Signature::fromXML() - Code Metrics - Inspection of "Add ds:SignatureValue" - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Pull Request — master (#15)

by Jaime Pérez
created 2021-04-05 18:33 UTC
Signature::fromXML() B

↳ Parent: Signature
Complexity

Conditions	8
Paths	18
Size

Total Lines	57
Code Lines	31
Duplication

Lines	0
Ratio	0 %
Importance

Changes	2
Bugs	0	Features	0
Metric	Value
cc	8
eloc	31
c	2
b	0
f	0
nc	18
nop	1
dl	0
loc	57
rs	8.1795
How to fix Long Method

<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\XML\ds;

use DOMElement;
use Exception;
use SimpleSAML\Assert\Assert;
use SimpleSAML\XML\Exception\InvalidDOMElementException;
use SimpleSAML\XML\Utils as XMLUtils;
use SimpleSAML\XMLSecurity\Utils\Certificate;
use SimpleSAML\XMLSecurity\Utils\Security;
use SimpleSAML\XMLSecurity\XMLSecurityDSig;
use SimpleSAML\XMLSecurity\XMLSecurityKey;

/**
 * Wrapper class for XML signatures
 *
 * @package simplesamlphp/xml-security
 */
final class Signature extends AbstractDsElement
{
    /** @var string */
    protected string $algorithm;

    /** @var string[] */
    protected array $certificates = [];

    /** @var SignatureValue */
    protected SignatureValue $value;

    /** @var \SimpleSAML\XMLSecurity\XMLSecurityKey|null */
    protected ?XMLSecurityKey $key;

    /** @var \SimpleSAML\XMLSecurity\XMLSecurityDSig */
    protected XMLSecurityDSig $signer;


    /**
     * Signature constructor.
     *
     * @param string $algorithm
     * @param string[] $certificates
     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey|null $key
     *
     * @throws \Exception
     */
    public function __construct(
        string $algorithm,
        SignatureValue $value,
        /** @scrutinizer ignore-unused */ SignatureValue $value,
        array $certificates = [],
        ?XMLSecurityKey $key = null
    ) {
        $this->setAlgorithm($algorithm);
        $this->setCertificates($certificates);
        $this->setKey($key);

        $this->signer = new XMLSecurityDSig();
        $this->signer->idKeys[] = 'ID';
    }


    /**
     * Get the algorithm used by this signature.
     *
     * @return string
     */
    public function getAlgorithm(): string
    {
        return $this->algorithm;
    }


    /**
     * Set the algorithm used by this signature.
     *
     * @param string $algorithm
     */
    protected function setAlgorithm(string $algorithm): void
    {
        Assert::notEmpty($algorithm, 'Signature algorithm cannot be empty');
        $this->algorithm = $algorithm;
    }


    /**
     * Get the array of certificates attached to this signature.
     *
     * @return string[]
     */
    public function getCertificates(): array
    {
        return $this->certificates;
    }


    /**
     * Set the array of certificates (in PEM format) attached to this signature.
     *
     * @param string[] $certificates
     */
    protected function setCertificates(array $certificates): void
    {
        Assert::allStringNotEmpty($certificates, 'Cannot add empty certificates.');
        Assert::allTrue(
            array_map([Certificate::class, 'hasValidStructure'], $certificates),
            'One or more certificates have an invalid format.'
        );
        $this->certificates = $certificates;
    }


    /**
     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey|null $key
     */
    protected function setKey(?XMLSecurityKey $key): void
    {
        if ($key !== null) {
            Assert::eq($this->algorithm, $key->getAlgorithm(), 'Key type does not match signature algorithm.');
        }
        $this->key = $key;
    }


    /**
     * Get the SignatureValue corresponding to this signature.
     *
     * @return SignatureValue
     */
    public function getSignatureValue(): SignatureValue
    {
        return $this->value;
    }


    /**
     * Set the SignatureValue.
     *
     * @param SignatureValue $value
     */
    protected function setSignatureValue(SignatureValue $value): void
    {
        $this->value = $value;
    }


