JWS - Code Metrics - Inspection of "Add tests" - sop/jwx - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 70b15e...4c8633 )

by Joni

created 2016-06-16 12:44 UTC

JWS A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	255
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	8

Test Coverage

Coverage

100%

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
wmc	28
c	1
b	0
f	1
lcom	2
cbo	8
dl	0
loc	255
ccs	78
cts	78
cp	1
rs	10

17 Methods

Rating	Name	Size	Complexity
A	__construct()	7	1
A	fromCompact()	3	1
A	fromParts()	12	4
A	sign()	20	4
A	header()	3	1
A	algorithmName()	5	1
A	isUnsecured()	3	1
A	payload()	3	1
A	signature()	3	1
A	_encodedPayload()	7	3
A	validate()	7	2
A	validateWithJWK()	4	1
A	validateWithJWKSet()	5	1
A	toCompact()	5	1
A	toCompactDetached()	4	1
A	_generateSignatureInput()	6	3
A	__toString()	3	1

<?php

namespace JWX\JWS;

use JWX\JWA\JWA;
use JWX\JWK\JWK;
use JWX\JWK\JWKSet;
use JWX\JWS\Algorithm\SignatureAlgorithmFactory;
use JWX\JWT\Header\Header;
use JWX\JWT\Header\JOSE;
use JWX\JWT\Parameter\CriticalParameter;
use JWX\JWT\Parameter\RegisteredJWTParameter;
use JWX\Util\Base64;


/**
 * Class to represent JWS structure.
 *
 * @link https://tools.ietf.org/html/rfc7515#section-3
 */
class JWS
{
	/**
	 * Protected header.
	 *
	 * @var Header $_protectedHeader
	 */
	protected $_protectedHeader;
	
	/**
	 * Payload.
	 *
	 * @var string $_payload
	 */
	protected $_payload;
	
	/**
	 * Input value for the signature computation.
	 *
	 * @var string $_signatureInput
	 */
	protected $_signatureInput;
	
	/**
	 * Signature.
	 *
	 * @var string $_signature
	 */
	protected $_signature;
	
	/**
	 * Constructor
	 *
	 * @param Header $protected_header JWS Protected Header
	 * @param string $payload JWS Payload
	 * @param string $signature_input Input value for the signature computation
	 * @param string $signature JWS Signature
	 */
	protected function __construct(Header $protected_header, $payload, 
			$signature_input, $signature) {
		$this->_protectedHeader = $protected_header;
		$this->_payload = $payload;
		$this->_signatureInput = $signature_input;
		$this->_signature = $signature;
	}
	
	/**
	 * Initialize from a compact serialization.
	 *
	 * @param string $data
	 * @return self
	 */
	public static function fromCompact($data) {
		return self::fromParts(explode(".", $data));
	}
	
	/**
	 * Initialize from the parts of a compact serialization.
	 *
	 * @param array $parts
	 * @throws \UnexpectedValueException
	 * @return self
	 */
	public static function fromParts(array $parts) {
		if (count($parts) != 3) {
			throw new \UnexpectedValueException(
				"Invalid JWS compact serialization.");
		}
		$header = Header::fromJSON(Base64::urlDecode($parts[0]));
		$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
		$payload = $b64 ? Base64::urlDecode($parts[1]) : $parts[1];
		$signature_input = $parts[0] . "." . $parts[1];
		$signature = Base64::urlDecode($parts[2]);
		return new self($header, $payload, $signature_input, $signature);
	}
	
	/**
	 * Initialize by signing the payload with given algorithm.
	 *
	 * @param string $payload JWS Payload
	 * @param SignatureAlgorithm $algo Signature algorithm
	 * @param Header|null $header Desired header. Algorithm specific
	 *        parameters are added automatically.
	 * @throws \RuntimeException If signature computation fails
	 * @return self
	 */
	public static function sign($payload, SignatureAlgorithm $algo, 
			Header $header = null) {
		if (!isset($header)) {
			$header = new Header();
		}
		$header = $header->withParameters(...$algo->headerParameters());
		// ensure that if b64 parameter is used, it's marked critical
		if ($header->hasB64Payload()) {
			if (!$header->hasCritical()) {
				$crit = new CriticalParameter(RegisteredJWTParameter::P_B64);
			} else {
				$crit = $header->critical()->withParamName(
					RegisteredJWTParameter::P_B64);
			}
			$header = $header->withParameters($crit);
		}
		$signature_input = self::_generateSignatureInput($payload, $header);
		$signature = $algo->computeSignature($signature_input);
		return new self($header, $payload, $signature_input, $signature);
	}
	
