ResponseSignatureMiddleware::createSignatureDataFromHeaders() - Code Metrics - Inspection of "Add bunq client" - verschoof/bunq-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 32a55a...fb9711 )

by Mitchel

created 2017-05-20 13:56 UTC

createSignatureDataFromHeaders() A

↳ Parent: ResponseSignatureMiddleware

Complexity

Conditions	1
Paths	1

Size

Total Lines	9
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	9
c	0
b	0
f	0
rs	9.6666
cc	1
eloc	6
nc	1
nop	1

<?php

namespace Bunq\Middleware;

use Bunq\Certificate\Certificate;
use Psr\Http\Message\ResponseInterface;

final class ResponseSignatureMiddleware
{
    const SIGNATURE_ALGORITHM = OPENSSL_ALGO_SHA256;
    const VERIFY_IS_VALID     = 1;
    const VERIFY_IS_INVALID   = 0;
    const VERIFY_IS_ERROR     = -1;

    /**
     * @var Certificate
     */
    private $publicKey;

    /**
     * @param Certificate $publicKey
     */
    public function __construct(Certificate $publicKey)
    {
        $this->publicKey = $publicKey;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return ResponseInterface
     * @throws \Exception
     */
    public function __invoke(ResponseInterface $response)
    {
        $header = $response->getHeader('X-Bunq-Server-Signature');

        if (!isset($header[0])) {
            return $response;
        }

        $decodedServerSignature = base64_decode($header[0]);
        $signatureData          = $this->createSignatureDataFromHeaders($response);

        $verify = openssl_verify(
            $signatureData,
            $decodedServerSignature,
            (string)$this->publicKey,
            self::SIGNATURE_ALGORITHM
        );

        if ($verify !== self::VERIFY_IS_VALID) {
            throw new \Exception('Server signature does not match response');
        }

        return $response;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return string
     */
    private function createSignatureDataFromHeaders(ResponseInterface $response)
    {
        $signatureData = $response->getStatusCode();
        $signatureData .= $this->convertHeadersToSignatureData($response);
        $signatureData .= "\n\n";
        $signatureData .= (string)$response->getBody();

        return $signatureData;
    }

    /**
     * @param ResponseInterface $response
     *
     * @return string
     */
    private function convertHeadersToSignatureData(ResponseInterface $response)
    {
        $headers = $response->getHeaders();
        ksort($headers);

        $signatureData = '';
        foreach ($headers as $header => $values) {
            // Skip the server signature itself
            if ($header === 'X-Bunq-Server-Signature') {
                continue;
            }

            // Skip all headers that are not X-Bunq-
            if (substr($header, 0, 7) !== 'X-Bunq-') {
                continue;
            }

            // Add all header data to verify signature
            foreach ($values as $value) {
                $signatureData .= PHP_EOL . $header . ': ' . $value;
            }
        }

        return $signatureData;
    }
}


1			<?php
2
3			namespace Bunq\Middleware;
4
5			use Bunq\Certificate\Certificate;
6			use Psr\Http\Message\ResponseInterface;
7
8			final class ResponseSignatureMiddleware
9			{
10			const SIGNATURE_ALGORITHM = OPENSSL_ALGO_SHA256;
11			const VERIFY_IS_VALID = 1;
12			const VERIFY_IS_INVALID = 0;
13			const VERIFY_IS_ERROR = -1;
14
15			/**
16			* @var Certificate
17			*/
18			private $publicKey;
19
20			/**
21			* @param Certificate $publicKey
22			*/
23			public function __construct(Certificate $publicKey)
24			{
25			$this->publicKey = $publicKey;
26			}
27
28			/**
29			* @param ResponseInterface $response
30			*
31			* @return ResponseInterface
32			* @throws \Exception
33			*/
34			public function __invoke(ResponseInterface $response)
35			{
36			$header = $response->getHeader('X-Bunq-Server-Signature');
37
38			if (!isset($header[0])) {
39			return $response;
40			}
41
42			$decodedServerSignature = base64_decode($header[0]);
43			$signatureData = $this->createSignatureDataFromHeaders($response);
44
45			$verify = openssl_verify(
46			$signatureData,
47			$decodedServerSignature,
48			(string)$this->publicKey,
49			self::SIGNATURE_ALGORITHM
50			);
51
52			if ($verify !== self::VERIFY_IS_VALID) {
53			throw new \Exception('Server signature does not match response');
54			}
55
56			return $response;
57			}
58
59			/**
60			* @param ResponseInterface $response
61			*
62			* @return string
63			*/
64			private function createSignatureDataFromHeaders(ResponseInterface $response)
65			{
66			$signatureData = $response->getStatusCode();
67			$signatureData .= $this->convertHeadersToSignatureData($response);
68			$signatureData .= "\n\n";
69			$signatureData .= (string)$response->getBody();
70
71			return $signatureData;
72			}
73
74			/**
75			* @param ResponseInterface $response
76			*
77			* @return string
78			*/
79			private function convertHeadersToSignatureData(ResponseInterface $response)
80			{
81			$headers = $response->getHeaders();
82			ksort($headers);
83
84			$signatureData = '';
85			foreach ($headers as $header => $values) {
86			// Skip the server signature itself
87			if ($header === 'X-Bunq-Server-Signature') {
88			continue;
89			}
90
91			// Skip all headers that are not X-Bunq-
92			if (substr($header, 0, 7) !== 'X-Bunq-') {
93			continue;
94			}
95
96			// Add all header data to verify signature
97			foreach ($values as $value) {
98			$signatureData .= PHP_EOL . $header . ': ' . $value;
99			}
100			}
101
102			return $signatureData;
103			}
104			}
105

verschoof / bunq-api

Push — master ( 32a55a...fb9711 )

createSignatureDataFromHeaders() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like