/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { if (false === strpos($parameters['response_type'], 'id_token')) { return; } Assertion::true(array_key_exists('nonce', $parameters), 'The parameter "nonce" is mandatory.'); }
/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { if (false === $this->state_parameter_enforced) { return; } Assertion::true(array_key_exists('state', $parameters), 'The parameter "state" is mandatory.'); }
/** * @param JWKInterface $key */ private function checkKey(JWKInterface $key) { Assertion::eq($key->get('kty'), 'OKP', 'Wrong key type.'); Assertion::true($key->has('x'), 'The key parameter "x" is missing.'); Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.'); Assertion::inArray($key->get('crv'), ['Ed25519'], 'Unsupported curve'); }
/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { $scope = $this->getScopeManager()->checkScopePolicy($parameters['scope'], $client); $available_scope = $this->getScopeManager()->getAvailableScopesForClient($client); Assertion::true($this->getScopeManager()->areRequestScopesAvailable($scope, $available_scope), sprintf('An unsupported scope was requested. Available scopes for the client are %s', implode(',', $available_scope))); $parameters['scope'] = $scope; }
/** * @param \stdClass $obj * @param array $context * @return TwitterEvent */ public function unserialize($obj, array $context = []) { Assertion::true($this->canUnserialize($obj), 'object is not unserializable'); $createdAt = new \DateTimeImmutable($obj->created_at); Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone()); return TwitterEvent::create($obj->event, $this->userSerializer->unserialize($obj->source), isset($obj->target) ? $this->userSerializer->unserialize($obj->target) : null, isset($obj->target_object) ? $this->targetSerializer->unserialize($obj->target_object) : null, $createdAt); }
/** * Initializes and returns a coordinate object with the specified coordinate information in string format. * * Valid format: * "latitude in degrees, longitude in degrees" * * Example: * "51.3703748, 6.1724031" * * Please note that UTM and MGRS coordinates are not yet supported! * * @param $coordinate Coordinate information in string format * * @return static */ public static function fromString($coordinate) { Assertion::string($coordinate); Assertion::true(substr_count($coordinate, ',') === 1); $coordinate = explode(',', $coordinate); return new static((double) $coordinate[0], (double) $coordinate[1]); }
/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { if (false === array_key_exists('response_mode', $parameters)) { return; } Assertion::true($this->isResponseModeParameterInAuthorizationRequestAllowed(), 'The parameter "response_mode" is not allowed.'); }
private function addOptions(DOMDocument $document, DOMNode $node, array $options, array $selectedValues) { foreach ($options as $value => $label) { if (is_int($value)) { $value = (string) $value; } else { Assertion::string($value); } Assertion::true(is_string($label) || is_array($label)); if (is_array($label)) { $optgroup = $document->createElement('optgroup'); $this->addAttributes($optgroup, ['label' => $value]); $this->addOptions($document, $optgroup, $label, $selectedValues); $node->appendChild($optgroup); continue; } $option = $document->createElement('option'); $option->appendChild($document->createTextNode($label)); $htmlAttributes = ['value' => $value]; if (in_array($value, $selectedValues)) { $htmlAttributes['selected'] = 'selected'; } $this->addAttributes($option, $htmlAttributes); $node->appendChild($option); } }
/** * @param \stdClass $obj * @param array $context * @return \Twitter\Object\Tweet */ public function unserialize($obj, array $context = []) { Assertion::true($this->canUnserialize($obj), 'object is not unserializable'); $createdAt = new \DateTimeImmutable($obj->created_at); Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone()); return Tweet::create(TwitterMessageId::create($obj->id), $this->userSerializer->unserialize($obj->user), $obj->text, $obj->lang, $createdAt, $obj->entities ? $this->twitterEntitiesSerializer->unserialize($obj->entities) : TwitterEntities::create(), $obj->coordinates ? $this->coordinatesSerializer->unserialize($obj->coordinates) : null, $obj->place ? $this->placeSerializer->unserialize($obj->place) : null, $obj->in_reply_to_status_id, $obj->in_reply_to_user_id, $obj->in_reply_to_screen_name, $obj->retweeted, $obj->retweet_count, $obj->favorited, $obj->favorite_count, $obj->truncated, $obj->source, isset($obj->retweeted_status) ? $this->unserialize($obj->retweeted_status) : null); }
/** * {@inheritdoc} */ public function checkPKCEInput($code_challenge_method, $code_challenge, $code_verifier) { Assertion::true($this->hasPKCEMethod($code_challenge_method), sprintf('Unsupported code challenge method "%s".', $code_challenge_method)); $method = $this->getPKCEMethod($code_challenge_method); Assertion::notNull($code_verifier, 'The parameter "code_verifier" is required.'); Assertion::true($method->isChallengeVerified($code_verifier, $code_challenge), 'Invalid parameter "code_verifier".'); }
