refactor: add signing key value object

Author: innocenzi

packages/cryptography/src/Signing/Exceptions/SigningKeyWasInvalid.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace Tempest\Cryptography\Signing\Exceptions;
+
+use Exception;
+
+final class SigningKeyWasInvalid extends Exception implements SigningException
+{
+    public static function becauseItIsMissing(): self
+    {
+        return new self('The signing key is missing or empty. Ensure you have a `SIGNING_KEY` environment variable.');
+    }
+}

packages/cryptography/src/Signing/Exceptions/SigningKeyWasMissing.php

@@ -12,14 +12,8 @@ final class GenericSigner implements Signer
         get => $this->config->algorithm;
     }
 
-    private string $key {
-        get {
-            if (trim($this->config->key) === '') {
-                throw new SigningKeyWasMissing();
-            }
-
-            return $this->config->key;
-        }
+    private SigningKey $key {
+        get => SigningKey::fromString($this->config->key);
     }
 
     public function __construct(
@@ -32,16 +26,16 @@ public function sign(string $data): Signature
         return new Signature(hash_hmac(
             algo: $this->algorithm->value,
             data: $data,
-            key: $this->key,
+            key: $this->key->value,
         ));
     }
 
     public function verify(string $data, Signature $signature): bool
     {
         return $this->timelock->invoke(
             callback: fn () => hash_equals(
-                known_string: $this->sign($data)->signature,
-                user_string: $signature->signature,
+                known_string: $this->sign($data)->value,
+                user_string: $signature->value,
             ),
             duration: $this->config->minimumExecutionDuration ?: Duration::zero(),
         );

packages/cryptography/src/Signing/GenericSigner.php

@@ -7,11 +7,16 @@
 final readonly class Signature implements Stringable
 {
     public function __construct(
-        public string $signature,
+        public string $value,
     ) {}
 
     public function __toString(): string
     {
-        return $this->signature;
+        return $this->value;
+    }
+
+    public static function from(string $value): self
+    {
+        return new self($value);
     }
 }

packages/cryptography/src/Signing/Signature.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Tempest\Cryptography\Signing;
+
+use Stringable;
+use Tempest\Cryptography\Signing\Exceptions\SigningKeyWasInvalid;
+
+final readonly class SigningKey implements Stringable
+{
+    public function __construct(
+        private(set) string $value,
+    ) {
+        if (trim($value) === '') {
+            throw SigningKeyWasInvalid::becauseItIsMissing();
+        }
+    }
+
+    /**
+     * Creates a signing key from a string.
+     */
+    public static function fromString(string $key): self
+    {
+        return new self($key);
+    }
+
+    public function __toString(): string
+    {
+        return $this->value;
+    }
+}

packages/cryptography/src/Signing/SigningKey.php

@@ -6,6 +6,7 @@
 use Tempest\Clock\Clock;
 use Tempest\Clock\GenericClock;
 use Tempest\Clock\MockClock;
+use Tempest\Cryptography\Signing\Exceptions\SigningKeyWasInvalid;
 use Tempest\Cryptography\Signing\Exceptions\SigningKeyWasMissing;
 use Tempest\Cryptography\Signing\GenericSigner;
 use Tempest\Cryptography\Signing\SigningAlgorithm;
@@ -90,7 +91,7 @@ public function test_different_algoritms(): void
 
     public function test_no_signing_key(): void
     {
-        $this->expectException(SigningKeyWasMissing::class);
+        $this->expectException(SigningKeyWasInvalid::class);
 
         $signer = $this->createSigner(new SigningConfig(
             algorithm: SigningAlgorithm::SHA256,