diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
commit | 19985dbb8c0aa66dc4bf7905abc1148de909097d (patch) | |
tree | 2cd5a5d20d7e80fc2a51adf60d838d8a2c40999e /vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php | |
download | 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.gz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.bz2 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.lz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.xz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.zst 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.zip |
Diffstat (limited to 'vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php')
-rw-r--r-- | vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php new file mode 100644 index 0000000..4c2d7c1 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; +use ZxcvbnPhp\Zxcvbn; + +final class OctAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('oct' !== $jwk->get('kty')) { + return; + } + $k = Base64Url::decode($jwk->get('k')); + $kLength = 8 * \mb_strlen($k, '8bit'); + if ($kLength < 128) { + $bag->add(Message::high('The key length is less than 128 bits.')); + } + + if (\class_exists(Zxcvbn::class)) { + $zxcvbn = new Zxcvbn(); + $strength = $zxcvbn->passwordStrength($k); + switch (true) { + case $strength['score'] < 3: + $bag->add(Message::high('The octet string is weak and easily guessable. Please change your key as soon as possible.')); + + break; + case 3 === $strength['score']: + $bag->add(Message::medium('The octet string is safe, but a longer key is preferable.')); + + break; + default: + break; + } + } + } +} |