Complex classes like JWEBuilder often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use JWEBuilder, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
31 | class JWEBuilder |
||
32 | { |
||
33 | /** |
||
34 | * @var JsonConverter |
||
35 | */ |
||
36 | private $jsonConverter; |
||
37 | |||
38 | /** |
||
39 | * @var null|string |
||
40 | */ |
||
41 | private $payload; |
||
42 | |||
43 | /** |
||
44 | * @var string|null |
||
45 | */ |
||
46 | private $aad; |
||
47 | |||
48 | /** |
||
49 | * @var array |
||
50 | */ |
||
51 | private $recipients = []; |
||
52 | |||
53 | /** |
||
54 | * @var AlgorithmManager |
||
55 | */ |
||
56 | private $keyEncryptionAlgorithmManager; |
||
57 | |||
58 | /** |
||
59 | * @var AlgorithmManager |
||
60 | */ |
||
61 | private $contentEncryptionAlgorithmManager; |
||
62 | |||
63 | /** |
||
64 | * @var CompressionMethodManager |
||
65 | */ |
||
66 | private $compressionManager; |
||
67 | |||
68 | /** |
||
69 | * @var array |
||
70 | */ |
||
71 | private $sharedProtectedHeader = []; |
||
72 | |||
73 | /** |
||
74 | * @var array |
||
75 | */ |
||
76 | private $sharedHeader = []; |
||
77 | |||
78 | /** |
||
79 | * @var null|CompressionMethod |
||
80 | */ |
||
81 | private $compressionMethod = null; |
||
82 | |||
83 | /** |
||
84 | * @var null|ContentEncryptionAlgorithm |
||
85 | */ |
||
86 | private $contentEncryptionAlgorithm = null; |
||
87 | |||
88 | /** |
||
89 | * @var null|string |
||
90 | */ |
||
91 | private $keyManagementMode = null; |
||
92 | |||
93 | /** |
||
94 | * JWEBuilder constructor. |
||
95 | * |
||
96 | * @param JsonConverter $jsonConverter |
||
97 | * @param AlgorithmManager $keyEncryptionAlgorithmManager |
||
98 | * @param AlgorithmManager $contentEncryptionAlgorithmManager |
||
99 | * @param CompressionMethodManager $compressionManager |
||
100 | */ |
||
101 | public function __construct(JsonConverter $jsonConverter, AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionManager) |
||
102 | { |
||
103 | $this->jsonConverter = $jsonConverter; |
||
104 | $this->keyEncryptionAlgorithmManager = $keyEncryptionAlgorithmManager; |
||
105 | $this->contentEncryptionAlgorithmManager = $contentEncryptionAlgorithmManager; |
||
106 | $this->compressionManager = $compressionManager; |
||
107 | } |
||
108 | |||
109 | /** |
||
110 | * Reset the current data. |
||
111 | * |
||
112 | * @return JWEBuilder |
||
113 | */ |
||
114 | public function create(): self |
||
115 | { |
||
116 | $this->payload = null; |
||
117 | $this->aad = null; |
||
118 | $this->recipients = []; |
||
119 | $this->sharedProtectedHeader = []; |
||
120 | $this->sharedHeader = []; |
||
121 | $this->compressionMethod = null; |
||
122 | $this->contentEncryptionAlgorithm = null; |
||
123 | $this->keyManagementMode = null; |
||
124 | |||
125 | return $this; |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * @return AlgorithmManager |
||
130 | */ |
||
131 | public function getKeyEncryptionAlgorithmManager(): AlgorithmManager |
||
132 | { |
||
133 | return $this->keyEncryptionAlgorithmManager; |
||
134 | } |
||
135 | |||
136 | /** |
||
137 | * @return AlgorithmManager |
||
138 | */ |
||
139 | public function getContentEncryptionAlgorithmManager(): AlgorithmManager |
||
140 | { |
||
141 | return $this->contentEncryptionAlgorithmManager; |
||
142 | } |
||
143 | |||
144 | /** |
||
145 | * @return CompressionMethodManager |
||
146 | */ |
||
147 | public function getCompressionMethodManager(): CompressionMethodManager |
||
148 | { |
||
149 | return $this->compressionManager; |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * @param mixed $payload |
