RequestValidation - Code Metrics - Inspection of "GuzzleHttpClient: some light http tests" - bip70/bip70-php - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (48aedc)

by thomas

created 2018-04-28 12:49 UTC

RequestValidation A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	118
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	7

Test Coverage

Coverage

100%

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
wmc	12
lcom	1
cbo	7
dl	0
loc	118
ccs	45
cts	45
cp	1
rs	10
c	2
b	0
f	0

5 Methods

Rating	Name	Size	Complexity
A	__construct()	13	3
A	validateCertificateChain()	17	3
A	validateCertificates()	5	1
B	validateX509Signature()	26	3
A	verifyX509Details()	15	2

<?php

declare(strict_types=1);

namespace Bip70\X509;

use Bip70\Exception\X509Exception;
use Bip70\X509\Exception\InvalidCertificateChainException;
use Bip70\X509\Exception\InvalidX509Signature;
use Bip70\Protobuf\Codec\NonDiscardingBinaryCodec;
use Bip70\Protobuf\Proto\PaymentRequest;
use Bip70\Protobuf\Proto\X509Certificates;
use Sop\CryptoBridge\Crypto;
use Sop\CryptoTypes\AlgorithmIdentifier\Feature\AsymmetricCryptoAlgorithmIdentifier;
use Sop\CryptoTypes\Signature\Signature;
use X509\Certificate\Certificate;
use X509\Certificate\CertificateBundle;
use X509\CertificationPath\CertificationPath;
use X509\CertificationPath\PathValidation\PathValidationConfig;

class RequestValidation
{
    /**
     * @var PathValidationConfig
     */
    private $validationConfig;

    /**
     * @var CertificateBundle
     */
    private $trustStore;

    /**
     * RequestValidation constructor.
     * @param PathValidationConfig|null $validationConfig
     * @param CertificateBundle|null $trustStore
     */
    public function __construct(PathValidationConfig $validationConfig = null, CertificateBundle $trustStore = null)
    {
        if (null === $validationConfig) {
            $validationConfig = PathValidationConfig::defaultConfig();
        }

        if (null === $trustStore) {
            $trustStore = new CertificateBundle();
        }

        $this->validationConfig = $validationConfig;
        $this->trustStore = $trustStore;
    }

    /**
     * @param X509Certificates $x509
     * @return \Bip70\X509\QualifiedCertificate
     * @throws InvalidCertificateChainException
     */
    public function validateCertificateChain(X509Certificates $x509)
    {
        if (!$x509->hasCertificate()) {
            throw new \RuntimeException("No certificates in bundle");
        }

        /** @var Certificate[] $certificates */
        $certificates = [];
        foreach ($x509->getCertificateList() as $certDer) {
            $certificates[] = Certificate::fromDER($certDer);
        }

        $endEntity = $certificates[0];
        $intermediate = new CertificateBundle(...array_slice($certificates, 1));

        return $this->validateCertificates($endEntity, $intermediate);
    }

    /**
     * @param Certificate $certificate
     * @param CertificateBundle $intermediate
     * @return QualifiedCertificate
     */
    public function validateCertificates(Certificate $certificate, CertificateBundle $intermediate): QualifiedCertificate
    {
        $path = CertificationPath::toTarget($certificate, $this->trustStore, $intermediate);
        return new QualifiedCertificate($path, $path->validate($this->validationConfig));
    }

    /**
     * @param Certificate $endEntity
     * @param PaymentRequest $paymentRequest
     * @throws InvalidX509Signature
     * @throws X509Exception
     */
    public function validateX509Signature(Certificate $endEntity, PaymentRequest $paymentRequest)
    {
        $subjectKey = $endEntity->tbsCertificate()->subjectPublicKeyInfo();

        /** @var AsymmetricCryptoAlgorithmIdentifier $algOid */
        $algOid = $subjectKey->algorithmIdentifier();
        $signAlgorithm = SignatureAlgorithmFactory::getSignatureAlgorithm($paymentRequest->getPkiType(), $algOid);

        $clone = new PaymentRequest();
        if ($paymentRequest->hasPaymentDetailsVersion()) {
            $clone->setPaymentDetailsVersion($paymentRequest->getPaymentDetailsVersion());
        }

        $clone->setPkiType($paymentRequest->getPkiType());
        $clone->setPkiData($paymentRequest->getPkiData());
        $clone->setSerializedPaymentDetails($paymentRequest->getSerializedPaymentDetails());
        $clone->setSignature('');

        $signData = $clone->serialize(new NonDiscardingBinaryCodec());
        $signature = Signature::fromSignatureData($paymentRequest->getSignature(), $signAlgorithm);
        if (!Crypto::getDefault()->verify($signData, $signature, $subjectKey, $signAlgorithm)) {
            throw new InvalidX509Signature("Invalid signature on request");
        }

        return;

    }

    /**
     * @param PaymentRequest $paymentRequest
     * @return \X509\CertificationPath\PathValidation\PathValidationResult
     */
    public function verifyX509Details(PaymentRequest $paymentRequest)
    {
        if (PKIType::NONE === $paymentRequest->getPkiType()) {
            throw new X509Exception("Cannot verify a request without a signature. You should check before calling verify.");
        }

        $x509 = new X509Certificates();
        $x509->parse($paymentRequest->getPkiData());

