eddydesigner/conservatorio-tomadini
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

primo commit

Browse Source
This commit is contained in:
Eddy Prosperi
2024-12-17 17:34:10 +01:00
commit e650f8df99
16435 changed files with 2451012 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/AlgorithmAnalyzer.php vendored Normal file
View File

@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class AlgorithmAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('alg')) {
$bag->add(Message::medium('The parameter "alg" should be added.'));
}
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES256KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES256KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES256';
}
protected function getCurveName(): string
{
return 'P-256';
}
protected function getCurve(): Curve
{
return NistCurve::curve256();
}
protected function getKeySize(): int
{
return 256;
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES384KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES384KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES384';
}
protected function getCurveName(): string
{
return 'P-384';
}
protected function getCurve(): Curve
{
return NistCurve::curve384();
}
protected function getKeySize(): int
{
return 384;
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES512KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES512KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES512';
}
protected function getCurveName(): string
{
return 'P-521';
}
protected function getCurve(): Curve
{
return NistCurve::curve521();
}
protected function getKeySize(): int
{
return 528;
}
}

66
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ESKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,66 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Brick\Math\BigInteger;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use Jose\Component\Core\Util\Ecc\Curve;
use function is_string;
abstract class ESKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'EC') {
return;
}
if (! $jwk->has('crv')) {
$bag->add(Message::high('Invalid key. The components "crv" is missing.'));
return;
}
if ($jwk->get('crv') !== $this->getCurveName()) {
return;
}
$x = $jwk->get('x');
if (! is_string($x)) {
$bag->add(Message::high('Invalid key. The components "x" shall be a string.'));
return;
}
$x = Base64UrlSafe::decodeNoPadding($x);
$xLength = 8 * mb_strlen($x, '8bit');
$y = $jwk->get('y');
if (! is_string($y)) {
$bag->add(Message::high('Invalid key. The components "y" shall be a string.'));
return;
}
$y = Base64UrlSafe::decodeNoPadding($y);
$yLength = 8 * mb_strlen($y, '8bit');
if ($yLength !== $xLength || $yLength !== $this->getKeySize()) {
$bag->add(
Message::high(sprintf(
'Invalid key. The components "x" and "y" size shall be %d bits.',
$this->getKeySize()
))
);
}
$xBI = BigInteger::fromBase(bin2hex($x), 16);
$yBI = BigInteger::fromBase(bin2hex($y), 16);
if (! $this->getCurve()->contains($xBI, $yBI)) {
$bag->add(Message::high('Invalid key. The point is not on the curve.'));
}
}
abstract protected function getAlgorithmName(): string;
abstract protected function getCurveName(): string;
abstract protected function getCurve(): Curve;
abstract protected function getKeySize(): int;
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS256KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS256KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS256';
}
protected function getMinimumKeySize(): int
{
return 256;
}
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS384KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS384KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS384';
}
protected function getMinimumKeySize(): int
{
return 384;
}
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS512KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS512KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS512';
}
protected function getMinimumKeySize(): int
{
return 512;
}
}

42
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HSKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,42 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_string;
abstract class HSKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
if (! $jwk->has('alg') || $jwk->get('alg') !== $this->getAlgorithmName()) {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
$kLength = 8 * mb_strlen($k, '8bit');
if ($kLength < $this->getMinimumKeySize()) {
$bag->add(
Message::high(sprintf(
'HS512 algorithm requires at least %d bits key length.',
$this->getMinimumKeySize()
))
);
}
}
abstract protected function getAlgorithmName(): string;
abstract protected function getMinimumKeySize(): int;
}

15
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,15 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
interface KeyAnalyzer
{
/**
* This method will analyse the key and add messages to the message bag if needed.
*/
public function analyze(JWK $jwk, MessageBag $bag): void;
}

36
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyAnalyzerManager.php vendored Normal file
View File

@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
class KeyAnalyzerManager
{
/**
* @var KeyAnalyzer[]
*/
private array $analyzers = [];
/**
* Adds a Key Analyzer to the manager.
*/
public function add(KeyAnalyzer $analyzer): void
{
$this->analyzers[] = $analyzer;
}
/**
* This method will analyze the JWK object using all analyzers. It returns a message bag that may contains messages.
*/
public function analyze(JWK $jwk): MessageBag
{
$bag = new MessageBag();
foreach ($this->analyzers as $analyzer) {
$analyzer->analyze($jwk, $bag);
}
return $bag;
}
}