||
154 | * |
||
155 | * @return JWEBuilder |
||
156 | */ |
||
157 | public function withPayload($payload): self |
||
158 | { |
||
159 | $payload = is_string($payload) ? $payload : $this->jsonConverter->encode($payload); |
||
160 | if (false === mb_detect_encoding($payload, 'UTF-8', true)) { |
||
161 | throw new \InvalidArgumentException('The payload must be encoded in UTF-8'); |
||
162 | } |
||
163 | $clone = clone $this; |
||
164 | $clone->payload = $payload; |
||
165 | |||
166 | return $clone; |
||
167 | } |
||
168 | |||
169 | /** |
||
170 | * @param string|null $aad |
||
171 | * |
||
172 | * @return JWEBuilder |
||
173 | */ |
||
174 | public function withAAD(?string $aad): self |
||
175 | { |
||
176 | $clone = clone $this; |
||
177 | $clone->aad = $aad; |
||
178 | |||
179 | return $clone; |
||
180 | } |
||
181 | |||
182 | /** |
||
183 | * @param array $sharedProtectedHeader |
||
184 | * |
||
185 | * @return JWEBuilder |
||
186 | */ |
||
187 | public function withSharedProtectedHeader(array $sharedProtectedHeader): self |
||
188 | { |
||
189 | $this->checkDuplicatedHeaderParameters($sharedProtectedHeader, $this->sharedHeader); |
||
190 | foreach ($this->recipients as $recipient) { |
||
191 | $this->checkDuplicatedHeaderParameters($sharedProtectedHeader, $recipient->getHeader()); |
||
192 | } |
||
193 | $clone = clone $this; |
||
194 | $clone->sharedProtectedHeader = $sharedProtectedHeader; |
||
195 | |||
196 | return $clone; |
||
197 | } |
||
198 | |||
199 | /** |
||
200 | * @param array $sharedHeader |
||
201 | * |
||
202 | * @return JWEBuilder |
||
203 | */ |
||
204 | public function withSharedHeader(array $sharedHeader): self |
||
205 | { |
||
206 | $this->checkDuplicatedHeaderParameters($this->sharedProtectedHeader, $sharedHeader); |
||
207 | foreach ($this->recipients as $recipient) { |
||
208 | $this->checkDuplicatedHeaderParameters($sharedHeader, $recipient->getHeader()); |
||
209 | } |
||
210 | $clone = clone $this; |
||
211 | $clone->sharedHeader = $sharedHeader; |
||
212 | |||
213 | return $clone; |
||
214 | } |
||
215 | |||
216 | /** |
||
217 | * @param JWK $recipientKey |
||
218 | * @param array $recipientHeader |
||
219 | * |
||
220 | * @return JWEBuilder |
||
221 | */ |
||
222 | public function addRecipient(JWK $recipientKey, array $recipientHeader = []): self |
||
223 | { |
||
224 | $this->checkDuplicatedHeaderParameters($this->sharedProtectedHeader, $recipientHeader); |
||
225 | $this->checkDuplicatedHeaderParameters($this->sharedHeader, $recipientHeader); |
||
226 | $clone = clone $this; |
||
227 | $completeHeader = array_merge($clone->sharedHeader, $recipientHeader, $clone->sharedProtectedHeader); |
||
228 | $clone->checkAndSetContentEncryptionAlgorithm($completeHeader); |
||
229 | $keyEncryptionAlgorithm = $clone->getKeyEncryptionAlgorithm($completeHeader); |
||
230 | if (null === $clone->keyManagementMode) { |
||
231 | $clone->keyManagementMode = $keyEncryptionAlgorithm->getKeyManagementMode(); |
||
232 | } else { |
||
233 | if (!$clone->areKeyManagementModesCompatible($clone->keyManagementMode, $keyEncryptionAlgorithm->getKeyManagementMode())) { |
||
234 | throw new \InvalidArgumentException('Foreign key management mode forbidden.'); |
||
235 | } |
||
236 | } |
||
237 | |||
238 | $compressionMethod = $clone->getCompressionMethod($completeHeader); |
||
239 | if (null !== $compressionMethod) { |
||
240 | if (null === $clone->compressionMethod) { |
||
241 | $clone->compressionMethod = $compressionMethod; |
||
