/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
if (false === strpos($parameters['response_type'], 'id_token')) {
return;
}
Assertion::true(array_key_exists('nonce', $parameters), 'The parameter "nonce" is mandatory.');
}
/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
if (false === $this->state_parameter_enforced) {
return;
}
Assertion::true(array_key_exists('state', $parameters), 'The parameter "state" is mandatory.');
}
/**
* @param JWKInterface $key
*/
private function checkKey(JWKInterface $key)
{
Assertion::eq($key->get('kty'), 'OKP', 'Wrong key type.');
Assertion::true($key->has('x'), 'The key parameter "x" is missing.');
Assertion::true($key->has('crv'), 'The key parameter "crv" is missing.');
Assertion::inArray($key->get('crv'), ['Ed25519'], 'Unsupported curve');
}
/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
$scope = $this->getScopeManager()->checkScopePolicy($parameters['scope'], $client);
$available_scope = $this->getScopeManager()->getAvailableScopesForClient($client);
Assertion::true($this->getScopeManager()->areRequestScopesAvailable($scope, $available_scope), sprintf('An unsupported scope was requested. Available scopes for the client are %s', implode(',', $available_scope)));
$parameters['scope'] = $scope;
}
/**
* @param \stdClass $obj
* @param array $context
* @return TwitterEvent
*/
public function unserialize($obj, array $context = [])
{
Assertion::true($this->canUnserialize($obj), 'object is not unserializable');
$createdAt = new \DateTimeImmutable($obj->created_at);
Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone());
return TwitterEvent::create($obj->event, $this->userSerializer->unserialize($obj->source), isset($obj->target) ? $this->userSerializer->unserialize($obj->target) : null, isset($obj->target_object) ? $this->targetSerializer->unserialize($obj->target_object) : null, $createdAt);
}
/**
* Initializes and returns a coordinate object with the specified coordinate information in string format.
*
* Valid format:
* "latitude in degrees, longitude in degrees"
*
* Example:
* "51.3703748, 6.1724031"
*
* Please note that UTM and MGRS coordinates are not yet supported!
*
* @param $coordinate Coordinate information in string format
*
* @return static
*/
public static function fromString($coordinate)
{
Assertion::string($coordinate);
Assertion::true(substr_count($coordinate, ',') === 1);
$coordinate = explode(',', $coordinate);
return new static((double) $coordinate[0], (double) $coordinate[1]);
}
/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
if (false === array_key_exists('response_mode', $parameters)) {
return;
}
Assertion::true($this->isResponseModeParameterInAuthorizationRequestAllowed(), 'The parameter "response_mode" is not allowed.');
}
private function addOptions(DOMDocument $document, DOMNode $node, array $options, array $selectedValues)
{
foreach ($options as $value => $label) {
if (is_int($value)) {
$value = (string) $value;
} else {
Assertion::string($value);
}
Assertion::true(is_string($label) || is_array($label));
if (is_array($label)) {
$optgroup = $document->createElement('optgroup');
$this->addAttributes($optgroup, ['label' => $value]);
$this->addOptions($document, $optgroup, $label, $selectedValues);
$node->appendChild($optgroup);
continue;
}
$option = $document->createElement('option');
$option->appendChild($document->createTextNode($label));
$htmlAttributes = ['value' => $value];
if (in_array($value, $selectedValues)) {
$htmlAttributes['selected'] = 'selected';
}
$this->addAttributes($option, $htmlAttributes);
$node->appendChild($option);
}
}
/**
* @param \stdClass $obj
* @param array $context
* @return \Twitter\Object\Tweet
*/
public function unserialize($obj, array $context = [])
{
Assertion::true($this->canUnserialize($obj), 'object is not unserializable');
$createdAt = new \DateTimeImmutable($obj->created_at);
Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone());
return Tweet::create(TwitterMessageId::create($obj->id), $this->userSerializer->unserialize($obj->user), $obj->text, $obj->lang, $createdAt, $obj->entities ? $this->twitterEntitiesSerializer->unserialize($obj->entities) : TwitterEntities::create(), $obj->coordinates ? $this->coordinatesSerializer->unserialize($obj->coordinates) : null, $obj->place ? $this->placeSerializer->unserialize($obj->place) : null, $obj->in_reply_to_status_id, $obj->in_reply_to_user_id, $obj->in_reply_to_screen_name, $obj->retweeted, $obj->retweet_count, $obj->favorited, $obj->favorite_count, $obj->truncated, $obj->source, isset($obj->retweeted_status) ? $this->unserialize($obj->retweeted_status) : null);
}
/**
* {@inheritdoc}
*/
public function checkPKCEInput($code_challenge_method, $code_challenge, $code_verifier)
{
Assertion::true($this->hasPKCEMethod($code_challenge_method), sprintf('Unsupported code challenge method "%s".', $code_challenge_method));
