Loader::loadAndVerifySignatureUsingKeySet() - Code Metrics - Inspection of "Loader can load and verify JWS" - Spomky-Labs/jose - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 933d17...6b3c88 )

by Florent

created 2016-03-01 12:48 UTC

Loader::loadAndVerifySignatureUsingKeySet() A

↳ Parent: Loader

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	4
rs	10
cc	1
eloc	2
nc	1
nop	4

<?php

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2016 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose;

use Assert\Assertion;
use Jose\Factory\DecrypterFactory;
use Jose\Factory\VerifierFactory;
use Jose\Object\JWKInterface;
use Jose\Object\JWKSet;
use Jose\Object\JWKSetInterface;
use Jose\Object\JWSInterface;
use Jose\Util\JWELoader;
use Jose\Util\JWSLoader;
use Psr\Log\LoggerInterface;

/**
 * Class able to load JWS or JWE.
 * JWS object can also be verified.
 */
final class Loader implements LoaderInterface
{
    /**
     * {@inheritdoc}
     */
    public static function loadAndVerifySignatureUsingKey($input, JWKInterface $jwk, array $allowed_algorithms, LoggerInterface $logger = null)
    {
        $jwk_set = new JWKSet();
        $jwk_set = $jwk_set->addKey($jwk);

        return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, null, $logger);
    }

    /**
     * {@inheritdoc}
     */
    public static function loadAndVerifySignatureUsingKeySet($input, JWKSetInterface $jwk_set, array $allowed_algorithms, LoggerInterface $logger = null)
    {
        return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, null, $logger);
    }

    /**
     * {@inheritdoc}
     */
    public static function loadAndVerifySignatureUsingKeyAndDetachedPayload($input, JWKInterface $jwk, array $allowed_algorithms, $detached_payload, LoggerInterface $logger = null)
    {
        $jwk_set = new JWKSet();
        $jwk_set = $jwk_set->addKey($jwk);

        return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, $detached_payload, $logger);
    }

    /**
     * {@inheritdoc}
     */
    public static function loadAndVerifySignatureUsingKeySetAndDetachedPayload($input, JWKSetInterface $jwk_set, array $allowed_algorithms, $detached_payload, LoggerInterface $logger = null)
    {
        return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, $detached_payload, $logger);
    }

    /**
     * {@inheritdoc}
     */
    private static function loadAndVerifySignature($input, JWKSetInterface $jwk_set, array $allowed_algorithms, $detached_payload = null, LoggerInterface $logger = null)
    {
        $jwt = self::load($input);
        Assertion::isInstanceOf($jwt, JWSInterface::class, 'The input is not a valid JWS');
        $verifier = VerifierFactory::createVerifier($allowed_algorithms, $logger);

        $result = $verifier->verifyWithKeySet($jwt, $jwk_set, $detached_payload);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        Assertion::integer($result, 'Unable to verify or decrypt the input');

        return $jwt;
    }

    /**
     * {@inheritdoc}
     */
    public static function load($input)
    {
        $json = self::convert($input);
        if (array_key_exists('signatures', $json)) {
            return JWSLoader::loadSerializedJsonJWS($json);
        }
        if (array_key_exists('recipients', $json)) {
            return JWELoader::loadSerializedJsonJWE($json);
        }
    }

    /**
     * @param string $input
     *
     * @return array
     */
    private static function convert($input)
    {
        if (is_array($data = json_decode($input, true))) {
            if (array_key_exists('signatures', $data) || array_key_exists('recipients', $data)) {
                return $data;
            } elseif (array_key_exists('signature', $data)) {
                return self::fromFlattenedSerializationSignatureToSerialization($data);
            } elseif (array_key_exists('ciphertext', $data)) {
                return self::fromFlattenedSerializationRecipientToSerialization($data);
            }
        } elseif (is_string($input)) {
            return self::fromCompactSerializationToSerialization($input);
        }
        throw new \InvalidArgumentException('Unsupported input');
    }

    /**
     * @param $input
     *
     * @return array
     */
    private static function fromFlattenedSerializationRecipientToSerialization($input)
    {
        $recipient = [];
        foreach (['header', 'encrypted_key'] as $key) {
            if (array_key_exists($key, $input)) {
                $recipient[$key] = $input[$key];
            }
        }
        $recipients = [
            'ciphertext' => $input['ciphertext'],
            'recipients' => [$recipient],
        ];
        foreach (['ciphertext', 'protected', 'unprotected', 'iv', 'aad', 'tag'] as $key) {
            if (array_key_exists($key, $input)) {
                $recipients[$key] = $input[$key];
            }
        }

        return $recipients;
    }

    /**
     * @param $input
     *
     * @return array
     */
    private static function fromFlattenedSerializationSignatureToSerialization($input)
    {
        $signature = [
            'signature' => $input['signature'],
        ];
        foreach (['protected', 'header'] as $key) {
            if (array_key_exists($key, $input)) {
                $signature[$key] = $input[$key];
            }
        }

