JWS::load() - Code Metrics - Inspection of "update" - jafaronly/guarded-authentication-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 90db0f...396226 )

by Jafar

created 2018-04-04 07:33 UTC

JWS::load() C

↳ Parent: JWS

Complexity

Conditions	8
Paths	12

Size

Total Lines	33
Code Lines	17

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	8
eloc	17
nc	12
nop	3
dl	0
loc	33
rs	5.3846
c	0
b	0
f	0

<?php
/*
 * This file is part of the Guarded Authentication package.
 *
 * (c) Jafar Jabr <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner;

use InvalidArgumentException;
use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\Base64Encoder;
use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\Base64UrlSafeEncoder;
use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\EncoderInterface;
use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\SignerInterface;

/**
 * Class JWS.
 *
 * @author Jafar Jabr <[email protected]>
 */
class JWS extends JWT
{
    protected $signature;

    protected $isSigned = false;

    protected $originalToken;

    protected $encodedSignature;

    protected $encryptionEngine = 'OpenSSL';

    /**
     * Constructor.
     *
     * @param array $header An associative array of headers. The value can be any type accepted by json_encode or a JSON serializable object
     */
    public function __construct($header = [])
    {
        parent::__construct([], $header);
    }

    /**
     * Signs the JWS signininput.
     *
     * @param resource|string $key
     *
     * @return string
     */
    public function sign($key)
    {
        $this->signature = $this->getSigner()->sign($this->generateSigninInput(), $key);
        $this->isSigned  = true;

        return $this->signature;
    }

    /**
     * Returns the signature representation of the JWS.
     *
     * @return string
     */
    public function getSignature()
    {
        if ($this->isSigned()) {
            return $this->signature;
        }

        return;
    }

    /**
     * Checks whether the JSW has already been signed.
     *
     * @return bool
     */
    public function isSigned()
    {
        return (bool) $this->isSigned;
    }

    /**
     * Returns the string representing the JWT.
     *
     * @return string
     */
    public function getTokenString()
    {
        $signinInput = $this->generateSigninInput();

        return sprintf('%s.%s', $signinInput, $this->encoder->encode($this->getSignature()));
    }

    /**
     * Creates an instance of a JWS from a JWT.
     *
     * @param string           $jwsTokenString
     * @param bool             $allowUnsecure
     * @param EncoderInterface $encoder
     *
     * @return JWS
     *
     * @throws \InvalidArgumentException
     */
    public static function load(
        $jwsTokenString,
        $allowUnsecure = false,
        EncoderInterface $encoder = null
    ) {
        if (null === $encoder) {
            $encoder = strpbrk($jwsTokenString, '+/=') ? new Base64Encoder() : new Base64UrlSafeEncoder();
        }

        $parts = explode('.', $jwsTokenString);

        if (3 === count($parts)) {
            $header  = json_decode($encoder->decode($parts[0]), true);
            $payload = json_decode($encoder->decode($parts[1]), true);

            if (is_array($header) && is_array($payload)) {
                if ('none' === strtolower($header['alg']) && !$allowUnsecure) {
                    throw new InvalidArgumentException(sprintf('The token "%s" cannot be validated in a secure context, as it uses the unallowed "none" algorithm', $jwsTokenString));
                }

                $jws = new static($header);

                $jws->setEncoder($encoder)
                    ->setHeader($header)
                    ->setPayload($payload)
                    ->setOriginalToken($jwsTokenString)
                    ->setEncodedSignature($parts[2]);

                return $jws;
            }
        }

        throw new InvalidArgumentException(sprintf('The token "%s" is an invalid JWS', $jwsTokenString));
    }

    /**
     * Verifies that the internal signin input corresponds to the encoded
     * signature previously stored (@see JWS::load).
     *
     * @param resource|string $key
     * @param string          $algo The algorithms this JWS should be signed with. Use it if you want to restrict which algorithms you want to allow to be validated.
     *
     * @return bool
     */
    public function verify($key, $algo = null)
    {
        if (empty($key) || ($algo && $this->header['alg'] !== $algo)) {
            return false;
        }

