Esempio n. 1
0
 /**
  * {@inheritdoc}
  */
 public function getCEK(JWKInterface $key, array $header)
 {
     if ('dir' !== $key->getKeyType()) {
         throw new \InvalidArgumentException('The key is not valid');
     }
     return Base64Url::decode($key->getValue('dir'));
 }
Esempio n. 2
0
 /**
  * @param \Jose\JWKInterface $key
  * @param                    $usage
  *
  * @throws \Exception
  *
  * @return bool
  */
 protected function checkKeyUsage(JWKInterface $key, $usage)
 {
     $use = $key->getPublicKeyUse();
     $ops = $key->getKeyOperations();
     if (is_null($use) && is_null($ops)) {
         return true;
     }
     if (!is_null($use)) {
         switch ($usage) {
             case 'verification':
             case 'signature':
                 if ('sig' === $use) {
                     return true;
                 }
                 return false;
             case 'encryption':
             case 'decryption':
                 if ('enc' === $use) {
                     return true;
                 }
                 return false;
             default:
                 throw new \Exception('Unsupported key usage.');
         }
     } elseif (is_array($ops)) {
         switch ($usage) {
             case 'verification':
                 if (in_array('verify', $ops)) {
                     return true;
                 }
                 return false;
             case 'signature':
                 if (in_array('sign', $ops)) {
                     return true;
                 }
                 return false;
             case 'encryption':
                 if (in_array('encrypt', $ops) || in_array('wrapKey', $ops)) {
                     return true;
                 }
                 return false;
             case 'decryption':
                 if (in_array('decrypt', $ops) || in_array('unwrapKey', $ops)) {
                     return true;
                 }
                 return false;
             default:
                 throw new \Exception('Unsupported key usage.');
         }
     }
     return true;
 }
Esempio n. 3
0
 /**
  * @param \Jose\JWKInterface|string|array $data
  */
 public function __construct($data)
 {
     parent::__construct();
     if ($data instanceof JWKInterface) {
         $this->loadJWK($data->getValues());
     } elseif (is_array($data)) {
         $this->loadJWK($data);
     } elseif (is_string($data)) {
         $this->loadPEM($data);
     } else {
         throw new \InvalidArgumentException('Unsupported input');
     }
 }
Esempio n. 4
0
 /**
  * @param JWKInterface $key
  */
 protected function checkKey(JWKInterface $key)
 {
     if ('RSA' !== $key->getKeyType()) {
         throw new \InvalidArgumentException('The key is not valid');
     }
 }
Esempio n. 5
0
 /**
  * @param JWKInterface $key
  */
 protected function checkKey(JWKInterface $key)
 {
     if ('oct' !== $key->getKeyType() || null === $key->getValue('k')) {
         throw new \InvalidArgumentException('The key is not valid');
     }
 }
Esempio n. 6
0
 /**
  * @param array              $header
  * @param \Jose\JWKInterface $key
  *
  * @return \Jose\Operation\SignatureInterface|null
  */
 protected function getAlgorithm(array $header, JWKInterface $key)
 {
     if (!array_key_exists('alg', $header)) {
         if (is_null($key->getAlgorithm())) {
             throw new \InvalidArgumentException("No 'alg' parameter set in the header or the key.");
         } else {
             $alg = $key->getAlgorithm();
         }
     } else {
         $alg = $header['alg'];
     }
     $algorithm = $this->getJWAManager()->getAlgorithm($alg);
     if (!$algorithm instanceof SignatureInterface) {
         throw new \RuntimeException("The algorithm '{$alg}' is not supported or does not implement SignatureInterface.");
     }
     return $algorithm;
 }
Esempio n. 7
0
 /**
  * @param JWKInterface $key
  *
  * @throws \Exception
  *
  * @return \Mdanter\Ecc\Primitives\GeneratorPoint
  */
 private function getGenerator(JWKInterface $key)
 {
     $crv = $key->getValue('crv');
     switch ($crv) {
         case 'P-256':
             return EccFactory::getNistCurves()->generator256();
         case 'P-384':
             return EccFactory::getNistCurves()->generator384();
         case 'P-521':
             return EccFactory::getNistCurves()->generator521();
         default:
             throw new \Exception("Curve {$crv} is not supported");
     }
 }
Esempio n. 8
0
 /**
  * @param string             $kid The key ID
  * @param \Jose\JWKInterface $jwk A JWK object
  *
  * @return $this
  */
 public function loadKeyFromJWK($kid, JWKInterface $jwk)
 {
     $this->loadKeyFromValues($kid, $jwk->getValues());
     return $this;
 }
Esempio n. 9
0
 /**
  * @param array              $complete_header The complete header
  * @param \Jose\JWKInterface $key
  *
  * @return \Jose\Operation\SignatureInterface
  */
 protected function getSignatureAlgorithm(array $complete_header, JWKInterface $key)
 {
     if (!array_key_exists('alg', $complete_header)) {
         if (is_null($key->getAlgorithm())) {
             throw new \InvalidArgumentException("No 'alg' parameter set in the header or the key.");
         } else {
             $alg = $key->getAlgorithm();
         }
     } else {
         $alg = $complete_header['alg'];
     }
     if (!is_null($key->getAlgorithm()) && $key->getAlgorithm() !== $alg) {
         throw new \InvalidArgumentException("The algorithm '{$alg}' is allowed with this key.");
     }
     $signature_algorithm = $this->getJWAManager()->getAlgorithm($alg);
     if (!$signature_algorithm instanceof SignatureInterface) {
         throw new \InvalidArgumentException("The algorithm '{$alg}' is not supported.");
     }
     return $signature_algorithm;
 }