Issues in RSAKey.php - All Issues - Inspection of "Merge branch 'v1.1'" - web-token/jwt-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( 28d61e...98c33a )

by Florent

created 2018-02-16 12:01 UTC

Component/KeyManagement/KeyConverter/RSAKey.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Component\KeyManagement\KeyConverter;

use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\BigInteger;

/**
 * @internal
 */
class RSAKey
{
    /**
     * @var array
     */
    private $values = [];

    /**
     * RSAKey constructor.
     *
     * @param array $data
     */
    private function __construct(array $data)
    {
        $this->loadJWK($data);
    }

    /**
     * @param string $pem
     *
     * @return RSAKey
     */
    public static function createFromPEM(string $pem): self
    {
        $data = self::loadPEM($pem);

        return new self($data);
    }

    /**
     * @param JWK $jwk
     *
     * @return RSAKey
     */
    public static function createFromJWK(JWK $jwk): self
    {
        return new self($jwk->all());
    }

    /**
     * @param string $data
     *
     * @return array
     */
    private static function loadPEM(string $data): array
    {
        $res = openssl_pkey_get_private($data);
        if (false === $res) {
            $res = openssl_pkey_get_public($data);
        }
        if (false === $res) {
            throw new \InvalidArgumentException('Unable to load the key.');
        }

        $details = openssl_pkey_get_details($res);
        if (!array_key_exists('rsa', $details)) {
            throw new \InvalidArgumentException('Unable to load the key.');
        }

        $values = ['kty' => 'RSA'];
        $keys = [
            'n'  => 'n',
            'e'  => 'e',
            'd'  => 'd',
            'p'  => 'p',
            'q'  => 'q',
            'dp' => 'dmp1',
            'dq' => 'dmq1',
            'qi' => 'iqmp',
        ];
        foreach ($details['rsa'] as $key => $value) {
            if (in_array($key, $keys)) {
                $value = Base64Url::encode($value);
                $values[array_search($key, $keys)] = $value;
            }
        }

        return $values;
    }

    /**
     * @return bool
     */
    public function isPublic(): bool
    {
        return !array_key_exists('d', $this->values);
    }

    /**
     * @param RSAKey $private
     *
     * @return RSAKey
     */
    public static function toPublic(self $private): self
    {
        $data = $private->toArray();
        $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi'];
        foreach ($keys as $key) {
            if (array_key_exists($key, $data)) {
                unset($data[$key]);
            }
        }

        return new self($data);
    }

    /**
     * @return array
     */
    public function toArray(): array
    {
        return $this->values;
    }

    /**
     * @param array $jwk
     */
    private function loadJWK(array $jwk)
    {
        if (!array_key_exists('kty', $jwk)) {
            throw new \InvalidArgumentException('The key parameter "kty" is missing.');
        }
        if ('RSA' !== $jwk['kty']) {
            throw new \InvalidArgumentException('The JWK is not a RSA key.');
        }

        $this->values = $jwk;
    }

    /**
     * @return JWK
     */
    public function toJwk(): JWK
    {
        return JWK::create($this->values);
    }

    /**
     * This method will try to add Chinese Remainder Theorem (CRT) parameters.
     * With those primes, the decryption process is really fast.
     */
    public function optimize()
    {
        if (array_key_exists('d', $this->values)) {
            $this->populateCRT();
        }
    }

    /**
     * This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available.
     */
    private function populateCRT()
    {
        if (!array_key_exists('p', $this->values) && !array_key_exists('q', $this->values)) {
            $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d']));
            $e = BigInteger::createFromBinaryString(Base64Url::decode($this->values['e']));
            $n = BigInteger::createFromBinaryString(Base64Url::decode($this->values['n']));

            list($p, $q) = $this->findPrimeFactors($d, $e, $n);
            $this->values['p'] = Base64Url::encode($p->toBytes());
            $this->values['q'] = Base64Url::encode($q->toBytes());
        }

        if (array_key_exists('dp', $this->values) && array_key_exists('dq', $this->values) && array_key_exists('qi', $this->values)) {
            return;
        }

        $one = BigInteger::createFromDecimal(1);
        $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d']));
        $p = BigInteger::createFromBinaryString(Base64Url::decode($this->values['p']));
        $q = BigInteger::createFromBinaryString(Base64Url::decode($this->values['q']));

        $this->values['dp'] = Base64Url::encode($d->mod($p->subtract($one))->toBytes());
        $this->values['dq'] = Base64Url::encode($d->mod($q->subtract($one))->toBytes());
        $this->values['qi'] = Base64Url::encode($q->modInverse($p)->toBytes());
    }

