Complex classes like JWEDecrypter often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use JWEDecrypter, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
32 | class JWEDecrypter |
||
33 | { |
||
34 | /** |
||
35 | * @var AlgorithmManager |
||
36 | */ |
||
37 | private $keyEncryptionAlgorithmManager; |
||
38 | |||
39 | /** |
||
40 | * @var AlgorithmManager |
||
41 | */ |
||
42 | private $contentEncryptionAlgorithmManager; |
||
43 | |||
44 | /** |
||
45 | * @var CompressionMethodManager |
||
46 | */ |
||
47 | private $compressionMethodManager; |
||
48 | |||
49 | public function __construct(AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionMethodManager) |
||
55 | |||
56 | /** |
||
57 | * Returns the key encryption algorithm manager. |
||
58 | */ |
||
59 | public function getKeyEncryptionAlgorithmManager(): AlgorithmManager |
||
63 | |||
64 | /** |
||
65 | * Returns the content encryption algorithm manager. |
||
66 | */ |
||
67 | public function getContentEncryptionAlgorithmManager(): AlgorithmManager |
||
71 | |||
72 | /** |
||
73 | * Returns the compression method manager. |
||
74 | */ |
||
75 | public function getCompressionMethodManager(): CompressionMethodManager |
||
79 | |||
80 | /** |
||
81 | * This method will try to decrypt the given JWE and recipient using a JWK. |
||
82 | * |
||
83 | * @param JWE $jwe A JWE object to decrypt |
||
84 | * @param JWK $jwk The key used to decrypt the input |
||
85 | * @param int $recipient The recipient used to decrypt the token |
||
86 | */ |
||
87 | public function decryptUsingKey(JWE &$jwe, JWK $jwk, int $recipient, ?JWK $senderKey = null): bool |
||
93 | |||
94 | /** |
||
95 | * This method will try to decrypt the given JWE and recipient using a JWKSet. |
||
96 | * |
||
97 | * @param JWE $jwe A JWE object to decrypt |
||
98 | * @param JWKSet $jwkset The key set used to decrypt the input |
||
99 | * @param JWK $jwk The key used to decrypt the token in case of success |
||
100 | * @param int $recipient The recipient used to decrypt the token in case of success |
||
101 | * |
||
102 | * @throws InvalidArgumentException if no key is set is the keyset |
||
103 | * @throws InvalidArgumentException if the token has no recipients |
||
104 | */ |
||
105 | public function decryptUsingKeySet(JWE &$jwe, JWKSet $jwkset, int $recipient, JWK &$jwk = null, ?JWK $senderKey = null): bool |
||
126 | |||
127 | private function decryptRecipientKey(JWE $jwe, JWKSet $jwkset, int $i, JWK &$successJwk = null, ?JWK $senderKey = null): ?string |
||
162 | |||
163 | /** |
||
164 | * @throws InvalidArgumentException if the Content Encryption Key size is invalid |
||
165 | */ |
||
166 | private function checkCekSize(string $cek, KeyEncryptionAlgorithm $keyEncryptionAlgorithm, ContentEncryptionAlgorithm $algorithm): void |
||
175 | |||
176 | /** |
||
177 | * @throws InvalidArgumentException if the IV size is invalid |
||
178 | */ |
||
179 | private function checkIvSize(?string $iv, int $requiredIvSize): void |
||
188 | |||
189 | /** |
||
190 | * @throws InvalidArgumentException if the CEK creation method is not supported |
||
191 | */ |
||
192 | private function decryptCEK(Algorithm $key_encryption_algorithm, ContentEncryptionAlgorithm $content_encryption_algorithm, JWK $recipientKey, ?JWK $senderKey, Recipient $recipient, array $completeHeader): ?string |
||
212 | |||
213 | private function decryptPayload(JWE $jwe, string $cek, ContentEncryptionAlgorithm $content_encryption_algorithm, array $completeHeader): string |
||
219 | |||
220 | private function decompressIfNeeded(string $payload, array $completeHeaders): string |
||
229 | |||
230 | /** |
||
231 | * @throws InvalidArgumentException if a header parameter is missing |
||
232 | */ |
||
233 | private function checkCompleteHeader(array $completeHeaders): void |
||
241 | |||
242 | /** |
||
243 | * @throws InvalidArgumentException if the key encryption algorithm is not supported or does not implement the KeyEncryptionAlgorithm interface |
||
244 | */ |
||
245 | private function getKeyEncryptionAlgorithm(array $completeHeaders): KeyEncryptionAlgorithm |
||
254 | |||
255 | /** |
||
256 | * @throws InvalidArgumentException if the content encryption algorithm is not supported or does not implement the ContentEncryption interface |
||
257 | */ |
||
258 | private function getContentEncryptionAlgorithm(array $completeHeader): ContentEncryptionAlgorithm |
||
267 | } |
||
268 |