These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * The MIT License (MIT) |
||
7 | * |
||
8 | * Copyright (c) 2014-2019 Spomky-Labs |
||
9 | * |
||
10 | * This software may be modified and distributed under the terms |
||
11 | * of the MIT license. See the LICENSE file for details. |
||
12 | */ |
||
13 | |||
14 | namespace Jose\Component\KeyManagement\Analyzer; |
||
15 | |||
16 | use Base64Url\Base64Url; |
||
17 | use Jose\Component\Core\JWK; |
||
18 | |||
19 | final class RsaAnalyzer implements KeyAnalyzer |
||
20 | { |
||
21 | public function analyze(JWK $jwk, MessageBag $bag): void |
||
22 | { |
||
23 | if ('RSA' !== $jwk->get('kty')) { |
||
24 | return; |
||
25 | } |
||
26 | |||
27 | $this->checkExponent($jwk, $bag); |
||
28 | $this->checkModulus($jwk, $bag); |
||
29 | } |
||
30 | |||
31 | private function checkExponent(JWK $jwk, MessageBag $bag): void |
||
32 | { |
||
33 | $exponent = unpack('l', str_pad(Base64Url::decode($jwk->get('e')), 4, "\0"))[1]; |
||
34 | if ($exponent < 65537) { |
||
35 | $bag->add(Message::high('The exponent is too low. It should be at least 65537.')); |
||
36 | } |
||
37 | } |
||
38 | |||
39 | private function checkModulus(JWK $jwk, MessageBag $bag): void |
||
40 | { |
||
41 | $n = 8 * mb_strlen(Base64Url::decode($jwk->get('n')), '8bit'); |
||
42 | if ($n < 2048) { |
||
43 | $bag->add(Message::high('The key length is less than 2048 bits.')); |
||
44 | } |
||
45 | if ($jwk->has('d') && (!$jwk->has('p') || !$jwk->has('q') || !$jwk->has('dp') || !$jwk->has('dq') || !$jwk->has('p') || !$jwk->has('qi'))) { |
||
46 | $bag->add(Message::medium('The key is a private RSA key, but Chinese Remainder Theorem primes are missing. These primes are not mandatory, but signatures and decryption processes are faster when available.')); |
||
47 | } |
||
48 | } |
||
49 | |||
50 | private function checkOtherPrimes(JWK $jwk, MessageBag $bag): void |
||
0 ignored issues
–
show
Unused Code
introduced
by
Loading history...
|
|||
51 | { |
||
52 | if (!$jwk->has('p') || !$jwk->has('q') || !$jwk->has('dp') || !$jwk->has('dq') || !$jwk->has('qi')) { |
||
53 | $bag->add(Message::medium('Other primes are not set. The key can be optimized.')); |
||
54 | } |
||
55 | } |
||
56 | } |
||
57 |