AbstractTokenVerifier::getSigningJWKSet() - Code Metrics - Inspection of "Merge branch 'distributed-and-aggregated-claims'" - thomasvargiu/php-openid-client - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 106006...c1ddb5 )

by Thomas Mauro

created 2019-07-15 00:19 UTC

AbstractTokenVerifier::getSigningJWKSet() A

↳ Parent: AbstractTokenVerifier

Complexity

Conditions	4
Paths	4

Size

Total Lines	19
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	10
CRAP Score	4.0119

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	4
eloc	10
nc	4
nop	3
dl	0
loc	19
ccs	10
cts	11
cp	0.9091
crap	4.0119
rs	9.9332
c	1
b	0
f	0

<?php

declare(strict_types=1);

namespace TMV\OpenIdClient\Token;

use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use TMV\OpenIdClient\Client\ClientInterface;
use TMV\OpenIdClient\Exception\RuntimeException;
use TMV\OpenIdClient\Issuer\IssuerInterface;
use function TMV\OpenIdClient\jose_secret_key;

abstract class AbstractTokenVerifier
{
    protected function getSigningJWKSet(ClientInterface $client, string $expectedAlg, ?string $kid = null): JWKSet
    {
        $metadata = $client->getMetadata();
        $issuer = $client->getIssuer();

        if (0 !== strpos($expectedAlg, 'HS')) {
            // not symmetric key
            return null !== $kid
                ? new JWKSet([$this->getIssuerJWKFromKid($issuer, $kid)])
                : $issuer->getJwks();
        }

        $clientSecret = $metadata->getClientSecret();

        if (null === $clientSecret) {
            throw new RuntimeException('Unable to verify token without client_secret');
        }

        return new JWKSet([jose_secret_key($clientSecret)]);
    }

    protected function getIssuerJWKFromKid(IssuerInterface $issuer, string $kid): JWK
    {
        $jwks = $issuer->getJwks();

        $jwk = $jwks->selectKey('sig', null, ['kid' => $kid]);

        if (null === $jwk) {
            $issuer->updateJwks();
            $jwk = $issuer->getJwks()->selectKey('sig', null, ['kid' => $kid]);
        }

        if (null === $jwk) {
            throw new RuntimeException('Unable to find the jwk with the provided kid: ' . $kid);
        }

        return $jwk;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace TMV\OpenIdClient\Token;
6
7		use Jose\Component\Core\JWK;
8		use Jose\Component\Core\JWKSet;
9		use TMV\OpenIdClient\Client\ClientInterface;
10		use TMV\OpenIdClient\Exception\RuntimeException;
11		use TMV\OpenIdClient\Issuer\IssuerInterface;
12		use function TMV\OpenIdClient\jose_secret_key;
13
14		abstract class AbstractTokenVerifier
15		{
16	10	protected function getSigningJWKSet(ClientInterface $client, string $expectedAlg, ?string $kid = null): JWKSet
17		{
18	10	$metadata = $client->getMetadata();
19	10	$issuer = $client->getIssuer();
20
21	10	if (0 !== strpos($expectedAlg, 'HS')) {
22		// not symmetric key
23	2	return null !== $kid
24	1	? new JWKSet([$this->getIssuerJWKFromKid($issuer, $kid)])
25	2	: $issuer->getJwks();
26		}
27
28	8	$clientSecret = $metadata->getClientSecret();
29
30	8	if (null === $clientSecret) {
31		throw new RuntimeException('Unable to verify token without client_secret');
32		}
33
34	8	return new JWKSet([jose_secret_key($clientSecret)]);
35		}
36
37	1	protected function getIssuerJWKFromKid(IssuerInterface $issuer, string $kid): JWK
38		{
39	1	$jwks = $issuer->getJwks();
40
41	1	$jwk = $jwks->selectKey('sig', null, ['kid' => $kid]);
42
43	1	if (null === $jwk) {
44	1	$issuer->updateJwks();
45	1	$jwk = $issuer->getJwks()->selectKey('sig', null, ['kid' => $kid]);
46		}
47
48	1	if (null === $jwk) {
49		throw new RuntimeException('Unable to find the jwk with the provided kid: ' . $kid);
50		}
51
52	1	return $jwk;
53		}
54		}
55

thomasvargiu / php-openid-client

Push — master ( 106006...c1ddb5 )

AbstractTokenVerifier::getSigningJWKSet() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like