yrc\web\ncryptf\JsonParser

Complexity

Total Complexity

16

Size/Duplication

Total Lines	132
Duplicated Lines	0 %

Importance

Changes

0

4 Methods

Rating	Name	Duplication	Size	Complexity
A	getEncryptionKey()	0	19	3
A	decryptRequest()	0	32	5
A	getDecryptedBody()	0	3	1
B	parse()	0	38	7

<?php declare(strict_types=1);

namespace yrc\web\ncryptf;

use InvalidArgumentException;
use ncryptf\Request;
use ncryptf\Response;
use ncryptf\exceptions\DecryptionFailedException;
use ncryptf\exceptions\InvalidSignatureException;
use ncryptf\exceptions\InvalidChecksumException;
use ncryptf\middleware\EncryptionKeyInterface;

The type ncryptf\middleware\EncryptionKeyInterface was not found. Maybe you did not declare it correctly or list all dependencies?

use yrc\models\redis\EncryptionKey;
use yrc\web\Request as YiiRequest;
use yii\base\Exception;
use yii\base\InvalidParamException;
use yii\helpers\Json;
use yii\web\BadRequestHttpException;
use Yii;

/**
 * Parses vnd.ncryptf+json
 * @class Ncryptf JsonParser
 */
class JsonParser extends \yii\web\JsonParser
{
    private $decryptedBody;

    /**
     * Returns the decrypted response
     *
     * @return string
     */
    public function getDecryptedBody() :? string
    {
        return $this->decryptedBody;
    }

    /**
     * Parses vnd.ncryptf+json
     *
     * @param string  $rawBody
     * @param string $contentType
     * @return mixed
     */
    public function parse($rawBody, $contentType)
    {
        if ($contentType === 'application/vnd.25519+json') {
            Yii::warning([
                'message' => '`application/vnd.25519+json` content type is deprecated. Migrate to `application/vnd.ncryptf+json'
            ]);
        }

        if ($rawBody === '') {
            $this->decryptedBody = '';
            return [];
        }

        $request = Yii::$app->request;

It seems like Yii::app->request can also be of type yii\web\Request. However, the property $request is declared as type yii\console\Request. Maybe add an additional type check?

        $version = Response::getVersion(\base64_decode($rawBody));
        $key = $this->getEncryptionKey($request);

It seems like $request can also be of type yii\console\Request; however, parameter $request of yrc\web\ncryptf\JsonParser::getEncryptionKey() does only seem to accept yrc\web\Request, maybe add an additional type check?

        try {
            $this->decryptedBody = $this->decryptRequest($key, $request, $rawBody, $version);
        } catch (DecryptionFailedException | InvalidArgumentException | InvalidSignatureException | InvalidChecksumException $e) {
            throw new BadRequestHttpException(Yii::t('yrc', 'Unable to decrypt response.'));
        } catch (\Exception $e) {
            Yii::warning([
                'message' => 'An unexpected error occured when decryption the response. See attached exception',
                'exception' => $e
            ]);

            throw new BadRequestHttpException(Yii::t('yrc', 'Unable to decrypt response.'));
        }

        try {
            $parameters = Json::decode($this->decryptedBody, $this->asArray);
            return $parameters ?? [];
        } catch (InvalidParamException $e) {
            if ($this->throwException) {
                throw new BadRequestHttpException('Invalid JSON data in request body: ' . $e->getMessage());
            }
            return [];
        }
    }

    /**
     * Decrypts the request using a given encryption key and request parameters
     *
     * @param EncryptionKeyInterface $key
     * @param \yrc\web\Request $request
     * @param string $rawBody
     * @param string $version
     * @return string
     */
    private function decryptRequest(EncryptionKeyInterface $key, \yrc\web\Request $request, string $rawBody, int $version)
    {
        static $response = null;
        static $nonce = null;
        static $publicKey = null;

        $response = new Response(
            $key->getBoxSecretKey()
        );

        if ($version === 1) {
            $publicKey = $request->headers->get('x-pubkey', null);
            $nonce = $request->headers->get('x-nonce', null);

            if ($publicKey === null || $nonce === null) {

The condition $nonce === null is always false.

                throw new Exception(Yii::t('yrc', 'Missing nonce or public key header. Unable to decrypt request.'));
            }
            $nonce = \base64_decode($nonce);

It seems like $nonce can also be of type array; however, parameter $data of base64_decode() does only seem to accept string, maybe add an additional type check?

            $publicKey = \base64_decode($publicKey);
        }

        $decryptedRequest = $response->decrypt(
            \base64_decode($rawBody),
            $publicKey,
            $nonce
        );

        if ($key->isEphemeral()) {
            $key->delete();
        }

        return $decryptedRequest;
    }

    /**
     * Fetches the local encryption key from the data provided in the request
     *
     * @param \yrc\web\Request $request
     * @param string $rawBody
     * @param integer $version
     * @return EncryptionKey
     */
    private function getEncryptionKey(\yrc\web\Request $request) : EncryptionKey
    {
        $lookup = $request->headers->get('x-hashid', null);
        if ($lookup === null) {

The condition $lookup === null is always false.

            Yii::warning([
                'message' => 'X-HashId missing on request. Unable to decrypt response.'
            ]);
            throw new Exception(Yii::t('yrc', 'Unable to decrypt response.'));
        }

        $key = EncryptionKey::find()->where([
            'hash' => $lookup
        ])->one();

        if ($key === null) {
            throw new Exception(Yii::t('yrc', 'Unable to decrypt response.'));
        }

        return $key;

The expression return $key returns the type array which is incompatible with the type-hinted return yrc\models\redis\EncryptionKey.

    }
}