Issues in MethodRSASHA1.php - All Issues - Inspection of "[OAuth2] Tests - mock Session for testAccessDenied" - SocialConnect/auth - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ae4368...d96fc9 )

by Дмитрий

created 2017-07-09 14:20 UTC

src/OAuth1/Signature/MethodRSASHA1.php (1 issue)

Labels

Unused Code 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * SocialConnect project
 * @author: Andreas Heigl https://github.com/heiglandreas <[email protected]>
 */

namespace SocialConnect\OAuth1\Signature;

use SocialConnect\Provider\Consumer;
use SocialConnect\OAuth1\Request;
use SocialConnect\OAuth1\Token;
use SocialConnect\OAuth1\Util;

class MethodRSASHA1 extends AbstractSignatureMethod
{
    /**
     * @var string Path to the private key used for signing
     */
    private $privateKey;

    /**
     * MethodRSASHA1 constructor.
     *
     * @param string $privateKey The path to the private key used for signing
     */
    public function __construct($privateKey)
    {
        if (!is_readable($privateKey)) {
            throw new \InvalidArgumentException('The private key is not readable');
        }

        if (!function_exists('openssl_pkey_get_private')) {
            throw new \InvalidArgumentException('The OpenSSL-Extension seems not to be available. That is necessary to handle RSA-SHA1');
        }

        $this->privateKey = $privateKey;
    }

    /**
     * @return string
     */
    public function getName()
    {
        return 'RSA-SHA1';
    }

    /**
     * @param Request $request
     * @param Consumer $consumer
     * @param Token $token
     * @return string
     */
    public function buildSignature(Request $request, Consumer $consumer, Token $token)
    {
        $signatureBase = $request->getSignatureBaseString();
        $parts = [$consumer->getSecret(), null !== $token ? $token->getSecret() : ''];

        $parts = Util::urlencodeRFC3986($parts);
        $key = implode('&', $parts);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        $certificate = openssl_pkey_get_private('file://' . $this->privateKey);
        $privateKeyId = openssl_get_privatekey($certificate);
        $signature = null;
        openssl_sign($signatureBase, $signature, $privateKeyId);
        openssl_free_key($privateKeyId);

        return base64_encode($signature);
    }
}


1		<?php
2		/**
3		* SocialConnect project
4		* @author: Andreas Heigl https://github.com/heiglandreas <[email protected]>
5		*/
6
7		namespace SocialConnect\OAuth1\Signature;
8
9		use SocialConnect\Provider\Consumer;
10		use SocialConnect\OAuth1\Request;
11		use SocialConnect\OAuth1\Token;
12		use SocialConnect\OAuth1\Util;
13
14		class MethodRSASHA1 extends AbstractSignatureMethod
15		{
16		/**
17		* @var string Path to the private key used for signing
18		*/
19		private $privateKey;
20
21		/**
22		* MethodRSASHA1 constructor.
23		*
24		* @param string $privateKey The path to the private key used for signing
25		*/
26	6	public function __construct($privateKey)
27		{
28	6	if (!is_readable($privateKey)) {
29	1	throw new \InvalidArgumentException('The private key is not readable');
30		}
31
32	5	if (!function_exists('openssl_pkey_get_private')) {
33		throw new \InvalidArgumentException('The OpenSSL-Extension seems not to be available. That is necessary to handle RSA-SHA1');
34		}
35
36	5	$this->privateKey = $privateKey;
37	5	}
38
39		/**
40		* @return string
41		*/
42	1	public function getName()
43		{
44	1	return 'RSA-SHA1';
45		}
46
47		/**
48		* @param Request $request
49		* @param Consumer $consumer
50		* @param Token $token
51		* @return string
52		*/
53	1	public function buildSignature(Request $request, Consumer $consumer, Token $token)
54		{
55	1	$signatureBase = $request->getSignatureBaseString();
56	1	$parts = [$consumer->getSecret(), null !== $token ? $token->getSecret() : ''];
57
58	1	$parts = Util::urlencodeRFC3986($parts);
59	1	$key = implode('&', $parts);
		0 ignored issues – show Unused Code introduced 2017-03-27 15:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$key` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
60
61	1	$certificate = openssl_pkey_get_private('file://' . $this->privateKey);
62	1	$privateKeyId = openssl_get_privatekey($certificate);
63	1	$signature = null;
64	1	openssl_sign($signatureBase, $signature, $privateKeyId);
65	1	openssl_free_key($privateKeyId);
66
67	1	return base64_encode($signature);
68		}
69		}
70

SocialConnect / auth

Push — master ( ae4368...d96fc9 )

src/OAuth1/Signature/MethodRSASHA1.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like