HMAC::verify() - Code Metrics - Inspection of "update" - jafaronly/guarded-authentication-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 90db0f...396226 )

by Jafar

created 2018-04-04 07:33 UTC

HMAC::verify() A

↳ Parent: HMAC

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	3
dl	0
loc	5
rs	9.4285
c	0
b	0
f	0

<?php
/*
 * This file is part of the Guarded Authentication package.
 *
 * (c) Jafar Jabr <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\OpenSSL;

use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\SignerInterface;

/**
 * Class HMAC.
 * This class is the base of all HMAC Signers.
 *
 * @author Jafar Jabr <[email protected]>
 */
abstract class HMAC implements SignerInterface
{
    /**
     * {@inheritdoc}
     */
    public function sign($input, $key)
    {
        return hash_hmac($this->getHashingAlgorithm(), $input, (string) $key, true);
    }

    /**
     * To prevent timing attacks we are using PHP 5.6 native function hash_equals,
     * in case of PHP < 5.6 a timing safe equals comparison function.
     *
     * more info here:
     *  http://blog.ircmaxell.com/2014/11/its-all-about-time.html
     *
     *
     * {@inheritdoc}
     */
    public function verify($key, $signature, $input)
    {
        $signedInput = $this->sign($input, $key);

        return $this->timingSafeEquals($signedInput, $signature);
    }

    /**
     * A timing safe equals comparison.
     *
     * @param string $known the internal signature to be checked
     * @param string $input The signed input submitted value
     *
     * @return bool true if the two strings are identical
     */
    public function timingSafeEquals($known, $input)
    {
        return hash_equals($known, $input);
    }

    /**
     * Returns the hashing algorithm used in this signer.
     *
     * @return string
     */
    abstract public function getHashingAlgorithm();
}


1			<?php
2			/*
3			* This file is part of the Guarded Authentication package.
4			*
5			* (c) Jafar Jabr <[email protected]>
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*/
10
11			namespace Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\OpenSSL;
12
13			use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\SignerInterface;
14
15			/**
16			* Class HMAC.
17			* This class is the base of all HMAC Signers.
18			*
19			* @author Jafar Jabr <[email protected]>
20			*/
21			abstract class HMAC implements SignerInterface
22			{
23			/**
24			* {@inheritdoc}
25			*/
26			public function sign($input, $key)
27			{
28			return hash_hmac($this->getHashingAlgorithm(), $input, (string) $key, true);
29			}
30
31			/**
32			* To prevent timing attacks we are using PHP 5.6 native function hash_equals,
33			* in case of PHP < 5.6 a timing safe equals comparison function.
34			*
35			* more info here:
36			* http://blog.ircmaxell.com/2014/11/its-all-about-time.html
37			*
38			*
39			* {@inheritdoc}
40			*/
41			public function verify($key, $signature, $input)
42			{
43			$signedInput = $this->sign($input, $key);
44
45			return $this->timingSafeEquals($signedInput, $signature);
46			}
47
48			/**
49			* A timing safe equals comparison.
50			*
51			* @param string $known the internal signature to be checked
52			* @param string $input The signed input submitted value
53			*
54			* @return bool true if the two strings are identical
55			*/
56			public function timingSafeEquals($known, $input)
57			{
58			return hash_equals($known, $input);
59			}
60
61			/**
62			* Returns the hashing algorithm used in this signer.
63			*
64			* @return string
65			*/
66			abstract public function getHashingAlgorithm();
67			}
68

jafaronly / guarded-authentication-bundle

Push — master ( 90db0f...396226 )

HMAC::verify() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like