Esempio n. 1
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $aud = $jwt->getAudience();
     if (!is_null($aud) && $this->audience !== $aud) {
         throw new \Exception('Bad audience.');
     }
     return $this;
 }
Esempio n. 2
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $nbf = $jwt->getNotBefore();
     if (!is_null($nbf) && time() < $nbf) {
         throw new \Exception('Can not use this JWT yet.');
     }
     return $this;
 }
Esempio n. 3
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $iat = $jwt->getIssuedAt();
     if (!is_null($iat) && time() < $iat) {
         throw new \Exception('The JWT is issued in the futur.');
     }
     return $this;
 }
Esempio n. 4
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $iss = $jwt->getIssuer();
     if (!is_null($iss) && !in_array($iss, $this->issuers)) {
         throw new \Exception('Issuer not allowed.');
     }
     return $this;
 }
Esempio n. 5
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $sub = $jwt->getIssuer();
     if (!is_null($sub) && !$this->isSubjectValid($sub)) {
         throw new \Exception('Invalid subject.');
     }
     return $this;
 }
Esempio n. 6
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $exp = $jwt->getExpirationTime();
     if (!is_null($exp) && time() > $exp) {
         throw new \Exception('The JWT has expired.');
     }
     return $this;
 }
Esempio n. 7
0
 /**
  * {@inheritdoc}
  */
 public function checkJWT(JWTInterface $jwt)
 {
     $crit = $jwt->getCritical();
     if (!is_null($crit)) {
         foreach ($crit as $critical) {
             if (is_null($jwt->getHeaderValue($critical)) && is_null($jwt->getPayloadValue($critical))) {
                 throw new \Exception(sprintf("The claim/header '%s' is marked as critical but value is not set.", $critical));
             }
         }
     }
     return $this;
 }
Esempio n. 8
0
 /**
  * @param \Jose\SignatureInstructionInterface $instruction
  * @param \Jose\JWTInterface                  $input
  * @param string                              $jwt_payload
  *
  * @return array
  */
 protected function computeSignature(SignatureInstructionInterface $instruction, JWTInterface $input, $jwt_payload)
 {
     $protected_header = array_merge($input->getProtectedHeader(), $instruction->getProtectedHeader());
     $unprotected_header = array_merge($input->getUnprotectedHeader(), $instruction->getUnprotectedHeader());
     $complete_header = array_merge($protected_header, $protected_header);
     $jwt_protected_header = empty($protected_header) ? null : Base64Url::encode(json_encode($protected_header));
     $signature_algorithm = $this->getSignatureAlgorithm($complete_header, $instruction->getKey());
     if (!$this->checkKeyUsage($instruction->getKey(), 'signature')) {
         throw new \InvalidArgumentException('Key cannot be used to sign');
     }
     $signature = $signature_algorithm->sign($instruction->getKey(), $jwt_protected_header . '.' . $jwt_payload);
     $jwt_signature = Base64Url::encode($signature);
     $result = ['signature' => $jwt_signature];
     if (!is_null($protected_header)) {
         $result['protected'] = $jwt_protected_header;
     }
     if (!empty($unprotected_header)) {
         $result['header'] = $unprotected_header;
     }
     return $result;
 }