KeyChecker::checkUsage() - Code Metrics - Inspection of "New Factories" - Spomky-Labs/jose - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — v7 ( 79e5af...524357 )

by Florent

created 2017-08-31 21:00 UTC

KeyChecker::checkUsage() C

↳ Parent: KeyChecker

Complexity

Conditions	7
Paths	9

Size

Total Lines	22
Code Lines	15

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	22
rs	6.9811
c	0
b	0
f	0
cc	7
eloc	15
nc	9
nop	2

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2017 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Component\Core\Util;

use Jose\Component\Core\JWK;

final class KeyChecker
{
    /**
     * @param JWK    $key
     * @param string $usage
     *
     * @throws \InvalidArgumentException
     *
     * @return bool
     */
    public static function checkKeyUsage(JWK $key, string $usage): bool
    {
        if ($key->has('use')) {
            return self::checkUsage($key, $usage);
        }
        if ($key->has('key_ops')) {
            return self::checkOperation($key, $usage);
        }

        return true;
    }

    /**
     * @param JWK    $key
     * @param string $usage
     *
     * @return bool
     */
    private static function checkOperation(JWK $key, string $usage): bool
    {
        $ops = $key->get('key_ops');
        if (!is_array($ops)) {
            $ops = [$ops];
        }
        switch ($usage) {
            case 'verification':
                if (!in_array('verify', $ops)) {
                    throw new \InvalidArgumentException('Key cannot be used to verify a signature');
                }

                return true;
            case 'signature':
                if (!in_array('sign', $ops)) {
                    throw new \InvalidArgumentException('Key cannot be used to sign');
                }

                return true;
            case 'encryption':
                if (!in_array('encrypt', $ops) && !in_array('wrapKey', $ops)) {
                    throw new \InvalidArgumentException('Key cannot be used to encrypt');
                }

                return true;
            case 'decryption':
                if (!in_array('decrypt', $ops) && !in_array('unwrapKey', $ops)) {
                    throw new \InvalidArgumentException('Key cannot be used to decrypt');
                }

                return true;
            default:
                throw new \InvalidArgumentException('Unsupported key usage.');
        }
    }

    /**
     * @param JWK    $key
     * @param string $usage
     *
     * @return bool
     */
    private static function checkUsage(JWK $key, string $usage): bool
    {
        $use = $key->get('use');
        switch ($usage) {
            case 'verification':
            case 'signature':
                if ('sig' !== $use) {
                    throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
                }

                return true;
            case 'encryption':
            case 'decryption':
                if ('enc' !== $use) {
                    throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
                }

                return true;
            default:
                throw new \InvalidArgumentException('Unsupported key usage.');
        }
    }

    /**
     * @param JWK    $key
     * @param string $algorithm
     */
    public static function checkKeyAlgorithm(JWK $key, string $algorithm)
    {
        if (!$key->has('alg')) {
            return;
        }

        if ($key->get('alg') !== $algorithm) {
            throw new \InvalidArgumentException(sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2017 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Component\Core\Util;
15
16			use Jose\Component\Core\JWK;
17
18			final class KeyChecker
19			{
20			/**
21			* @param JWK $key
22			* @param string $usage
23			*
24			* @throws \InvalidArgumentException
25			*
26			* @return bool
27			*/
28			public static function checkKeyUsage(JWK $key, string $usage): bool
29			{
30			if ($key->has('use')) {
31			return self::checkUsage($key, $usage);
32			}
33			if ($key->has('key_ops')) {
34			return self::checkOperation($key, $usage);
35			}
36
37			return true;
38			}
39
40			/**
41			* @param JWK $key
42			* @param string $usage
43			*
44			* @return bool
45			*/
46			private static function checkOperation(JWK $key, string $usage): bool
47			{
48			$ops = $key->get('key_ops');
49			if (!is_array($ops)) {
50			$ops = [$ops];
51			}
52			switch ($usage) {
53			case 'verification':
54			if (!in_array('verify', $ops)) {
55			throw new \InvalidArgumentException('Key cannot be used to verify a signature');
56			}
57
58			return true;
59			case 'signature':
60			if (!in_array('sign', $ops)) {
61			throw new \InvalidArgumentException('Key cannot be used to sign');
62			}
63
64			return true;
65			case 'encryption':
66			if (!in_array('encrypt', $ops) && !in_array('wrapKey', $ops)) {
67			throw new \InvalidArgumentException('Key cannot be used to encrypt');
68			}
69
70			return true;
71			case 'decryption':
72			if (!in_array('decrypt', $ops) && !in_array('unwrapKey', $ops)) {
73			throw new \InvalidArgumentException('Key cannot be used to decrypt');
74			}
75
76			return true;
77			default:
78			throw new \InvalidArgumentException('Unsupported key usage.');
79			}
80			}
81
82			/**
83			* @param JWK $key
84			* @param string $usage
85			*
86			* @return bool
87			*/
88			private static function checkUsage(JWK $key, string $usage): bool
89			{
90			$use = $key->get('use');
91			switch ($usage) {
92			case 'verification':
93			case 'signature':
94			if ('sig' !== $use) {
95			throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
96			}
97
98			return true;
99			case 'encryption':
100			case 'decryption':
101			if ('enc' !== $use) {
102			throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
103			}
104
105			return true;
106			default:
107			throw new \InvalidArgumentException('Unsupported key usage.');
108			}
109			}
110
111			/**
112			* @param JWK $key
113			* @param string $algorithm
114			*/
115			public static function checkKeyAlgorithm(JWK $key, string $algorithm)
116			{
117			if (!$key->has('alg')) {
118			return;
119			}
120
121			if ($key->get('alg') !== $algorithm) {
122			throw new \InvalidArgumentException(sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
123			}
124			}
125			}
126

Spomky-Labs / jose

Push — v7 ( 79e5af...524357 )

KeyChecker::checkUsage() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like