ValidationContext - Code Metrics - Inspection of "Add tests" - sop/jwx - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 04b738...c43f6c )

by Joni

created 2016-06-17 07:00 UTC

ValidationContext A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	287
Duplicated Lines	0 %

Coupling/Cohesion

Components	4
Dependencies	2

Test Coverage

Coverage

100%

Importance

Changes	5
Bugs	0	Features	4

Metric	Value
wmc	28
lcom	4
cbo	2
dl	0
loc	287
ccs	68
cts	68
cp	1
rs	10
c	5
b	0
f	4

20 Methods

Rating	Name	Size	Complexity
A	__construct()	8	3
A	fromJWK()	3	1
A	withReferenceTime()	5	1
A	hasReferenceTime()	3	1
A	referenceTime()	6	2
A	withLeeway()	5	1
A	leeway()	3	1
A	withConstraint()	9	2
A	withIssuer()	3	1
A	withSubject()	3	1
A	withAudience()	3	1
A	withID()	3	1
A	hasConstraint()	3	1
A	constraint()	6	2
A	hasValidator()	3	1
A	validator()	6	2
A	keys()	3	1
A	withUnsecuredAllowed()	5	1
A	isUnsecuredAllowed()	3	1
A	validate()	9	3

<?php

namespace JWX\JWT;

use JWX\JWK\JWK;
use JWX\JWK\JWKSet;
use JWX\JWT\Claim\RegisteredClaim;
use JWX\JWT\Claim\Validator\Validator;
use JWX\JWT\Exception\ValidationException;


/**
 * Class to provide context for claims validation.
 *
 * Validation constraints are variables that are compared against the claims.
 * Validation of the expiration, not-before and not-after claims is provided by
 * default.
 *
 * Context also provides a set of JSON Web Keys, that shall be used for the
 * JWS signature validation or JWE payload decryption.
 *
 * Registered claims provide their own validation logic. Claims that are not
 * supported by this library must be provided with an explicit validator along
 * with the constraint.
 */
class ValidationContext
{
	/**
	 * Reference time.
	 *
	 * @var int $_refTime
	 */
	protected $_refTime;
	
	/**
	 * Leeway in seconds for the reference time constraints.
	 *
	 * @var int $_leeway
	 */
	protected $_leeway;
	
	/**
	 * Validation constraints.
	 *
	 * @var array $_constraints
	 */
	protected $_constraints;
	
	/**
	 * Explicitly defined validators for named claims.
	 *
	 * @var Validator[] $_validators
	 */
	protected $_validators;
	
	/**
	 * Set of JSON Web Keys usable for the validation.
	 *
	 * @var JWKSet $_keys
	 */
	protected $_keys;
	
	/**
	 * Whether to allow unsecured JWT's, that is, claims without integrity
	 * protection nor encryption.
	 *
	 * @var bool $_allowUnsecured
	 */
	protected $_allowUnsecured;
	
	/**
	 * Constructor.
	 *
	 * @param array $constraints Optional array of constraints for the
	 *        registered claims
	 * @param JWKSet $keys Optional set of JSON Web Keys used for signature
	 *        validation and/or decryption
	 */
	public function __construct(array $constraints = null, JWKSet $keys = null) {
		$this->_refTime = time();
		$this->_leeway = 60;
		$this->_constraints = $constraints ? $constraints : array();
		$this->_validators = array();
		$this->_keys = $keys ? $keys : new JWKSet();
		$this->_allowUnsecured = false;
	}
	
	/**
	 * Initialize with a single JSON Web Key.
	 *
	 * @param JWK $key JSON Web Key
	 * @param array $constraints Optional constraints
	 * @return self
	 */
	public static function fromJWK(JWK $key, array $constraints = null) {
		return new self($constraints, new JWKSet($key));
	}
	
	/**
	 * Get self with the reference time.
	 *
	 * @param int|null $ts Unix timestamp
	 * @return self
	 */
	public function withReferenceTime($ts) {
		$obj = clone $this;
		$obj->_refTime = $ts;
		return $obj;
	}
	
	/**
	 * Check whether the reference time is set.
	 *
	 * @return bool
	 */
	public function hasReferenceTime() {
		return isset($this->_refTime);
	}
	
	/**
	 * Get the reference time.
	 *
	 * @throws \LogicException
	 * @return int
	 */
	public function referenceTime() {
		if (!$this->hasReferenceTime()) {
			throw new \LogicException("Reference time not set.");
		}
		return $this->_refTime;
	}
	
