Branch Coverage

blib/lib/Crypt/JWT.pm
Criterion Covered Total %
branch 342 510 67.0


line true false branch
51 0 98 unless defined $key
52 1 97 unless ref $key
55 48 49 if (ref $key eq 'Crypt::PK::RSA') { }
49 0 elsif (ref $key eq 'HASH' or ref $key eq 'SCALAR') { }
0 0 elsif (ref $key eq 'ARRAY') { }
61 0 0 if (ref $key eq 'Crypt::OpenSSL::RSA') { }
0 0 elsif (ref($key) =~ /^Crypt::(X509|OpenSSL::X509)$/) { }
63 0 0 $key->is_private ? :
70 0 0 if defined $str and not ref $str
72 0 97 unless $pk
76 0 97 if $bits < $MIN_RSA_BITS
82 0 21 unless defined $key
83 1 20 unless ref $key
85 8 12 if ref $key eq "Crypt::PK::ECC"
86 12 0 if ref $key eq "HASH" or ref $key eq "SCALAR"
87 0 0 if ref $key eq "ARRAY"
93 0 4 unless defined $key
94 0 4 unless ref $key
96 0 4 if ref $key eq "Crypt::PK::Ed25519"
97 4 0 if ref $key eq "HASH" or ref $key eq "SCALAR"
98 0 0 if ref $key eq "ARRAY"
104 0 60 unless defined $key
105 0 60 unless ref $key
108 48 12 if ref($key) =~ /^Crypt::PK::(ECC|X25519)$/
110 12 0 if (ref $key eq "HASH" or ref $key eq "SCALAR")
113 12 0 if defined $rv
115 0 0 if (ref $key eq "ARRAY")
118 0 0 if defined $rv
125 0 300 unless defined $key
126 15 285 if (ref $key eq 'HASH' and $key->{'k'} and $key->{'kty'} and $key->{'kty'} eq 'oct') { }
285 0 elsif (not ref $key) { }
137 0 4 unless defined $kid and defined $alg
138 2 2 if $kid_keys and not ref $kid_keys
139 0 4 if ref $kid_keys ne "HASH"
141 4 0 if (exists $kid_keys->{'keys'} and ref $kid_keys->{'keys'} eq 'ARRAY') { }
154 8 0 if (defined $k->{'kid'})
155 0 8 if $seen_kid{$k->{'kid'}}++
157 8 0 if ($k->{'kty'} || '') eq "oct"
158 0 8 if ($k->{'kty'} || '') =~ /^(RSA|EC|OKP)$/
160 0 4 if $has_oct and $has_asym
163 4 4 if ($_->{'kid'} and $_->{'kty'} and $_->{'kid'} eq $kid)
172 0 0 if $kid_keys->{$kid} and not ref $kid_keys->{$kid}
174 0 4 unless $found
175 4 0 if $found->{'kty'} eq "oct" and $alg =~ /^(HS|dir|PBES2-HS|A)/
176 0 0 if $found->{'kty'} eq "OKP" and $alg =~ /^(EdDSA|ECDH-ES)/
177 0 0 if $found->{'kty'} eq "EC" and $alg =~ /^(ES|EC)/
178 0 0 if $found->{'kty'} eq "RSA" and $alg =~ /^(RS|PS)/
184 0 341 unless $b64url
186 0 341 unless $json
188 0 341 unless ref $hash eq "HASH"
203 2 27 if $args{'auto_iat'}
204 4 25 if defined $args{'relative_exp'}
205 2 27 if defined $args{'relative_nbf'}
214 282 44 unless ref $key eq "HASH"
222 5 39 if (defined $key->{'alg'})
225 2 3 if ($what eq 'JWS') { }
226 4 0 if ($_[0] =~ /^(HS|RS|PS|ES|EdDSA)/) { }
232 0 5 unless $ok
236 22 22 $what eq 'JWS' ? :
237 0 44 if (defined $key->{'use'} and $key->{'use'} ne $expected_use)
242 0 44 if (ref $key->{'key_ops'} eq "ARRAY")
243 0 0 $what eq 'JWS' ? :
247 0 0 unless $found
255 0 17 if (($key->{'kty'} || '') eq "EC" and defined $key->{'alg'} and defined $key->{'crv'})
263 0 0 if (exists $ec_curve_for{$key->{'alg'}}) { }
