IdentityEncrypter - Code Metrics - Inspection of "Add remote vetting POC" - OpenConext/Stepup-SelfService - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#225)

unknown

created 2021-03-02 15:33 UTC

IdentityEncrypter A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	91
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	3

Importance

Changes

Metric	Value
wmc	10
lcom	1
cbo	3
dl	0
loc	91
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	5	1
B	encrypt()	0	72	9

<?php

/**
 * Copyright 2020 SURFnet B.V.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption;

use RobRichards\XMLSecLibs\XMLSecurityKey;
use Surfnet\StepupSelfService\SelfServiceBundle\Exception\InvalidArgumentException;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Dto\AttributeListDto;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Value\AttributeCollectionInterface;

class IdentityEncrypter implements IdentityEncrypterInterface
{
    /**
     * @var RemoteVettingConfiguration $configuration
     */
    private $configuration;

    /**
     * @var IdentityWriterInterface
     */
    private $writer;

    public function __construct(RemoteVettingConfiguration $configuration, IdentityWriterInterface $writer)
    {
        $this->configuration = $configuration;
        $this->writer = $writer;
    }

    public function encrypt($data)
    {
        $rsaPublicKey = $this->configuration->getPublicKey();

        if (!is_string($data) || !is_string($rsaPublicKey)) {
            // Invalid argument
            throw new InvalidArgumentException('Invalid input was provided to the encrypt method');
        }

        // Use AES-256 in GCM
        $symmetricAlgorithm = 'aes-256-gcm';

        // Generate initialisation vector for the symmetric encryption algorithm
        $ivLength = openssl_cipher_iv_length($symmetricAlgorithm);
        if (false === $ivLength) {
            // Error generating key
            throw new InvalidArgumentException(
                'Unable to generate an initialization vector (iv) based on the selected symmetric encryption algorithm'
            );
        }

        $iv = openssl_random_pseudo_bytes($ivLength);
        if (false === $iv) {
            // Error generating key
            throw new InvalidArgumentException('Unable to generate a correct initialization vector (iv)');
        }

        // Generate a 256 bits AES key
        $secretKey = openssl_random_pseudo_bytes(256 / 8);
        if (false === $secretKey) {
            // Error generating key
            throw new InvalidArgumentException('Unable to generate the secret key');
        }

        // Encrypt the data
        $tag = '';
        $ciphertext = openssl_encrypt($data, $symmetricAlgorithm, $secretKey, 0, $iv, $tag);
        if (false === $ciphertext) {
            // Encryption failed
            throw new InvalidArgumentException(
                sprintf('Unable to encrypt the data, ssl error: "%s"', openssl_error_string())
            );
        }

        // Encrypt symmetric key
        $rsaPublicKeyHandle = openssl_pkey_get_public($rsaPublicKey);
        if (false === $rsaPublicKeyHandle) {
            // Reading RSA public key failed
            throw new InvalidArgumentException('Reading RSA public key failed');
        }
        $encryptedKey = '';

        $res = openssl_public_encrypt($secretKey, $encryptedKey, $rsaPublicKeyHandle, OPENSSL_PKCS1_OAEP_PADDING);
        if (false === $res) {
            // Key encryption failed
            openssl_pkey_free($rsaPublicKeyHandle);
            throw new InvalidArgumentException('Key encryption failed');
        }

        openssl_pkey_free($rsaPublicKeyHandle);
        $output = json_encode(
            [
                'algorithm' => $symmetricAlgorithm,
                'iv' => base64_encode($iv),
                'tag' => base64_encode($tag),
                'ciphertext' => base64_encode($ciphertext),
                'encrypted_key' => base64_encode($encryptedKey),
            ]
        );

        $this->writer->write($output);
    }
}


1			<?php
2
3			/**
4			* Copyright 2020 SURFnet B.V.
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption;
20
21			use RobRichards\XMLSecLibs\XMLSecurityKey;
22			use Surfnet\StepupSelfService\SelfServiceBundle\Exception\InvalidArgumentException;
23			use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration;
24			use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Dto\AttributeListDto;
25			use Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Value\AttributeCollectionInterface;
26
27			class IdentityEncrypter implements IdentityEncrypterInterface
28			{
29			/**
30			* @var RemoteVettingConfiguration $configuration
31			*/
32			private $configuration;
33
34			/**
35			* @var IdentityWriterInterface
36			*/
37			private $writer;
38
39			public function __construct(RemoteVettingConfiguration $configuration, IdentityWriterInterface $writer)
40			{
41			$this->configuration = $configuration;
42			$this->writer = $writer;
43			}
44
45			public function encrypt($data)
46			{
47			$rsaPublicKey = $this->configuration->getPublicKey();
48
49			if (!is_string($data) \|\| !is_string($rsaPublicKey)) {
50			// Invalid argument
51			throw new InvalidArgumentException('Invalid input was provided to the encrypt method');
52			}
53
54			// Use AES-256 in GCM
55			$symmetricAlgorithm = 'aes-256-gcm';
56
57			// Generate initialisation vector for the symmetric encryption algorithm
58			$ivLength = openssl_cipher_iv_length($symmetricAlgorithm);
59			if (false === $ivLength) {
60			// Error generating key
61			throw new InvalidArgumentException(
62			'Unable to generate an initialization vector (iv) based on the selected symmetric encryption algorithm'
63			);
64			}
65
66			$iv = openssl_random_pseudo_bytes($ivLength);
67			if (false === $iv) {
68			// Error generating key
69			throw new InvalidArgumentException('Unable to generate a correct initialization vector (iv)');
70			}
71
72			// Generate a 256 bits AES key
73			$secretKey = openssl_random_pseudo_bytes(256 / 8);
74			if (false === $secretKey) {
75			// Error generating key
76			throw new InvalidArgumentException('Unable to generate the secret key');
77			}
78
79			// Encrypt the data
80			$tag = '';
81			$ciphertext = openssl_encrypt($data, $symmetricAlgorithm, $secretKey, 0, $iv, $tag);
82			if (false === $ciphertext) {
83			// Encryption failed
84			throw new InvalidArgumentException(
85			sprintf('Unable to encrypt the data, ssl error: "%s"', openssl_error_string())
86			);
87			}
88
89			// Encrypt symmetric key
90			$rsaPublicKeyHandle = openssl_pkey_get_public($rsaPublicKey);
91			if (false === $rsaPublicKeyHandle) {
92			// Reading RSA public key failed
93			throw new InvalidArgumentException('Reading RSA public key failed');
94			}
95			$encryptedKey = '';
96
97			$res = openssl_public_encrypt($secretKey, $encryptedKey, $rsaPublicKeyHandle, OPENSSL_PKCS1_OAEP_PADDING);
98			if (false === $res) {
99			// Key encryption failed
100			openssl_pkey_free($rsaPublicKeyHandle);
101			throw new InvalidArgumentException('Key encryption failed');
102			}
103
104			openssl_pkey_free($rsaPublicKeyHandle);
105			$output = json_encode(
106			[
107			'algorithm' => $symmetricAlgorithm,
108			'iv' => base64_encode($iv),
109			'tag' => base64_encode($tag),
110			'ciphertext' => base64_encode($ciphertext),
111			'encrypted_key' => base64_encode($encryptedKey),
112			]
113			);
114
115			$this->writer->write($output);
116			}
117			}
118

OpenConext / Stepup-SelfService

Pull Request — develop (#225)

IdentityEncrypter A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like