/** * {@inheritdoc} */ public function getCEK(JWKInterface $key, array $header) { if (!$key->has('kty') || 'dir' !== $key->get('kty') || !$key->has('dir')) { throw new \InvalidArgumentException('The key is not valid'); } return Base64Url::decode($key->get('dir')); }
/** * @param JWKInterface $key */ private function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'OKP', 'Wrong key type.'); Assertion::true($key->has('x'), 'The key parameter "x" is missing.'); Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.'); Assertion::inArray($key->get('crv'), ['Ed25519'], 'Unsupported curve'); }
/** * @param \Jose\Object\JWKInterface $key */ protected function checkKey(JWKInterface $key) { if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) { throw new \InvalidArgumentException('The key is not valid'); } if ($this->getKeySize() !== strlen(Base64Url::decode($key->get('k')))) { throw new \InvalidArgumentException('The key size is not valid'); } }
/** * @param \Jose\Object\JWKInterface $key * @param string $algorithm * * @return bool */ private function checkKeyAlgorithm(JWKInterface $key, $algorithm) { if (!$key->has('alg')) { return true; } return $key->get('alg') === $algorithm; }
/** * Decode a JSON Web Token. * * @param Token $token * @return array * @throws \Tymon\JWTAuth\Exceptions\JWTException */ public function decode($token) { try { $loader = new Loader(); $verifiedJWS = $loader->loadAndVerifySignatureUsingKey((string) $token, $this->signatureKey, [$this->signatureKey->get('alg')]); $jwe = $loader->loadAndDecryptUsingKey($verifiedJWS->getPayload(), $this->encryptionKey, ['dir'], [$this->encryptionKey->get('alg')]); } catch (Exception $e) { throw new TokenInvalidException('Could not decode token: ' . $e->getMessage()); } return $jwe->getPayload(); }
/** * @param \Jose\Object\JWKInterface $key * * @return string */ private function getPEM(JWKInterface $key) { switch ($key->get('kty')) { case 'RSA': return (new RSAKey($key))->toPEM(); case 'EC': return (new ECKey($key))->toPEM(); default: throw new \InvalidArgumentException('Unsupported key type.'); } }
/** * @param JWKInterface $key */ private function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'EC', 'Wrong key type.'); Assertion::true($key->has('x'), 'The key parameter "x" is missing.'); Assertion::true($key->has('y'), 'The key parameter "y" is missing.'); Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.'); }
/** * @param array $complete_header The complete header * @param \Jose\Object\JWKInterface $key * * @return \Jose\Algorithm\SignatureAlgorithmInterface */ private function getSignatureAlgorithm(array $complete_header, Object\JWKInterface $key) { Assertion::keyExists($complete_header, 'alg', 'No "alg" parameter set in the header.'); Assertion::false($key->has('alg') && $key->get('alg') !== $complete_header['alg'], sprintf('The algorithm "%s" is not allowed with this key.', $complete_header['alg'])); $signature_algorithm = $this->getJWAManager()->getAlgorithm($complete_header['alg']); Assertion::isInstanceOf($signature_algorithm, Algorithm\SignatureAlgorithmInterface::class, sprintf('The algorithm "%s" is not supported.', $complete_header['alg'])); return $signature_algorithm; }
/** * @param array $complete_header The complete header * @param \Jose\Object\JWKInterface $key * * @return \Jose\Algorithm\Signature\SignatureInterface */ protected function getSignatureAlgorithm(array $complete_header, JWKInterface $key) { if (!array_key_exists('alg', $complete_header)) { throw new \InvalidArgumentException('No "alg" parameter set in the header.'); } if ($key->has('alg') && $key->get('alg') !== $complete_header['alg']) { throw new \InvalidArgumentException(sprintf('The algorithm "%s" is allowed with this key.', $complete_header['alg'])); } $signature_algorithm = $this->getJWAManager()->getAlgorithm($complete_header['alg']); if (!$signature_algorithm instanceof SignatureInterface) { throw new \InvalidArgumentException(sprintf('The algorithm "%s" is not supported.', $complete_header['alg'])); } return $signature_algorithm; }
/** * @param JWKInterface $key */ protected function checkKey(JWKInterface $key) { if (!$key->has('kty') || 'oct' !== $key->get('kty') || !$key->has('k')) { throw new \InvalidArgumentException('The key is not valid'); } }
/** * @param array $restrictions * @param \Jose\Object\JWKInterface $key * * @return bool */ private function doesKeySatisfyRestrictions(array $restrictions, JWKInterface $key) { foreach ($restrictions as $k => $v) { if (!$key->has($k) || $v !== $key->get($k)) { return false; } } return true; }
/** * @param \Jose\Object\JWKInterface $key */ protected function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.'); Assertion::true($key->has('k'), 'The key parameter "k" is missing.'); Assertion::eq($this->getKeySize(), mb_strlen(Base64Url::decode($key->get('k')), '8bit'), 'The key size is not valid'); }
/** * @param \Jose\Object\JWKInterface $key * @param string $algorithm */ protected function checkKeyAlgorithm(JWKInterface $key, $algorithm) { if (!$key->has('alg')) { return; } Assertion::eq($key->get('alg'), $algorithm, sprintf('Key is only allowed for algorithm "%s".', $key->get('alg'))); }
/** * {@inheritdoc} */ public function getCEK(JWKInterface $key) { Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.'); Assertion::true($key->has('k'), 'The key parameter "k" is missing.'); return Base64Url::decode($key->get('k')); }
/** * @param JWKInterface $key */ private function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'RSA', 'Wrong key type.'); }
/** * @param JWKInterface $key */ protected function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'oct', 'Wrong key type.'); Assertion::true($key->has('k'), 'The key parameter "k" is missing.'); }
/** * @param JWKInterface $key */ protected function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'none', 'Wrong key type.'); }
/** * @param JWKInterface $key * * @throws \InvalidArgumentException * * @return \Mdanter\Ecc\Primitives\GeneratorPoint */ private function getGenerator(JWKInterface $key) { $crv = $key->get('crv'); switch ($crv) { case 'P-256': return EccFactory::getNistCurves()->generator256(); case 'P-384': return EccFactory::getNistCurves()->generator384(); case 'P-521': return EccFactory::getNistCurves()->generator521(); default: throw new \InvalidArgumentException(sprintf('The curve "%s" is not supported', $crv)); } }
/** * @param JWKInterface $key */ private function checkKey(JWKInterface $key) { if (!$key->has('kty') || 'EC' !== $key->get('kty')) { throw new \InvalidArgumentException('The key is not valid'); } if (!$key->has('x') || !$key->has('y') || !$key->has('crv')) { throw new \InvalidArgumentException('Key components ("x", "y" or "crv") missing'); } }