JwtValidator - Code Metrics - madwizard-org/webauthn-server - Measure and Improve Code Quality continuously with Scrutinizer

JwtValidator A
last analyzed 2025-02-14 10:50 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	61
Duplicated Lines	0 %

Test Coverage

Coverage

95.83%

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	27
c	1
b	0
f	0
dl	0
loc	61
ccs	23
cts	24
cp	0.9583
rs	10
wmc	8

4 Methods

Rating	Name	Size	Complexity
A	validateAlgorithm()	7	2
A	__construct()	2	1
A	validate()	21	2
A	convertSignature()	13	3

<?php

namespace MadWizard\WebAuthn\Pki\Jwt;

use MadWizard\WebAuthn\Crypto\Der;
use MadWizard\WebAuthn\Exception\ParseException;
use MadWizard\WebAuthn\Exception\VerificationException;
use MadWizard\WebAuthn\Format\ByteBuffer;

final class JwtValidator implements JwtValidatorInterface
{
    private const ALG_INFO =
        [
            'ES256' => ['convert' => true, 'sigComponentLen' => 32],
            'ES384' => ['convert' => true, 'sigComponentLen' => 48],
            'ES512' => ['convert' => true, 'sigComponentLen' => 66],
            'RS256' => ['convert' => false],
            'RS384' => ['convert' => false],
            'RS512' => ['convert' => false],
        ];

    public function __construct()
    {
    }

    public function validate(JwtInterface $token, ValidationContext $context): array
    {
        // TODO: validate other header items
        $header = $token->getHeader();
        $alg = $this->validateAlgorithm($header, $context);

        $asn1Sig = $this->convertSignature($token->getSignature(), $alg);
        if (!$context->getKey()->verifySignature($token->getSignedData(), $asn1Sig)) {
            throw new VerificationException('Invalid signature.');
        }
        /* TODO
                $now = $context->getReferenceUnixTime();

                $exp = $header['exp'] ?? null;
                if ($exp !== null) {
                    if (!is_int($exp)) {
                        throw new VerificationException('Invalid "exp" header value.');
                    }
                }
        */
        return $token->getBody();
    }

    private function convertSignature(ByteBuffer $signature, string $algorithm): ByteBuffer
    {
        $algInfo = self::ALG_INFO[$algorithm];
        if (!$algInfo['convert']) {
            return $signature;
        }
        $componentLen = $algInfo['sigComponentLen'];
        if ($signature->getLength() !== ($componentLen * 2)) {
            throw new ParseException(sprintf('Invalid signature length %d.', $signature->getLength()));
        }
        $r = $signature->getBytes(0, $componentLen);
        $s = $signature->getBytes($componentLen, $componentLen);
        return new ByteBuffer(Der::sequence(Der::unsignedInteger($r) . Der::unsignedInteger($s)));
    }

    private function validateAlgorithm(array $header, ValidationContext $ctx): string
    {
        $alg = $header['alg'] ?? null;
        if (in_array($alg, $ctx->getAllowedAlgorithms(), true)) {
            return $alg;

        }
        throw new VerificationException('Algorithm not allowed.');
    }
}


1		<?php
2
3		namespace MadWizard\WebAuthn\Pki\Jwt;
4
5		use MadWizard\WebAuthn\Crypto\Der;
6		use MadWizard\WebAuthn\Exception\ParseException;
7		use MadWizard\WebAuthn\Exception\VerificationException;
8		use MadWizard\WebAuthn\Format\ByteBuffer;
9
10		final class JwtValidator implements JwtValidatorInterface
11		{
12		private const ALG_INFO =
13		[
14		'ES256' => ['convert' => true, 'sigComponentLen' => 32],
15		'ES384' => ['convert' => true, 'sigComponentLen' => 48],
16		'ES512' => ['convert' => true, 'sigComponentLen' => 66],
17		'RS256' => ['convert' => false],
18		'RS384' => ['convert' => false],
19		'RS512' => ['convert' => false],
20		];
21
22	7	public function __construct()
23		{
24	7	}
25
26	5	public function validate(JwtInterface $token, ValidationContext $context): array
27		{
28		// TODO: validate other header items
29	5	$header = $token->getHeader();
30	5	$alg = $this->validateAlgorithm($header, $context);
31
32	4	$asn1Sig = $this->convertSignature($token->getSignature(), $alg);
33	4	if (!$context->getKey()->verifySignature($token->getSignedData(), $asn1Sig)) {
34	2	throw new VerificationException('Invalid signature.');
35		}
36		/* TODO
37		$now = $context->getReferenceUnixTime();
38
39		$exp = $header['exp'] ?? null;
40		if ($exp !== null) {
41		if (!is_int($exp)) {
42		throw new VerificationException('Invalid "exp" header value.');
43		}
44		}
45		*/
46	2	return $token->getBody();
47		}
48
49	4	private function convertSignature(ByteBuffer $signature, string $algorithm): ByteBuffer
50		{
51	4	$algInfo = self::ALG_INFO[$algorithm];
52	4	if (!$algInfo['convert']) {
53	2	return $signature;
54		}
55	2	$componentLen = $algInfo['sigComponentLen'];
56	2	if ($signature->getLength() !== ($componentLen * 2)) {
57		throw new ParseException(sprintf('Invalid signature length %d.', $signature->getLength()));
58		}
59	2	$r = $signature->getBytes(0, $componentLen);
60	2	$s = $signature->getBytes($componentLen, $componentLen);
61	2	return new ByteBuffer(Der::sequence(Der::unsignedInteger($r) . Der::unsignedInteger($s)));
62		}
63
64	5	private function validateAlgorithm(array $header, ValidationContext $ctx): string
65		{
66	5	$alg = $header['alg'] ?? null;
67	5	if (in_array($alg, $ctx->getAllowedAlgorithms(), true)) {
68	4	return $alg;
		0 ignored issues – show Bug Best Practice introduced 2020-07-19 15:19 UTC by Report Bug Copy Issue Report The expression `return $alg` could return the type `null` which is incompatible with the type-hinted return `string`. Consider adding an additional type-check to rule them out. Loading history...
69		}
70	1	throw new VerificationException('Algorithm not allowed.');
71		}
72		}
73

madwizard-org / webauthn-server

JwtValidator A last analyzed 2025-02-14 10:50 UTC

Complexity

Size/Duplication

Test Coverage

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

JwtValidator A
last analyzed 2025-02-14 10:50 UTC