ClientSecretJwt::createAuthJwt() - Code Metrics - Inspection of "Added check on nonce value" - thomasvargiu/php-openid-client - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 904589...078d26 )

by Thomas Mauro

created 2019-07-07 13:21 UTC

ClientSecretJwt::createAuthJwt() A

↳ Parent: ClientSecretJwt

Complexity

Conditions	2
Paths	2

Size

Total Lines	39
Code Lines	24

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	24
CRAP Score	2.0002

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	24
c	1
b	0
f	0
dl	0
loc	39
ccs	24
cts	25
cp	0.96
rs	9.536
cc	2
nc	2
nop	2
crap	2.0002

<?php

declare(strict_types=1);

namespace TMV\OpenIdClient\AuthMethod;

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\HS256;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;
use Jose\Component\Signature\Serializer\Serializer;
use TMV\OpenIdClient\ClientInterface as OpenIDClient;
use TMV\OpenIdClient\Exception\InvalidArgumentException;

final class ClientSecretJwt extends AbstractJwtAuth
{
    /** @var JWSBuilder */
    private $jwsBuilder;

    /** @var Serializer */
    private $jwsSerializer;

    /**
     * ClientSecretJwt constructor.
     *
     * @param null|JWSBuilder $jwsBuilder
     * @param null|Serializer $jwsSerializer
     */
    public function __construct(
        ?JWSBuilder $jwsBuilder = null,
        ?Serializer $jwsSerializer = null
    ) {
        $this->jwsBuilder = $jwsBuilder ?: new JWSBuilder(new AlgorithmManager([new HS256()]));
        $this->jwsSerializer = $jwsSerializer ?: new CompactSerializer();
    }

    public function getSupportedMethod(): string
    {
        return 'client_secret_jwt';
    }

    protected function createAuthJwt(OpenIDClient $client, array $claims = []): string
    {
        $issuer = $client->getIssuer();
        $issuerMetadata = $issuer->getMetadata();

        $clientId = $client->getMetadata()->getClientId();
        $clientSecret = $client->getMetadata()->getClientSecret();

        if (! $clientSecret) {
            throw new InvalidArgumentException($this->getSupportedMethod() . ' cannot be used without client_secret metadata');
        }

        $jwk = new JWK([
            'kty' => 'oct',
            'k' => $clientSecret,
        ]);

        $time = \time();
        $jti = \bin2hex(\random_bytes(32));

        /** @var string $payload */
        $payload = \json_encode(\array_merge(
            $claims,
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ]
        ));

        $jws = $this->jwsBuilder->create()
            ->withPayload($payload)
            ->addSignature($jwk, ['alg' => 'HS256', 'jti' => $jti])
            ->build();

        return $this->jwsSerializer->serialize($jws, 0);
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace TMV\OpenIdClient\AuthMethod;
6
7		use Jose\Component\Core\AlgorithmManager;
8		use Jose\Component\Core\JWK;
9		use Jose\Component\Signature\Algorithm\HS256;
10		use Jose\Component\Signature\JWSBuilder;
11		use Jose\Component\Signature\Serializer\CompactSerializer;
12		use Jose\Component\Signature\Serializer\Serializer;
13		use TMV\OpenIdClient\ClientInterface as OpenIDClient;
14		use TMV\OpenIdClient\Exception\InvalidArgumentException;
15
16		final class ClientSecretJwt extends AbstractJwtAuth
17		{
18		/** @var JWSBuilder */
19		private $jwsBuilder;
20
21		/** @var Serializer */
22		private $jwsSerializer;
23
24		/**
25		* ClientSecretJwt constructor.
26		*
27		* @param null\|JWSBuilder $jwsBuilder
28		* @param null\|Serializer $jwsSerializer
29		*/
30	2	public function __construct(
31		?JWSBuilder $jwsBuilder = null,
32		?Serializer $jwsSerializer = null
33		) {
34	2	$this->jwsBuilder = $jwsBuilder ?: new JWSBuilder(new AlgorithmManager([new HS256()]));
35	2	$this->jwsSerializer = $jwsSerializer ?: new CompactSerializer();
36	2	}
37
38	1	public function getSupportedMethod(): string
39		{
40	1	return 'client_secret_jwt';
41		}
42
43	1	protected function createAuthJwt(OpenIDClient $client, array $claims = []): string
44		{
45	1	$issuer = $client->getIssuer();
46	1	$issuerMetadata = $issuer->getMetadata();
47
48	1	$clientId = $client->getMetadata()->getClientId();
49	1	$clientSecret = $client->getMetadata()->getClientSecret();
50
51	1	if (! $clientSecret) {
52		throw new InvalidArgumentException($this->getSupportedMethod() . ' cannot be used without client_secret metadata');
53		}
54
55	1	$jwk = new JWK([
56	1	'kty' => 'oct',
57	1	'k' => $clientSecret,
58		]);
59
60	1	$time = \time();
61	1	$jti = \bin2hex(\random_bytes(32));
62
63		/** @var string $payload */
64	1	$payload = \json_encode(\array_merge(
65	1	$claims,
66		[
67	1	'iss' => $clientId,
68	1	'sub' => $clientId,
69	1	'aud' => $issuerMetadata->getIssuer(),
70	1	'iat' => $time,
71	1	'exp' => $time + 60,
72	1	'jti' => $jti,
73		]
74		));
75
76	1	$jws = $this->jwsBuilder->create()
77	1	->withPayload($payload)
78	1	->addSignature($jwk, ['alg' => 'HS256', 'jti' => $jti])
79	1	->build();
80
81	1	return $this->jwsSerializer->serialize($jws, 0);
82		}
83		}
84

thomasvargiu / php-openid-client

Push — master ( 904589...078d26 )

ClientSecretJwt::createAuthJwt() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like