/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { if (!array_key_exists('display', $parameters)) { return; } Assertion::true(in_array($parameters['display'], $this->getAllowedDisplayValues()), sprintf('Invalid parameter "display". Allowed values are %s', json_encode($this->getAllowedDisplayValues()))); }
/** * @param int $index * * @return \Jose\Object\JWKInterface */ public function getKey($index) { Assertion::integer($index, 'The index must be a positive integer.'); Assertion::greaterOrEqualThan($index, 0, 'The index must be a positive integer.'); Assertion::true($this->hasKey($index), 'Undefined index.'); return $this->getKeys()[$index]; }
/** * @param TwitterSerializable $object * @return \stdClass */ public function serialize(TwitterSerializable $object) { Assertion::true($this->canSerialize($object), 'object must be an instance of TwitterEventTarget'); if ($object instanceof Tweet) { return $this->tweetSerializer->serialize($object); } throw new \BadMethodCallException('Not Implemented'); }
/** * {@inheritdoc} */ public function encrypt($payload, array $encryption_protected_headers, Object\JWKInterface $encryption_key) { Assertion::true($this->isEncryptionSupportEnabled(), 'The encryption support is not enabled'); $jwe = Factory\JWEFactory::createJWE($payload, $encryption_protected_headers); $jwe = $jwe->addRecipientInformation($encryption_key); $this->encrypter->encrypt($jwe); return $jwe->toCompactJSON(0); }
/** * {@inheritdoc} */ public function checkerParameter(ClientInterface $client, array &$parameters) { if (!array_key_exists('prompt', $parameters)) { return; } Assertion::true(empty(array_diff($parameters['prompt'], $this->getAllowedPromptValues())), sprintf('Invalid parameter "prompt". Allowed values are %s', json_encode($this->getAllowedPromptValues()))); Assertion::false(in_array('none', $parameters['prompt']) && 1 !== count($parameters['prompt']), 'Invalid parameter "prompt". Prompt value "none" must be used alone.'); }
private function setType($type) { Assertion::string($type, 'Token type should be a string'); Assertion::startsWith($type, 'T_', 'Token type should start with T_'); Assertion::true(defined($type), 'Token type should be the name of a defined constant'); $this->type = $type; $this->code = constant($type); }
/** * @param \stdClass $directMessage * @param array $context * @return TwitterDirectMessage */ public function unserialize($directMessage, array $context = []) { Assertion::true($this->canUnserialize($directMessage), 'object is not unserializable'); $dm = $directMessage->direct_message; $createdAt = new \DateTimeImmutable($dm->created_at); Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone()); return TwitterDirectMessage::create(TwitterMessageId::create($dm->id), $this->userSerializer->unserialize($dm->sender), $this->userSerializer->unserialize($dm->recipient), $dm->text, $createdAt, $this->twitterEntitiesSerializer->canUnserialize($dm->entities) ? $this->twitterEntitiesSerializer->unserialize($dm->entities) : TwitterEntities::create()); }
/** * {@inheritdoc} */ public function checkHeader(array $protected_headers, array $headers, array $checked_claims) { if (!array_key_exists('crit', $protected_headers)) { return; } Assertion::isArray($protected_headers['crit'], 'The parameter "crit" must be a list.'); $diff = array_diff($protected_headers['crit'], $checked_claims); Assertion::true(empty($diff), sprintf('One or more claims are marked as critical, but they are missing or have not been checked (%s).', json_encode(array_values($diff)))); }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { Assertion::keyExists($registration_parameters, 'token_endpoint_auth_method', 'The parameter "token_endpoint_auth_method" is missing.'); Assertion::string($registration_parameters['token_endpoint_auth_method'], 'The parameter "token_endpoint_auth_method" must be a string.'); Assertion::true($this->getTokenEndpointAuthMethodManager()->hasTokenEndpointAuthMethod($registration_parameters['token_endpoint_auth_method']), sprintf('The token endpoint authentication method "%s" is not supported. Please use one of the following values: %s', $registration_parameters['token_endpoint_auth_method'], json_encode($this->getTokenEndpointAuthMethodManager()->getSupportedTokenEndpointAuthMethods()))); $token_endpoint_auth_method = $this->getTokenEndpointAuthMethodManager()->getTokenEndpointAuthMethod($registration_parameters['token_endpoint_auth_method']); $token_endpoint_auth_method->checkClientConfiguration($registration_parameters, $client); $client->set('token_endpoint_auth_method', $registration_parameters['token_endpoint_auth_method']); }
/** * {@inheritdoc} */ public function checkClaim(JWTInterface $jwt) { if (!$jwt->hasClaim('jti')) { return []; } $jti = $jwt->getClaim('jti'); Assertion::true($this->isJtiValid($jti), sprintf('Invalid token ID "%s".', $jti)); return ['jti']; }