17
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyIdentifierAnalyzer.php vendored Normal file
View File

@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class KeyIdentifierAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('kid')) {
$bag->add(Message::medium('The parameter "kid" should be added.'));
}
}
}

15
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeysetAnalyzer.php vendored Normal file
View File

@ -0,0 +1,15 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
interface KeysetAnalyzer
{
/**
* This method will analyse the key set and add messages to the message bag if needed.
*/
public function analyze(JWKSet $JWKSet, MessageBag $bag): void;
}

37
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeysetAnalyzerManager.php vendored Normal file
View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
class KeysetAnalyzerManager
{
/**
* @var KeysetAnalyzer[]
*/
private array $analyzers = [];
/**
* Adds a Keyset Analyzer to the manager.
*/
public function add(KeysetAnalyzer $analyzer): void
{
$this->analyzers[] = $analyzer;
}
/**
* This method will analyze the JWKSet object using all analyzers. It returns a message bag that may contains
* messages.
*/
public function analyze(JWKSet $jwkset): MessageBag
{
$bag = new MessageBag();
foreach ($this->analyzers as $analyzer) {
$analyzer->analyze($jwkset, $bag);
}
return $bag;
}
}

70
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/Message.php vendored Normal file
View File

@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use JsonSerializable;
class Message implements JsonSerializable
{
final public const SEVERITY_LOW = 'low';
final public const SEVERITY_MEDIUM = 'medium';
final public const SEVERITY_HIGH = 'high';
private function __construct(
private readonly string $message,
private readonly string $severity
) {
}
/**
* Creates a message with severity=low.
*/
public static function low(string $message): self
{
return new self($message, self::SEVERITY_LOW);
}
/**
* Creates a message with severity=medium.
*/
public static function medium(string $message): self
{
return new self($message, self::SEVERITY_MEDIUM);
}
/**
* Creates a message with severity=high.
*/
public static function high(string $message): self
{
return new self($message, self::SEVERITY_HIGH);
}
/**
* Returns the message.
*/
public function getMessage(): string
{
return $this->message;
}
/**
* Returns the severity of the message.
*/
public function getSeverity(): string
{
return $this->severity;
}
public function jsonSerialize(): array
{
return [
'message' => $this->message,
'severity' => $this->severity,
];
}
}

53
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MessageBag.php vendored Normal file
View File

@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use ArrayIterator;
use Countable;
use IteratorAggregate;
use JsonSerializable;
use Traversable;
use function count;
class MessageBag implements JsonSerializable, IteratorAggregate, Countable
{
/**
* @var Message[]
*/
private array $messages = [];
/**
* Adds a message to the message bag.
*/
public function add(Message $message): void
{
$this->messages[] = $message;
}
/**
* Returns all messages.
*
* @return Message[]
*/
public function all(): array
{
return $this->messages;
}
public function jsonSerialize(): array
{
return array_values($this->messages);
}
public function count(): int
{
return count($this->messages);
}
public function getIterator(): Traversable
{
return new ArrayIterator($this->messages);
}
}

40
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MixedKeyTypes.php vendored Normal file
View File

@ -0,0 +1,40 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
final class MixedKeyTypes implements KeysetAnalyzer
{
public function analyze(JWKSet $jwkset, MessageBag $bag): void
{
if ($jwkset->count() === 0) {
return;
}
$hasSymmetricKeys = false;
$hasAsymmetricKeys = false;
foreach ($jwkset as $jwk) {
switch ($jwk->get('kty')) {
case 'oct':
$hasSymmetricKeys = true;
break;
case 'OKP':
case 'RSA':
case 'EC':
$hasAsymmetricKeys = true;
break;
}
}
if ($hasAsymmetricKeys && $hasSymmetricKeys) {
$bag->add(Message::medium('This key set mixes symmetric and asymmetric keys.'));
}
}
}

39
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MixedPublicAndPrivateKeys.php vendored Normal file
View File

