SecurityTrait::verifySign() - Code Metrics - Inspection of ": ) Update Alipay request class, some payments" - nilnice/payment - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( a6a7ae...bf6fd0 )

by i

created 2018-01-30 13:30 UTC

SecurityTrait::verifySign() B

↳ Parent: SecurityTrait

Complexity

Conditions	4
Paths	5

Size

Total Lines	31
Code Lines	18

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	20

Importance

Changes

Metric	Value
cc	4
eloc	18
nc	5
nop	4
dl	0
loc	31
ccs	0
cts	18
cp	0
crap	20
rs	8.5806
c	0
b	0
f	0

<?php

namespace Nilnice\Payment\Alipay\Traits;

use Illuminate\Support\Arr;
use Illuminate\Support\Str;
use Nilnice\Payment\Constant;
use Nilnice\Payment\Exception\InvalidKeyException;

trait SecurityTrait
{
    /**
     * Generate signature.
     *
     * @param array $array
     * @param null  $key

     *
     * @return string
     * @throws \Nilnice\Payment\Exception\InvalidKeyException
     */
    public static function generateSign(array $array, $key = null) : string
    {
        if ($key === null) {
            throw new InvalidKeyException(
                'Invalid Alipay [private key] configuration.',
                Constant::ALI_PAY_PRIVATE_KEY_INVALID
            );
        }

        if (Str::endsWith($key, '.pem')) {
            $key = openssl_pkey_get_private($key);
        } else {
            $key = self::getKey($key, false);
        }

        $data = self::getSignContent($array);
        openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA256);

        return base64_encode($sign);
    }

    /**
     * Get signature content.
     *
     * @param array $array
     * @param bool  $isVerify
     *
     * @return string
     */
    public static function getSignContent(
        array $array,
        $isVerify = false
    ) : string {
        $to = $array['charset'] ?? 'GB2312';
        $array = self::toEncoding($array, $to);
        ksort($array);

        $string = '';
        foreach ($array as $key => $val) {
            if ($isVerify && $key !== 'sign' && $key !== 'sign_type') {
                $string .= $key . '=' . $val . '&';
            }
            if (! $isVerify
                && $val !== ''
                && null !== $val
                && $key !== 'sign'
                && 0 !== strpos($val, '@')
            ) {
                $string .= $key . '=' . $val . '&';
            }
        }

        return rtrim($string, '&');
    }

    /**
     * Verify signature.
     *
     * @param array       $array
     * @param string|null $key
     * @param bool        $isSync
     * @param string|null $sign
     *
     * @return bool
     * @throws \Nilnice\Payment\Exception\InvalidKeyException
     */
    public static function verifySign(
        array $array,
        $key = null,
        $isSync = false,
        $sign = null
    ) : bool {
        if ($key === null) {
            throw new InvalidKeyException(
                'Invalid Alipay [public key] configuration.',
                Constant::ALI_PAY_PUBLIC_KEY_INVALID
            );
        }

        if (Str::endsWith($key, '.pem')) {
            $key = openssl_pkey_get_public($key);
        } else {
            $key = self::getKey($key);
        }

        $sign = $sign ?? Arr::get($array, 'sign');
        $data = $isSync
            ? mb_convert_encoding(
                json_encode($array, JSON_UNESCAPED_UNICODE),
                'GB2312',
                'UTF-8'
            )
            : self::getSignContent($array, true);
        $sign = base64_decode($sign);
        $result = openssl_verify($data, $sign, $key, OPENSSL_ALGO_SHA256) === 1;

        return $result === 1;
    }

    /**
     * To encoding.
     *
     * @param array  $array
     * @param string $to
     * @param string $from
     *
     * @return array
     */
    public static function toEncoding(
        array $array,
        $to = 'GB2312',
        $from = 'UTF-8'
    ) : array {
        $data = [];
        foreach ($array as $key => $val) {
            if (\is_array($val)) {
                $data[$key] = self::toEncoding((array)$val, $to, $from);
            } else {
                $data[$key] = mb_convert_encoding($val, $to, $from);
            }
        }

        return $data;
    }

    /**
     * Get key.
     *
     * @param string $key
     * @param bool   $isPublicKey
     *
     * @return string
     */
    public static function getKey(
        string $key,
        bool $isPublicKey = true
    ) : string {
        $char = $isPublicKey ? 'PUBLIC' : 'RSA PRIVATE';
        $format = "-----BEGIN %s KEY-----\n%s\n-----END %s KEY-----";
        $key = wordwrap($key, 64, PHP_EOL, true);
        $string = sprintf($format, $char, $key, $char);

