SignedElementTestTrait::testSignatures() - Code Metrics - Inspection of "Reorder library files" - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Push — master ( 567a59...2c10ef )

by Tim
created 2023-03-11 21:32 UTC
SignedElementTestTrait::testSignatures() C

↳ Parent: SignedElementTestTrait
Complexity

Conditions	10
Paths	16
Size

Total Lines	128
Code Lines	78
Duplication

Lines	0
Ratio	0 %
Importance

Changes
Metric	Value
cc	10
eloc	78
nc	16
nop	0
dl	0
loc	128
rs	6.6133
c	0
b	0
f	0
How to fix Long Method Complexity

<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\TestUtils;

use DOMDocument;
use Exception;
use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
use SimpleSAML\XMLSecurity\Exception\NoSignatureFoundException;
use SimpleSAML\XMLSecurity\Exception\SignatureVerificationFailedException;
use SimpleSAML\XMLSecurity\Exception\UnsupportedAlgorithmException;
use SimpleSAML\XMLSecurity\Key\PrivateKey;
use SimpleSAML\XMLSecurity\Key\X509Certificate as X509;
use SimpleSAML\XMLSecurity\XML\ds\KeyInfo;
use SimpleSAML\XMLSecurity\XML\ds\X509Certificate;
use SimpleSAML\XMLSecurity\XML\ds\X509Data;
use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;
use SimpleSAML\XMLSecurity\Utils\Certificate as CertificateUtils;

use function array_keys;
use function boolval;
use function class_exists;
use function hexdec;
use function sprintf;

/**
 * A trait providing basic tests for signed elements.
 *
 * Only to be used by classes extending \PHPUnit\Framework\TestCase. Make sure to assign the class name of the class
 * you are testing to the $testedClass property.
 *
 * @package simplesamlphp/xml-security
 */
trait SignedElementTestTrait
{
    /**
     * A base document that we can reuse in our tests.
     *
     * @var \DOMDocument|null
     */
    protected ?DOMDocument $xmlRepresentation = null;

    /**
     * The name of the class we are testing.
     *
     * @var class-string

     */
    protected string $testedClass;


    /**
     * Test signing / verifying
     */
    public function testSignatures(): void
    {
        if (!class_exists($this->testedClass)) {
            $this->markTestSkipped(
                   markTestSkipped(
                'Unable to run ' . self::class . '::testSignatures(). Please set ' . self::class
                . ':$testedClass to a class-string representing the XML-class being tested',
            );
        } elseif (empty($this->xmlRepresentation)) {
            $this->markTestSkipped(
                'Unable to run ' . self::class . '::testSignatures(). Please set ' . self::class
                . ':$xmlRepresentation to a DOMDocument representing the XML-class being tested',
            );
        } else {
            /** @psalm-var class-string|null */
            $testedClass = $this->testedClass;

            /** @psalm-var \DOMElement|null */
            $xmlRepresentation = $this->xmlRepresentation;

            $algorithms = array_keys(C::$RSA_DIGESTS);
            foreach ($algorithms as $algorithm) {
                if (
                    boolval(OPENSSL_VERSION_NUMBER >= hexdec('0x30000000')) === true
                    && ($algorithm === C::SIG_RSA_SHA1 || $algorithm === C::SIG_RSA_RIPEMD160)
                ) {
                    // OpenSSL 3.0 disabled SHA1 and RIPEMD160 support
                    continue;
                }

                //
                // sign with two certificates
                //
                $signer = (new SignatureAlgorithmFactory([]))->getAlgorithm(
                    $algorithm,
                    PEMCertificatesMock::getPrivateKey(PEMCertificatesMock::PRIVATE_KEY),
                );

                $keyInfo = new KeyInfo([
                    new X509Data([new X509Certificate(
                        PEMCertificatesMock::getPlainPublicKeyContents(PEMCertificatesMock::PUBLIC_KEY),
                    )]),
                    new X509Data([new X509Certificate(
                        PEMCertificatesMock::getPlainPublicKeyContents(PEMCertificatesMock::OTHER_PUBLIC_KEY),
                    )]),
                ]);

                $unsigned = $testedClass::fromXML($xmlRepresentation->documentElement);
                $unsigned->sign($signer, C::C14N_EXCLUSIVE_WITHOUT_COMMENTS, $keyInfo);
                $signed = $this->testedClass::fromXML($unsigned->toXML());
                $this->assertEquals(
                       assertEquals(
                    $algorithm,
                    $signed->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm(),
                );

                // verify signature
                $verifier = (new SignatureAlgorithmFactory([]))->getAlgorithm(
                    $signed->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm(),
                    PEMCertificatesMock::getPublicKey(PEMCertificatesMock::PUBLIC_KEY),
                );

                try {
                    $verified = $signed->verify($verifier);
                } catch (
                    NoSignatureFoundException |
                    InvalidArgumentException |
                    SignatureVerificationFailedException $s
                ) {
                    $this->fail(sprintf('%s:  %s', $algorithm, $e->getMessage()));
                           fail(sprintf('%s:  %s', $algorithm, $e->getMessage()));
                }
                $this->assertInstanceOf($this->testedClass, $verified);
                       assertInstanceOf($this->testedClass, $verified);

                $this->assertEquals(
                    PEMCertificatesMock::getPublicKey(PEMCertificatesMock::PUBLIC_KEY),
                    $verified->getVerifyingKey(),
                    sprintf('No validating certificate for algorithm: %s', $algorithm),
                );

                //
                // sign without certificates
                //
                $unsigned->sign($signer, C::C14N_EXCLUSIVE_WITHOUT_COMMENTS, null);
                $signed = $this->testedClass::fromXML($unsigned->toXML());

                // verify signature
                try {
                    $verified = $signed->verify($verifier);
                } catch (
                    NoSignatureFoundException |
                    InvalidArgumentException |
                    SignatureVerificationFailedException $e
                ) {
                    $this->fail(sprintf('%s:  %s', $algorithm, $e->getMessage()));
                }
                $this->assertInstanceOf($this->testedClass, $verified);

                $this->assertEquals(
                    PEMCertificatesMock::getPublicKey(PEMCertificatesMock::PUBLIC_KEY),
                    $verified->getVerifyingKey(),
                    sprintf('No validating certificate for algorithm: %s', $algorithm),
                );

                //
                // verify with wrong key
                //
                $signer = (new SignatureAlgorithmFactory([]))->getAlgorithm(
                    $algorithm,
                    PEMCertificatesMock::getPrivateKey(PEMCertificatesMock::OTHER_PRIVATE_KEY),
                );
                $unsigned->sign($signer, C::C14N_EXCLUSIVE_WITHOUT_COMMENTS, null);
                $signed = $this->testedClass::fromXML($unsigned->toXML());

                // verify signature
                try {
                    $verified = $signed->verify($verifier);
                    $this->fail('Signature validated correctly with wrong certificate.');
                } catch (
                    NoSignatureFoundException |
                    InvalidArgumentException |
                    SignatureVerificationFailedException $e
                ) {
                    $this->assertEquals('Failed to verify signature.', $e->getMessage());
                }
                $this->assertInstanceOf($this->testedClass, $verified);

                $this->assertEquals(
                    PEMCertificatesMock::getPublicKey(PEMCertificatesMock::PUBLIC_KEY),
                    $verified->getVerifyingKey(),
                    sprintf('No validating certificate for algorithm: %s', $algorithm),
                );
            }
        }
    }
}

simplesamlphp / xml-security

Push — master ( 567a59...2c10ef )

SignedElementTestTrait::testSignatures() C

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like
