsupported OCRA algorithm: ' . var_export($algo[0], TRUE));
+			throw new Exception('Unsupported OCRA algorithm: '.var_export($algo[0], TRUE));
 		}
 
 		if ($algo[1] !== '1') {
-			throw new Exception('Unsupported OCRA version: ' . var_export($algo[1], TRUE));
+			throw new Exception('Unsupported OCRA version: '.var_export($algo[1], TRUE));
 		}
 		$this->OCRAVersion = $algo[1];
 
 		$cf = explode('-', $s[1]);
 		if (count($cf) != 3) {
-			throw new Exception('Invalid OCRA suite crypto function: ' . var_export($s[1], TRUE));
+			throw new Exception('Invalid OCRA suite crypto function: '.var_export($s[1], TRUE));
 		}
 
 		if ($cf[0] !== 'HOTP') {
-			throw new Exception('Unsupported OCRA suite crypto function: ' . var_export($cf[0], TRUE));
+			throw new Exception('Unsupported OCRA suite crypto function: '.var_export($cf[0], TRUE));
 		}
 		$this->CryptoFunctionType = $cf[0];
 
 		if (!array_key_exists($cf[1], $this->supportedHashFunctions)) {
-			throw new Exception('Unsupported hash function in OCRA suite crypto function: ' . var_export($cf[1], TRUE));
+			throw new Exception('Unsupported hash function in OCRA suite crypto function: '.var_export($cf[1], TRUE));
 		}
 		$this->CryptoFunctionHash = $cf[1];
 		$this->CryptoFunctionHashLength = $this->supportedHashFunctions[$cf[1]];
 
 		if (!preg_match('/^\d+$/', $cf[2]) || (($cf[2] < 4 || $cf[2] > 10) && $cf[2] != 0)) {
-			throw new Exception('Invalid OCRA suite crypto function truncation length: ' . var_export($cf[2], TRUE));
+			throw new Exception('Invalid OCRA suite crypto function truncation length: '.var_export($cf[2], TRUE));
 		}
 		$this->CryptoFunctionTruncation = intval($cf[2]);
 
 		$di = explode('-', $s[2]);
 		if (count($cf) == 0) {
-			throw new Exception('Invalid OCRA suite data input: ' . var_export($s[2], TRUE));
+			throw new Exception('Invalid OCRA suite data input: '.var_export($s[2], TRUE));
 		}
 
 		$data_input = array();
-		foreach($di as $elem) {
+		foreach ($di as $elem) {
 			$letter = $elem[0];
 			if (array_key_exists($letter, $data_input)) {
-				throw new Exception('Duplicate field in OCRA suite data input: ' . var_export($elem, TRUE));
+				throw new Exception('Duplicate field in OCRA suite data input: '.var_export($elem, TRUE));
 			}
 			$data_input[$letter] = 1;
 
@@ -110,13 +110,13 @@ 
 				} elseif (preg_match('/^Q([AHN])(\d+)$/', $elem, $match)) {
 					$q_len = intval($match[2]);
 					if ($q_len < 4 || $q_len > 64) {
-						throw new Exception('Invalid OCRA suite data input question length: ' . var_export($q_len, TRUE));
+						throw new Exception('Invalid OCRA suite data input question length: '.var_export($q_len, TRUE));
 					}
 					$this->Q = TRUE;
 					$this->QType = $match[1];
 					$this->QLength = $q_len;
 				} else {
-					throw new Exception('Invalid OCRA suite data input question: ' . var_export($elem, TRUE));
+					throw new Exception('Invalid OCRA suite data input question: '.var_export($elem, TRUE));
 				}
 			} elseif ($letter === 'P') {
 				if (strlen($elem) == 1) {
@@ -124,7 +124,7 @@ 
 				} else {
 					$p_algo = substr($elem, 1);
 					if (!array_key_exists($p_algo, $this->supportedHashFunctions)) {
-						throw new Exception('Unsupported OCRA suite PIN hash function: ' . var_export($elem, TRUE));
+						throw new Exception('Unsupported OCRA suite PIN hash function: '.var_export($elem, TRUE));
 					}
 					$this->P = TRUE;
 					$this->PType = $p_algo;
@@ -136,13 +136,13 @@ 
 				} elseif (preg_match('/^S(\d+)$/', $elem, $match)) {
 					$s_len = intval($match[1]);
 					if ($s_len <= 0 || $s_len > 512) {
-						throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($s_len, TRUE));
+						throw new Exception('Invalid OCRA suite data input session information length: '.var_export($s_len, TRUE));
 					}
 
 					$this->S = TRUE;
 					$this->SLength = $s_len;
 				} else {
-					throw new Exception('Invalid OCRA suite data input session information length: ' . var_export($elem, TRUE));
+					throw new Exception('Invalid OCRA suite data input session information length: '.var_export($elem, TRUE));
 				}
 			} elseif ($letter === 'T') {
 				if (strlen($elem) == 1) {
@@ -151,7 +151,7 @@ 
 					preg_match_all('/(\d+)([HMS])/', $elem, $match);
 
 					if (count($match[1]) !== count(array_unique($match[2]))) {
-						throw new Exception('Duplicate definitions in OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+						throw new Exception('Duplicate definitions in OCRA suite data input timestamp: '.var_export($elem, TRUE));
 					}
 
 					$length = 0;
@@ -159,21 +159,21 @@ 
 						$length += intval($match[1][$i]) * $this->TPeriods[$match[2][$i]];
 					}
 					if ($length <= 0) {
-						throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+						throw new Exception('Invalid OCRA suite data input timestamp: '.var_export($elem, TRUE));
 					}
 
 					$this->T = TRUE;
 					$this->TLength = $length;
 				} else {
-					throw new Exception('Invalid OCRA suite data input timestamp: ' . var_export($elem, TRUE));
+					throw new Exception('Invalid OCRA suite data input timestamp: '.var_export($elem, TRUE));
 				}
 			} else {
-				throw new Exception('Unsupported OCRA suite data input field: ' . var_export($elem, TRUE));
+				throw new Exception('Unsupported OCRA suite data input field: '.var_export($elem, TRUE));
 			}
 		}
 
 		if (!$this->Q) {
-			throw new Exception('OCRA suite data input question not defined: ' . var_export($s[2], TRUE));
+			throw new Exception('OCRA suite data input question not defined: '.var_export($s[2], TRUE));
 		}
 	}
 
@@ -183,7 +183,7 @@ 
 
         $bytes = Tiqr_Random::randomBytes($q_length);
 
-		switch($q_type) {
+		switch ($q_type) {
 			case 'A':
 				$challenge = base64_encode($bytes);
 				$tr = implode("", unpack('H*', $bytes));
@@ -196,7 +196,7 @@ 
 				$challenge = implode("", unpack('N*', $bytes));
 				break;
 			default:
-				throw new Exception('Unsupported OCRASuite challenge type: ' . var_export($q_type, TRUE));
+				throw new Exception('Unsupported OCRASuite challenge type: '.var_export($q_type, TRUE));
 				break;
 		}
 
@@ -208,7 +208,7 @@ 
 
 	public function generateSessionInformation() {
 		if (!$this->S) {
-			throw new Exception('Session information not defined in OCRASuite: ' . var_export($this->OCRASuite, TRUE));
+			throw new Exception('Session information not defined in OCRASuite: '.var_export($this->OCRASuite, TRUE));
 		}
 
 		$s_length = $this->SLength;
@@ -238,7 +238,7 @@ 
 			$result &= ($s1[$i] == $s2[$i]);
 		}
 
-		return (boolean)$result;
+		return (boolean) $result;
 	}
 
 }