        $qualifiedCert = $this->validateCertificateChain($x509);
        $validationResult = $qualifiedCert->getValidationResult();
        $this->validateX509Signature($validationResult->certificate(), $paymentRequest);

        return $validationResult;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Bip70\X509;
6
7		use Bip70\Exception\X509Exception;
8		use Bip70\X509\Exception\InvalidCertificateChainException;
9		use Bip70\X509\Exception\InvalidX509Signature;
10		use Bip70\Protobuf\Codec\NonDiscardingBinaryCodec;
11		use Bip70\Protobuf\Proto\PaymentRequest;
12		use Bip70\Protobuf\Proto\X509Certificates;
13		use Sop\CryptoBridge\Crypto;
14		use Sop\CryptoTypes\AlgorithmIdentifier\Feature\AsymmetricCryptoAlgorithmIdentifier;
15		use Sop\CryptoTypes\Signature\Signature;
16		use X509\Certificate\Certificate;
17		use X509\Certificate\CertificateBundle;
18		use X509\CertificationPath\CertificationPath;
19		use X509\CertificationPath\PathValidation\PathValidationConfig;
20
21		class RequestValidation
22		{
23		/**
24		* @var PathValidationConfig
25		*/
26		private $validationConfig;
27
28		/**
29		* @var CertificateBundle
30		*/
31		private $trustStore;
32
33		/**
34		* RequestValidation constructor.
35		* @param PathValidationConfig\|null $validationConfig
36		* @param CertificateBundle\|null $trustStore
37		*/
38	14	public function __construct(PathValidationConfig $validationConfig = null, CertificateBundle $trustStore = null)
39		{
40	14	if (null === $validationConfig) {
41	6	$validationConfig = PathValidationConfig::defaultConfig();
42		}
43
44	14	if (null === $trustStore) {
45	5	$trustStore = new CertificateBundle();
46		}
47
48	14	$this->validationConfig = $validationConfig;
49	14	$this->trustStore = $trustStore;
50	14	}
51
52		/**
53		* @param X509Certificates $x509
54		* @return \Bip70\X509\QualifiedCertificate
55		* @throws InvalidCertificateChainException
56		*/
57	8	public function validateCertificateChain(X509Certificates $x509)
58		{
59	8	if (!$x509->hasCertificate()) {
60	1	throw new \RuntimeException("No certificates in bundle");
61		}
62
63		/** @var Certificate[] $certificates */
64	7	$certificates = [];
65	7	foreach ($x509->getCertificateList() as $certDer) {
66	7	$certificates[] = Certificate::fromDER($certDer);
67		}
68
69	7	$endEntity = $certificates[0];
70	7	$intermediate = new CertificateBundle(...array_slice($certificates, 1));
71
72	7	return $this->validateCertificates($endEntity, $intermediate);
73		}
74
75		/**
76		* @param Certificate $certificate
77		* @param CertificateBundle $intermediate
78		* @return QualifiedCertificate
79		*/
80	7	public function validateCertificates(Certificate $certificate, CertificateBundle $intermediate): QualifiedCertificate
81		{
82	7	$path = CertificationPath::toTarget($certificate, $this->trustStore, $intermediate);
83	6	return new QualifiedCertificate($path, $path->validate($this->validationConfig));
84		}
85
86		/**
87		* @param Certificate $endEntity
88		* @param PaymentRequest $paymentRequest
89		* @throws InvalidX509Signature
90		* @throws X509Exception
91		*/
92	5	public function validateX509Signature(Certificate $endEntity, PaymentRequest $paymentRequest)
93		{
94	5	$subjectKey = $endEntity->tbsCertificate()->subjectPublicKeyInfo();
95
96		/** @var AsymmetricCryptoAlgorithmIdentifier $algOid */
97	5	$algOid = $subjectKey->algorithmIdentifier();
98	5	$signAlgorithm = SignatureAlgorithmFactory::getSignatureAlgorithm($paymentRequest->getPkiType(), $algOid);
99
100	4	$clone = new PaymentRequest();
101	4	if ($paymentRequest->hasPaymentDetailsVersion()) {
102	4	$clone->setPaymentDetailsVersion($paymentRequest->getPaymentDetailsVersion());
103		}
104
105	4	$clone->setPkiType($paymentRequest->getPkiType());
106	4	$clone->setPkiData($paymentRequest->getPkiData());
107	4	$clone->setSerializedPaymentDetails($paymentRequest->getSerializedPaymentDetails());
108	4	$clone->setSignature('');
109
110	4	$signData = $clone->serialize(new NonDiscardingBinaryCodec());
111	4	$signature = Signature::fromSignatureData($paymentRequest->getSignature(), $signAlgorithm);
112	4	if (!Crypto::getDefault()->verify($signData, $signature, $subjectKey, $signAlgorithm)) {
113	1	throw new InvalidX509Signature("Invalid signature on request");
114		}
115
116	3	return;
		0 ignored issues – show Coding Style introduced 2017-11-03 18:37 UTC by Report Bug Copy Issue Report Empty return statement not required here Loading history...
117		}
118
119		/**
120		* @param PaymentRequest $paymentRequest
121		* @return \X509\CertificationPath\PathValidation\PathValidationResult
122		*/
123	4	public function verifyX509Details(PaymentRequest $paymentRequest)
124		{
125	4	if (PKIType::NONE === $paymentRequest->getPkiType()) {
126	1	throw new X509Exception("Cannot verify a request without a signature. You should check before calling verify.");
127		}
128
129	3	$x509 = new X509Certificates();
130	3	$x509->parse($paymentRequest->getPkiData());
131
132	3	$qualifiedCert = $this->validateCertificateChain($x509);
133	3	$validationResult = $qualifiedCert->getValidationResult();
134	3	$this->validateX509Signature($validationResult->certificate(), $paymentRequest);
135
136	3	return $validationResult;
137		}
138		}
139

bip70 / bip70-php

Branch — master (48aedc)

RequestValidation A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like