AlgorithmCollector - Code Metrics - web-token/jwt-framework - Measure and Improve Code Quality continuously with Scrutinizer

AlgorithmCollector A
last analyzed 2019-10-31 23:09 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	193
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	2

Importance

Changes

Metric	Value
wmc	11
lcom	1
cbo	2
dl	0
loc	193
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
A	collect()	28	3
A	getAlgorithmType()	23	5
B	getAlgorithmMessages()	127	2

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2019 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Bundle\JoseFramework\DataCollector;

use Jose\Component\Core\Algorithm;
use Jose\Component\Core\AlgorithmManagerFactory;
use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
use Jose\Component\Signature\Algorithm\MacAlgorithm;
use Jose\Component\Signature\Algorithm\SignatureAlgorithm;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

final class AlgorithmCollector implements Collector
{
    /**
     * @var AlgorithmManagerFactory
     */
    private $algorithmManagerFactory;

    public function __construct(AlgorithmManagerFactory $algorithmManagerFactory)
    {
        $this->algorithmManagerFactory = $algorithmManagerFactory;
    }

    public function collect(array &$data, Request $request, Response $response, ?\Exception $exception = null): void
    {
        $algorithms = $this->algorithmManagerFactory->all();
        $data['algorithm'] = [
            'messages' => $this->getAlgorithmMessages(),
            'algorithms' => [],
        ];
        $signatureAlgorithms = 0;
        $macAlgorithms = 0;
        $keyEncryptionAlgorithms = 0;
        $contentEncryptionAlgorithms = 0;
        foreach ($algorithms as $alias => $algorithm) {
            $type = $this->getAlgorithmType($algorithm, $signatureAlgorithms, $macAlgorithms, $keyEncryptionAlgorithms, $contentEncryptionAlgorithms);
            if (!\array_key_exists($type, $data['algorithm']['algorithms'])) {
                $data['algorithm']['algorithms'][$type] = [];
            }
            $data['algorithm']['algorithms'][$type][$alias] = [
                'name' => $algorithm->name(),
            ];
        }

        $data['algorithm']['types'] = [
            'signature' => $signatureAlgorithms,
            'mac' => $macAlgorithms,
            'key_encryption' => $keyEncryptionAlgorithms,
            'content_encryption' => $contentEncryptionAlgorithms,
        ];
    }

    private function getAlgorithmType(Algorithm $algorithm, int &$signatureAlgorithms, int &$macAlgorithms, int &$keyEncryptionAlgorithms, int &$contentEncryptionAlgorithms): string
    {
        switch (true) {
            case $algorithm instanceof SignatureAlgorithm:
                $signatureAlgorithms++;

                return 'Signature';
            case $algorithm instanceof MacAlgorithm:
                $macAlgorithms++;

                return 'MAC';
            case $algorithm instanceof KeyEncryptionAlgorithm:
                $keyEncryptionAlgorithms++;

                return 'Key Encryption';
            case $algorithm instanceof ContentEncryptionAlgorithm:
                $contentEncryptionAlgorithms++;

                return 'Content Encryption';
            default:
                return 'Unknown';
        }
    }