        $temp = [];
        if (!empty($input['payload'])) {
            $temp['payload'] = $input['payload'];
        }
        $temp['signatures'] = [$signature];

        return $temp;
    }

    /**
     * @param string $input
     *
     * @return array
     */
    private static function fromCompactSerializationToSerialization($input)
    {
        $parts = explode('.', $input);
        switch (count($parts)) {
            case 3:
                return self::fromCompactSerializationSignatureToSerialization($parts);
            case 5:
                return self::fromCompactSerializationRecipientToSerialization($parts);
            default:
                throw new \InvalidArgumentException('Unsupported input');
        }
    }

    /**
     * @param array $parts
     *
     * @return array
     */
    private static function fromCompactSerializationRecipientToSerialization(array $parts)
    {
        $recipient = [];
        if (!empty($parts[1])) {
            $recipient['encrypted_key'] = $parts[1];
        }

        $recipients = [
            'recipients' => [$recipient],
        ];
        foreach ([3 => 'ciphertext', 0 => 'protected', 2 => 'iv', 4 => 'tag'] as $part => $key) {
            if (!empty($parts[$part])) {
                $recipients[$key] = $parts[$part];
            }
        }

        return $recipients;
    }

    /**
     * @param array $parts
     *
     * @return array
     */
    private static function fromCompactSerializationSignatureToSerialization(array $parts)
    {
        $temp = [];

        if (!empty($parts[1])) {
            $temp['payload'] = $parts[1];
        }
        $temp['signatures'] = [[
            'protected' => $parts[0],
            'signature' => $parts[2],
        ]];