	/**
	 * Get self with the reference time leeway.
	 *
	 * @param int $seconds
	 * @return self
	 */
	public function withLeeway($seconds) {
		$obj = clone $this;
		$obj->_leeway = $seconds;
		return $obj;
	}
	
	/**
	 * Get the reference time leeway.
	 *
	 * @return int
	 */
	public function leeway() {
		return $this->_leeway;
	}
	
	/**
	 * Get self with a validation constraint.
	 *
	 * If the claim does not provide its own validator, an explicit validator
	 * must be given.
	 *
	 * @param string $name Claim name
	 * @param mixed $constraint Value to check claim against
	 * @param Validator|null $validator Optional explicit validator
	 * @return self
	 */
	public function withConstraint($name, $constraint, 
			Validator $validator = null) {
		$obj = clone $this;
		$obj->_constraints[$name] = $constraint;
		if ($validator) {
			$obj->_validators[$name] = $validator;
		}
		return $obj;
	}
	
	/**
	 * Get self with the issuer constraint.
	 *
	 * @param string $issuer Issuer name
	 * @return self
	 */
	public function withIssuer($issuer) {
		return $this->withConstraint(RegisteredClaim::NAME_ISSUER, $issuer);
	}
	
	/**
	 * Get self with the subject constraint.
	 *
	 * @param string $subject Subject name
	 * @return self
	 */
	public function withSubject($subject) {
		return $this->withConstraint(RegisteredClaim::NAME_SUBJECT, $subject);
	}
	
	/**
	 * Get self with the audience constraint.
	 *
	 * @param string $audience Audience name
	 * @return self
	 */
	public function withAudience($audience) {
		return $this->withConstraint(RegisteredClaim::NAME_AUDIENCE, $audience);
	}
	
	/**
	 * Get self with the JWT ID constraint.
	 *
	 * @param string $id JWT ID
	 * @return self
	 */
	public function withID($id) {
		return $this->withConstraint(RegisteredClaim::NAME_JWT_ID, $id);
	}
	
	/**
	 * Check whether a named constraint is present.
	 *
	 * @param string $name Claim name
	 * @return bool
	 */
	public function hasConstraint($name) {
		return isset($this->_constraints[$name]);
	}
	
	/**
	 * Get a constraint value by the claim name.
	 *
	 * @param string $name Claim name
	 * @throws \LogicException If constraint is not set
	 * @return mixed Constraint value
	 */
	public function constraint($name) {
		if (!$this->hasConstraint($name)) {
			throw new \LogicException("Constraint $name not set.");
		}
		return $this->_constraints[$name];
	}
	
	/**
	 * Check whether a validator is defined for the given claim name.
	 *
	 * @param string $name Claim name
	 * @return bool
	 */
	public function hasValidator($name) {
		return isset($this->_validators[$name]);
	}
	
	/**
	 * Get explicitly defined validator by the claim name.
	 *
	 * @param string $name Claim name
	 * @throws \LogicException If validator is not set
	 * @return Validator
	 */
	public function validator($name) {
		if (!$this->hasValidator($name)) {
			throw new \LogicException("Validator $name not set.");
		}
		return $this->_validators[$name];
	}
	
	/**
	 * Get a set of JSON Web Keys defined in this context.
	 *
	 * @return JWKSet
	 */
	public function keys() {
		return $this->_keys;
	}
	
	/**
	 * Get self with 'allow unsecured' flag set.
	 *
	 * If the unsecured JWT's are allowed, claims shall be considered valid even
	 * though they are not signed nor encrypted.
	 *
	 * @param bool $allow Whether to allow unsecured JWT's
	 * @return self
	 */
	public function withUnsecuredAllowed($allow) {
		$obj = clone $this;
		$obj->_allowUnsecured = (bool) $allow;
		return $obj;
	}
	
	/**
	 * Check whether the unsecured JWT's are allowed.
	 *
	 * @return bool
	 */
	public function isUnsecuredAllowed() {
		return $this->_allowUnsecured;
	}
	
	/**
	 * Validate claims.
	 *
	 * @param Claims $claims
	 * @throws ValidationException If any of the claims is not valid
	 * @return self
	 */
	public function validate(Claims $claims) {
		foreach ($claims as $claim) {
			if (!$claim->validateWithContext($this)) {
				throw new ValidationException(
					"Validation of claim '" . $claim->name() . "' failed.");
			}
		}
		return $this;
	}
}


