/**
* @param JWKInterface $key
*/
private function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'OKP', 'Wrong key type.');
Assertion::true($key->has('x'), 'The key parameter "x" is missing.');
Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.');
Assertion::inArray($key->get('crv'), ['Ed25519'], 'Unsupported curve');
}
/**
* {@inheritdoc}
*/
public function getCEK(JWKInterface $key, array $header)
{
if (!$key->has('kty') || 'dir' !== $key->get('kty') || !$key->has('dir')) {
throw new \InvalidArgumentException('The key is not valid');
}
return Base64Url::decode($key->get('dir'));
}
/**
* @param \Jose\Object\JWKInterface $key
* @param string $algorithm
*
* @return bool
*/
private function checkKeyAlgorithm(JWKInterface $key, $algorithm)
{
if (!$key->has('alg')) {
return true;
}
return $key->get('alg') === $algorithm;
}
/**
* @param \Jose\Object\JWKInterface $key
*/
protected function checkKey(JWKInterface $key)
{
if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) {
throw new \InvalidArgumentException('The key is not valid');
}
if ($this->getKeySize() !== strlen(Base64Url::decode($key->get('k')))) {
throw new \InvalidArgumentException('The key size is not valid');
}
}
/**
* @param \Jose\Object\JWKInterface $key
*
* @return string
*/
private function getPEM(JWKInterface $key)
{
switch ($key->get('kty')) {
case 'RSA':
return (new RSAKey($key))->toPEM();
case 'EC':
return (new ECKey($key))->toPEM();
default:
throw new \InvalidArgumentException('Unsupported key type.');
}
}
/**
* @param \Jose\Object\JWKInterface|string|array $data
*/
public function __construct($data)
{
parent::__construct();
if ($data instanceof JWKInterface) {
$this->loadJWK($data->getAll());
} elseif (is_array($data)) {
$this->loadJWK($data);
} elseif (is_string($data)) {
$this->loadPEM($data);
} else {
throw new \InvalidArgumentException('Unsupported input');
}
$this->private = isset($this->values['d']);
}
/**
* Decode a JSON Web Token.
*
* @param Token $token
* @return array
* @throws \Tymon\JWTAuth\Exceptions\JWTException
*/
public function decode($token)
{
try {
$loader = new Loader();
$verifiedJWS = $loader->loadAndVerifySignatureUsingKey((string) $token, $this->signatureKey, [$this->signatureKey->get('alg')]);
$jwe = $loader->loadAndDecryptUsingKey($verifiedJWS->getPayload(), $this->encryptionKey, ['dir'], [$this->encryptionKey->get('alg')]);
} catch (Exception $e) {
throw new TokenInvalidException('Could not decode token: ' . $e->getMessage());
}
return $jwe->getPayload();
}
/**
* @param JWKInterface $key
*/
private function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'EC', 'Wrong key type.');
Assertion::true($key->has('x'), 'The key parameter "x" is missing.');
Assertion::true($key->has('y'), 'The key parameter "y" is missing.');
Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.');
}
/**
* @param array $complete_header The complete header
* @param \Jose\Object\JWKInterface $key
*
* @return \Jose\Algorithm\SignatureAlgorithmInterface
*/
private function getSignatureAlgorithm(array $complete_header, Object\JWKInterface $key)
{
Assertion::keyExists($complete_header, 'alg', 'No "alg" parameter set in the header.');
Assertion::false($key->has('alg') && $key->get('alg') !== $complete_header['alg'], sprintf('The algorithm "%s" is not allowed with this key.', $complete_header['alg']));
$signature_algorithm = $this->getJWAManager()->getAlgorithm($complete_header['alg']);
Assertion::isInstanceOf($signature_algorithm, Algorithm\SignatureAlgorithmInterface::class, sprintf('The algorithm "%s" is not supported.', $complete_header['alg']));
return $signature_algorithm;
}
/**
* @param array $complete_header The complete header
* @param \Jose\Object\JWKInterface $key
*
* @return \Jose\Algorithm\Signature\SignatureInterface
*/
protected function getSignatureAlgorithm(array $complete_header, JWKInterface $key)
{
if (!array_key_exists('alg', $complete_header)) {
throw new \InvalidArgumentException('No "alg" parameter set in the header.');
}
if ($key->has('alg') && $key->get('alg') !== $complete_header['alg']) {
throw new \InvalidArgumentException(sprintf('The algorithm "%s" is allowed with this key.', $complete_header['alg']));
}
$signature_algorithm = $this->getJWAManager()->getAlgorithm($complete_header['alg']);
if (!$signature_algorithm instanceof SignatureInterface) {
throw new \InvalidArgumentException(sprintf('The algorithm "%s" is not supported.', $complete_header['alg']));
}
return $signature_algorithm;
}
/**
* @param JWKInterface $key
*/
protected function checkKey(JWKInterface $key)
{
if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) {
throw new \InvalidArgumentException('The key is not valid');
}
}
/**
* @param JWKInterface $key
*/
private function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'RSA', 'Wrong key type.');
}
/**
* @param array $restrictions
* @param \Jose\Object\JWKInterface $key
*
* @return bool
*/
private function doesKeySatisfyRestrictions(array $restrictions, JWKInterface $key)
{
foreach ($restrictions as $k => $v) {
if (!$key->has($k) || $v !== $key->get($k)) {
return false;
}
}
return true;
}
/**
* @param \Jose\Object\JWKInterface $key
*/
protected function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.');
Assertion::true($key->has('k'), 'The key parameter "k" is missing.');
Assertion::eq($this->getKeySize(), mb_strlen(Base64Url::decode($key->get('k')), '8bit'), 'The key size is not valid');
}
/**
* @param \Jose\Object\JWKInterface $key
* @param string $algorithm
*/
protected function checkKeyAlgorithm(JWKInterface $key, $algorithm)
{
if (!$key->has('alg')) {
return;
}
Assertion::eq($key->get('alg'), $algorithm, sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
}
/**
* {@inheritdoc}
*/
public function getCEK(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.');
Assertion::true($key->has('k'), 'The key parameter "k" is missing.');
return Base64Url::decode($key->get('k'));
}
/**
* @param JWKInterface $key
*/
protected function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.');
Assertion::true($key->has('k'), 'The key parameter "k" is missing.');
}
/**
* @param JWKInterface $key
*/
protected function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'none', 'Wrong key type.');
}
/**
* @param JWKInterface $key
*
* @throws \InvalidArgumentException
*
* @return \Mdanter\Ecc\Primitives\GeneratorPoint
*/
private function getGenerator(JWKInterface $key)
{
$crv = $key->get('crv');
switch ($crv) {
case 'P-256':
return EccFactory::getNistCurves()->generator256();
case 'P-384':
return EccFactory::getNistCurves()->generator384();
case 'P-521':
return EccFactory::getNistCurves()->generator521();
default:
throw new \InvalidArgumentException(sprintf('The curve "%s" is not supported', $crv));
}
}
/**
* @param JWKInterface $key
*/
private function checkKey(JWKInterface $key)
{
if (!$key->has('kty') || 'EC' !== $key->get('kty')) {
throw new \InvalidArgumentException('The key is not valid');
}
if (!$key->has('x') || !$key->has('y') || !$key->has('crv')) {
throw new \InvalidArgumentException('Key components ("x", "y" or "crv") missing');
}
}