    /**
     * @return XMLSecurityDSig
     */
    public function getSigner(): XMLSecurityDSig
    {
        return $this->signer;
    }


    /**
     * @param DOMElement $xml
     *
     * @return \SimpleSAML\XML\AbstractXMLElement
     * @throws \Exception
     *
     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
     *   If the qualified name of the supplied element is wrong
     * @throws \SimpleSAML\XML\Exception\MissingAttributeException
     *   If the supplied signature is missing an Algorithm attribute
     */
    public static function fromXML(DOMElement $xml): object
    {
        Assert::same($xml->localName, 'Signature', InvalidDOMElementException::class);
        Assert::same($xml->namespaceURI, Signature::NS, InvalidDOMElementException::class);

        $parent = $xml->parentNode;

        $sigMethod = XMLUtils::xpQuery($xml, './ds:SignedInfo/ds:SignatureMethod');
        Assert::notEmpty($sigMethod, 'Missing ds:SignatureMethod element.');
        /** @var \DOMElement $sigMethod */
        $sigMethod = $sigMethod[0];
        Assert::true(
            $sigMethod->hasAttribute('Algorithm'),
            'Missing "Algorithm" attribute on ds:SignatureMethod element.'
        );

        // now we extract all available X509 certificates in the signature element
        $certificates = [];
        foreach (XMLUtils::xpQuery($xml, './ds:KeyInfo/ds:X509Data/ds:X509Certificate') as $certNode) {
            $certificates[] = Certificate::convertToCertificate(
                str_replace(["\r", "\n", "\t", ' '], '', trim($certNode->textContent))
            );
        }

        $value = SignatureValue::getChildrenOfClass($xml);
        Assert::count($value, 1, 'ds:Signature needs exactly one ds:SignatureValue');

        $signature = new self(self::getAttribute($sigMethod, 'Algorithm'), $value[0], $certificates);

        $signature->signer->sigNode = $xml;

        // canonicalize the XMLDSig SignedInfo element in the message
        $signature->signer->canonicalizeSignedInfo();

        // validate referenced xml nodes
        if (!$signature->signer->validateReference()) {
            throw new Exception('Digest validation failed.');
        }

        // check that $root is one of the signed nodes
        $rootSigned = false;
        /** @var \DOMNode $signedNode */
        foreach ($signature->signer->getValidatedNodes() as $signedNode) {
            if ($signedNode->isSameNode($parent)) {
                $rootSigned = true;
                break;
            } elseif ($parent->parentNode instanceof \DOMDocument && $signedNode->isSameNode($parent->ownerDocument)) {
                // $parent is the root element of a signed document
                $rootSigned = true;
                break;
            }
        }
        if (!$rootSigned) {
            throw new Exception('The parent element is not signed.');
        }

        return $signature;
    }


    /**
     * @param \DOMElement|null $parent
     *
     * @return \DOMElement
     *
     * @psalm-suppress MoreSpecificReturnType
     */
    public function toXML(DOMElement $parent = null): DOMElement
    {
        Assert::notNull($parent, 'Cannot create a Signature without anything to sign.');
        Assert::notNull($this->key, 'Cannot sign without a signing key.');

        // find first child element
        $childElements = XMLUtils::xpQuery($parent, './*');
        $childElements = XMLUtils::xpQuery(/** @scrutinizer ignore-type */ $parent, './*');
        $firstChildElement = null;
        if (count($childElements) > 0) {
            $firstChildElement = $childElements[0];
        }

        Security::insertSignature($this->key, $this->certificates, $parent, $firstChildElement);
        Security::insertSignature($this->key, $this->certificates, /** @scrutinizer ignore-type */ $parent, $firstChildElement);

        /** @psalm-suppress LessSpecificReturnStatement */
        return XMLUtils::xpQuery($parent, './ds:Signature')[0];
    }
}

simplesamlphp / xml-security

Pull Request — master (#15)

Signature::fromXML() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like
