ResponseSignatureMiddleware - Code Metrics - verschoof/bunq-api - Measure and Improve Code Quality continuously with Scrutinizer

ResponseSignatureMiddleware A
last analyzed 2017-06-08 18:59 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	97
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	1

Importance

Changes

Metric	Value
dl	0
loc	97
c	0
b	0
f	0
wmc	10
lcom	0
cbo	1
rs	10

4 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
B	__invoke()	24	3
A	createSignatureDataFromHeaders()	9	1
B	convertHeadersToSignatureData()	25	5

<?php

namespace Bunq\Middleware;

use Bunq\Certificate\Certificate;
use Psr\Http\Message\ResponseInterface;

/**
 * @author Dennis de Greef (original author)
 * @author Mitchel Verschoof
 */
final class ResponseSignatureMiddleware
{
    const SIGNATURE_ALGORITHM = OPENSSL_ALGO_SHA256;
    const VERIFY_IS_VALID     = 1;
    const VERIFY_IS_INVALID   = 0;
    const VERIFY_IS_ERROR     = -1;

    /**
     * @var Certificate
     */
    private $publicKey;

    /**
     * @param Certificate $publicKey
     */
    public function __construct(Certificate $publicKey)
    {
        $this->publicKey = $publicKey;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return ResponseInterface
     * @throws \Exception
     */
    public function __invoke(ResponseInterface $response)
    {
        $header = $response->getHeader('X-Bunq-Server-Signature');

        if (!isset($header[0])) {
            return $response;
        }

        $decodedServerSignature = base64_decode($header[0]);
        $signatureData          = $this->createSignatureDataFromHeaders($response);

        $verify = openssl_verify(
            $signatureData,
            $decodedServerSignature,
            (string)$this->publicKey,
            self::SIGNATURE_ALGORITHM
        );

        if ($verify !== self::VERIFY_IS_VALID) {
            throw new \Exception('Server signature does not match response');
        }

        return $response;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return string
     */
    private function createSignatureDataFromHeaders(ResponseInterface $response)
    {
        $signatureData = $response->getStatusCode();
        $signatureData .= $this->convertHeadersToSignatureData($response);
        $signatureData .= "\n\n";
        $signatureData .= (string)$response->getBody();

        return $signatureData;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return string
     */
    private function convertHeadersToSignatureData(ResponseInterface $response)
    {
        $headers = $response->getHeaders();
        ksort($headers);

        $signatureData = '';
        foreach ($headers as $header => $values) {
            // Skip the server signature itself
            if ($header === 'X-Bunq-Server-Signature') {
                continue;
            }

            // Skip all headers that are not X-Bunq-
            if (substr($header, 0, 7) !== 'X-Bunq-') {
                continue;
            }

            // Add all header data to verify signature
            foreach ($values as $value) {
                $signatureData .= PHP_EOL . $header . ': ' . $value;
            }
        }

        return $signatureData;
    }
}


1			<?php
2
3			namespace Bunq\Middleware;
4
5			use Bunq\Certificate\Certificate;
6			use Psr\Http\Message\ResponseInterface;
7
8			/**
9			* @author Dennis de Greef (original author)
10			* @author Mitchel Verschoof
11			*/
12			final class ResponseSignatureMiddleware
13			{
14			const SIGNATURE_ALGORITHM = OPENSSL_ALGO_SHA256;
15			const VERIFY_IS_VALID = 1;
16			const VERIFY_IS_INVALID = 0;
17			const VERIFY_IS_ERROR = -1;
18
19			/**
20			* @var Certificate
21			*/
22			private $publicKey;
23
24			/**
25			* @param Certificate $publicKey
26			*/
27			public function __construct(Certificate $publicKey)
28			{
29			$this->publicKey = $publicKey;
30			}
31
32			/**
33			* @param ResponseInterface $response
34			*
35			* @return ResponseInterface
36			* @throws \Exception
37			*/
38			public function __invoke(ResponseInterface $response)
39			{
40			$header = $response->getHeader('X-Bunq-Server-Signature');
41
42			if (!isset($header[0])) {
43			return $response;
44			}
45
46			$decodedServerSignature = base64_decode($header[0]);
47			$signatureData = $this->createSignatureDataFromHeaders($response);
48
49			$verify = openssl_verify(
50			$signatureData,
51			$decodedServerSignature,
52			(string)$this->publicKey,
53			self::SIGNATURE_ALGORITHM
54			);
55
56			if ($verify !== self::VERIFY_IS_VALID) {
57			throw new \Exception('Server signature does not match response');
58			}
59
60			return $response;
61			}
62
63			/**
64			* @param ResponseInterface $response
65			*
66			* @return string
67			*/
68			private function createSignatureDataFromHeaders(ResponseInterface $response)
69			{
70			$signatureData = $response->getStatusCode();
71			$signatureData .= $this->convertHeadersToSignatureData($response);
72			$signatureData .= "\n\n";
73			$signatureData .= (string)$response->getBody();
74
75			return $signatureData;
76			}
77
78			/**
79			* @param ResponseInterface $response
80			*
81			* @return string
82			*/
83			private function convertHeadersToSignatureData(ResponseInterface $response)
84			{
85			$headers = $response->getHeaders();
86			ksort($headers);
87
88			$signatureData = '';
89			foreach ($headers as $header => $values) {
90			// Skip the server signature itself
91			if ($header === 'X-Bunq-Server-Signature') {
92			continue;
93			}
94
95			// Skip all headers that are not X-Bunq-
96			if (substr($header, 0, 7) !== 'X-Bunq-') {
97			continue;
98			}
99
100			// Add all header data to verify signature
101			foreach ($values as $value) {
102			$signatureData .= PHP_EOL . $header . ': ' . $value;
103			}
104			}
105
106			return $signatureData;
107			}
108			}
109

verschoof / bunq-api

ResponseSignatureMiddleware A last analyzed 2017-06-08 18:59 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

ResponseSignatureMiddleware A
last analyzed 2017-06-08 18:59 UTC