These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * SocialConnect project |
||
4 | * @author: Andreas Heigl https://github.com/heiglandreas <[email protected]> |
||
5 | */ |
||
6 | |||
7 | namespace SocialConnect\OAuth1\Signature; |
||
8 | |||
9 | use SocialConnect\Provider\Consumer; |
||
10 | use SocialConnect\OAuth1\Request; |
||
11 | use SocialConnect\OAuth1\Token; |
||
12 | use SocialConnect\OAuth1\Util; |
||
13 | |||
14 | class MethodRSASHA1 extends AbstractSignatureMethod |
||
15 | { |
||
16 | /** |
||
17 | * @var string Path to the private key used for signing |
||
18 | */ |
||
19 | private $privateKey; |
||
20 | |||
21 | /** |
||
22 | * MethodRSASHA1 constructor. |
||
23 | * |
||
24 | * @param string $privateKey The path to the private key used for signing |
||
25 | */ |
||
26 | 6 | public function __construct($privateKey) |
|
27 | { |
||
28 | 6 | if (!is_readable($privateKey)) { |
|
29 | 1 | throw new \InvalidArgumentException('The private key is not readable'); |
|
30 | } |
||
31 | |||
32 | 5 | if (!function_exists('openssl_pkey_get_private')) { |
|
33 | throw new \InvalidArgumentException('The OpenSSL-Extension seems not to be available. That is necessary to handle RSA-SHA1'); |
||
34 | } |
||
35 | |||
36 | 5 | $this->privateKey = $privateKey; |
|
37 | 5 | } |
|
38 | |||
39 | /** |
||
40 | * @return string |
||
41 | */ |
||
42 | 1 | public function getName() |
|
43 | { |
||
44 | 1 | return 'RSA-SHA1'; |
|
45 | } |
||
46 | |||
47 | /** |
||
48 | * @param Request $request |
||
49 | * @param Consumer $consumer |
||
50 | * @param Token $token |
||
51 | * @return string |
||
52 | */ |
||
53 | 1 | public function buildSignature(Request $request, Consumer $consumer, Token $token) |
|
54 | { |
||
55 | 1 | $signatureBase = $request->getSignatureBaseString(); |
|
56 | 1 | $parts = [$consumer->getSecret(), null !== $token ? $token->getSecret() : '']; |
|
57 | |||
58 | 1 | $parts = Util::urlencodeRFC3986($parts); |
|
59 | 1 | $key = implode('&', $parts); |
|
0 ignored issues
–
show
|
|||
60 | |||
61 | 1 | $certificate = openssl_pkey_get_private('file://' . $this->privateKey); |
|
62 | 1 | $privateKeyId = openssl_get_privatekey($certificate); |
|
63 | 1 | $signature = null; |
|
64 | 1 | openssl_sign($signatureBase, $signature, $privateKeyId); |
|
65 | 1 | openssl_free_key($privateKeyId); |
|
66 | |||
67 | 1 | return base64_encode($signature); |
|
68 | } |
||
69 | } |
||
70 |
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVar
assignment in line 1 and the$higher
assignment in line 2 are dead. The first because$myVar
is never used and the second because$higher
is always overwritten for every possible time line.