        $decodedSignature = $this->encoder->decode($this->getEncodedSignature());
        $signinInput      = $this->getSigninInput();

        return $this->getSigner()->verify($key, $decodedSignature, $signinInput);
    }

    /**
     * Get the original token signin input if it exists, otherwise generate the
     * signin input for the current JWS.
     *
     * @return string
     */
    private function getSigninInput()
    {
        $parts = explode('.', $this->originalToken);

        if (count($parts) >= 2) {
            return sprintf('%s.%s', $parts[0], $parts[1]);
        }

        return $this->generateSigninInput();
    }

    /**
     * Sets the original base64 encoded token.
     *
     * @param string $originalToken
     *
     * @return JWS
     */
    private function setOriginalToken($originalToken)
    {
        $this->originalToken = $originalToken;

        return $this;
    }

    /**
     * Returns the base64 encoded signature.
     *
     * @return string
     */
    public function getEncodedSignature()
    {
        return $this->encodedSignature;
    }

    /**
     * Sets the base64 encoded signature.
     *
     * @param string $encodedSignature
     *
     * @return JWS
     */
    public function setEncodedSignature($encodedSignature)
    {
        $this->encodedSignature = $encodedSignature;

        return $this;
    }

    /**
     * Returns the signer responsible to encrypting / decrypting this JWS.
     *
     * @return SignerInterface
     *
     * @throws \InvalidArgumentException
     */
    protected function getSigner()
    {
        $signerClass = sprintf('Jafar\\Bundle\\GuardedAuthenticationBundle\\Api\\JWTSigner\\Signer\\%s\\%s', $this->encryptionEngine, $this->header['alg']);

        if (class_exists($signerClass)) {
            return new $signerClass();
        }

        throw new InvalidArgumentException(
            sprintf("The algorithm '%s' is not supported for %s", $this->header['alg'], $this->encryptionEngine)
        );
    }
}


