/**
* {@inheritdoc}
*/
public function verify(Object\JWSInterface $jws, Object\JWKSetInterface $signature_key_set, $detached_payload = null)
{
Assertion::inArray($jws->getSignature(0)->getProtectedHeader('alg'), $this->getSupportedSignatureAlgorithms(), sprintf('The signature algorithm "%s" is not supported or not allowed.', $jws->getSignature(0)->getProtectedHeader('alg')));
$index = null;
$this->verifier->verifyWithKeySet($jws, $signature_key_set, $detached_payload, $index);
Assertion::notNull($index, 'JWS signature(s) verification failed.');
$this->checker_manager->checkJWS($jws, $index);
return $index;
}
/**
* @param \Jose\Object\JWSInterface $jws
* @param \OAuth2\Client\JWTClientInterface $client
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*/
public function verifySignature(JWSInterface $jws, JWTClientInterface $client)
{
if (!in_array($jws->getHeader('alg'), $client->getAllowedSignatureAlgorithms())) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, sprintf('Algorithm not allowed. Authorized algorithms: %s.', json_encode($client->getAllowedSignatureAlgorithms())));
}
try {
if (false === $this->verifier->verify($jws, $this->key_set)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid signature.');
}
} catch (\Exception $e) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, $e->getMessage());
}
}
