XMLSecurityDSig::validateReference() - Code Metrics - Inspection of "Overload getXPathObj" - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c9beea...94f99b )

by Tim

created 2021-01-15 19:49 UTC

XMLSecurityDSig::validateReference() A

↳ Parent: Project

Complexity

Conditions	6
Paths	12

Size

Total Lines	29
Code Lines	16

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	6
eloc	16
c	1
b	0
f	0
nc	12
nop	0
dl	0
loc	29
rs	9.1111

<?php

use DOMXPath;

namespace SimpleSAML\XMLSecurity;

/**
 * xmlseclibs.php
 *
 * Copyright (c) 2007-2017, Robert Richards <[email protected]>.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *
 *   * Neither the name of Robert Richards nor the names of his
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * @copyright 2007-2017 Robert Richards <[email protected]>
 * @license   http://www.opensource.org/licenses/bsd-license.php  BSD License
 */

class XMLSecurityDSig extends \RobRichards\XMLSecLibs\XMLSecurityDSig
{
    /** @var string */
    private $prefix = '';


    /**
     * @return bool
     * @throws Exception
     */
    public function validateReference()
    {
        $sigNode = $this->sigNode;
        $docElem = $sigNode->ownerDocument->documentElement;

        // enveloped signature, remove it
        if (!$docElem->isSameNode($sigNode)) {
            if ($sigNode->parentNode !== null) {
                $sigNode->parentNode->removeChild($sigNode);
            }
        }
        $xpath = $this->getXPathObj();
        $query = "./secdsig:SignedInfo[1]/secdsig:Reference";
        $nodeset = $xpath->query($query, $sigNode);
        if ($nodeset->length < 1) {
            throw new Exception("Reference nodes not found");
        }

        /* Initialize/reset the list of validated nodes. */
        $this->validatedNodes = [];

        foreach ($nodeset as $refNode) {
            if (!$this->processRefNode($refNode)) {
                /* Clear the list of validated nodes. */
                $this->validatedNodes = null;
                throw new Exception("Reference validation failed");
            }
        }
        return true;
    }


    /**
     * Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
     *
     * @return DOMXPath|null
     */
    private function getXPathObj()
    {
        if (empty($this->xPathCtx) && ! empty($this->sigNode)) {
            $xpath = new DOMXPath($this->sigNode->ownerDocument);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
            $this->xPathCtx = $xpath;
        }
        return $this->xPathCtx;
    }


    /**
     * Reset the XPathObj to null
     */
    private function resetXPathObj()
    {
        $this->xPathCtx = null;
    }
}



1			<?php
2
3			use DOMXPath;
4
5			namespace SimpleSAML\XMLSecurity;
6
7			/**
8			* xmlseclibs.php
9			*
10			* Copyright (c) 2007-2017, Robert Richards <[email protected]>.
11			* All rights reserved.
12			*
13			* Redistribution and use in source and binary forms, with or without
14			* modification, are permitted provided that the following conditions
15			* are met:
16			*
17			* * Redistributions of source code must retain the above copyright
18			* notice, this list of conditions and the following disclaimer.
19			*
20			* * Redistributions in binary form must reproduce the above copyright
21			* notice, this list of conditions and the following disclaimer in
22			* the documentation and/or other materials provided with the
23			* distribution.
24			*
25			* * Neither the name of Robert Richards nor the names of his
26			* contributors may be used to endorse or promote products derived
27			* from this software without specific prior written permission.
28			*
29			* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
30			* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
31			* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
32			* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
33			* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
34			* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
35			* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
36			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
37			* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
39			* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
40			* POSSIBILITY OF SUCH DAMAGE.
41			*
42			* @copyright 2007-2017 Robert Richards <[email protected]>
43			* @license http://www.opensource.org/licenses/bsd-license.php BSD License
44			*/
45
46			class XMLSecurityDSig extends \RobRichards\XMLSecLibs\XMLSecurityDSig
47			{
48			/** @var string */
49			private $prefix = '';
50
51
52			/**
53			* @return bool
54			* @throws Exception
55			*/
56			public function validateReference()
57			{
58			$sigNode = $this->sigNode;
59			$docElem = $sigNode->ownerDocument->documentElement;
60
61			// enveloped signature, remove it
62			if (!$docElem->isSameNode($sigNode)) {
63			if ($sigNode->parentNode !== null) {
64			$sigNode->parentNode->removeChild($sigNode);
65			}
66			}
67			$xpath = $this->getXPathObj();
68			$query = "./secdsig:SignedInfo[1]/secdsig:Reference";
69			$nodeset = $xpath->query($query, $sigNode);
70			if ($nodeset->length < 1) {
71			throw new Exception("Reference nodes not found");
72			}
73
74			/* Initialize/reset the list of validated nodes. */
75			$this->validatedNodes = [];
76
77			foreach ($nodeset as $refNode) {
78			if (!$this->processRefNode($refNode)) {
79			/* Clear the list of validated nodes. */
80			$this->validatedNodes = null;
81			throw new Exception("Reference validation failed");
82			}
83			}
84			return true;
85			}
86
87
88			/**
89			* Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
90			*
91			* @return DOMXPath\|null
92			*/
93			private function getXPathObj()
94			{
95			if (empty($this->xPathCtx) && ! empty($this->sigNode)) {
96			$xpath = new DOMXPath($this->sigNode->ownerDocument);
97			$xpath->registerNamespace('secdsig', self::XMLDSIGNS);
98			$this->xPathCtx = $xpath;
99			}
100			return $this->xPathCtx;
101			}
102
103
104			/**
105			* Reset the XPathObj to null
106			*/
107			private function resetXPathObj()
108			{
109			$this->xPathCtx = null;
110			}
111			}
			0 ignored issues – show Bug introduced 2021-01-15 19:51 UTC by Report Bug Copy Issue Report A parse error occurred: Namespace declaration statement has to be the very first statement in the script Loading history...
112

simplesamlphp / xml-security

Push — master ( c9beea...94f99b )

XMLSecurityDSig::validateReference() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like