242 | } elseif ($clone->compressionMethod->name() !== $compressionMethod->name()) { |
||
243 | throw new \InvalidArgumentException('Incompatible compression method.'); |
||
244 | } |
||
245 | } |
||
246 | if (null === $compressionMethod && null !== $clone->compressionMethod) { |
||
247 | throw new \InvalidArgumentException('Inconsistent compression method.'); |
||
248 | } |
||
249 | $clone->checkKey($keyEncryptionAlgorithm, $recipientKey); |
||
250 | $clone->recipients[] = [ |
||
251 | 'key' => $recipientKey, |
||
252 | 'header' => $recipientHeader, |
||
253 | 'key_encryption_algorithm' => $keyEncryptionAlgorithm, |
||
254 | ]; |
||
255 | |||
256 | return $clone; |
||
257 | } |
||
258 | |||
259 | /** |
||
260 | * @return JWE |
||
261 | */ |
||
262 | public function build(): JWE |
||
263 | { |
||
264 | if (null === $this->payload) { |
||
265 | throw new \LogicException('Payload not set.'); |
||
266 | } |
||
267 | if (0 === count($this->recipients)) { |
||
268 | throw new \LogicException('No recipient.'); |
||
269 | } |
||
270 | |||
271 | $additionalHeader = []; |
||
272 | $cek = $this->determineCEK($additionalHeader); |
||
273 | |||
274 | $recipients = []; |
||
275 | foreach ($this->recipients as $recipient) { |
||
276 | $recipient = $this->processRecipient($recipient, $cek, $additionalHeader); |
||
277 | $recipients[] = $recipient; |
||
278 | } |
||
279 | |||
280 | if (!empty($additionalHeader) && 1 === count($this->recipients)) { |
||
281 | $sharedProtectedHeader = array_merge($additionalHeader, $this->sharedProtectedHeader); |
||
282 | } else { |
||
283 | $sharedProtectedHeader = $this->sharedProtectedHeader; |
||
284 | } |
||
285 | $encodedSharedProtectedHeader = empty($sharedProtectedHeader) ? '' : Base64Url::encode($this->jsonConverter->encode($sharedProtectedHeader)); |
||
286 | |||
287 | list($ciphertext, $iv, $tag) = $this->encryptJWE($cek, $encodedSharedProtectedHeader); |
||
288 | |||
289 | return JWE::create($ciphertext, $iv, $tag, $this->aad, $this->sharedHeader, $sharedProtectedHeader, $encodedSharedProtectedHeader, $recipients); |
||
290 | } |
||
291 | |||
292 | /** |
||
293 | * @param array $completeHeader |
||
294 | */ |
||
295 | protected function checkAndSetContentEncryptionAlgorithm(array $completeHeader): void |
||
304 | |||
305 | /** |
||
306 | * @param array $recipient |
||
307 | * @param string $cek |
||
308 | * @param array $additionalHeader |
||
309 | * |
||
310 | * @return Recipient |
||
311 | */ |
||
312 | private function processRecipient(array $recipient, string $cek, array &$additionalHeader): Recipient |
||
326 | |||
327 | /** |
||
328 | * @param string $cek |
||
329 | * @param string $encodedSharedProtectedHeader |
||
330 | * |
||
331 | * @return array |
||
332 | */ |
||
333 | private function encryptJWE(string $cek, string $encodedSharedProtectedHeader): array |
||
344 | |||
345 | /** |
||
346 | * @return string |
||
347 | */ |
||
348 | private function preparePayload(): ?string |
||
349 | { |
||
350 | $prepared = $this->payload; |
||
351 | |||
352 | if (null === $this->compressionMethod) { |
||
353 | return $prepared; |
||
354 | } |
||
355 | $compressedPayload = $this->compressionMethod->compress($prepared); |
||
359 | |||
360 | /** |
||
361 | * @param array $completeHeader |
||
362 | * @param string $cek |
||
363 | * @param KeyEncryptionAlgorithm $keyEncryptionAlgorithm |
||
364 | * @param JWK $recipientKey |
||
365 | * @param array $additionalHeader |
||
366 | * |
||
367 | * @return string|null |
||
368 | */ |
||
