Issues in ContentEncryptionKeyFactory.php - All Issues - Inspection of "[smarcet]" - smarcet/JOSE4PHP - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 16bc05...356550 )

by sebastian

created 2016-04-05 20:35 UTC

src/jwe/impl/ContentEncryptionKeyFactory.php (10 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright 2015 OpenStack Foundation
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

namespace jwe\impl;

use jwa\cryptographic_algorithms\content_encryption\ContentEncryptionAlgorithm;
use jwa\cryptographic_algorithms\EncryptionAlgorithm;
use jwe\KeyManagementModeValues;
use security\Key;
use utils\services\Utils_Registry;

/**
 * Class ContentEncryptionKeyFactory
 *
 * Creates the CEK
 *
 * @package jwe\impl
 */
final class ContentEncryptionKeyFactory
{

    /**
     * @param Key $management_key
     * @param $key_management_mode
     * @param ContentEncryptionAlgorithm $enc
     * @return Key
     * @throws \Exception
     */
    static public function build(Key $management_key, $key_management_mode, ContentEncryptionAlgorithm $enc)

    {

        $cek = null;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        switch ($key_management_mode) {
            /**
             * When Key Wrapping, Key Encryption, or Key Agreement with Key
             * Wrapping are employed, generate a random CEK value
             */
            case KeyManagementModeValues::KeyWrapping:
            case KeyManagementModeValues::KeyEncryption:
            case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {
                // calculate it
                $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
                /**
                 * The CEK MUST have a length equal to that required for the
                 * content encryption algorithm.
                 */
                $rnd       = $generator->invoke($enc->getMinKeyLen()/8);

                $cek       = new _ContentEncryptionKey($enc->getName(), 'RAW', $rnd);
            }
            break;
            case KeyManagementModeValues::DirectEncryption:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {
                $cek = $management_key;
            }
            break;
            case KeyManagementModeValues::DirectKeyAgreement:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {
                throw new \Exception('unsupported KKM!');
            }
            break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
            default:
switch ($expr) {
    default: { //wrong
        doSomething();
        break;
    }
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}
            {
                throw new \Exception('unsupported KKM!');
            }
            break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
        }
        return $cek;
    }

    /**
     * @param string $value
     * @param EncryptionAlgorithm $alg
     * @return Key
     */
    static public function fromRaw($value, EncryptionAlgorithm $alg){

        return  new _ContentEncryptionKey($alg->getName(), 'RAW', $value);
    }
}

1			<?php
2			/**
3			* Copyright 2015 OpenStack Foundation
4			* Licensed under the Apache License, Version 2.0 (the "License");
5			* you may not use this file except in compliance with the License.
6			* You may obtain a copy of the License at
7			* http://www.apache.org/licenses/LICENSE-2.0
8			* Unless required by applicable law or agreed to in writing, software
9			* distributed under the License is distributed on an "AS IS" BASIS,
10			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11			* See the License for the specific language governing permissions and
12			* limitations under the License.
13			**/
14
15			namespace jwe\impl;
16
17			use jwa\cryptographic_algorithms\content_encryption\ContentEncryptionAlgorithm;
18			use jwa\cryptographic_algorithms\EncryptionAlgorithm;
19			use jwe\KeyManagementModeValues;
20			use security\Key;
21			use utils\services\Utils_Registry;
22
23			/**
24			* Class ContentEncryptionKeyFactory
25			*
26			* Creates the CEK
27			*
28			* @package jwe\impl
29			*/
30			final class ContentEncryptionKeyFactory
31			{
32
33			/**
34			* @param Key $management_key
35			* @param $key_management_mode
36			* @param ContentEncryptionAlgorithm $enc
37			* @return Key
38			* @throws \Exception
39			*/
40			static public function build(Key $management_key, $key_management_mode, ContentEncryptionAlgorithm $enc)
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the `static` declaration should come after the visibility declaration. Loading history...
41			{
42
43			$cek = null;
			0 ignored issues – show Unused Code introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$cek` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
44
45			switch ($key_management_mode) {
46			/**
47			* When Key Wrapping, Key Encryption, or Key Agreement with Key
48			* Wrapping are employed, generate a random CEK value
49			*/
50			case KeyManagementModeValues::KeyWrapping:
51			case KeyManagementModeValues::KeyEncryption:
52			case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
53			{
54			// calculate it
55			$generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
56			/**
57			* The CEK MUST have a length equal to that required for the
58			* content encryption algorithm.
59			*/
60			$rnd = $generator->invoke($enc->getMinKeyLen()/8);
			0 ignored issues – show Unused Code introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `IService::invoke()` has too many arguments starting with `$enc->getMinKeyLen() / 8`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
61			$cek = new _ContentEncryptionKey($enc->getName(), 'RAW', $rnd);
62			}
63			break;
64			case KeyManagementModeValues::DirectEncryption:
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
65			{
66			$cek = $management_key;
67			}
68			break;
69			case KeyManagementModeValues::DirectKeyAgreement:
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
70			{
71			throw new \Exception('unsupported KKM!');
72			}
73			break;
			0 ignored issues – show Unused Code introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
74			default:
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this DEFAULT statements must be defined using a colon As per the PSR-2 coding standard, default statements should not be wrapped in curly braces. switch ($expr) { default: { //wrong doSomething(); break; } } switch ($expr) { default: //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
75			{
76			throw new \Exception('unsupported KKM!');
77			}
78			break;
			0 ignored issues – show Unused Code introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
79			}
80			return $cek;
81			}
82
83			/**
84			* @param string $value
85			* @param EncryptionAlgorithm $alg
86			* @return Key
87			*/
88			static public function fromRaw($value, EncryptionAlgorithm $alg){
			0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per PSR2, the `static` declaration should come after the visibility declaration. Loading history...
89			return new _ContentEncryptionKey($alg->getName(), 'RAW', $value);
90			}
91			}

smarcet / JOSE4PHP

Push — master ( 16bc05...356550 )

src/jwe/impl/ContentEncryptionKeyFactory.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like