	/**
	 * Get JOSE header.
	 *
	 * @return JOSE
	 */
	public function header() {
		return new JOSE($this->_protectedHeader);
	}
	
	/**
	 * Get the signature algorithm name.
	 *
	 * @return string
	 */
	public function algorithmName() {
		return $this->header()
			->algorithm()
			->value();
	}
	
	/**
	 * Check whether JWS is unsecured, that is, contains no signature.
	 *
	 * @return bool
	 */
	public function isUnsecured() {
		return $this->algorithmName() == JWA::ALGO_NONE;
	}
	
	/**
	 * Get the payload.
	 *
	 * @return string
	 */
	public function payload() {
		return $this->_payload;
	}
	
	/**
	 * Get the signature.
	 *
	 * @return string
	 */
	public function signature() {
		return $this->_signature;
	}
	
	/**
	 * Get the payload encoded for serialization.
	 *
	 * @return string
	 */
	protected function _encodedPayload() {
		$b64 = true;
		if ($this->_protectedHeader->hasB64Payload()) {
			$b64 = $this->_protectedHeader->B64Payload()->value();
		}
		return $b64 ? Base64::urlEncode($this->_payload) : $this->_payload;
	}
	
	/**
	 * Validate the signature using explicit algorithm.
	 *
	 * @param SignatureAlgorithm $algo
	 * @throws \UnexpectedValueException If using different signature algorithm
	 *         then specified by the header
	 * @throws \RuntimeException If signature computation fails
	 * @return bool True if signature is valid
	 */
	public function validate(SignatureAlgorithm $algo) {
		if ($algo->algorithmParamValue() != $this->algorithmName()) {
			throw new \UnexpectedValueException("Invalid signature algorithm.");
		}
		return $algo->validateSignature($this->_signatureInput, 
			$this->_signature);
	}
	
	/**
	 * Validate the signature using the given JWK.
	 *
	 * Signature algorithm is determined from the header.
	 *
	 * @param JWK $jwk JSON Web Key
	 * @return bool True if signature is valid
	 */
	public function validateWithJWK(JWK $jwk) {
		$algo = SignatureAlgorithm::fromJWK($jwk, $this->header());
		return $this->validate($algo);
	}
	
	/**
	 * Validate the signature using a key from the given JWK set.
	 *
	 * Correct key shall be sought by the key ID indicated by the header.
	 *
	 * @param JWKSet $set Set of JSON Web Keys
	 * @return bool True if signature is valid
	 */
	public function validateWithJWKSet(JWKSet $set) {
		$factory = new SignatureAlgorithmFactory($this->header());
		$algo = $factory->algoByKeys($set);
		return $this->validate($algo);
	}
	
	/**
	 * Convert to compact serialization.
	 *
	 * @return string
	 */
	public function toCompact() {
		return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
			 $this->_encodedPayload() . "." .
			 Base64::urlEncode($this->_signature);
	}
	
	/**
	 * Convert to compact serialization with payload detached.
	 *
	 * @return string
	 */
	public function toCompactDetached() {
		return Base64::urlEncode($this->_protectedHeader->toJSON()) . ".." .
			 Base64::urlEncode($this->_signature);
	}
	
	/**
	 * Generate input for the signature computation.
	 *
	 * @param string $payload Payload
	 * @param Header $header Protected header
	 * @return string
	 */
	protected static function _generateSignatureInput($payload, Header $header) {
		$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
		$data = Base64::urlEncode($header->toJSON()) . ".";
		$data .= $b64 ? Base64::urlEncode($payload) : $payload;
		return $data;
	}
	
	/**
	 * Convert JWS to string.
	 *
	 * @return string
	 */
	public function __toString() {
		return $this->toCompact();
	}
}