    private function getAlgorithmMessages(): array
    {
        $messages = [
            'none' => [
                'severity' => 'severity-low',
                'message' => 'This algorithm is not secured. Please use with caution.',
            ],
            'HS256/64' => [
                'severity' => 'severity-low',
                'message' => 'Experimental. Please use for testing purpose only.',
            ],
            'RS1' => [
                'severity' => 'severity-high',
                'message' => 'Experimental. Please use for testing purpose only. SHA-1 hashing function is not recommended.',
            ],
            'RS256' => [
                'severity' => 'severity-medium',
                'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
            ],
            'RS384' => [
                'severity' => 'severity-medium',
                'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
            ],
            'RS512' => [
                'severity' => 'severity-medium',
                'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
            ],
            'HS1' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm has known vulnerabilities. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-17">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-17</a>. SHA-1 hashing function is not recommended.',
            ],
            'A128CTR' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'A192CTR' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'A256CTR' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'A128CBC' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'A192CBC' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'A256CBC' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
            ],
            'chacha20-poly1305' => [
                'severity' => 'severity-low',
                'message' => 'Experimental. Please use for testing purpose only.',
            ],
            'RSA-OAEP-384' => [
                'severity' => 'severity-low',
                'message' => 'Experimental. Please use for testing purpose only.',
            ],
            'RSA-OAEP-512' => [
                'severity' => 'severity-low',
                'message' => 'Experimental. Please use for testing purpose only.',
            ],
            'A128CCM-16-64' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A256CCM-16-64' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A128CCM-64-64' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A256CCM-64-64' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A128CCM-16-128' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A256CCM-16-128' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A128CCM-64-128' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'A256CCM-64-128' => [
                'severity' => 'severity-low',
                'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
            ],
            'RSA1_5' => [
                'severity' => 'severity-high',
                'message' => 'This algorithm is not secured (known attacks). See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5</a>.',
            ],
        ];
        if (!\function_exists('openssl_pkey_derive')) {
            $messages += [
                'ECDH-ES' => [
                    'severity' => 'severity-medium',
                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
                ],
                'ECDH-ES+A128KW' => [
                    'severity' => 'severity-medium',
                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
                ],
                'ECDH-ES+A192KW' => [
                    'severity' => 'severity-medium',
                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
                ],
                'ECDH-ES+A256KW' => [
                    'severity' => 'severity-medium',
                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
                ],
            ];
        }

