Spomky-Labs /
jose
Complex classes like Encrypter often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Encrypter, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 36 | final class Encrypter implements EncrypterInterface |
||
| 37 | { |
||
| 38 | use HasKeyChecker; |
||
| 39 | use HasJWAManager; |
||
| 40 | use HasCompressionManager; |
||
| 41 | use HasLogger; |
||
| 42 | use CommonCipheringMethods; |
||
| 43 | |||
| 44 | /** |
||
| 45 | * {@inheritdoc} |
||
| 46 | */ |
||
| 47 | public static function createEncrypter(array $key_encryption_algorithms, array $content_encryption_algorithms, array $compression_methods = ['DEF', 'ZLIB', 'GZ'], LoggerInterface $logger = null) |
||
| 48 | { |
||
| 49 | $encrypter = new self($key_encryption_algorithms, $content_encryption_algorithms, $compression_methods); |
||
| 50 | |||
| 51 | if (null !== $logger) { |
||
| 52 | $encrypter->enableLogging($logger); |
||
| 53 | } |
||
| 54 | |||
| 55 | return $encrypter; |
||
| 56 | } |
||
| 57 | |||
| 58 | /** |
||
| 59 | * Decrypter constructor. |
||
| 60 | * |
||
| 61 | * @param string[]|\Jose\Algorithm\KeyEncryptionAlgorithmInterface[] $key_encryption_algorithms |
||
| 62 | * @param string[]|\Jose\Algorithm\ContentEncryptionAlgorithmInterface[] $content_encryption_algorithms |
||
| 63 | * @param string[]|\Jose\Compression\CompressionInterface[] $compression_methods |
||
| 64 | */ |
||
| 65 | public function __construct( |
||
| 66 | array $key_encryption_algorithms, |
||
| 67 | array $content_encryption_algorithms, |
||
| 68 | array $compression_methods |
||
| 69 | ) { |
||
| 70 | $this->setKeyEncryptionAlgorithms($key_encryption_algorithms); |
||
| 71 | $this->setContentEncryptionAlgorithms($content_encryption_algorithms); |
||
| 72 | $this->setCompressionMethods($compression_methods); |
||
| 73 | $this->setJWAManager(AlgorithmManagerFactory::createAlgorithmManager(array_merge( |
||
| 74 | $key_encryption_algorithms, |
||
| 75 | $content_encryption_algorithms |
||
| 76 | ))); |
||
| 77 | $this->setCompressionManager(CompressionManagerFactory::createCompressionManager($compression_methods)); |
||
| 78 | } |
||
| 79 | |||
| 80 | /** |
||
| 81 | * {@inheritdoc} |
||
| 82 | */ |
||
| 83 | public function encrypt(JWEInterface &$jwe) |
||
| 151 | |||
| 152 | /** |
||
| 153 | * @param \Jose\Object\JWEInterface $jwe |
||
| 154 | * @param \Jose\Object\RecipientInterface $recipient |
||
| 155 | * @param string $cek |
||
| 156 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 157 | * @param array $additional_headers |
||
| 158 | */ |
||
| 159 | private function processRecipient(JWEInterface $jwe, |
||
| 211 | |||
| 212 | /** |
||
| 213 | * @param \Jose\Object\JWEInterface $jwe |
||
| 214 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 215 | * @param string $key_management_mode |
||
| 216 | * @param array $additional_headers |
||
| 217 | * |
||
| 218 | * @return string |
||
| 219 | */ |
||
| 220 | private function determineCEK(JWEInterface $jwe, |
||
| 251 | |||
| 252 | /** |
||
| 253 | * @param \Jose\Object\JWEInterface $jwe |
||
| 254 | * |
||
| 255 | * @return string |
||
| 256 | */ |
||
| 257 | private function getKeyManagementMode(JWEInterface $jwe) |
||
| 285 | |||
| 286 | /** |
||
| 287 | * @param \Jose\Object\JWEInterface $jwe |
||
| 288 | * |
||
| 289 | * @return \Jose\Compression\CompressionInterface|null |
||
| 290 | */ |
||
| 291 | private function getCompressionMethod(JWEInterface $jwe) |
||
| 326 | |||
| 327 | /** |
||
| 328 | * @param \Jose\Object\JWEInterface $jwe |
||
| 329 | * |
||
| 330 | * @return \Jose\Algorithm\ContentEncryptionAlgorithmInterface |
||
| 331 | */ |