1		<?php
2
3		namespace JWX\JWS;
4
5		use JWX\JWA\JWA;
6		use JWX\JWK\JWK;
7		use JWX\JWK\JWKSet;
8		use JWX\JWS\Algorithm\SignatureAlgorithmFactory;
9		use JWX\JWT\Header\Header;
10		use JWX\JWT\Header\JOSE;
11		use JWX\JWT\Parameter\CriticalParameter;
12		use JWX\JWT\Parameter\RegisteredJWTParameter;
13		use JWX\Util\Base64;
14
15
16		/**
17		* Class to represent JWS structure.
18		*
19		* @link https://tools.ietf.org/html/rfc7515#section-3
20		*/
21		class JWS
22		{
23		/**
24		* Protected header.
25		*
26		* @var Header $_protectedHeader
27		*/
28		protected $_protectedHeader;
29
30		/**
31		* Payload.
32		*
33		* @var string $_payload
34		*/
35		protected $_payload;
36
37		/**
38		* Input value for the signature computation.
39		*
40		* @var string $_signatureInput
41		*/
42		protected $_signatureInput;
43
44		/**
45		* Signature.
46		*
47		* @var string $_signature
48		*/
49		protected $_signature;
50
51		/**
52		* Constructor
53		*
54		* @param Header $protected_header JWS Protected Header
55		* @param string $payload JWS Payload
56		* @param string $signature_input Input value for the signature computation
57		* @param string $signature JWS Signature
58		*/
59	32	protected function __construct(Header $protected_header, $payload,
60		$signature_input, $signature) {
61	32	$this->_protectedHeader = $protected_header;
62	32	$this->_payload = $payload;
63	32	$this->_signatureInput = $signature_input;
64	32	$this->_signature = $signature;
65	32	}
66
67		/**
68		* Initialize from a compact serialization.
69		*
70		* @param string $data
71		* @return self
72		*/
73	6	public static function fromCompact($data) {
74	6	return self::fromParts(explode(".", $data));
75		}
76
77		/**
78		* Initialize from the parts of a compact serialization.
79		*
80		* @param array $parts
81		* @throws \UnexpectedValueException
82		* @return self
83		*/
84	18	public static function fromParts(array $parts) {
85	18	if (count($parts) != 3) {
86	1	throw new \UnexpectedValueException(
87	1	"Invalid JWS compact serialization.");
88		}
89	17	$header = Header::fromJSON(Base64::urlDecode($parts[0]));
90	17	$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
91	17	$payload = $b64 ? Base64::urlDecode($parts[1]) : $parts[1];
92	17	$signature_input = $parts[0] . "." . $parts[1];
93	17	$signature = Base64::urlDecode($parts[2]);
94	17	return new self($header, $payload, $signature_input, $signature);
95		}
96
97		/**
98		* Initialize by signing the payload with given algorithm.
99		*
100		* @param string $payload JWS Payload
101		* @param SignatureAlgorithm $algo Signature algorithm
102		* @param Header\|null $header Desired header. Algorithm specific
103		* parameters are added automatically.
104		* @throws \RuntimeException If signature computation fails
105		* @return self
106		*/
107	15	public static function sign($payload, SignatureAlgorithm $algo,
108		Header $header = null) {
109	15	if (!isset($header)) {
110	4	$header = new Header();
111	4	}
112	15	$header = $header->withParameters(...$algo->headerParameters());
113		// ensure that if b64 parameter is used, it's marked critical
114	15	if ($header->hasB64Payload()) {
115	4	if (!$header->hasCritical()) {
116	2	$crit = new CriticalParameter(RegisteredJWTParameter::P_B64);
117	2	} else {
118	2	$crit = $header->critical()->withParamName(
119	2	RegisteredJWTParameter::P_B64);
120		}
121	4	$header = $header->withParameters($crit);
122	4	}
123	15	$signature_input = self::_generateSignatureInput($payload, $header);
124	15	$signature = $algo->computeSignature($signature_input);
125	15	return new self($header, $payload, $signature_input, $signature);
126		}
127
128		/**
129		* Get JOSE header.
130		*
131		* @return JOSE
132		*/
133	22	public function header() {
134	22	return new JOSE($this->_protectedHeader);
135		}
136
137		/**
138		* Get the signature algorithm name.
139		*
140		* @return string
141		*/
142	20	public function algorithmName() {