    /**
     * @param BigInteger $d
     * @param BigInteger $e
     * @param BigInteger $n
     *
     * @return BigInteger[]
     */
    private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array
    {
        $zero = BigInteger::createFromDecimal(0);
        $one = BigInteger::createFromDecimal(1);
        $two = BigInteger::createFromDecimal(2);

        $k = $d->multiply($e)->subtract($one);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        if ($k->isEven()) {
            $r = $k;
            $t = $zero;

            do {
                $r = $r->divide($two);
                $t = $t->add($one);
            } while ($r->isEven());

            $found = false;
            $y = null;

            for ($i = 1; $i <= 100; $i++) {
                $g = BigInteger::random($n->subtract($one));
                $y = $g->modPow($r, $n);

                if ($y->equals($one) || $y->equals($n->subtract($one))) {
                    continue;
                }

                for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) {
// count() is called on each iteration
for ($i=0; $i < count($collection); $i++) { }

// count() is only called once
for ($i=0, $c=count($collection); $i<$c; $i++) { }
                    $x = $y->modPow($two, $n);

                    if ($x->equals($one)) {
                        $found = true;

                        break;
                    }

                    if ($x->equals($n->subtract($one))) {
                        continue;
                    }

                    $y = $x;
                }

                $x = $y->modPow($two, $n);
                if ($x->equals($one)) {
                    $found = true;

                    break;
                }
            }

            if (true === $found) {
                $p = $y->subtract($one)->gcd($n);
                $q = $n->divide($p);

