/**
* @param Context $context
* @param string $token
* @param string|resource $key
*
* @return array
*/
public static function decode(Context $context, $token, $key)
{
if (empty($token) || trim($token) === '') {
throw new JoseJwtException('Incoming token expected to be in compact serialization form, but is empty');
}
$parts = explode('.', $token);
if (count($parts) == 5) {
return Jwe::decode($context, $token, $key);
}
$decodedParts = [];
foreach ($parts as $part) {
$decodedParts[] = UrlSafeB64Encoder::decode($part);
}
$header = json_decode($decodedParts[0], true);
if (null == $header) {
throw new JoseJwtException('Invalid header');
}
// signed or plain JWT
$signedInput = $parts[0] . '.' . $parts[1];
$algorithmId = $header['alg'];
$algorithm = $context->jwsAlgorithms()->get($algorithmId);
if (null === $algorithm) {
throw new JoseJwtException(sprintf('Invalid algorithm "%s"', $algorithmId));
}
if (false === $algorithm->verify($decodedParts[2], $signedInput, $key)) {
throw new IntegrityException('Invalid signature');
}
return json_decode($decodedParts[1], true);
}
/**
* @dataProvider rsa_decrypt_provider
*/
public function test_rsa_decrypt($tokenName)
{
$payload = Jwe::decode($this->context, $this->tokens[$tokenName], $this->getRsaPrivateKey());
$payload = json_decode($payload, true);
$this->assertEquals($this->payload, $payload);
}