1		<?php
2
3		namespace JWX\JWT;
4
5		use JWX\JWK\JWK;
6		use JWX\JWK\JWKSet;
7		use JWX\JWT\Claim\RegisteredClaim;
8		use JWX\JWT\Claim\Validator\Validator;
9		use JWX\JWT\Exception\ValidationException;
10
11
12		/**
13		* Class to provide context for claims validation.
14		*
15		* Validation constraints are variables that are compared against the claims.
16		* Validation of the expiration, not-before and not-after claims is provided by
17		* default.
18		*
19		* Context also provides a set of JSON Web Keys, that shall be used for the
20		* JWS signature validation or JWE payload decryption.
21		*
22		* Registered claims provide their own validation logic. Claims that are not
23		* supported by this library must be provided with an explicit validator along
24		* with the constraint.
25		*/
26		class ValidationContext
27		{
28		/**
29		* Reference time.
30		*
31		* @var int $_refTime
32		*/
33		protected $_refTime;
34
35		/**
36		* Leeway in seconds for the reference time constraints.
37		*
38		* @var int $_leeway
39		*/
40		protected $_leeway;
41
42		/**
43		* Validation constraints.
44		*
45		* @var array $_constraints
46		*/
47		protected $_constraints;
48
49		/**
50		* Explicitly defined validators for named claims.
51		*
52		* @var Validator[] $_validators
53		*/
54		protected $_validators;
55
56		/**
57		* Set of JSON Web Keys usable for the validation.
58		*
59		* @var JWKSet $_keys
60		*/
61		protected $_keys;
62
63		/**
64		* Whether to allow unsecured JWT's, that is, claims without integrity
65		* protection nor encryption.
66		*
67		* @var bool $_allowUnsecured
68		*/
69		protected $_allowUnsecured;
70
71		/**
72		* Constructor.
73		*
74		* @param array $constraints Optional array of constraints for the
75		* registered claims
76		* @param JWKSet $keys Optional set of JSON Web Keys used for signature
77		* validation and/or decryption
78		*/
79	41	public function __construct(array $constraints = null, JWKSet $keys = null) {
80	41	$this->_refTime = time();
81	41	$this->_leeway = 60;
82	41	$this->_constraints = $constraints ? $constraints : array();
83	41	$this->_validators = array();
84	41	$this->_keys = $keys ? $keys : new JWKSet();
85	41	$this->_allowUnsecured = false;
86	41	}
87
88		/**
89		* Initialize with a single JSON Web Key.
90		*
91		* @param JWK $key JSON Web Key
92		* @param array $constraints Optional constraints
93		* @return self
94		*/
95	3	public static function fromJWK(JWK $key, array $constraints = null) {
96	3	return new self($constraints, new JWKSet($key));
97		}
98
99		/**
100		* Get self with the reference time.
101		*
102		* @param int\|null $ts Unix timestamp
103		* @return self
104		*/
105	23	public function withReferenceTime($ts) {
106	23	$obj = clone $this;
107	23	$obj->_refTime = $ts;
108	23	return $obj;
109		}
110
111		/**
112		* Check whether the reference time is set.
113		*
114		* @return bool
115		*/
116	20	public function hasReferenceTime() {
117	20	return isset($this->_refTime);
118		}
119
120		/**
121		* Get the reference time.
122		*
123		* @throws \LogicException
124		* @return int
125		*/
126	13	public function referenceTime() {
127	13	if (!$this->hasReferenceTime()) {
128	1	throw new \LogicException("Reference time not set.");
129		}
130	12	return $this->_refTime;
131		}
132
133		/**
134		* Get self with the reference time leeway.
135		*
136		* @param int $seconds
137		* @return self
138		*/
139	11	public function withLeeway($seconds) {
140	11	$obj = clone $this;
141	11	$obj->_leeway = $seconds;
142	11	return $obj;
143		}
144
145		/**
146		* Get the reference time leeway.
147		*
148		* @return int
149		*/
150	12	public function leeway() {
151	12	return $this->_leeway;
152		}
153
154		/**
155		* Get self with a validation constraint.
156		*
157		* If the claim does not provide its own validator, an explicit validator
158		* must be given.
159		*
160		* @param string $name Claim name
161		* @param mixed $constraint Value to check claim against
162		* @param Validator\|null $validator Optional explicit validator
163		* @return self
164		*/
