WebSVN – Moodle – Diff – /admin/tool/mfa/factor/totp/extlib/OTPHP/OTP.php

 <?php
-declare(strict_types=1);
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2018 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license.  See the LICENSE file for details.
- */
+declare(strict_types=1);
+namespace OTPHP;
 namespace OTPHP;
+use Exception;
+use InvalidArgumentException;
+use ParagonIE\ConstantTime\Base32;
+use RuntimeException;
+use function assert;
+use function chr;
 use function count;
-use Assert\Assertion;
+use function is_string;
-use ParagonIE\ConstantTime\Base32;
+use const STR_PAD_LEFT;
+abstract class OTP implements OTPInterface
+{
-abstract class OTP implements OTPInterface
-{
     use ParameterTrait;
-    /**
      * OTP constructor.
-     *
+    private const DEFAULT_SECRET_SIZE = 64;
      * @param string|null $secret
-     * @param string      $digest
+    /**
-     * @param int         $digits
-     */
-    protected function __construct($secret, string $digest, int $digits)
+     * @param non-empty-string $secret
-    {
-        $this->setSecret($secret);
-        $this->setDigest($digest);
-        $this->setDigits($digits);
+     */
     protected function __construct(string $secret)
+    {
-    /**
+        $this->setSecret($secret);
      * {@inheritdoc}
      */
-    public function getQrCodeUri(string $uri = 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl={PROVISIONING_URI}', string $placeholder = '{PROVISIONING_URI}'): string
+    public function getQrCodeUri(string $uri, string $placeholder): string
-    {
-        $provisioning_uri = urlencode($this->getProvisioningUri());
+    {
-        return str_replace($placeholder, $provisioning_uri, $uri);
+        $provisioning_uri = urlencode($this->getProvisioningUri());
-    /**
-     * @param int $input
-     *
+        return str_replace($placeholder, $provisioning_uri, $uri);
-     * @return string The OTP at the specified input
+    }
-     */
-    protected function generateOTP(int $input): string
-    {
+    /**
+     * @param 0|positive-int $input
+     */
+    public function at(int $input): string
-        $hash = hash_hmac($this->getDigest(), $this->intToByteString($input), $this->getDecodedSecret());
+    {
-        $hmac = [];
+        return $this->generateOTP($input);
         foreach (str_split($hash, 2) as $hex) {
+    /**
+     * @return non-empty-string
+     */
-            $hmac[] = hexdec($hex);
+    final protected static function generateSecret(): string
+    {
-        $offset = $hmac[count($hmac) - 1] & 0xF;
+        return Base32::encodeUpper(random_bytes(self::DEFAULT_SECRET_SIZE));
         $code = ($hmac[$offset + 0] & 0x7F) << 24 | ($hmac[$offset + 1] & 0xFF) << 16 | ($hmac[$offset + 2] & 0xFF) << 8 | ($hmac[$offset + 3] & 0xFF);
+    /**
+     * The OTP at the specified input.
+     *
+     * @param 0|positive-int $input
+     *
+     * @return non-empty-string
-        $otp = $code % pow(10, $this->getDigits());
+     */
+    protected function generateOTP(int $input): string
+    {
         $hash = hash_hmac($this->getDigest(), $this->intToByteString($input), $this->getDecodedSecret(), true);
-        return str_pad((string) $otp, $this->getDigits(), '0', STR_PAD_LEFT);
+        $unpacked = unpack('C*', $hash);
-    }
+        $unpacked !== false || throw new InvalidArgumentException('Invalid data.');
         $hmac = array_values($unpacked);
-    /**
-     * {@inheritdoc}
+        $offset = ($hmac[count($hmac) - 1] & 0xF);
+        $code = ($hmac[$offset] & 0x7F) << 24 | ($hmac[$offset + 1] & 0xFF) << 16 | ($hmac[$offset + 2] & 0xFF) << 8 | ($hmac[$offset + 3] & 0xFF);
+        $otp = $code % (10 ** $this->getDigits());
+        return str_pad((string) $otp, $this->getDigits(), '0', STR_PAD_LEFT);
-     */
+    }
     public function at(int $timestamp): string
     /**
-        return $this->generateOTP($timestamp);
+     * @param array<non-empty-string, mixed> $options
      */
     protected function filterOptions(array &$options): void
     /**
-     * @param array $options
+        foreach ([
-     */
+            'algorithm' => 'sha1',
-    protected function filterOptions(array &$options)
+            'period' => 30,
             'digits' => 6,
-        foreach (['algorithm' => 'sha1', 'period' => 30, 'digits' => 6] as $key => $default) {
+        ] as $key => $default) {
             if (isset($options[$key]) && $default === $options[$key]) {
                 unset($options[$key]);
+            }
+        }
         ksort($options);
     }
     /**
+     * @param non-empty-string $type
+     * @param array<non-empty-string, mixed> $options
+     *
-     * @param string $type
+     * @return non-empty-string
+     */
+    protected function generateURI(string $type, array $options): string
      * @param array  $options
         $label = $this->getLabel();
+        is_string($label) || throw new InvalidArgumentException('The label is not set.');
+        $this->hasColon($label) === false || throw new InvalidArgumentException('Label must not contain a colon.');
+        $options = [...$options, ...$this->getParameters()];
+        $this->filterOptions($options);
+        $params = str_replace(['+', '%7E'], ['%20', '~'], http_build_query($options, '', '&'));
+        return sprintf(
+            'otpauth://%s/%s?%s',
+            $type,
-     * @return string
+            rawurlencode(($this->getIssuer() !== null ? $this->getIssuer() . ':' : '') . $label),
-     */
+            $params
-    protected function generateURI(string $type, array $options): string
+        );
+    }
         $label = $this->getLabel();
-        Assertion::string($label, 'The label is not set.');
+    /**
-        Assertion::false($this->hasColon($label), 'Label must not contain a colon.');
+     * @param non-empty-string $safe
-        $options = array_merge($options, $this->getParameters());
+     * @param non-empty-string $user
-        $this->filterOptions($options);
+     */
+    protected function compareOTP(string $safe, string $user): bool
-        $params = str_replace(['+', '%7E'], ['%20', '~'], http_build_query($options, '', '&'));
+    {
         return hash_equals($safe, $user);
-        return sprintf('otpauth://%s/%s?%s', $type, rawurlencode((null !== $this->getIssuer() ? $this->getIssuer().':' : '').$label), $params);
-    }
-    /**
-     * @return string
      */
     private function getDecodedSecret(): string
     /**
-        try {
+     * @return non-empty-string
-            $secret = Base32::decodeUpper($this->getSecret());
+     */
-        } catch (\Exception $e) {
+    private function getDecodedSecret(): string
             throw new \RuntimeException('Unable to decode the secret. Is it correctly base32 encoded?');
-        }
+        try {
-        return $secret;
-    }
-    /**
-     * @param int $int
-     *
-     * @return string
-     */
-    private function intToByteString(int $int): string
-    {
-        $result = [];
+            $decoded = Base32::decodeUpper($this->getSecret());
-        while (0 !== $int) {
+        } catch (Exception) {

Proyectos de Subversion Moodle

(root)/admin/tool/mfa/factor/totp/extlib/OTPHP/OTP.php – Rev 1 → 1441