0 0 elsif ($key->{'alg'} =~ /^ES/) { }
265 0 0 if $ec_curve_for{$key->{'alg'}} ne $key->{'crv'}
275 515 18 unless defined $check
277 3 0 if not $value =~ /$check/
3 15 if ($r eq 'Regexp') { }
6 9 elsif ($r eq 'ARRAY') { }
9 0 elsif (not $r) { }
279 3 3 unless $ok{$value}
280 3 6 if $value ne $check
289 272 18 unless defined $check
291 12 6 if (exists $header->{'typ'}) { }
292 4 8 if (ref $check eq 'Regexp') { }
4 4 elsif (ref $check eq 'CODE') { }
4 0 elsif (not ref $check) { }
294 0 4 unless defined $value
295 2 2 unless $value =~ /$check/
298 2 2 unless &$check($header->{'typ'})
302 2 2 unless defined $value and $value eq $check
317 3 76 if not defined $value or ref $value or not "$value" =~ /\A(?:0|[1-9][0-9]*)(?:\.[0-9]+)?\z/
324 1 326 if $args{'ignore_claims'}
326 227 99 if (ref $payload ne "HASH")
330 2 1575 if (defined $args{"verify_$claim"} and $args{"verify_$claim"} != 0)
341 58 41 if (defined $payload->{'exp'}) { }
0 82 elsif ($args{'verify_exp'} and $args{'verify_exp'} == 1) { }
342 43 15 if (not defined $args{'verify_exp'} or $args{'verify_exp'} == 1)
344 7 35 if $payload->{'exp'} + $leeway <= $now
352 32 59 if (defined $payload->{'nbf'}) { }
0 118 elsif ($args{'verify_nbf'} and $args{'verify_nbf'} == 1) { }
353 31 1 if (not defined $args{'verify_nbf'} or $args{'verify_nbf'} == 1)
355 3 27 if $payload->{'nbf'} - $leeway > $now
363 6 81 if (exists $args{'verify_iat'})
364 6 0 if (defined $payload->{'iat'}) { }
0 0 elsif ($args{'verify_iat'} and $args{'verify_iat'} == 1) { }
365 5 1 if (not defined $args{'verify_iat'} or $args{'verify_iat'} == 1)
367 2 2 if $payload->{'iat'} - $leeway > $now
376 23 61 if (defined $args{'verify_aud'})
378 22 1 if (exists $payload->{'aud'}) { }
381 6 16 ref $payload->{'aud'} eq 'ARRAY' ? :
383 10 18 if (ref $check eq 'Regexp') { }
9 9 elsif (ref $check eq 'CODE') { }
9 0 elsif (not ref $check) { }
384 1 9 unless defined $value
385 5 5 if $value =~ /$check/
388 5 4 if &$check($value)
391 5 4 if defined $value and $value eq $check
394 7 15 unless $match
404 186 30 unless defined $check
406 27 3 if (exists $payload->{$claim}) { }
407 9 18 if (ref $check eq 'Regexp') { }
9 9 elsif (ref $check eq 'CODE') { }
9 0 elsif (not ref $check) { }
409 0 9 unless defined $value
410 3 6 unless $value =~ /$check/
413 3 6 unless &$check($payload->{$claim})
417 3 6 unless defined $value and $value eq $check
432 2 2 ref $z eq 'ARRAY' ? :
433 4 0 if ($zip[0] eq 'deflate') { }
434 2 2 defined $zip[1] ? :
438 0 4 unless $d->deflate($payload, $output) == Z_OK()
439 0 4 unless $d->flush($output) == Z_OK()
440 0 4 unless $output
451 16 0 if ($z eq 'DEF') { }
459 0 16 if $status == Z_BUF_ERROR()
460 0 16 if $status != Z_STREAM_END()
471 31 128 if (ref($payload) =~ /^(HASH|ARRAY)$/) { }
475 0 128 unless utf8::downgrade($payload, 1)