        return $temp;
    }
}


1			<?php
2
3			/*
4			* The MIT License (MIT)
5			*
6			* Copyright (c) 2014-2016 Spomky-Labs
7			*
8			* This software may be modified and distributed under the terms
9			* of the MIT license. See the LICENSE file for details.
10			*/
11
12			namespace Jose;
13
14			use Assert\Assertion;
15			use Jose\Factory\DecrypterFactory;
16			use Jose\Factory\VerifierFactory;
17			use Jose\Object\JWKInterface;
18			use Jose\Object\JWKSet;
19			use Jose\Object\JWKSetInterface;
20			use Jose\Object\JWSInterface;
21			use Jose\Util\JWELoader;
22			use Jose\Util\JWSLoader;
23			use Psr\Log\LoggerInterface;
24
25			/**
26			* Class able to load JWS or JWE.
27			* JWS object can also be verified.
28			*/
29			final class Loader implements LoaderInterface
30			{
31			/**
32			* {@inheritdoc}
33			*/
34			public static function loadAndVerifySignatureUsingKey($input, JWKInterface $jwk, array $allowed_algorithms, LoggerInterface $logger = null)
35			{
36			$jwk_set = new JWKSet();
37			$jwk_set = $jwk_set->addKey($jwk);
38
39			return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, null, $logger);
40			}
41
42			/**
43			* {@inheritdoc}
44			*/
45			public static function loadAndVerifySignatureUsingKeySet($input, JWKSetInterface $jwk_set, array $allowed_algorithms, LoggerInterface $logger = null)
46			{
47			return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, null, $logger);
48			}
49
50			/**
51			* {@inheritdoc}
52			*/
53			public static function loadAndVerifySignatureUsingKeyAndDetachedPayload($input, JWKInterface $jwk, array $allowed_algorithms, $detached_payload, LoggerInterface $logger = null)
54			{
55			$jwk_set = new JWKSet();
56			$jwk_set = $jwk_set->addKey($jwk);
57
58			return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, $detached_payload, $logger);
59			}
60
61			/**
62			* {@inheritdoc}
63			*/
64			public static function loadAndVerifySignatureUsingKeySetAndDetachedPayload($input, JWKSetInterface $jwk_set, array $allowed_algorithms, $detached_payload, LoggerInterface $logger = null)
65			{
66			return self::loadAndVerifySignature($input, $jwk_set, $allowed_algorithms, $detached_payload, $logger);
67			}
68
69			/**
70			* {@inheritdoc}
71			*/
72			private static function loadAndVerifySignature($input, JWKSetInterface $jwk_set, array $allowed_algorithms, $detached_payload = null, LoggerInterface $logger = null)
73			{
74			$jwt = self::load($input);
75			Assertion::isInstanceOf($jwt, JWSInterface::class, 'The input is not a valid JWS');
76			$verifier = VerifierFactory::createVerifier($allowed_algorithms, $logger);
77
78			$result = $verifier->verifyWithKeySet($jwt, $jwk_set, $detached_payload);
			0 ignored issues – show Bug introduced 2016-03-01 12:51 UTC by Report Bug Copy Issue Report It seems like `$jwt` defined by `self::load($input)` on line `74` can also be of type `object<Jose\Object\JWEInterface>`; however, `Jose\Verifier::verifyWithKeySet()` does only seem to accept `object<Jose\Object\JWSInterface>`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
79			Assertion::integer($result, 'Unable to verify or decrypt the input');
80
81			return $jwt;
82			}
83
84			/**
85			* {@inheritdoc}
86			*/
87			public static function load($input)
88			{
89			$json = self::convert($input);
90			if (array_key_exists('signatures', $json)) {
91			return JWSLoader::loadSerializedJsonJWS($json);
92			}
93			if (array_key_exists('recipients', $json)) {
94			return JWELoader::loadSerializedJsonJWE($json);
95			}
96			}
97
98			/**
99			* @param string $input
100			*
101			* @return array
102			*/
103			private static function convert($input)
104			{
105			if (is_array($data = json_decode($input, true))) {
106			if (array_key_exists('signatures', $data) \|\| array_key_exists('recipients', $data)) {
107			return $data;
108			} elseif (array_key_exists('signature', $data)) {
109			return self::fromFlattenedSerializationSignatureToSerialization($data);
110			} elseif (array_key_exists('ciphertext', $data)) {
111			return self::fromFlattenedSerializationRecipientToSerialization($data);
112			}
113			} elseif (is_string($input)) {
114			return self::fromCompactSerializationToSerialization($input);
115			}
116			throw new \InvalidArgumentException('Unsupported input');
117			}
118
119			/**
120			* @param $input
121			*
122			* @return array
123			*/
124			private static function fromFlattenedSerializationRecipientToSerialization($input)
125			{
126			$recipient = [];
127			foreach (['header', 'encrypted_key'] as $key) {
128			if (array_key_exists($key, $input)) {
129			$recipient[$key] = $input[$key];
130			}
131			}
132			$recipients = [
133			'ciphertext' => $input['ciphertext'],
134			'recipients' => [$recipient],
135			];
136			foreach (['ciphertext', 'protected', 'unprotected', 'iv', 'aad', 'tag'] as $key) {
137			if (array_key_exists($key, $input)) {
138			$recipients[$key] = $input[$key];
139			}
140			}
141
142			return $recipients;
143			}
144
145			/**
146			* @param $input
147			*
148			* @return array
149			*/
150			private static function fromFlattenedSerializationSignatureToSerialization($input)
151			{
152			$signature = [
153			'signature' => $input['signature'],
154			];
155			foreach (['protected', 'header'] as $key) {
156			if (array_key_exists($key, $input)) {
157			$signature[$key] = $input[$key];
158			}
159			}
160
161			$temp = [];
162			if (!empty($input['payload'])) {
163			$temp['payload'] = $input['payload'];
164			}
165			$temp['signatures'] = [$signature];
166
167			return $temp;
168			}
169
170			/**
171			* @param string $input
172			*
173			* @return array
174			*/
175			private static function fromCompactSerializationToSerialization($input)
176			{
177			$parts = explode('.', $input);
178			switch (count($parts)) {
179			case 3:
180			return self::fromCompactSerializationSignatureToSerialization($parts);
181			case 5:
182			return self::fromCompactSerializationRecipientToSerialization($parts);
183			default:
184			throw new \InvalidArgumentException('Unsupported input');
185			}
186			}
187
188			/**
189			* @param array $parts
190			*
191			* @return array
192			*/
193			private static function fromCompactSerializationRecipientToSerialization(array $parts)
194			{
195			$recipient = [];
196			if (!empty($parts[1])) {
197			$recipient['encrypted_key'] = $parts[1];
198			}
199
200			$recipients = [
201			'recipients' => [$recipient],
202			];
203			foreach ([3 => 'ciphertext', 0 => 'protected', 2 => 'iv', 4 => 'tag'] as $part => $key) {
204			if (!empty($parts[$part])) {
205			$recipients[$key] = $parts[$part];
206			}
207			}
208
209			return $recipients;
210			}
211
212			/**
213			* @param array $parts
214			*
215			* @return array
216			*/
217			private static function fromCompactSerializationSignatureToSerialization(array $parts)
218			{
219			$temp = [];
220
221			if (!empty($parts[1])) {
222			$temp['payload'] = $parts[1];
223			}
224			$temp['signatures'] = [[
225			'protected' => $parts[0],
226			'signature' => $parts[2],
227			]];
228
229			return $temp;
230			}
231			}
232

Spomky-Labs / jose

Push — master ( 933d17...6b3c88 )

Loader::loadAndVerifySignatureUsingKeySet() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like