369 | private function getEncryptedKey(array $completeHeader, string $cek, KeyEncryptionAlgorithm $keyEncryptionAlgorithm, array &$additionalHeader, JWK $recipientKey): ?string |
||
385 | |||
386 | /** |
||
387 | * @param array $completeHeader |
||
388 | * @param string $cek |
||
389 | * @param KeyAgreementWithKeyWrapping $keyEncryptionAlgorithm |
||
390 | * @param array $additionalHeader |
||
391 | * @param JWK $recipientKey |
||
392 | * |
||
393 | * @return string |
||
394 | */ |
||
395 | private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $completeHeader, string $cek, KeyAgreementWithKeyWrapping $keyEncryptionAlgorithm, array &$additionalHeader, JWK $recipientKey): string |
||
399 | |||
400 | /** |
||
401 | * @param array $completeHeader |
||
402 | * @param string $cek |
||
403 | * @param KeyEncryption $keyEncryptionAlgorithm |
||
404 | * @param JWK $recipientKey |
||
405 | * @param array $additionalHeader |
||
406 | * |
||
407 | * @return string |
||
408 | */ |
||
409 | private function getEncryptedKeyFromKeyEncryptionAlgorithm(array $completeHeader, string $cek, KeyEncryption $keyEncryptionAlgorithm, JWK $recipientKey, array &$additionalHeader): string |
||
413 | |||
414 | /** |
||
415 | * @param array $completeHeader |
||
416 | * @param string $cek |
||
417 | * @param KeyWrapping $keyEncryptionAlgorithm |
||
418 | * @param JWK $recipientKey |
||
419 | * @param array $additionalHeader |
||
420 | * |
||
421 | * @return string |
||
422 | */ |
||
423 | private function getEncryptedKeyFromKeyWrappingAlgorithm(array $completeHeader, string $cek, KeyWrapping $keyEncryptionAlgorithm, JWK $recipientKey, array &$additionalHeader): string |
||
427 | |||
428 | /** |
||
429 | * @param KeyEncryptionAlgorithm $keyEncryptionAlgorithm |
||
430 | * @param JWK $recipientKey |
||
431 | */ |
||
432 | protected function checkKey(KeyEncryptionAlgorithm $keyEncryptionAlgorithm, JWK $recipientKey) |
||
441 | |||
442 | /** |
||
443 | * @param array $additionalHeader |
||
444 | * |
||
445 | * @return string |
||
446 | */ |
||
447 | private function determineCEK(array &$additionalHeader): string |
||
479 | |||
480 | /** |
||
481 | * @param array $completeHeader |
||
482 | * |
||
483 | * @return CompressionMethod|null |
||
484 | */ |
||
485 | protected function getCompressionMethod(array $completeHeader): ?CompressionMethod |
||
493 | |||
494 | /** |
||
495 | * @param string $current |
||
496 | * @param string $new |
||
497 | * |
||
498 | * @return bool |
||
499 | */ |
||
500 | protected function areKeyManagementModesCompatible(string $current, string $new): bool |
||
514 | |||
515 | /** |
||
516 | * @param int $size |
||
517 | * |
||
518 | * @return string |
||
519 | */ |
||
520 | private function createCEK(int $size): string |
||
524 | |||
525 | /** |
||
526 | * @param int $size |
||
527 | * |
||
528 | * @return string |
||
529 | */ |
||
530 | private function createIV(int $size): string |
||
534 | |||
535 | /** |
||
536 | * @param array $completeHeader |
||
537 | * |
||
538 | * @return KeyEncryptionAlgorithm |
||
539 | */ |
||
540 | protected function getKeyEncryptionAlgorithm(array $completeHeader): KeyEncryptionAlgorithm |
||
552 | |||
553 | /** |
||
554 | * @param array $completeHeader |
||
555 | * |
||
556 | * @return ContentEncryptionAlgorithm |
||
557 | */ |
||
558 | private function getContentEncryptionAlgorithm(array $completeHeader): ContentEncryptionAlgorithm |
||
570 | |||
571 | /** |
||
572 | * @param array $header1 |
||
573 | * @param array $header2 |
||
574 | */ |
||
575 | private function checkDuplicatedHeaderParameters(array $header1, array $header2) |
||
582 | } |
||
583 |