165	16	public function withConstraint($name, $constraint,
166		Validator $validator = null) {
167	16	$obj = clone $this;
168	16	$obj->_constraints[$name] = $constraint;
169	16	if ($validator) {
170	2	$obj->_validators[$name] = $validator;
171	2	}
172	16	return $obj;
173		}
174
175		/**
176		* Get self with the issuer constraint.
177		*
178		* @param string $issuer Issuer name
179		* @return self
180		*/
181	4	public function withIssuer($issuer) {
182	4	return $this->withConstraint(RegisteredClaim::NAME_ISSUER, $issuer);
183		}
184
185		/**
186		* Get self with the subject constraint.
187		*
188		* @param string $subject Subject name
189		* @return self
190		*/
191	3	public function withSubject($subject) {
192	3	return $this->withConstraint(RegisteredClaim::NAME_SUBJECT, $subject);
193		}
194
195		/**
196		* Get self with the audience constraint.
197		*
198		* @param string $audience Audience name
199		* @return self
200		*/
201	3	public function withAudience($audience) {
202	3	return $this->withConstraint(RegisteredClaim::NAME_AUDIENCE, $audience);
203		}
204
205		/**
206		* Get self with the JWT ID constraint.
207		*
208		* @param string $id JWT ID
209		* @return self
210		*/
211	3	public function withID($id) {
212	3	return $this->withConstraint(RegisteredClaim::NAME_JWT_ID, $id);
213		}
214
215		/**
216		* Check whether a named constraint is present.
217		*
218		* @param string $name Claim name
219		* @return bool
220		*/
221	35	public function hasConstraint($name) {
222	35	return isset($this->_constraints[$name]);
223		}
224
225		/**
226		* Get a constraint value by the claim name.
227		*
228		* @param string $name Claim name
229		* @throws \LogicException If constraint is not set
230		* @return mixed Constraint value
231		*/
232	22	public function constraint($name) {
233	22	if (!$this->hasConstraint($name)) {
234	1	throw new \LogicException("Constraint $name not set.");
235		}
236	21	return $this->_constraints[$name];
237		}
238
239		/**
240		* Check whether a validator is defined for the given claim name.
241		*
242		* @param string $name Claim name
243		* @return bool
244		*/
245	17	public function hasValidator($name) {
246	17	return isset($this->_validators[$name]);
247		}
248
249		/**
250		* Get explicitly defined validator by the claim name.
251		*
252		* @param string $name Claim name
253		* @throws \LogicException If validator is not set
254		* @return Validator
255		*/
256	3	public function validator($name) {
257	3	if (!$this->hasValidator($name)) {
258	1	throw new \LogicException("Validator $name not set.");
259		}
260	2	return $this->_validators[$name];
261		}
262
263		/**
264		* Get a set of JSON Web Keys defined in this context.
265		*
266		* @return JWKSet
267		*/
268	8	public function keys() {
269	8	return $this->_keys;
270		}
271
272		/**
273		* Get self with 'allow unsecured' flag set.
274		*
275		* If the unsecured JWT's are allowed, claims shall be considered valid even
276		* though they are not signed nor encrypted.
277		*
278		* @param bool $allow Whether to allow unsecured JWT's
279		* @return self
280		*/
281	3	public function withUnsecuredAllowed($allow) {
282	3	$obj = clone $this;
283	3	$obj->_allowUnsecured = (bool) $allow;
284	3	return $obj;
285		}
286
287		/**
288		* Check whether the unsecured JWT's are allowed.
289		*
290		* @return bool
291		*/
292	3	public function isUnsecuredAllowed() {
293	3	return $this->_allowUnsecured;
294		}
295
296		/**
297		* Validate claims.
298		*
299		* @param Claims $claims
300		* @throws ValidationException If any of the claims is not valid
301		* @return self
302		*/
303	25	public function validate(Claims $claims) {
304	25	foreach ($claims as $claim) {
305	25	if (!$claim->validateWithContext($this)) {
306	10	throw new ValidationException(
307	10	"Validation of claim '" . $claim->name() . "' failed.");
308		}
309	21	}
310	15	return $this;
311		}
312		}
313

sop / jwx

GitHub Access Token became invalid

Push — master ( 04b738...c43f6c )

ValidationContext A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

20 Methods

Duplication Side-by-Side

Filter issues like