View GitHub Repository TeamPass

Schedule Inspection
Subscribe
Completed
Push — development ( e14785...c4d33f )
by Nils
07:09
created

Duo::parseVals()   C

↳ Parent: Duo

Complexity

Conditions 8
Paths 14

Size

Total Lines 34
Code Lines 20

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 8
eloc 20
nc 14
nop 5
dl 0
loc 34
rs 5.3846
c 0
b 0
f 0
1 
<?php
2 
//namespace Duo;
3 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                
/*

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
 * https://duo.com/docs/duoweb

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
 */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
class Duo

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
    const DUO_PREFIX = "TX";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
    const APP_PREFIX = "APP";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
    const AUTH_PREFIX = "AUTH";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
    const DUO_EXPIRE = 300;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
    const APP_EXPIRE = 3600;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
    const IKEY_LEN = 20;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
    const SKEY_LEN = 40;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                
    const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
    const ERR_USER = 'ERR|The username passed to sign_request() is invalid.';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
    const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
    const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
    const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
    private static function signVals($key, $vals, $prefix, $expire, $time = null)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
        $exp = ($time ? $time : time()) + $expire;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
        $val = $vals . '|' . $exp;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                
        $b64 = base64_encode($val);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
        $cookie = $prefix . '|' . $b64;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
        $sig = hash_hmac("sha1", $cookie, $key);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
        return $cookie . '|' . $sig;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
    private static function parseVals($key, $val, $prefix, $ikey, $time = null)

            


            
                                                                        
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
    {

            


            
                                                                        
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
        $ts = ($time ? $time : time());

            


            
                                                                        
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
        $parts = explode('|', $val);

            


            
                                                                        
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                
        if (count($parts) !== 3) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
        list($u_prefix, $u_b64, $u_sig) = $parts;

            


            
                                                                        
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
        $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key);

            


            
                                                                        
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
        if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    51
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    53
                

                                    
                                                    
                
                
                
        if ($u_prefix !== $prefix) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    56
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                
        $cookie_parts = explode('|', base64_decode($u_b64));

            


            
                                                                        
                            
            
                                    
            
            

                
                    58
                

                                    
                                                    
                
                
                
        if (count($cookie_parts) !== 3) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                
        list($user, $u_ikey, $exp) = $cookie_parts;

            


            
                                                                        
                            
            
                                    
            
            

                
                    62
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                
        if ($u_ikey !== $ikey) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    64
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    65
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    66
                

                                    
                                                    
                
                
                
        if ($ts >= intval($exp)) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    67
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                        
                            
            
                                    
            
            

                
                    68
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    69
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    70
                

                                    
                                                    
                
                
                
        return $user;

            


            
                                                                        
                            
            
                                    
            
            

                
                    71
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    72
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    73
                

                                    
                                                    
                
                
                
    public static function signRequest($ikey, $skey, $akey, $username, $time = null)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    74
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    75
                

                                    
                                                    
                
                
                
        if (!isset($username) || strlen($username) === 0) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    76
                

                                    
                                                    
                
                
                
            return self::ERR_USER;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    77
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    78
                

                                    
                                                    
                
                
                
        if (strpos($username, '|') !== false) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    79
                

                                    
                                                    
                
                
                
            return self::ERR_USER;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    80
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    81
                

                                    
                                                    
                
                
                
        if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    82
                

                                    
                                                    
                
                
                
            return self::ERR_IKEY;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    83
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    84
                

                                    
                                                    
                
                
                
        if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    85
                

                                    
                                                    
                
                
                
            return self::ERR_SKEY;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    86
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    87
                

                                    
                                                    
                
                
                
        if (!isset($akey) || strlen($akey) < self::AKEY_LEN) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    88
                

                                    
                                                    
                
                
                
            return self::ERR_AKEY;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    89
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    90
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    91
                

                                    
                                                    
                
                
                
        $vals = $username . '|' . $ikey;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    92
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    93
                

                                    
                                                    
                
                
                
        $duo_sig = self::signVals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    94
                

                                    
                                                    
                
                
                
        $app_sig = self::signVals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    95
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    96
                

                                    
                                                    
                
                
                
        return $duo_sig . ':' . $app_sig;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    97
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    98
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    99
                

                                    
                                                    
                
                
                
    public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time = null)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    100
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    101
                

                                    
                                                    
                
                
                
        list($auth_sig, $app_sig) = explode(':', $sig_response);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    102
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    103
                

                                    
                                                    
                
                
                
        $auth_user = self::parseVals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    104
                

                                    
                                                    
                
                
                
        $app_user = self::parseVals($akey, $app_sig, self::APP_PREFIX, $ikey, $time);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    105
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    106
                

                                    
                                                    
                
                
                
        if ($auth_user !== $app_user) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    107
                

                                    
                                                    
                
                
                
            return null;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    108
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    109
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    110
                

                                    
                                                    
                
                
                
        return $auth_user;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    111
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    112
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    113