Signature::verify() - Code Metrics - Inspection of "inline docs revisions" - o2system/security - Measure and Improve Code Quality continuously with Scrutinizer

Test Setup Failed

Push — master ( 500279...2f8c13 )

unknown

created 2019-02-09 04:10 UTC

Signature::verify() B

↳ Parent: Signature

Complexity

Conditions	10
Paths	10

Size

Total Lines	33
Code Lines	23

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	10
eloc	23
nc	10
nop	4
dl	0
loc	33
rs	7.6666
c	0
b	0
f	0

How to fix Complexity

<?php
/**
 * This file is part of the O2System Framework package.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author         Steeve Andrian Salim
 * @copyright      Copyright (c) Steeve Andrian Salim
 */

// ------------------------------------------------------------------------

namespace O2System\Security\Generators;

// ------------------------------------------------------------------------

use O2System\Security\Encryptions\Algorithm;
use O2System\Security\Encryptions\Hmac;

/**
 * Class Signature
 * @package O2System\Security\Generators
 */
class Signature
{
    /**
     * Signature::generate
     *
     * @param array  $segments
     * @param string $key
     * @param string $algorithm
     *
     * @return bool|string
     * @throws \O2System\Spl\Exceptions\Logic\DomainException
     */
    public static function generate(array $segments, $key, $algorithm = 'HS256')
    {
        if (count($segments) == 2) {
            $data = implode('.', $segments);

            if (Algorithm::validate($algorithm)) {
                list($function, $algorithm) = Algorithm::map($algorithm);

                switch ($function) {
                    case 'HMAC':
                        return Hmac::hash($algorithm, $data, $key, true);
                    case 'hash_hmac':
                        return hash_hmac($algorithm, $data, $key, true);
                    case 'openssl':
                        return openssl_sign($data, $signature, $key, $algorithm);
                }
            }
        }

        return false;
    }

    // ------------------------------------------------------------------------

    /**
     * Signature::verify
     *
     * Verify token with signature.
     *
     * @param string $token
     * @param string $signature
     * @param string $key
     * @param string $algorithm
     *
     * @return bool
     */
    public static function verify($token, $signature, $key, $algorithm = 'HS256')
    {
        $segments = explode('.', $token);
        $segments = array_map('trim', $segments);

        if (count($segments) == 3) {
            array_pop($segments);
            $data = implode('.', $segments);

            if (Algorithm::validate($algorithm)) {
                list($function, $algorithm) = Algorithm::map($algorithm);

                switch ($function) {
                    case 'HMAC':
                        return Hmac::hash($algorithm, $data, $key, true) === $signature;
                    case 'hash_hmac':
                        return hash_hmac($algorithm, $data, $key, true) === $signature;
                    case 'openssl':
                        switch ($algorithm) {
                            case 'RS256':
                                return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA1);
                            case 'RS256':
                                return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA256);
                            case 'RS384':
                                return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA384);
                            case 'RS512':
                                return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA512);
                        }
                }
            }
        }

        return false;
    }
}

GitHub Access Token became invalid

Push — master ( 500279...2f8c13 )

Signature::verify() B

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

1			<?php
2			/**
3			* This file is part of the O2System Framework package.
4			*
5			* For the full copyright and license information, please view the LICENSE
6			* file that was distributed with this source code.
7			*
8			* @author Steeve Andrian Salim
9			* @copyright Copyright (c) Steeve Andrian Salim
10			*/
11
12			// ------------------------------------------------------------------------
13
14			namespace O2System\Security\Generators;
15
16			// ------------------------------------------------------------------------
17
18			use O2System\Security\Encryptions\Algorithm;
19			use O2System\Security\Encryptions\Hmac;
20
21			/**
22			* Class Signature
23			* @package O2System\Security\Generators
24			*/
25			class Signature
26			{
27			/**
28			* Signature::generate
29			*
30			* @param array $segments
31			* @param string $key
32			* @param string $algorithm
33			*
34			* @return bool\|string
35			* @throws \O2System\Spl\Exceptions\Logic\DomainException
36			*/
37			public static function generate(array $segments, $key, $algorithm = 'HS256')
38			{
39			if (count($segments) == 2) {
40			$data = implode('.', $segments);
41
42			if (Algorithm::validate($algorithm)) {
43			list($function, $algorithm) = Algorithm::map($algorithm);
44
45			switch ($function) {
46			case 'HMAC':
47			return Hmac::hash($algorithm, $data, $key, true);
48			case 'hash_hmac':
49			return hash_hmac($algorithm, $data, $key, true);
50			case 'openssl':
51			return openssl_sign($data, $signature, $key, $algorithm);
52			}
53			}
54			}
55
56			return false;
57			}
58
59			// ------------------------------------------------------------------------
60
61			/**
62			* Signature::verify
63			*
64			* Verify token with signature.
65			*
66			* @param string $token
67			* @param string $signature
68			* @param string $key
69			* @param string $algorithm
70			*
71			* @return bool
72			*/
73			public static function verify($token, $signature, $key, $algorithm = 'HS256')
74			{
75			$segments = explode('.', $token);
76			$segments = array_map('trim', $segments);
77
78			if (count($segments) == 3) {
79			array_pop($segments);
80			$data = implode('.', $segments);
81
82			if (Algorithm::validate($algorithm)) {
83			list($function, $algorithm) = Algorithm::map($algorithm);
84
85			switch ($function) {
86			case 'HMAC':
87			return Hmac::hash($algorithm, $data, $key, true) === $signature;
88			case 'hash_hmac':
89			return hash_hmac($algorithm, $data, $key, true) === $signature;
90			case 'openssl':
91			switch ($algorithm) {
92			case 'RS256':
93			return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA1);
94			case 'RS256':
95			return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA256);
96			case 'RS384':
97			return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA384);
98			case 'RS512':
99			return (bool)openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA512);
100			}
101			}
102			}
103			}
104
105			return false;
106			}
107			}

o2system / security

GitHub Access Token became invalid

Push — master ( 500279...2f8c13 )

Signature::verify() B

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like