                return [$p, $q];
            }
        }

        throw new \InvalidArgumentException('Unable to find prime factors.');
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Component\KeyManagement\KeyConverter;
15
16			use Base64Url\Base64Url;
17			use Jose\Component\Core\JWK;
18			use Jose\Component\Core\Util\BigInteger;
19
20			/**
21			* @internal
22			*/
23			class RSAKey
24			{
25			/**
26			* @var array
27			*/
28			private $values = [];
29
30			/**
31			* RSAKey constructor.
32			*
33			* @param array $data
34			*/
35			private function __construct(array $data)
36			{
37			$this->loadJWK($data);
38			}
39
40			/**
41			* @param string $pem
42			*
43			* @return RSAKey
44			*/
45			public static function createFromPEM(string $pem): self
46			{
47			$data = self::loadPEM($pem);
48
49			return new self($data);
50			}
51
52			/**
53			* @param JWK $jwk
54			*
55			* @return RSAKey
56			*/
57			public static function createFromJWK(JWK $jwk): self
58			{
59			return new self($jwk->all());
60			}
61
62			/**
63			* @param string $data
64			*
65			* @return array
66			*/
67			private static function loadPEM(string $data): array
68			{
69			$res = openssl_pkey_get_private($data);
70			if (false === $res) {
71			$res = openssl_pkey_get_public($data);
72			}
73			if (false === $res) {
74			throw new \InvalidArgumentException('Unable to load the key.');
75			}
76
77			$details = openssl_pkey_get_details($res);
78			if (!array_key_exists('rsa', $details)) {
79			throw new \InvalidArgumentException('Unable to load the key.');
80			}
81
82			$values = ['kty' => 'RSA'];
83			$keys = [
84			'n' => 'n',
85			'e' => 'e',
86			'd' => 'd',
87			'p' => 'p',
88			'q' => 'q',
89			'dp' => 'dmp1',
90			'dq' => 'dmq1',
91			'qi' => 'iqmp',
92			];
93			foreach ($details['rsa'] as $key => $value) {
94			if (in_array($key, $keys)) {
95			$value = Base64Url::encode($value);
96			$values[array_search($key, $keys)] = $value;
97			}
98			}
99
100			return $values;
101			}
102
103			/**
104			* @return bool
105			*/
106			public function isPublic(): bool
107			{
108			return !array_key_exists('d', $this->values);
109			}
110
111			/**
112			* @param RSAKey $private
113			*
114			* @return RSAKey
115			*/
116			public static function toPublic(self $private): self
117			{
118			$data = $private->toArray();
119			$keys = ['p', 'd', 'q', 'dp', 'dq', 'qi'];
120			foreach ($keys as $key) {
121			if (array_key_exists($key, $data)) {
122			unset($data[$key]);
123			}
124			}
125
126			return new self($data);
127			}
128
129			/**
130			* @return array
131			*/
132			public function toArray(): array
133			{
134			return $this->values;
135			}
136
137			/**
138			* @param array $jwk
139			*/
140			private function loadJWK(array $jwk)
141			{
142			if (!array_key_exists('kty', $jwk)) {
143			throw new \InvalidArgumentException('The key parameter "kty" is missing.');
144			}
145			if ('RSA' !== $jwk['kty']) {
146			throw new \InvalidArgumentException('The JWK is not a RSA key.');
147			}
148
149			$this->values = $jwk;
150			}
151
152			/**
153			* @return JWK
154			*/
155			public function toJwk(): JWK
156			{
157			return JWK::create($this->values);
158			}
159
160			/**
161			* This method will try to add Chinese Remainder Theorem (CRT) parameters.
162			* With those primes, the decryption process is really fast.
163			*/
164			public function optimize()
165			{
166			if (array_key_exists('d', $this->values)) {
167			$this->populateCRT();
168			}
169			}
170
171			/**
172			* This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available.
173			*/
174			private function populateCRT()
175			{
176			if (!array_key_exists('p', $this->values) && !array_key_exists('q', $this->values)) {
177			$d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d']));
178			$e = BigInteger::createFromBinaryString(Base64Url::decode($this->values['e']));
179			$n = BigInteger::createFromBinaryString(Base64Url::decode($this->values['n']));
180
181			list($p, $q) = $this->findPrimeFactors($d, $e, $n);
182			$this->values['p'] = Base64Url::encode($p->toBytes());
183			$this->values['q'] = Base64Url::encode($q->toBytes());
184			}
185
186			if (array_key_exists('dp', $this->values) && array_key_exists('dq', $this->values) && array_key_exists('qi', $this->values)) {
187			return;
188			}
189
190			$one = BigInteger::createFromDecimal(1);
191			$d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d']));
192			$p = BigInteger::createFromBinaryString(Base64Url::decode($this->values['p']));
193			$q = BigInteger::createFromBinaryString(Base64Url::decode($this->values['q']));
194
195			$this->values['dp'] = Base64Url::encode($d->mod($p->subtract($one))->toBytes());
196			$this->values['dq'] = Base64Url::encode($d->mod($q->subtract($one))->toBytes());
197			$this->values['qi'] = Base64Url::encode($q->modInverse($p)->toBytes());
198			}
199
200			/**
201			* @param BigInteger $d
202			* @param BigInteger $e
203			* @param BigInteger $n
204			*
205			* @return BigInteger[]
206			*/
207			private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array
208			{
209			$zero = BigInteger::createFromDecimal(0);
210			$one = BigInteger::createFromDecimal(1);
211			$two = BigInteger::createFromDecimal(2);
212
213			$k = $d->multiply($e)->subtract($one);
			0 ignored issues – show Documentation introduced 2017-11-13 20:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$e` is of type `object<Jose\Component\Core\Util\BigInteger>`, but the function expects a `object<self>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
214
215			if ($k->isEven()) {
216			$r = $k;
217			$t = $zero;
218
219			do {
220			$r = $r->divide($two);
221			$t = $t->add($one);
222			} while ($r->isEven());
223
224			$found = false;
225			$y = null;
226
227			for ($i = 1; $i <= 100; $i++) {
228			$g = BigInteger::random($n->subtract($one));
229			$y = $g->modPow($r, $n);
230
231			if ($y->equals($one) \|\| $y->equals($n->subtract($one))) {
232			continue;
233			}
234
235			for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) {
			0 ignored issues – show Performance Best Practice introduced 2017-10-06 14:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider avoiding function calls on each iteration of the `for` loop. If you have a function call in the test part of a `for` loop, this function is executed on each iteration. Often such a function, can be moved to the initialization part and be cached. // count() is called on each iteration for ($i=0; $i < count($collection); $i++) { } // count() is only called once for ($i=0, $c=count($collection); $i<$c; $i++) { } Loading history...
236			$x = $y->modPow($two, $n);
237
238			if ($x->equals($one)) {
239			$found = true;
240
241			break;
242			}
243
244			if ($x->equals($n->subtract($one))) {
245			continue;
246			}
247
248			$y = $x;
249			}
250
251			$x = $y->modPow($two, $n);
252			if ($x->equals($one)) {
253			$found = true;
254
255			break;
256			}
257			}
258
259			if (true === $found) {
260			$p = $y->subtract($one)->gcd($n);
261			$q = $n->divide($p);
262
263			return [$p, $q];
264			}
265			}
266
267			throw new \InvalidArgumentException('Unable to find prime factors.');
268			}
269			}
270

web-token / jwt-framework

Push — master ( 28d61e...98c33a )

Component/KeyManagement/KeyConverter/RSAKey.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like