||
| 332 | private function getContentEncryptionAlgorithm(JWEInterface $jwe) |
||
| 355 | |||
| 356 | /** |
||
| 357 | * @param \Jose\Object\JWEInterface $jwe |
||
| 358 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 359 | * @param string $cek |
||
| 360 | * @param string $iv |
||
| 361 | * @param \Jose\Compression\CompressionInterface|null $compression_method |
||
| 362 | */ |
||
| 363 | private function encryptJWE(JWEInterface &$jwe, |
||
| 394 | |||
| 395 | /** |
||
| 396 | * @param \Jose\Algorithm\KeyEncryptionAlgorithmInterface $key_encryption_algorithm |
||
| 397 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 398 | * @param \Jose\Object\JWKInterface $recipient_key |
||
| 399 | */ |
||
| 400 | private function checkKeys(KeyEncryptionAlgorithmInterface $key_encryption_algorithm, ContentEncryptionAlgorithmInterface $content_encryption_algorithm, JWKInterface $recipient_key) |
||
| 401 | { |
||
| 402 | $this->checkKeyUsage($recipient_key, 'encryption'); |
||
| 403 | if ('dir' !== $key_encryption_algorithm->getAlgorithmName()) { |
||
| 404 | $this->checkKeyAlgorithm($recipient_key, $key_encryption_algorithm->getAlgorithmName()); |
||
| 405 | } else { |
||
| 406 | $this->checkKeyAlgorithm($recipient_key, $content_encryption_algorithm->getAlgorithmName()); |
||
| 407 | } |
||
| 408 | } |
||
| 409 | |||
| 410 | /** |
||
| 411 | * @param string $current |
||
| 412 | * @param string $new |
||
| 413 | * |
||
| 414 | * @return bool |
||
| 415 | */ |
||
| 416 | private function areKeyManagementModesCompatible($current, $new) |
||
| 417 | { |
||
| 418 | $agree = KeyEncryptionAlgorithmInterface::MODE_AGREEMENT; |
||
| 419 | $dir = KeyEncryptionAlgorithmInterface::MODE_DIRECT; |
||
| 420 | $enc = KeyEncryptionAlgorithmInterface::MODE_ENCRYPT; |
||
| 421 | $wrap = KeyEncryptionAlgorithmInterface::MODE_WRAP; |
||
| 422 | |||
| 423 | $supported_key_management_mode_combinations = [ |
||
| 424 | $enc.$enc => true, |
||
| 425 | $enc.$wrap => true, |
||
| 426 | $wrap.$enc => true, |
||
| 427 | $wrap.$wrap => true, |
||
| 428 | $agree.$agree => false, |
||
| 429 | $agree.$dir => false, |
||
| 430 | $agree.$enc => false, |
||
| 431 | $agree.$wrap => false, |
||
| 432 | $dir.$agree => false, |
||
| 433 | $dir.$dir => false, |
||
| 434 | $dir.$enc => false, |
||
| 435 | $dir.$wrap => false, |
||
| 436 | $enc.$agree => false, |
||
| 437 | $enc.$dir => false, |
||
| 438 | $wrap.$agree => false, |
||
| 439 | $wrap.$dir => false, |
||
| 440 | ]; |
||
| 441 | |||
| 442 | if (array_key_exists($current.$new, $supported_key_management_mode_combinations)) { |
||
| 443 | return $supported_key_management_mode_combinations[$current.$new]; |
||
| 444 | } |
||
| 445 | |||
| 446 | return false; |
||
| 447 | } |
||
| 448 | |||
| 449 | /** |
||
| 450 | * @param string $payload |
||
| 451 | * @param \Jose\Compression\CompressionInterface|null $compression_method |
||
| 452 | * |
||
| 453 | * @return string |
||
| 454 | */ |
||
| 455 | private function preparePayload($payload, CompressionInterface $compression_method = null) |
||
| 469 | |||
| 470 | /** |
||
| 471 | * @param array $complete_headers |
||
| 472 | * @param string $cek |
||
| 473 | * @param \Jose\Algorithm\KeyEncryptionAlgorithmInterface $key_encryption_algorithm |
||
| 474 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 475 | * @param \Jose\Object\JWKInterface $recipient_key |
||
| 476 | * @param array $additional_headers |
||
| 477 | * |
||
| 478 | * @return string|null |
||
| 479 | */ |
||
| 480 | private function getEncryptedKey(array $complete_headers, $cek, KeyEncryptionAlgorithmInterface $key_encryption_algorithm, ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array &$additional_headers, JWKInterface $recipient_key) |
