Replaced SecureKey::generate with random_bytes method

composer.json

@@ -8,7 +8,8 @@
         "league/event": "~2.1",
         "zendframework/zend-diactoros": "~1.1",
         "namshi/jose": "^6.0",
-        "lcobucci/jwt": "^3.1"
+        "lcobucci/jwt": "^3.1",
+        "paragonie/random_compat": "^1.1"
     },
     "require-dev": {
         "phpunit/phpunit": "4.8.*",

src/Utils/KeyAlgorithm/DefaultAlgorithm.php

@@ -1,36 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Secure key interface
- *
- * @package     league/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) Alex Bilbie
- * @license     http://mit-license.org/
- * @link        https://github.com/thephpleague/oauth2-server
- */
-
-namespace League\OAuth2\Server\Utils\KeyAlgorithm;
-
-class DefaultAlgorithm implements KeyAlgorithmInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function generate($len = 40)
-    {
-        $stripped = '';
-        do {
-            $bytes = openssl_random_pseudo_bytes($len, $strong);
-
-            // We want to stop execution if the key fails because, well, that is bad.
-            if ($bytes === false || $strong === false) {
-                // @codeCoverageIgnoreStart
-                throw new \Exception('Error Generating Key');
-                // @codeCoverageIgnoreEnd
-            }
-            $stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
-        } while (strlen($stripped) < $len);
-
-        return substr($stripped, 0, $len);
-    }
-}

src/Utils/KeyAlgorithm/KeyAlgorithmInterface.php

@@ -1,24 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Secure key interface
- *
- * @package     league/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) Alex Bilbie
- * @license     http://mit-license.org/
- * @link        https://github.com/thephpleague/oauth2-server
- */
-
-namespace League\OAuth2\Server\Utils\KeyAlgorithm;
-
-interface KeyAlgorithmInterface
-{
-    /**
-     * Generate a new unique code
-     *
-     * @param integer $len Length of the generated code
-     *
-     * @return string
-     */
-    public function generate($len);
-}

src/Utils/SecureKey.php

@@ -11,48 +11,37 @@
 
 namespace League\OAuth2\Server\Utils;
 
-use League\OAuth2\Server\Utils\KeyAlgorithm\DefaultAlgorithm;
+use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Utils\KeyAlgorithm\KeyAlgorithmInterface;
+
 
 /**
  * SecureKey class
  */
 class SecureKey
 {
-    /**
-     * @var KeyAlgorithmInterface
-     */
-    protected static $algorithm;
-
     /**
      * Generate a new unique code
      *
      * @param integer $len Length of the generated code
      *
      * @return string
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
      */
     public static function generate($len = 40)
     {
-        return self::getAlgorithm()->generate($len);
+        try {
-    }
+            $string = random_bytes($len);
-
+        } catch (\TypeError $e) {
-    /**
+            // Well, it's an integer, so this IS unexpected.
-     * @param KeyAlgorithmInterface $algorithm
+            throw OAuthServerException::serverError("An unexpected error has occurred");
-     */
+        } catch (\Error $e) {
-    public static function setAlgorithm(KeyAlgorithmInterface $algorithm)
+            // This is also unexpected because 32 is a reasonable integer.
-    {
+            throw OAuthServerException::serverError("An unexpected error has occurred");
-        self::$algorithm = $algorithm;
+        } catch (\Exception $e) {
-    }
+            // If you get this message, the CSPRNG failed hard.
-
+            throw OAuthServerException::serverError("Could not generate a random string. Is our OS secure?");
-    /**
-     * @return KeyAlgorithmInterface
-     */
-    public static function getAlgorithm()
-    {
-        if (is_null(self::$algorithm)) {
-            self::$algorithm = new DefaultAlgorithm();
         }
 
-        return self::$algorithm;
+        return bin2hex($string);
     }
 }