diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
commit | 19985dbb8c0aa66dc4bf7905abc1148de909097d (patch) | |
tree | 2cd5a5d20d7e80fc2a51adf60d838d8a2c40999e /vendor/web-token/jwt-key-mgmt/KeyAnalyzer | |
download | 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.gz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.bz2 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.lz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.xz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.zst 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.zip |
Diffstat (limited to 'vendor/web-token/jwt-key-mgmt/KeyAnalyzer')
10 files changed, 424 insertions, 0 deletions
diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php new file mode 100644 index 0000000..a7ebcad --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php @@ -0,0 +1,26 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class AlgorithmAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('alg')) { + $bag->add(Message::medium('The parameter "alg" should be added.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php new file mode 100644 index 0000000..470b788 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php @@ -0,0 +1,24 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +interface KeyAnalyzer +{ + /** + * This method will analyse the key and add messages to the message bag if needed. + */ + public function analyze(JWK $jwk, MessageBag $bag); +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php new file mode 100644 index 0000000..2b8b4a9 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +class KeyAnalyzerManager +{ + /** + * @var KeyAnalyzer[] + */ + private $analyzers = []; + + /** + * Adds a Key Analyzer to the manager. + * + * @return KeyAnalyzerManager + */ + public function add(KeyAnalyzer $analyzer): self + { + $this->analyzers[] = $analyzer; + + return $this; + } + + /** + * This method will analyze the JWK object using all analyzers. + * It returns a message bag that may contains messages. + */ + public function analyze(JWK $jwk): MessageBag + { + $bag = new MessageBag(); + foreach ($this->analyzers as $analyzer) { + $analyzer->analyze($jwk, $bag); + } + + return $bag; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php new file mode 100644 index 0000000..71acb70 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php @@ -0,0 +1,26 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class KeyIdentifierAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('kid')) { + $bag->add(Message::medium('The parameter "kid" should be added.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php new file mode 100644 index 0000000..4baf868 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php @@ -0,0 +1,96 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +class Message implements \JsonSerializable +{ + /** + * @var string + */ + private $message; + + /** + * @var string + */ + private $severity; + + public const SEVERITY_LOW = 'low'; + + public const SEVERITY_MEDIUM = 'medium'; + + public const SEVERITY_HIGH = 'high'; + + /** + * Message constructor. + */ + private function __construct(string $message, string $severity) + { + $this->message = $message; + $this->severity = $severity; + } + + /** + * Creates a message with severity=low. + * + * @return Message + */ + public static function low(string $message): self + { + return new self($message, self::SEVERITY_LOW); + } + + /** + * Creates a message with severity=medium. + * + * @return Message + */ + public static function medium(string $message): self + { + return new self($message, self::SEVERITY_MEDIUM); + } + + /** + * Creates a message with severity=high. + * + * @return Message + */ + public static function high(string $message): self + { + return new self($message, self::SEVERITY_HIGH); + } + + /** + * Returns the message. + */ + public function getMessage(): string + { + return $this->message; + } + + /** + * Returns the severity of the message. + */ + public function getSeverity(): string + { + return $this->severity; + } + + public function jsonSerialize() + { + return [ + 'message' => $this->message, + 'severity' => $this->severity, + ]; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php new file mode 100644 index 0000000..b41795f --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php @@ -0,0 +1,59 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +class MessageBag implements \JsonSerializable, \IteratorAggregate, \Countable +{ + /** + * @var Message[] + */ + private $messages = []; + + /** + * Adds a message to the message bag. + * + * @return MessageBag + */ + public function add(Message $message): self + { + $this->messages[] = $message; + + return $this; + } + + /** + * Returns all messages. + * + * @return Message[] + */ + public function all(): array + { + return $this->messages; + } + + public function jsonSerialize() + { + return \array_values($this->messages); + } + + public function count() + { + return \count($this->messages); + } + + public function getIterator() + { + return new \ArrayIterator($this->messages); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php new file mode 100644 index 0000000..a293efd --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php @@ -0,0 +1,28 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class NoneAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('none' !== $jwk->get('kty')) { + return; + } + + $bag->add(Message::high('This key is a meant to be used with the algorithm "none". This algorithm is not secured and should be used with care.')); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php new file mode 100644 index 0000000..4c2d7c1 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; +use ZxcvbnPhp\Zxcvbn; + +final class OctAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('oct' !== $jwk->get('kty')) { + return; + } + $k = Base64Url::decode($jwk->get('k')); + $kLength = 8 * \mb_strlen($k, '8bit'); + if ($kLength < 128) { + $bag->add(Message::high('The key length is less than 128 bits.')); + } + + if (\class_exists(Zxcvbn::class)) { + $zxcvbn = new Zxcvbn(); + $strength = $zxcvbn->passwordStrength($k); + switch (true) { + case $strength['score'] < 3: + $bag->add(Message::high('The octet string is weak and easily guessable. Please change your key as soon as possible.')); + + break; + case 3 === $strength['score']: + $bag->add(Message::medium('The octet string is safe, but a longer key is preferable.')); + + break; + default: + break; + } + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php new file mode 100644 index 0000000..6274aa0 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; + +final class RsaAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('RSA' !== $jwk->get('kty')) { + return; + } + $n = 8 * \mb_strlen(Base64Url::decode($jwk->get('n')), '8bit'); + if ($n < 2048) { + $bag->add(Message::high('The key length is less than 2048 bits.')); + } + if ($jwk->has('d') && (!$jwk->has('p') || !$jwk->has('q') || !$jwk->has('dp') || !$jwk->has('dq') || !$jwk->has('p') || !$jwk->has('qi'))) { + $bag->add(Message::medium('The key is a private RSA key, but Chinese Remainder Theorem primes are missing. These primes are not mandatory, but signatures and decryption processes are faster when available.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php new file mode 100644 index 0000000..8cdfaf6 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php @@ -0,0 +1,31 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class UsageAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('use')) { + $bag->add(Message::medium('The parameter "use" should be added.')); + } elseif (!\in_array($jwk->get('use'), ['sig', 'enc'], true)) { + $bag->add(Message::high(\sprintf('The parameter "use" has an unsupported value "%s". Please use "sig" (signature) or "enc" (encryption).', $jwk->get('use')))); + } + if ($jwk->has('key_ops') && !\in_array($jwk->get('key_ops'), ['sign', 'verify', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'], true)) { + $bag->add(Message::high(\sprintf('The parameter "key_ops" has an unsupported value "%s". Please use one of the following values: %s.', $jwk->get('use'), \implode(', ', ['verify', 'sign', 'encryp', 'decrypt', 'wrapKey', 'unwrapKey'])))); + } + } +} |