482 83 244 if defined $decode_payload and $decode_payload == 0
485 14 230 if ($decode_payload) { }
486 0 14 unless $de
490 90 140 defined $de ? :
499 12 105 if ($alg eq "dir")
505 57 48 if ($enc =~ /^A(128|192|256)GCM/) { }
48 0 elsif ($enc =~ /^A(128|192|256)CBC/) { }
512 18 87 if ($alg =~ /^A(128|192|256)KW$/) { }
18 69 elsif ($alg =~ /^A(128|192|256)GCMKW$/) { }
26 43 elsif ($alg =~ /^PBES2-HS(512|384|256)\+A(128|192|256)KW$/) { }
18 25 elsif ($alg =~ /^RSA(-OAEP|-OAEP-256|1_5)$/) { }
19 6 elsif ($alg =~ /^ECDH-ES\+A(128|192|256)KW$/) { }
6 0 elsif ($alg eq 'ECDH-ES') { }
525 0 26 &looks_like_number($hdr->{'p2s'}) && $hdr->{'p2s'} >= 8 && $hdr->{'p2s'} <= 9999 ? :
527 0 26 &looks_like_number($hdr->{'p2c'}) ? :
556 18 173 if ($alg eq 'dir') { }
26 147 elsif ($alg =~ /^A(128|192|256)KW$/) { }
22 125 elsif ($alg =~ /^A(128|192|256)GCMKW$/) { }
49 76 elsif ($alg =~ /^PBES2-HS(512|384|256)\+A(128|192|256)KW$/) { }
41 35 elsif ($alg =~ /^RSA(-OAEP|-OAEP-256|1_5)$/) { }
23 12 elsif ($alg =~ /^ECDH-ES\+A(128|192|256)KW$/) { }
12 0 elsif ($alg eq 'ECDH-ES') { }
567 0 49 unless &looks_like_number($p2c) and $p2c >= 1 and $p2c <= $MAX_PBES2_ITER
587 0 117 defined $b64u_aad ? :
588 63 54 if ($enc =~ /^A(128|192|256)GCM$/) { }
54 0 elsif ($enc =~ /^A(128|192|256)CBC-HS(256|384|512)$/) { }
592 0 63 unless $len1 == $len2
603 0 54 unless $key_len == $size
624 103 88 if ($enc =~ /^A(128|192|256)GCM$/) { }
88 0 elsif ($enc =~ /^A(128|192|256)CBC-HS(256|384|512)$/) { }
628 0 103 unless $len1 == $len2
637 0 88 unless $key_len == $size
648 0 88 unless slow_eq($sig, $tag)
661 3 114 $args{'extra_headers'} ? :
662 0 117 unless defined $enc
663 0 117 unless defined $payload
665 9 108 if ref $payload eq "HASH"
669 2 115 if $args{'zip'}
674 0 117 unless $args{'key'}
675 0 117 defined $args{'keypass'} ? :
681 0 117 defined $args{'aad'} ? :
700 0 197 if $b64u_header and not $header
701 0 197 if $b64u_ecek and not $ecek
702 0 197 if $b64u_ct and not $ct
703 0 197 if $b64u_iv and not $iv
704 0 197 if $b64u_tag and not $tag
707 195 2 if (exists $args{'key'}) { }
2 0 elsif (exists $args{'kid_keys'}) { }
708 0 195 defined $args{'keypass'} ? :
714 0 2 unless defined $k
717 0 197 unless defined $key
724 18 173 defined $header->{'alg'} && $header->{'alg'} eq 'dir' ? :
736 0 191 defined $b64u_aad ? :
738 11 180 if $header->{'zip'}
747 2 40 if $alg eq "none"
750 26 14 if ($alg =~ /^HS(256|384|512)$/) { }
5 9 elsif ($alg =~ /^RS(256|384|512)/) { }
3 6 elsif ($alg =~ /^PS(256|384|512)/) { }
4 2 elsif ($alg =~ /^ES(256|256K|384|512)$/) { }
2 0 elsif ($alg eq 'EdDSA') { }
752 0 26 if length $key < $MIN_HMAC_KEY_LEN
780 0 135 if $b64u_sig and not $sig
783 0 135 if ($alg eq 'none') { }
85 50 elsif ($alg =~ /^HS(256|384|512)$/) { }
24 26 elsif ($alg =~ /^RS(256|384|512)/) { }
7 19 elsif ($alg =~ /^PS(256|384|512)/) { }