143	20	return $this->header()
144	20	->algorithm()
145	20	->value();
146		}
147
148		/**
149		* Check whether JWS is unsecured, that is, contains no signature.
150		*
151		* @return bool
152		*/
153	10	public function isUnsecured() {
154	10	return $this->algorithmName() == JWA::ALGO_NONE;
155		}
156
157		/**
158		* Get the payload.
159		*
160		* @return string
161		*/
162	6	public function payload() {
163	6	return $this->_payload;
164		}
165
166		/**
167		* Get the signature.
168		*
169		* @return string
170		*/
171	5	public function signature() {
172	5	return $this->_signature;
173		}
174
175		/**
176		* Get the payload encoded for serialization.
177		*
178		* @return string
179		*/
180	12	protected function _encodedPayload() {
181	12	$b64 = true;
182	12	if ($this->_protectedHeader->hasB64Payload()) {
183	2	$b64 = $this->_protectedHeader->B64Payload()->value();
184	2	}
185	12	return $b64 ? Base64::urlEncode($this->_payload) : $this->_payload;
186		}
187
188		/**
189		* Validate the signature using explicit algorithm.
190		*
191		* @param SignatureAlgorithm $algo
192		* @throws \UnexpectedValueException If using different signature algorithm
193		* then specified by the header
194		* @throws \RuntimeException If signature computation fails
195		* @return bool True if signature is valid
196		*/
197	15	public function validate(SignatureAlgorithm $algo) {
198	15	if ($algo->algorithmParamValue() != $this->algorithmName()) {
199	1	throw new \UnexpectedValueException("Invalid signature algorithm.");
200		}
201	14	return $algo->validateSignature($this->_signatureInput,
202	14	$this->_signature);
203		}
204
205		/**
206		* Validate the signature using the given JWK.
207		*
208		* Signature algorithm is determined from the header.
209		*
210		* @param JWK $jwk JSON Web Key
211		* @return bool True if signature is valid
212		*/
213	4	public function validateWithJWK(JWK $jwk) {
214	4	$algo = SignatureAlgorithm::fromJWK($jwk, $this->header());
215	4	return $this->validate($algo);
216		}
217
218		/**
219		* Validate the signature using a key from the given JWK set.
220		*
221		* Correct key shall be sought by the key ID indicated by the header.
222		*
223		* @param JWKSet $set Set of JSON Web Keys
224		* @return bool True if signature is valid
225		*/
226	4	public function validateWithJWKSet(JWKSet $set) {
227	4	$factory = new SignatureAlgorithmFactory($this->header());
228	4	$algo = $factory->algoByKeys($set);
229	3	return $this->validate($algo);
230		}
231
232		/**
233		* Convert to compact serialization.
234		*
235		* @return string
236		*/
237	12	public function toCompact() {
238	12	return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
239	12	$this->_encodedPayload() . "." .
240	12	Base64::urlEncode($this->_signature);
241		}
242
243		/**
244		* Convert to compact serialization with payload detached.
245		*
246		* @return string
247		*/
248	2	public function toCompactDetached() {
249	2	return Base64::urlEncode($this->_protectedHeader->toJSON()) . ".." .
250	2	Base64::urlEncode($this->_signature);
251		}
252
253		/**
254		* Generate input for the signature computation.
255		*
256		* @param string $payload Payload
257		* @param Header $header Protected header
258		* @return string
259		*/
260	15	protected static function _generateSignatureInput($payload, Header $header) {
261	15	$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
262	15	$data = Base64::urlEncode($header->toJSON()) . ".";
263	15	$data .= $b64 ? Base64::urlEncode($payload) : $payload;
264	15	return $data;
265		}
266
267		/**
268		* Convert JWS to string.
269		*
270		* @return string
271		*/
272	1	public function __toString() {
273	1	return $this->toCompact();
274		}
275		}
276

sop / jwx

GitHub Access Token became invalid

Push — master ( 70b15e...4c8633 )

JWS A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

17 Methods

Duplication Side-by-Side

Filter issues like