Completed
Push — master ( f5002a...0072a1 )
by Florent
02:31
created

AlgorithmCollector::collect()   B

Complexity

Conditions 3
Paths 3

Size

Total Lines 26
Code Lines 18

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 26
rs 8.8571
c 0
b 0
f 0
cc 3
eloc 18
nc 3
nop 4
1
<?php
2
3
declare(strict_types=1);
4
5
/*
6
 * The MIT License (MIT)
7
 *
8
 * Copyright (c) 2014-2018 Spomky-Labs
9
 *
10
 * This software may be modified and distributed under the terms
11
 * of the MIT license.  See the LICENSE file for details.
12
 */
13
14
namespace Jose\Bundle\JoseFramework\DataCollector;
15
16
use Jose\Component\Core\Algorithm;
17
use Jose\Component\Core\AlgorithmManagerFactory;
18
use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
19
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
20
use Jose\Component\Signature\Algorithm\SignatureAlgorithm;
21
use Symfony\Component\HttpFoundation\Request;
22
use Symfony\Component\HttpFoundation\Response;
23
24
class AlgorithmCollector implements Collector
25
{
26
    /**
27
     * @var AlgorithmManagerFactory
28
     */
29
    private $algorithmManagerFactory;
30
31
    /**
32
     * AlgorithmCollector constructor.
33
     *
34
     * @param AlgorithmManagerFactory $algorithmManagerFactory
35
     */
36
    public function __construct(AlgorithmManagerFactory $algorithmManagerFactory)
37
    {
38
        $this->algorithmManagerFactory = $algorithmManagerFactory;
39
    }
40
41
    /**
42
     * {@inheritdoc}
43
     */
44
    public function collect(array &$data, Request $request, Response $response, \Exception $exception = null)
45
    {
46
        $algorithms = $this->algorithmManagerFactory->all();
47
        $data['algorithm'] = [
48
            'messages'   => $this->getAlgorithmMessages(),
49
            'algorithms' => [],
50
        ];
51
        $signatureAlgorithms = 0;
52
        $keyEncryptionAlgorithms = 0;
53
        $contentEncryptionAlgorithms = 0;
54
        foreach ($algorithms as $alias => $algorithm) {
55
            $type = $this->getAlgorithmType($algorithm, $signatureAlgorithms, $keyEncryptionAlgorithms, $contentEncryptionAlgorithms);
56
            if (!array_key_exists($type, $data['algorithm']['algorithms'])) {
57
                $data['algorithm']['algorithms'][$type] = [];
58
            }
59
            $data['algorithm']['algorithms'][$type][$alias] = [
60
                'name' => $algorithm->name(),
61
            ];
62
        }
63
64
        $data['algorithm']['types'] = [
65
            'signature'          => $signatureAlgorithms,
66
            'key_encryption'     => $keyEncryptionAlgorithms,
67
            'content_encryption' => $contentEncryptionAlgorithms,
68
        ];
69
    }
70
71
    /**
72
     * @param Algorithm $algorithm
73
     * @param int       $signatureAlgorithms
74
     * @param int       $keyEncryptionAlgorithms
75
     * @param int       $contentEncryptionAlgorithms
76
     *
77
     * @return string
78
     */
79
    private function getAlgorithmType(Algorithm $algorithm, int &$signatureAlgorithms, int &$keyEncryptionAlgorithms, int &$contentEncryptionAlgorithms): string
80
    {
81
        switch (true) {
82
            case $algorithm instanceof SignatureAlgorithm:
83
                $signatureAlgorithms++;
84
85
                return 'Signature';
86
            case $algorithm instanceof KeyEncryptionAlgorithm:
87
                $keyEncryptionAlgorithms++;
88
89
                return 'Key Encryption';
90
            case $algorithm instanceof ContentEncryptionAlgorithm:
91
                $contentEncryptionAlgorithms++;
92
93
                return 'Content Encryption';
94
            default:
95
                return 'Unknown';
96
        }
97
    }
98
99
    /**
100
     * @return array
101
     */
102
    private function getAlgorithmMessages(): array
103
    {
104
        return [
105
            'none' => [
106
                'severity' => 'severity-low',
107
                'message'  => 'This algorithm is not secured. Please use with caution.',
108
            ],
109
            'RSA1_5' => [
110
                'severity' => 'severity-high',
111
                'message'  => 'This algorithm is not secured (known attacks). See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5</a>.',
112
            ],
113
            'ECDH-ES' => [
114
                'severity' => 'severity-medium',
115
                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
116
            ],
117
            'ECDH-ES+A128KW' => [
118
                'severity' => 'severity-medium',
119
                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
120
            ],
121
            'ECDH-ES+A192KW' => [
122
                'severity' => 'severity-medium',
123
                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
124
            ],
125
            'ECDH-ES+A256KW' => [
126
                'severity' => 'severity-medium',
127
                'message'  => 'This algorithm is very slow when used with curves P-256, P-384, P-521.',
128
            ],
129
        ];
130
    }
131
}
132