17 2 elsif ($alg =~ /^ES(256|256K|384|512)$/) { }
2 0 elsif ($alg eq 'EdDSA') { }
788 0 85 if length $key < $MIN_HMAC_KEY_LEN
789 85 0 if slow_eq($sig, hmac("SHA$1", $key, $data))
794 23 0 if $pk->verify_message($sig, $data, $hash, "v1.5")
800 7 0 if $pk->verify_message($sig, $data, $hash, "pss", $hashlen)
805 14 2 if $pk->verify_message_rfc7518($sig, $data, $hash)
809 2 0 if $pk->verify_message($sig, $data)
818 3 40 $args{'extra_headers'} ? :
819 0 43 unless defined $payload
820 1 42 if $alg eq "none" and not $args{'allow_none'}
822 20 22 if ref $payload eq "HASH"
826 2 40 if $args{'zip'}
835 0 42 if not $args{'key'} and $alg ne "none"
836 0 42 defined $args{'keypass'} ? :
845 0 144 if $b64u_header and not $header
846 2 142 if ref $unprotected_header ne "HASH"
848 143 1 unless ($args{'ignore_signature'})
850 0 143 unless $alg
851 1 142 if $alg eq "none" and not $args{'allow_none'}
852 0 4 if $alg eq "none" and defined $b64u_sig and length $b64u_sig > 0
856 135 4 if ($alg ne "none")
858 132 3 if (exists $args{'key'}) { }
2 1 elsif (exists $args{'kid_keys'}) { }
1 0 elsif ($args{'key_from_jwk_header'}) { }
859 0 132 defined $args{'keypass'} ? :
864 2 0 exists $header->{'kid'} ? :
866 0 2 unless defined $k
874 0 1 if not defined $k or ref $k ne "HASH" or not defined $k->{'kty'}
875 0 1 unless $alg =~ /^(RS|PS|ES)/ and $k->{'kty'} =~ /^(RSA|EC)$/
876 0 1 if $k->{'d'} or $k->{'p'} or $k->{'q'} or $k->{'dp'} or $k->{'dq'} or $k->{'qi'}
879 0 135 unless defined $key
883 2 131 unless $valid
887 0 136 if $b64u_payload and not $payload
888 5 131 if $header->{'zip'}
899 0 160 unless $args{'alg'}
901 43 117 if ($args{'alg'} =~ /^(none|EdDSA|(HS|RS|PS)(256|384|512)|ES(256|256K|384|512))$/) { }
117 0 elsif ($args{'alg'} =~ /^(dir|A(128|192|256)KW|A(128|192|256)GCMKW|PBES2-(HS256\+A128KW|HS384\+A192KW|HS512\+A256KW)|RSA-OAEP|RSA-OAEP-256|RSA1_5|ECDH-ES\+A(128|192|256)KW|ECDH-ES)$/) { }
904 42 0 if ($ser eq 'compact') { }
0 0 elsif ($ser eq 'flattened') { }
905 0 42 if defined $args{'unprotected_headers'}
910 0 0 if ref $args{'unprotected_headers'} eq "HASH"
920 117 0 if ($ser eq 'compact') { }
0 0 elsif ($ser eq 'flattened') { }
921 0 117 if defined $args{'aad'}
922 0 117 if defined $args{'unprotected_headers'}
923 0 117 if defined $args{'shared_unprotected_headers'}
935 0 0 if ref $args{'unprotected_headers'} eq "HASH"
937 0 0 if ref $args{'shared_unprotected_headers'} eq "HASH"
939 0 0 if defined $b64u_aad
955 0 341 unless ($args{'token'})
958 1 340 $args{'tolerate_padding'} ? :
959 335 6 if ($args{'token'} =~ /$token_re/) { }
6 0 elsif ($args{'token'} =~ /^\s*\{.*?\}\s*$/s) { }
960 195 140 if (defined $5 and length $5 > 0) { }
971 4 2 if (defined $hash->{'payload'} and $hash->{'protected'}) { }
2 0 elsif ($hash->{'ciphertext'} and $hash->{'protected'}) { }
986 33 245 if $args{'decode_header'}