||
| 481 | { |
||
| 482 | if ($key_encryption_algorithm instanceof KeyEncryptionInterface) { |
||
| 483 | return $this->getEncryptedKeyFromKeyEncryptionAlgorithm($complete_headers, $cek, $key_encryption_algorithm, $recipient_key, $additional_headers); |
||
| 484 | } elseif ($key_encryption_algorithm instanceof KeyWrappingInterface) { |
||
| 485 | return $this->getEncryptedKeyFromKeyWrappingAlgorithm($complete_headers, $cek, $key_encryption_algorithm, $recipient_key, $additional_headers); |
||
| 486 | } elseif ($key_encryption_algorithm instanceof KeyAgreementWrappingInterface) { |
||
| 487 | return $this->getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm($complete_headers, $cek, $key_encryption_algorithm, $content_encryption_algorithm, $additional_headers, $recipient_key); |
||
| 488 | } |
||
| 489 | |||
| 490 | // Using KeyAgreementInterface or DirectEncryptionInterface, the encrypted key is an empty string |
||
| 491 | } |
||
| 492 | |||
| 493 | /** |
||
| 494 | * @param array $complete_headers |
||
| 495 | * @param string $cek |
||
| 496 | * @param \Jose\Algorithm\KeyEncryption\KeyAgreementWrappingInterface $key_encryption_algorithm |
||
| 497 | * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm |
||
| 498 | * @param array $additional_headers |
||
| 499 | * @param \Jose\Object\JWKInterface $recipient_key |
||
| 500 | * |
||
| 501 | * @return string |
||
| 502 | */ |
||
| 503 | private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $complete_headers, $cek, KeyAgreementWrappingInterface $key_encryption_algorithm, ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array &$additional_headers, JWKInterface $recipient_key) |
||
| 509 | |||
| 510 | /** |
||
| 511 | * @param array $complete_headers |
||
| 512 | * @param string $cek |
||
| 513 | * @param \Jose\Algorithm\KeyEncryption\KeyEncryptionInterface $key_encryption_algorithm |
||
| 514 | * @param \Jose\Object\JWKInterface $recipient_key |
||
| 515 | * @param array $additional_headers |
||
| 516 | * |
||
| 517 | * @return string |
||
| 518 | */ |
||
| 519 | private function getEncryptedKeyFromKeyEncryptionAlgorithm(array $complete_headers, $cek, KeyEncryptionInterface $key_encryption_algorithm, JWKInterface $recipient_key, array &$additional_headers) |
||
| 528 | |||
| 529 | /** |
||
| 530 | * @param array $complete_headers |
||
| 531 | * @param string $cek |
||
| 532 | * @param \Jose\Algorithm\KeyEncryption\KeyWrappingInterface $key_encryption_algorithm |
||
| 533 | * @param \Jose\Object\JWKInterface $recipient_key |
||
| 534 | * @param array $additional_headers |
||
| 535 | * |
||
| 536 | * @return string |
||
| 537 | */ |
||
| 538 | private function getEncryptedKeyFromKeyWrappingAlgorithm(array $complete_headers, $cek, KeyWrappingInterface $key_encryption_algorithm, JWKInterface $recipient_key, &$additional_headers) |
||
| 547 | |||
| 548 | /** |
||
| 549 | * @param array $complete_headers |
||
| 550 | * |
||
| 551 | * @return \Jose\Algorithm\KeyEncryptionAlgorithmInterface |
||
| 552 | */ |
||
| 553 | private function findKeyEncryptionAlgorithm(array $complete_headers) |
||
| 562 | |||
| 563 | /** |
||
| 564 | * @param int $size |
||
| 565 | * |
||
| 566 | * @return string |
||
| 567 | */ |
||
| 568 | private function createCEK($size) |
||
| 569 | { |
||
| 570 | return random_bytes($size / 8); |
||
| 571 | } |
||
| 572 | |||
| 573 | /** |
||
| 574 | * @param int $size |
||
| 575 | * |
||
| 576 | * @return string |
||
| 577 | */ |
||
| 578 | private function createIV($size) |
||
| 582 | } |
||
| 583 |
