RSA::getRsaObject() - Code Metrics - Inspection of "Optimizations" - Spomky-Labs/jose - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — PHPSecLib_Rid ( fca9fd...3a3eb8 )

by Florent

created 2016-07-30 20:38 UTC

RSA::getRsaObject() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes	5
Bugs	1	Features	0

Metric	Value
c	5
b	1
f	0
dl	0
loc	6
rs	9.4285
cc	1
eloc	3
nc	1
nop	0

<?php

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2016 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Algorithm\Signature;

use Assert\Assertion;
use Jose\Algorithm\SignatureAlgorithmInterface;
use Jose\KeyConverter\RSAKey;
use Jose\Object\JWKInterface;
use Jose\Util\RSA as JoseRSA;

/**
 * Class RSA.
 */
abstract class RSA implements SignatureAlgorithmInterface
{
    /**
     * Probabilistic Signature Scheme.
     */
    const SIGNATURE_PSS = 1;

    /**
     * Use the PKCS#1.
     */
    const SIGNATURE_PKCS1 = 2;

    /**
     * @return mixed
     */
    abstract protected function getAlgorithm();

    /**
     * @return mixed
     */
    abstract protected function getSignatureMethod();

    /**
     * {@inheritdoc}
     */
    public function verify(JWKInterface $key, $input, $signature)
    {
        $this->checkKey($key);

        $pub = RSAKey::toPublic(new RSAKey($key));

        if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {

            return JoseRSA::verify($pub, $input, $signature, $this->getAlgorithm());
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
        } else {

            return 1 === openssl_verify($input, $signature, $pub->toPEM(), $this->getAlgorithm());
        }
    }

    /**
     * {@inheritdoc}
     */
    public function sign(JWKInterface $key, $input)
    {
        $this->checkKey($key);
        Assertion::true($key->has('d'), 'The key is not a private key');

        $priv = new RSAKey($key);

        if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
            $result = JoseRSA::sign($priv, $input, $this->getAlgorithm());

            Assertion::string($result, 'An error occurred during the creation of the signature');

            return $result;
        } else {
            $result = openssl_sign($input, $signature, $priv->toPEM(), $this->getAlgorithm());
            Assertion::true($result, 'Unable to sign');

            return $signature;
        }
    }

    /**
     * @param JWKInterface $key
     */
    private function checkKey(JWKInterface $key)
    {
        Assertion::eq($key->get('kty'), 'RSA', 'Wrong key type.');
    }
}


1			<?php
2
3			/*
4			* The MIT License (MIT)
5			*
6			* Copyright (c) 2014-2016 Spomky-Labs
7			*
8			* This software may be modified and distributed under the terms
9			* of the MIT license. See the LICENSE file for details.
10			*/
11
12			namespace Jose\Algorithm\Signature;
13
14			use Assert\Assertion;
15			use Jose\Algorithm\SignatureAlgorithmInterface;
16			use Jose\KeyConverter\RSAKey;
17			use Jose\Object\JWKInterface;
18			use Jose\Util\RSA as JoseRSA;
19
20			/**
21			* Class RSA.
22			*/
23			abstract class RSA implements SignatureAlgorithmInterface
24			{
25			/**
26			* Probabilistic Signature Scheme.
27			*/
28			const SIGNATURE_PSS = 1;
29
30			/**
31			* Use the PKCS#1.
32			*/
33			const SIGNATURE_PKCS1 = 2;
34
35			/**
36			* @return mixed
37			*/
38			abstract protected function getAlgorithm();
39
40			/**
41			* @return mixed
42			*/
43			abstract protected function getSignatureMethod();
44
45			/**
46			* {@inheritdoc}
47			*/
48			public function verify(JWKInterface $key, $input, $signature)
49			{
50			$this->checkKey($key);
51
52			$pub = RSAKey::toPublic(new RSAKey($key));
53
54			if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
55
56			return JoseRSA::verify($pub, $input, $signature, $this->getAlgorithm());
			0 ignored issues – show Bug Best Practice introduced 2016-07-30 20:41 UTC by Report Bug Copy Issue Report The return type of `return \Jose\Util\RSA::v...$this->getAlgorithm());` (`string`) is incompatible with the return type declared by the interface `Jose\Algorithm\SignatureAlgorithmInterface::verify` of type `boolean`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
57			} else {
58
59			return 1 === openssl_verify($input, $signature, $pub->toPEM(), $this->getAlgorithm());
60			}
61			}
62
63			/**
64			* {@inheritdoc}
65			*/
66			public function sign(JWKInterface $key, $input)
67			{
68			$this->checkKey($key);
69			Assertion::true($key->has('d'), 'The key is not a private key');
70
71			$priv = new RSAKey($key);
72
73			if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
74			$result = JoseRSA::sign($priv, $input, $this->getAlgorithm());
			0 ignored issues – show Comprehensibility Best Practice introduced 2016-07-30 20:41 UTC by Report Bug Copy Issue Report The expression `\Jose\Util\RSA::sign($pr...$this->getAlgorithm());` of type `false\|string` adds `false` to the return on line 77 which is incompatible with the return type declared by the interface `Jose\Algorithm\SignatureAlgorithmInterface::sign` of type `string`. It seems like you forgot to handle an error condition. Loading history...
75			Assertion::string($result, 'An error occurred during the creation of the signature');
76
77			return $result;
78			} else {
79			$result = openssl_sign($input, $signature, $priv->toPEM(), $this->getAlgorithm());
80			Assertion::true($result, 'Unable to sign');
81
82			return $signature;
83			}
84			}
85
86			/**
87			* @param JWKInterface $key
88			*/
89			private function checkKey(JWKInterface $key)
90			{
91			Assertion::eq($key->get('kty'), 'RSA', 'Wrong key type.');
92			}
93			}
94

Spomky-Labs / jose

Push — PHPSecLib_Rid ( fca9fd...3a3eb8 )

RSA::getRsaObject() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like