HaliteCryptoHelper::encrypt() - Code Metrics - Inspection of "Address some remaining SSO on 2FA issues" - OpenConext/Stepup-Gateway - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — develop (#295)

by Peter

created 2023-09-07 06:58 UTC

HaliteCryptoHelper::encrypt() A

↳ Parent: HaliteCryptoHelper

Complexity

Conditions	2
Paths	3

Size

Total Lines	16
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	2
eloc	10
nc	3
nop	1
dl	0
loc	16
rs	9.9332
c	1
b	0
f	0

<?php declare(strict_types=1);

/**
 * Copyright 2022 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


namespace Surfnet\StepupGateway\GatewayBundle\Sso2fa\Crypto;

use Exception;
use ParagonIE\Halite\HiddenString;
use ParagonIE\Halite\Symmetric\Crypto;
use ParagonIE\Halite\Symmetric\EncryptionKey;
use Surfnet\StepupGateway\GatewayBundle\Sso2fa\Exception\DecryptionFailedException;
use Surfnet\StepupGateway\GatewayBundle\Sso2fa\Exception\EncryptionFailedException;
use Surfnet\StepupGateway\GatewayBundle\Sso2fa\ValueObject\Configuration;
use Surfnet\StepupGateway\GatewayBundle\Sso2fa\ValueObject\CookieValue;

class HaliteCryptoHelper implements CryptoHelperInterface

{
    private $encryptionKey;


    public function __construct(Configuration $configuration)

    {
        // The configured encryption key is used to create a Halite EncryptionKey
        $this->encryptionKey = new EncryptionKey(new HiddenString($configuration->getEncryptionKey()));
    }

    /**

     * Halite always uses authenticated encryption.
     * See: https://github.com/paragonie/halite/blob/v4.x/doc/Classes/Symmetric/Crypto.md#encrypt
     *
     * It uses XSalsa20 for encryption and BLAKE2b for message Authentication (MAC)
     * The keys used for encryption and message authentication are derived from the secret key using a
     * HKDF using a salt This means that learning either derived key cannot lead to learning the other
     * derived key, or the secret key input in the HKDF. Encrypting many messages using the same
     * secret key is not a problem in this design.
     */

    public function encrypt(CookieValue $cookieValue): string
    {
        try {
            $plainTextCookieValue = new HiddenString($cookieValue->serialize());
            // Encryption (we use the default encoding: Halite::ENCODE_BASE64URLSAFE)
            $encryptedData = Crypto::encrypt(
                $plainTextCookieValue,
                $this->encryptionKey
            );
        } catch (Exception $e) {
            throw new EncryptionFailedException(
                'Encrypting the CookieValue for failed',
                $e
            );
        }
        return $encryptedData;
    }

    /**

     * Decrypt the cookie ciphertext back to plain text.
     * Again using the encryption key, used to encrypt the data.
     * The decrypt method will return a deserialized CookieValue value object
     */

    public function decrypt(string $cookieData): CookieValue
    {
        try {
            // Decryption: (we use the default encoding: Halite::DECODE_BASE64URLSAFE)
            $decryptedData = Crypto::decrypt(
                $cookieData,
                $this->encryptionKey
            );
        } catch (Exception $e) {
            throw new DecryptionFailedException(
                'Decrypting the CookieValue failed, see embedded error message for details',
                $e
            );
        }
        return CookieValue::deserialize($decryptedData->getString());
    }
}


1			<?php declare(strict_types=1);
2
3			/**
4			* Copyright 2022 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report PHP version not specified Loading history... Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @category tag in file comment Loading history... Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @package tag in file comment Loading history... Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @author tag in file comment Loading history... Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @license tag in file comment Loading history... Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @link tag in file comment Loading history...
18
19			namespace Surfnet\StepupGateway\GatewayBundle\Sso2fa\Crypto;
20
21			use Exception;
22			use ParagonIE\Halite\HiddenString;
23			use ParagonIE\Halite\Symmetric\Crypto;
24			use ParagonIE\Halite\Symmetric\EncryptionKey;
25			use Surfnet\StepupGateway\GatewayBundle\Sso2fa\Exception\DecryptionFailedException;
26			use Surfnet\StepupGateway\GatewayBundle\Sso2fa\Exception\EncryptionFailedException;
27			use Surfnet\StepupGateway\GatewayBundle\Sso2fa\ValueObject\Configuration;
28			use Surfnet\StepupGateway\GatewayBundle\Sso2fa\ValueObject\CookieValue;
29
30			class HaliteCryptoHelper implements CryptoHelperInterface
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing doc comment for class HaliteCryptoHelper Loading history...
31			{
32			private $encryptionKey;
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Private member variable "encryptionKey" must be prefixed with an underscore Loading history...
33
34			public function __construct(Configuration $configuration)
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing doc comment for function __construct() Loading history...
35			{
36			// The configured encryption key is used to create a Halite EncryptionKey
37			$this->encryptionKey = new EncryptionKey(new HiddenString($configuration->getEncryptionKey()));
38			}
39
40			/**
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Parameter `$cookieValue` should have a doc-comment as per coding-style. Loading history...
41			* Halite always uses authenticated encryption.
42			* See: https://github.com/paragonie/halite/blob/v4.x/doc/Classes/Symmetric/Crypto.md#encrypt
43			*
44			* It uses XSalsa20 for encryption and BLAKE2b for message Authentication (MAC)
45			* The keys used for encryption and message authentication are derived from the secret key using a
46			* HKDF using a salt This means that learning either derived key cannot lead to learning the other
47			* derived key, or the secret key input in the HKDF. Encrypting many messages using the same
48			* secret key is not a problem in this design.
49			*/
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @return tag in function comment Loading history...
50			public function encrypt(CookieValue $cookieValue): string
51			{
52			try {
53			$plainTextCookieValue = new HiddenString($cookieValue->serialize());
54			// Encryption (we use the default encoding: Halite::ENCODE_BASE64URLSAFE)
55			$encryptedData = Crypto::encrypt(
56			$plainTextCookieValue,
57			$this->encryptionKey
58			);
59			} catch (Exception $e) {
60			throw new EncryptionFailedException(
61			'Encrypting the CookieValue for failed',
62			$e
63			);
64			}
65			return $encryptedData;
66			}
67
68			/**
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Parameter `$cookieData` should have a doc-comment as per coding-style. Loading history...
69			* Decrypt the cookie ciphertext back to plain text.
70			* Again using the encryption key, used to encrypt the data.
71			* The decrypt method will return a deserialized CookieValue value object
72			*/
			0 ignored issues – show Coding Style introduced 2023-09-07 07:02 UTC by Report Bug Copy Issue Report Missing @return tag in function comment Loading history...
73			public function decrypt(string $cookieData): CookieValue
74			{
75			try {
76			// Decryption: (we use the default encoding: Halite::DECODE_BASE64URLSAFE)
77			$decryptedData = Crypto::decrypt(
78			$cookieData,
79			$this->encryptionKey
80			);
81			} catch (Exception $e) {
82			throw new DecryptionFailedException(
83			'Decrypting the CookieValue failed, see embedded error message for details',
84			$e
85			);
86			}
87			return CookieValue::deserialize($decryptedData->getString());
88			}
89			}
90

OpenConext / Stepup-Gateway

Pull Request — develop (#295)

HaliteCryptoHelper::encrypt() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like