        return $messages;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2019 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Bundle\JoseFramework\DataCollector;
15
16			use Jose\Component\Core\Algorithm;
17			use Jose\Component\Core\AlgorithmManagerFactory;
18			use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
19			use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
20			use Jose\Component\Signature\Algorithm\MacAlgorithm;
21			use Jose\Component\Signature\Algorithm\SignatureAlgorithm;
22			use Symfony\Component\HttpFoundation\Request;
23			use Symfony\Component\HttpFoundation\Response;
24
25			final class AlgorithmCollector implements Collector
26			{
27			/**
28			* @var AlgorithmManagerFactory
29			*/
30			private $algorithmManagerFactory;
31
32			public function __construct(AlgorithmManagerFactory $algorithmManagerFactory)
33			{
34			$this->algorithmManagerFactory = $algorithmManagerFactory;
35			}
36
37			public function collect(array &$data, Request $request, Response $response, ?\Exception $exception = null): void
38			{
39			$algorithms = $this->algorithmManagerFactory->all();
40			$data['algorithm'] = [
41			'messages' => $this->getAlgorithmMessages(),
42			'algorithms' => [],
43			];
44			$signatureAlgorithms = 0;
45			$macAlgorithms = 0;
46			$keyEncryptionAlgorithms = 0;
47			$contentEncryptionAlgorithms = 0;
48			foreach ($algorithms as $alias => $algorithm) {
49			$type = $this->getAlgorithmType($algorithm, $signatureAlgorithms, $macAlgorithms, $keyEncryptionAlgorithms, $contentEncryptionAlgorithms);
50			if (!\array_key_exists($type, $data['algorithm']['algorithms'])) {
51			$data['algorithm']['algorithms'][$type] = [];
52			}
53			$data['algorithm']['algorithms'][$type][$alias] = [
54			'name' => $algorithm->name(),
55			];
56			}
57
58			$data['algorithm']['types'] = [
59			'signature' => $signatureAlgorithms,
60			'mac' => $macAlgorithms,
61			'key_encryption' => $keyEncryptionAlgorithms,
62			'content_encryption' => $contentEncryptionAlgorithms,
63			];
64			}
65
66			private function getAlgorithmType(Algorithm $algorithm, int &$signatureAlgorithms, int &$macAlgorithms, int &$keyEncryptionAlgorithms, int &$contentEncryptionAlgorithms): string
67			{
68			switch (true) {
69			case $algorithm instanceof SignatureAlgorithm:
70			$signatureAlgorithms++;
71
72			return 'Signature';
73			case $algorithm instanceof MacAlgorithm:
74			$macAlgorithms++;
75
76			return 'MAC';
77			case $algorithm instanceof KeyEncryptionAlgorithm:
78			$keyEncryptionAlgorithms++;
79
80			return 'Key Encryption';
81			case $algorithm instanceof ContentEncryptionAlgorithm:
82			$contentEncryptionAlgorithms++;
83
84			return 'Content Encryption';
85			default:
86			return 'Unknown';
87			}
88			}
89
90			private function getAlgorithmMessages(): array
91			{
92			$messages = [
93			'none' => [
94			'severity' => 'severity-low',
95			'message' => 'This algorithm is not secured. Please use with caution.',
96			],
97			'HS256/64' => [
98			'severity' => 'severity-low',
99			'message' => 'Experimental. Please use for testing purpose only.',
100			],
101			'RS1' => [
102			'severity' => 'severity-high',
103			'message' => 'Experimental. Please use for testing purpose only. SHA-1 hashing function is not recommended.',
104			],
105			'RS256' => [
106			'severity' => 'severity-medium',
107			'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
108			],
109			'RS384' => [
110			'severity' => 'severity-medium',
111			'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
112			],
113			'RS512' => [
114			'severity' => 'severity-medium',
115			'message' => 'RSAES-PKCS1-v1_5 based algorithms are not recommended.',
116			],
117			'HS1' => [
118			'severity' => 'severity-high',
119			'message' => 'This algorithm has known vulnerabilities. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-17">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-17</a>. SHA-1 hashing function is not recommended.',
120			],
121			'A128CTR' => [
122			'severity' => 'severity-high',
123			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
124			],
125			'A192CTR' => [
126			'severity' => 'severity-high',
127			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
128			],
129			'A256CTR' => [
130			'severity' => 'severity-high',
131			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
132			],
133			'A128CBC' => [
134			'severity' => 'severity-high',
135			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
136			],
137			'A192CBC' => [
138			'severity' => 'severity-high',
139			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
140			],
141			'A256CBC' => [
142			'severity' => 'severity-high',
143			'message' => 'This algorithm is prohibited. For compatibility with old application only. See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-11</a>.',
144			],
145			'chacha20-poly1305' => [
146			'severity' => 'severity-low',
147			'message' => 'Experimental. Please use for testing purpose only.',
148			],
149			'RSA-OAEP-384' => [
150			'severity' => 'severity-low',
151			'message' => 'Experimental. Please use for testing purpose only.',
152			],
153			'RSA-OAEP-512' => [
154			'severity' => 'severity-low',
155			'message' => 'Experimental. Please use for testing purpose only.',
156			],
157			'A128CCM-16-64' => [
158			'severity' => 'severity-low',
159			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
160			],
161			'A256CCM-16-64' => [
162			'severity' => 'severity-low',
163			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
164			],
165			'A128CCM-64-64' => [
166			'severity' => 'severity-low',
167			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
168			],
169			'A256CCM-64-64' => [
170			'severity' => 'severity-low',
171			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
172			],
173			'A128CCM-16-128' => [
174			'severity' => 'severity-low',
175			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
176			],
177			'A256CCM-16-128' => [
178			'severity' => 'severity-low',
179			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
180			],
181			'A128CCM-64-128' => [
182			'severity' => 'severity-low',
183			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
184			],
185			'A256CCM-64-128' => [
186			'severity' => 'severity-low',
187			'message' => 'Experimental and subject to changes. Please use for testing purpose only.',
188			],
189			'RSA1_5' => [
190			'severity' => 'severity-high',
191			'message' => 'This algorithm is not secured (known attacks). See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5</a>.',
192			],
193			];
194			if (!\function_exists('openssl_pkey_derive')) {
195			$messages += [
196			'ECDH-ES' => [
197			'severity' => 'severity-medium',
198			'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
199			],
200			'ECDH-ES+A128KW' => [
201			'severity' => 'severity-medium',
202			'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
203			],
204			'ECDH-ES+A192KW' => [
205			'severity' => 'severity-medium',
206			'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
207			],
208			'ECDH-ES+A256KW' => [
209			'severity' => 'severity-medium',
210			'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
211			],
212			];
213			}
214
215			return $messages;
216			}
217			}
218

web-token / jwt-framework

AlgorithmCollector A last analyzed 2019-10-31 23:09 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

AlgorithmCollector A
last analyzed 2019-10-31 23:09 UTC