1			<?php
2			/*
3			* This file is part of the Guarded Authentication package.
4			*
5			* (c) Jafar Jabr <[email protected]>
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*/
10
11			namespace Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner;
12
13			use InvalidArgumentException;
14			use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\Base64Encoder;
15			use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\Base64UrlSafeEncoder;
16			use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Base64\EncoderInterface;
17			use Jafar\Bundle\GuardedAuthenticationBundle\Api\JWTSigner\Signer\SignerInterface;
18
19			/**
20			* Class JWS.
21			*
22			* @author Jafar Jabr <[email protected]>
23			*/
24			class JWS extends JWT
25			{
26			protected $signature;
27
28			protected $isSigned = false;
29
30			protected $originalToken;
31
32			protected $encodedSignature;
33
34			protected $encryptionEngine = 'OpenSSL';
35
36			/**
37			* Constructor.
38			*
39			* @param array $header An associative array of headers. The value can be any type accepted by json_encode or a JSON serializable object
40			*/
41			public function __construct($header = [])
42			{
43			parent::__construct([], $header);
44			}
45
46			/**
47			* Signs the JWS signininput.
48			*
49			* @param resource\|string $key
50			*
51			* @return string
52			*/
53			public function sign($key)
54			{
55			$this->signature = $this->getSigner()->sign($this->generateSigninInput(), $key);
56			$this->isSigned = true;
57
58			return $this->signature;
59			}
60
61			/**
62			* Returns the signature representation of the JWS.
63			*
64			* @return string
65			*/
66			public function getSignature()
67			{
68			if ($this->isSigned()) {
69			return $this->signature;
70			}
71
72			return;
73			}
74
75			/**
76			* Checks whether the JSW has already been signed.
77			*
78			* @return bool
79			*/
80			public function isSigned()
81			{
82			return (bool) $this->isSigned;
83			}
84
85			/**
86			* Returns the string representing the JWT.
87			*
88			* @return string
89			*/
90			public function getTokenString()
91			{
92			$signinInput = $this->generateSigninInput();
93
94			return sprintf('%s.%s', $signinInput, $this->encoder->encode($this->getSignature()));
95			}
96
97			/**
98			* Creates an instance of a JWS from a JWT.
99			*
100			* @param string $jwsTokenString
101			* @param bool $allowUnsecure
102			* @param EncoderInterface $encoder
103			*
104			* @return JWS
105			*
106			* @throws \InvalidArgumentException
107			*/
108			public static function load(
109			$jwsTokenString,
110			$allowUnsecure = false,
111			EncoderInterface $encoder = null
112			) {
113			if (null === $encoder) {
114			$encoder = strpbrk($jwsTokenString, '+/=') ? new Base64Encoder() : new Base64UrlSafeEncoder();
115			}
116
117			$parts = explode('.', $jwsTokenString);
118
119			if (3 === count($parts)) {
120			$header = json_decode($encoder->decode($parts[0]), true);
121			$payload = json_decode($encoder->decode($parts[1]), true);
122
123			if (is_array($header) && is_array($payload)) {
124			if ('none' === strtolower($header['alg']) && !$allowUnsecure) {
125			throw new InvalidArgumentException(sprintf('The token "%s" cannot be validated in a secure context, as it uses the unallowed "none" algorithm', $jwsTokenString));
126			}
127
128			$jws = new static($header);
129
130			$jws->setEncoder($encoder)
131			->setHeader($header)
132			->setPayload($payload)
133			->setOriginalToken($jwsTokenString)
134			->setEncodedSignature($parts[2]);
135
136			return $jws;
137			}
138			}
139
140			throw new InvalidArgumentException(sprintf('The token "%s" is an invalid JWS', $jwsTokenString));
141			}
142
143			/**
144			* Verifies that the internal signin input corresponds to the encoded
145			* signature previously stored (@see JWS::load).
146			*
147			* @param resource\|string $key
148			* @param string $algo The algorithms this JWS should be signed with. Use it if you want to restrict which algorithms you want to allow to be validated.
149			*
150			* @return bool
151			*/
152			public function verify($key, $algo = null)
153			{
154			if (empty($key) \|\| ($algo && $this->header['alg'] !== $algo)) {
155			return false;
156			}
157
158			$decodedSignature = $this->encoder->decode($this->getEncodedSignature());
159			$signinInput = $this->getSigninInput();
160
161			return $this->getSigner()->verify($key, $decodedSignature, $signinInput);
162			}
163
164			/**
165			* Get the original token signin input if it exists, otherwise generate the
166			* signin input for the current JWS.
167			*
168			* @return string
169			*/
170			private function getSigninInput()
171			{
172			$parts = explode('.', $this->originalToken);
173
174			if (count($parts) >= 2) {
175			return sprintf('%s.%s', $parts[0], $parts[1]);
176			}
177
178			return $this->generateSigninInput();
179			}
180
181			/**
182			* Sets the original base64 encoded token.
183			*
184			* @param string $originalToken
185			*
186			* @return JWS
187			*/
188			private function setOriginalToken($originalToken)
189			{
190			$this->originalToken = $originalToken;
191
192			return $this;
193			}
194
195			/**
196			* Returns the base64 encoded signature.
197			*
198			* @return string
199			*/
200			public function getEncodedSignature()
201			{
202			return $this->encodedSignature;
203			}
204
205			/**
206			* Sets the base64 encoded signature.
207			*
208			* @param string $encodedSignature
209			*
210			* @return JWS
211			*/
212			public function setEncodedSignature($encodedSignature)
213			{
214			$this->encodedSignature = $encodedSignature;
215
216			return $this;
217			}
218
219			/**
220			* Returns the signer responsible to encrypting / decrypting this JWS.
221			*
222			* @return SignerInterface
223			*
224			* @throws \InvalidArgumentException
225			*/
226			protected function getSigner()
227			{
228			$signerClass = sprintf('Jafar\\Bundle\\GuardedAuthenticationBundle\\Api\\JWTSigner\\Signer\\%s\\%s', $this->encryptionEngine, $this->header['alg']);
229
230			if (class_exists($signerClass)) {
231			return new $signerClass();
232			}
233
234			throw new InvalidArgumentException(
235			sprintf("The algorithm '%s' is not supported for %s", $this->header['alg'], $this->encryptionEngine)
236			);
237			}
238			}
239

jafaronly / guarded-authentication-bundle

Push — master ( 90db0f...396226 )

JWS::load() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like