Duo::signVals() - Code Metrics - Inspection of "2.1.27" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( e14785...c4d33f )

by Nils

created 2017-11-17 05:45 UTC

Duo::signVals() A

↳ Parent: Duo

Complexity

Conditions	2
Paths	2

Size

Total Lines	10
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	7
nc	2
nop	5
dl	0
loc	10
rs	9.4285
c	0
b	0
f	0

<?php
//namespace Duo;

/*
 * https://duo.com/docs/duoweb
 */

class Duo
{

    const DUO_PREFIX = "TX";
    const APP_PREFIX = "APP";
    const AUTH_PREFIX = "AUTH";

    const DUO_EXPIRE = 300;
    const APP_EXPIRE = 3600;

    const IKEY_LEN = 20;
    const SKEY_LEN = 40;
    const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY

    const ERR_USER = 'ERR|The username passed to sign_request() is invalid.';
    const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.';
    const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.';
    const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.';

    private static function signVals($key, $vals, $prefix, $expire, $time = null)
    {
        $exp = ($time ? $time : time()) + $expire;
        $val = $vals . '|' . $exp;
        $b64 = base64_encode($val);
        $cookie = $prefix . '|' . $b64;

        $sig = hash_hmac("sha1", $cookie, $key);
        return $cookie . '|' . $sig;
    }

    private static function parseVals($key, $val, $prefix, $ikey, $time = null)
    {
        $ts = ($time ? $time : time());

        $parts = explode('|', $val);
        if (count($parts) !== 3) {
            return null;
        }
        list($u_prefix, $u_b64, $u_sig) = $parts;

        $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key);
        if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) {
            return null;
        }

        if ($u_prefix !== $prefix) {
            return null;
        }

        $cookie_parts = explode('|', base64_decode($u_b64));
        if (count($cookie_parts) !== 3) {
            return null;
        }
        list($user, $u_ikey, $exp) = $cookie_parts;

        if ($u_ikey !== $ikey) {
            return null;
        }
        if ($ts >= intval($exp)) {
            return null;
        }

        return $user;
    }

    public static function signRequest($ikey, $skey, $akey, $username, $time = null)
    {
        if (!isset($username) || strlen($username) === 0) {
            return self::ERR_USER;
        }
        if (strpos($username, '|') !== false) {
            return self::ERR_USER;
        }
        if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) {
            return self::ERR_IKEY;
        }
        if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) {
            return self::ERR_SKEY;
        }
        if (!isset($akey) || strlen($akey) < self::AKEY_LEN) {
            return self::ERR_AKEY;
        }

        $vals = $username . '|' . $ikey;

        $duo_sig = self::signVals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time);
        $app_sig = self::signVals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time);

        return $duo_sig . ':' . $app_sig;
    }

    public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time = null)
    {
        list($auth_sig, $app_sig) = explode(':', $sig_response);

        $auth_user = self::parseVals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time);
        $app_user = self::parseVals($akey, $app_sig, self::APP_PREFIX, $ikey, $time);

        if ($auth_user !== $app_user) {
            return null;
        }

        return $auth_user;
    }
}


1			<?php
2			//namespace Duo;
3
4			/*
5			* https://duo.com/docs/duoweb
6			*/
7
8			class Duo
9			{
10
11			const DUO_PREFIX = "TX";
12			const APP_PREFIX = "APP";
13			const AUTH_PREFIX = "AUTH";
14
15			const DUO_EXPIRE = 300;
16			const APP_EXPIRE = 3600;
17
18			const IKEY_LEN = 20;
19			const SKEY_LEN = 40;
20			const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY
21
22			const ERR_USER = 'ERR\|The username passed to sign_request() is invalid.';
23			const ERR_IKEY = 'ERR\|The Duo integration key passed to sign_request() is invalid.';
24			const ERR_SKEY = 'ERR\|The Duo secret key passed to sign_request() is invalid.';
25			const ERR_AKEY = 'ERR\|The application secret key passed to sign_request() must be at least 40 characters.';
26
27			private static function signVals($key, $vals, $prefix, $expire, $time = null)
28			{
29			$exp = ($time ? $time : time()) + $expire;
30			$val = $vals . '\|' . $exp;
31			$b64 = base64_encode($val);
32			$cookie = $prefix . '\|' . $b64;
33
34			$sig = hash_hmac("sha1", $cookie, $key);
35			return $cookie . '\|' . $sig;
36			}
37
38			private static function parseVals($key, $val, $prefix, $ikey, $time = null)
39			{
40			$ts = ($time ? $time : time());
41
42			$parts = explode('\|', $val);
43			if (count($parts) !== 3) {
44			return null;
45			}
46			list($u_prefix, $u_b64, $u_sig) = $parts;
47
48			$sig = hash_hmac("sha1", $u_prefix . '\|' . $u_b64, $key);
49			if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) {
50			return null;
51			}
52
53			if ($u_prefix !== $prefix) {
54			return null;
55			}
56
57			$cookie_parts = explode('\|', base64_decode($u_b64));
58			if (count($cookie_parts) !== 3) {
59			return null;
60			}
61			list($user, $u_ikey, $exp) = $cookie_parts;
62
63			if ($u_ikey !== $ikey) {
64			return null;
65			}
66			if ($ts >= intval($exp)) {
67			return null;
68			}
69
70			return $user;
71			}
72
73			public static function signRequest($ikey, $skey, $akey, $username, $time = null)
74			{
75			if (!isset($username) \|\| strlen($username) === 0) {
76			return self::ERR_USER;
77			}
78			if (strpos($username, '\|') !== false) {
79			return self::ERR_USER;
80			}
81			if (!isset($ikey) \|\| strlen($ikey) !== self::IKEY_LEN) {
82			return self::ERR_IKEY;
83			}
84			if (!isset($skey) \|\| strlen($skey) !== self::SKEY_LEN) {
85			return self::ERR_SKEY;
86			}
87			if (!isset($akey) \|\| strlen($akey) < self::AKEY_LEN) {
88			return self::ERR_AKEY;
89			}
90
91			$vals = $username . '\|' . $ikey;
92
93			$duo_sig = self::signVals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time);
94			$app_sig = self::signVals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time);
95
96			return $duo_sig . ':' . $app_sig;
97			}
98
99			public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time = null)
100			{
101			list($auth_sig, $app_sig) = explode(':', $sig_response);
102
103			$auth_user = self::parseVals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time);
104			$app_user = self::parseVals($akey, $app_sig, self::APP_PREFIX, $ikey, $time);
105
106			if ($auth_user !== $app_user) {
107			return null;
108			}
109
110			return $auth_user;
111			}
112			}
113

nilsteampassnet / TeamPass

Push — development ( e14785...c4d33f )

Duo::signVals() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like