@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
final class MixedPublicAndPrivateKeys implements KeysetAnalyzer
{
public function analyze(JWKSet $jwkset, MessageBag $bag): void
{
if ($jwkset->count() === 0) {
return;
}
$hasPublicKeys = false;
$hasPrivateKeys = false;
foreach ($jwkset as $jwk) {
switch ($jwk->get('kty')) {
case 'OKP':
case 'RSA':
case 'EC':
if ($jwk->has('d')) {
$hasPrivateKeys = true;
} else {
$hasPublicKeys = true;
}
break;
}
}
if ($hasPrivateKeys && $hasPublicKeys) {
$bag->add(Message::high('This key set mixes public and private keys.'));
}
}
}

23
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/NoneAnalyzer.php vendored Normal file
View File

@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class NoneAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'none') {
return;
}
$bag->add(
Message::high(
'This key is a meant to be used with the algorithm "none". This algorithm is not secured and should be used with care.'
)
);
}
}

30
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/OctAnalyzer.php vendored Normal file
View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_string;
final class OctAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
$kLength = 8 * mb_strlen($k, '8bit');
if ($kLength < 128) {
$bag->add(Message::high('The key length is less than 128 bits.'));
}
}
}

64
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/RsaAnalyzer.php vendored Normal file
View File

@ -0,0 +1,64 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_array;
use function is_string;
final class RsaAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'RSA') {
return;
}
$this->checkExponent($jwk, $bag);
$this->checkModulus($jwk, $bag);
}
private function checkExponent(JWK $jwk, MessageBag $bag): void
{
$e = $jwk->get('e');
if (! is_string($e)) {
$bag->add(Message::high('The exponent is not valid.'));
return;
}
$exponent = unpack('l', str_pad(Base64UrlSafe::decodeNoPadding($e), 4, "\0"));
if (! is_array($exponent) || ! isset($exponent[1])) {
throw new InvalidArgumentException('Unable to get the private key');
}
if ($exponent[1] < 65537) {
$bag->add(Message::high('The exponent is too low. It should be at least 65537.'));
}
}
private function checkModulus(JWK $jwk, MessageBag $bag): void
{
$n = $jwk->get('n');
if (! is_string($n)) {
$bag->add(Message::high('The modulus is not valid.'));
return;
}
$n = 8 * mb_strlen(Base64UrlSafe::decodeNoPadding($n), '8bit');
if ($n < 2048) {
$bag->add(Message::high('The key length is less than 2048 bits.'));
}
if ($jwk->has('d') && (! $jwk->has('p') || ! $jwk->has('q') || ! $jwk->has('dp') || ! $jwk->has(
'dq'
) || ! $jwk->has('qi'))) {
$bag->add(
Message::medium(
'The key is a private RSA key, but Chinese Remainder Theorem primes are missing. These primes are not mandatory, but signatures and decryption processes are faster when available.'
)
);
}
}
}

38
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/UsageAnalyzer.php vendored Normal file
View File

@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use function in_array;
final class UsageAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('use')) {
$bag->add(Message::medium('The parameter "use" should be added.'));
} elseif (! in_array($jwk->get('use'), ['sig', 'enc'], true)) {
$bag->add(
Message::high(sprintf(
'The parameter "use" has an unsupported value "%s". Please use "sig" (signature) or "enc" (encryption).',
$jwk->get('use')
))
);
}
if ($jwk->has('key_ops') && ! in_array(
$jwk->get('key_ops'),
['sign', 'verify', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'],
true
)) {
$bag->add(
Message::high(sprintf(
'The parameter "key_ops" has an unsupported value "%s". Please use one of the following values: %s.',
$jwk->get('key_ops'),
implode(', ', ['verify', 'sign', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])
))
);
}
}
}

55
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ZxcvbnKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,55 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use Throwable;
use ZxcvbnPhp\Zxcvbn;
use function is_string;
final class ZxcvbnKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
if (! class_exists(Zxcvbn::class)) {
return;
}
$zxcvbn = new Zxcvbn();
try {
$strength = $zxcvbn->passwordStrength($k);
switch (true) {
case $strength['score'] < 3:
$bag->add(
Message::high(
'The octet string is weak and easily guessable. Please change your key as soon as possible.'
)
);
break;
case $strength['score'] === 3:
$bag->add(Message::medium('The octet string is safe, but a longer key is preferable.'));
break;
default:
break;
}
} catch (Throwable) {
$bag->add(Message::medium('The test of the weakness cannot be performed.'));
}
}
}