/** * {@inheritdoc} */ public function checkClaim(JWTInterface $jwt) { if (!$jwt->hasClaim('iss')) { return []; } $issuer = $jwt->getClaim('iss'); Assertion::true($this->isIssuerAllowed($issuer), sprintf('The issuer "%s" is not allowed.', $issuer)); return ['iss']; }
/** * {@inheritDoc} */ public function create($aggregateClass, DomainEventStreamInterface $domainEventStream) { $methodCall = sprintf('%s::%s', $aggregateClass, $this->staticConstructorMethod); Assert::true(method_exists($aggregateClass, $this->staticConstructorMethod), sprintf('NamedConstructorAggregateFactory expected %s to exist', $methodCall)); $aggregate = call_user_func($methodCall); Assert::isInstanceOf($aggregate, $aggregateClass); $aggregate->initializeState($domainEventStream); return $aggregate; }
/** * {@inheritdoc} */ public function checkClaim(JWTInterface $jwt) { if (!$jwt->hasClaim('sub')) { return []; } $subject = $jwt->getClaim('sub'); Assertion::true($this->isSubjectAllowed($subject), sprintf('The subject "%s" is not allowed.', $subject)); return ['sub']; }
/** * @param int|float|string $step * @param int|float|string|null $base */ public function __construct($step, $base = null) { Assertion::classExists(Decimal::class); Assertion::numeric($step); $decimalStep = Decimal::fromString((string) $step); Assertion::true($decimalStep->comp(DecimalConstants::zero()) > 0); thatNullOr($base)->numeric(); $this->step = $decimalStep; $this->base = null === $base ? DecimalConstants::zero() : Decimal::fromString((string) $base); }
/** * {@inheritdoc} */ public function getResponseTypes($names) { Assertion::true($this->isResponseTypeSupported($names), sprintf('The response type "%s" is not supported.', $names)); $response_types = explode(' ', $names); $types = []; foreach ($response_types as $response_type) { $type = $this->response_types[$response_type]; $types[] = $type; } return $types; }
/** * @param \stdClass $obj * @param array $context * @return TwitterMedia */ public function unserialize($obj, array $context = []) { Assertion::true($this->canUnserialize($obj), 'object is not unserializable'); $sizesObjects = []; if ($obj->sizes) { foreach ($obj->sizes as $sizeName => $sizeObj) { $sizesObjects[$sizeName] = $this->mediaSizeSerializer->unserialize($sizeObj, [TwitterMediaSizeSerializer::NAME_VAR => $sizeName]); } } return TwitterMedia::create($obj->id, $obj->media_url, $obj->media_url_https, $obj->url, $obj->display_url, $obj->expanded_url, $sizesObjects, $obj->type, $this->entityIndicesSerializer->unserialize($obj->indices)); }
/** * @param \stdClass $obj * @param array $context * @return TwitterDelete */ public function unserialize($obj, array $context = []) { Assertion::true($this->canUnserialize($obj), 'object is not unserializable'); $d = $obj->delete; if (isset($d->status)) { $ref = $d->status; $type = TwitterDelete::TWEET; } else { $ref = $d->direct_message; $type = TwitterDelete::DM; } return TwitterDelete::create($type, $ref->id, $ref->user_id, (new \DateTimeImmutable())->setTimestamp((int) floor($d->timestamp_ms / 1000)) ?: new \DateTimeImmutable()); }
/** * {@inheritdoc} */ public function sign(JWKInterface $key, $input) { $this->checkKey($key); Assertion::true($key->has('d'), 'The key is not a private key'); $priv = new RSAKey($key); if ($this->getSignatureMethod() === self::SIGNATURE_PSS) { $signature = JoseRSA::sign($priv, $input, $this->getAlgorithm()); $result = is_string($signature); } else { $result = openssl_sign($input, $signature, $priv->toPEM(), $this->getAlgorithm()); } Assertion::true($result, 'An error occurred during the creation of the signature'); return $signature; }
/** * {@inheritdoc} */ public function decryptKey(JWKInterface $key, $encrypted_key, array $header) { $this->checkKey($key); Assertion::true($key->has('d'), 'The key is not a private key'); $priv = new RSAKey($key); if (self::ENCRYPTION_OAEP === $this->getEncryptionMode()) { $decrypted = JoseRSA::decrypt($priv, $encrypted_key, $this->getHashAlgorithm()); Assertion::string($decrypted, 'Unable to decrypt the data.'); return $decrypted; } else { $res = openssl_private_decrypt($encrypted_key, $decrypted, $priv->toPEM(), OPENSSL_PKCS1_PADDING | OPENSSL_RAW_DATA); Assertion::true($res, 'Unable to decrypt the data.'); return $decrypted; } }
/** * {@inheritdoc} */ public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response) { $assertion = RequestBody::getParameter($request, 'assertion'); try { Assertion::notNull($assertion, 'Parameter "assertion" is missing.'); $jwt = $this->getJWTLoader()->load($assertion, $this->key_encryption_key_set, $this->encryption_required); Assertion::isInstanceOf($jwt, JWSInterface::class, 'Assertion does not contain signed claims.'); Assertion::true($jwt->hasClaim('sub'), 'Assertion does not contain "sub" claims.'); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } //We modify the response: // - We add the subject as the client public id // - We transmit the JWT to the response for further needs $grant_type_response->setClientPublicId($jwt->getClaim('sub')); $grant_type_response->setAdditionalData('jwt', $jwt); }