        return $string;
    }
}


1		<?php
2
3		namespace Nilnice\Payment\Alipay\Traits;
4
5		use Illuminate\Support\Arr;
6		use Illuminate\Support\Str;
7		use Nilnice\Payment\Constant;
8		use Nilnice\Payment\Exception\InvalidKeyException;
9
10		trait SecurityTrait
11		{
12		/**
13		* Generate signature.
14		*
15		* @param array $array
16		* @param null $key
		0 ignored issues – show Documentation Bug introduced 2018-01-30 07:42 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$key` is correct as it would always require `null` to be passed? Loading history...
17		*
18		* @return string
19		* @throws \Nilnice\Payment\Exception\InvalidKeyException
20		*/
21	3	public static function generateSign(array $array, $key = null) : string
22		{
23	3	if ($key === null) {
24	3	throw new InvalidKeyException(
25	3	'Invalid Alipay [private key] configuration.',
26	3	Constant::ALI_PAY_PRIVATE_KEY_INVALID
27		);
28		}
29
30		if (Str::endsWith($key, '.pem')) {
31		$key = openssl_pkey_get_private($key);
32		} else {
33		$key = self::getKey($key, false);
34		}
35
36		$data = self::getSignContent($array);
37		openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA256);
38
39		return base64_encode($sign);
40		}
41
42		/**
43		* Get signature content.
44		*
45		* @param array $array
46		* @param bool $isVerify
47		*
48		* @return string
49		*/
50		public static function getSignContent(
51		array $array,
52		$isVerify = false
53		) : string {
54		$to = $array['charset'] ?? 'GB2312';
55		$array = self::toEncoding($array, $to);
56		ksort($array);
57
58		$string = '';
59		foreach ($array as $key => $val) {
60		if ($isVerify && $key !== 'sign' && $key !== 'sign_type') {
61		$string .= $key . '=' . $val . '&';
62		}
63		if (! $isVerify
64		&& $val !== ''
65		&& null !== $val
66		&& $key !== 'sign'
67		&& 0 !== strpos($val, '@')
68		) {
69		$string .= $key . '=' . $val . '&';
70		}
71		}
72
73		return rtrim($string, '&');
74		}
75
76		/**
77		* Verify signature.
78		*
79		* @param array $array
80		* @param string\|null $key
81		* @param bool $isSync
82		* @param string\|null $sign
83		*
84		* @return bool
85		* @throws \Nilnice\Payment\Exception\InvalidKeyException
86		*/
87		public static function verifySign(
88		array $array,
89		$key = null,
90		$isSync = false,
91		$sign = null
92		) : bool {
93		if ($key === null) {
94		throw new InvalidKeyException(
95		'Invalid Alipay [public key] configuration.',
96		Constant::ALI_PAY_PUBLIC_KEY_INVALID
97		);
98		}
99
100		if (Str::endsWith($key, '.pem')) {
101		$key = openssl_pkey_get_public($key);
102		} else {
103		$key = self::getKey($key);
104		}
105
106		$sign = $sign ?? Arr::get($array, 'sign');
107		$data = $isSync
108		? mb_convert_encoding(
109		json_encode($array, JSON_UNESCAPED_UNICODE),
110		'GB2312',
111		'UTF-8'
112		)
113		: self::getSignContent($array, true);
114		$sign = base64_decode($sign);
115		$result = openssl_verify($data, $sign, $key, OPENSSL_ALGO_SHA256) === 1;
116
117		return $result === 1;
118		}
119
120		/**
121		* To encoding.
122		*
123		* @param array $array
124		* @param string $to
125		* @param string $from
126		*
127		* @return array
128		*/
129		public static function toEncoding(
130		array $array,
131		$to = 'GB2312',
132		$from = 'UTF-8'
133		) : array {
134		$data = [];
135		foreach ($array as $key => $val) {
136		if (\is_array($val)) {
137		$data[$key] = self::toEncoding((array)$val, $to, $from);
138		} else {
139		$data[$key] = mb_convert_encoding($val, $to, $from);
140		}
141		}
142
143		return $data;
144		}
145
146		/**
147		* Get key.
148		*
149		* @param string $key
150		* @param bool $isPublicKey
151		*
152		* @return string
153		*/
154		public static function getKey(
155		string $key,
156		bool $isPublicKey = true
157		) : string {
158		$char = $isPublicKey ? 'PUBLIC' : 'RSA PRIVATE';
159		$format = "-----BEGIN %s KEY-----\n%s\n-----END %s KEY-----";
160		$key = wordwrap($key, 64, PHP_EOL, true);
161		$string = sprintf($format, $char, $key, $char);
162
163		return $string;
164		}
165		}
166

nilnice / payment

Push — master ( a6a7ae...bf6fd0 )

SecurityTrait::verifySign() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like