$method = $this->getPKCEMethod($code_challenge_method);
Assertion::notNull($code_verifier, 'The parameter "code_verifier" is required.');
Assertion::true($method->isChallengeVerified($code_verifier, $code_challenge), 'Invalid parameter "code_verifier".');
}
/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
if (!array_key_exists('display', $parameters)) {
return;
}
Assertion::true(in_array($parameters['display'], $this->getAllowedDisplayValues()), sprintf('Invalid parameter "display". Allowed values are %s', json_encode($this->getAllowedDisplayValues())));
}
/**
* @param int $index
*
* @return \Jose\Object\JWKInterface
*/
public function getKey($index)
{
Assertion::integer($index, 'The index must be a positive integer.');
Assertion::greaterOrEqualThan($index, 0, 'The index must be a positive integer.');
Assertion::true($this->hasKey($index), 'Undefined index.');
return $this->getKeys()[$index];
}
/**
* @param TwitterSerializable $object
* @return \stdClass
*/
public function serialize(TwitterSerializable $object)
{
Assertion::true($this->canSerialize($object), 'object must be an instance of TwitterEventTarget');
if ($object instanceof Tweet) {
return $this->tweetSerializer->serialize($object);
}
throw new \BadMethodCallException('Not Implemented');
}
/**
* {@inheritdoc}
*/
public function encrypt($payload, array $encryption_protected_headers, Object\JWKInterface $encryption_key)
{
Assertion::true($this->isEncryptionSupportEnabled(), 'The encryption support is not enabled');
$jwe = Factory\JWEFactory::createJWE($payload, $encryption_protected_headers);
$jwe = $jwe->addRecipientInformation($encryption_key);
$this->encrypter->encrypt($jwe);
return $jwe->toCompactJSON(0);
}
/**
* {@inheritdoc}
*/
public function checkerParameter(ClientInterface $client, array &$parameters)
{
if (!array_key_exists('prompt', $parameters)) {
return;
}
Assertion::true(empty(array_diff($parameters['prompt'], $this->getAllowedPromptValues())), sprintf('Invalid parameter "prompt". Allowed values are %s', json_encode($this->getAllowedPromptValues())));
Assertion::false(in_array('none', $parameters['prompt']) && 1 !== count($parameters['prompt']), 'Invalid parameter "prompt". Prompt value "none" must be used alone.');
}
private function setType($type)
{
Assertion::string($type, 'Token type should be a string');
Assertion::startsWith($type, 'T_', 'Token type should start with T_');
Assertion::true(defined($type), 'Token type should be the name of a defined constant');
$this->type = $type;
$this->code = constant($type);
}
/**
* @param \stdClass $directMessage
* @param array $context
* @return TwitterDirectMessage
*/
public function unserialize($directMessage, array $context = [])
{
Assertion::true($this->canUnserialize($directMessage), 'object is not unserializable');
$dm = $directMessage->direct_message;
$createdAt = new \DateTimeImmutable($dm->created_at);
Assertion::eq(new \DateTimeZone('UTC'), $createdAt->getTimezone());
return TwitterDirectMessage::create(TwitterMessageId::create($dm->id), $this->userSerializer->unserialize($dm->sender), $this->userSerializer->unserialize($dm->recipient), $dm->text, $createdAt, $this->twitterEntitiesSerializer->canUnserialize($dm->entities) ? $this->twitterEntitiesSerializer->unserialize($dm->entities) : TwitterEntities::create());
}
/**
* {@inheritdoc}
*/
public function checkHeader(array $protected_headers, array $headers, array $checked_claims)
{
if (!array_key_exists('crit', $protected_headers)) {
return;
}
Assertion::isArray($protected_headers['crit'], 'The parameter "crit" must be a list.');
$diff = array_diff($protected_headers['crit'], $checked_claims);
Assertion::true(empty($diff), sprintf('One or more claims are marked as critical, but they are missing or have not been checked (%s).', json_encode(array_values($diff))));
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
Assertion::keyExists($registration_parameters, 'token_endpoint_auth_method', 'The parameter "token_endpoint_auth_method" is missing.');
Assertion::string($registration_parameters['token_endpoint_auth_method'], 'The parameter "token_endpoint_auth_method" must be a string.');
Assertion::true($this->getTokenEndpointAuthMethodManager()->hasTokenEndpointAuthMethod($registration_parameters['token_endpoint_auth_method']), sprintf('The token endpoint authentication method "%s" is not supported. Please use one of the following values: %s', $registration_parameters['token_endpoint_auth_method'], json_encode($this->getTokenEndpointAuthMethodManager()->getSupportedTokenEndpointAuthMethods())));
$token_endpoint_auth_method = $this->getTokenEndpointAuthMethodManager()->getTokenEndpointAuthMethod($registration_parameters['token_endpoint_auth_method']);
$token_endpoint_auth_method->checkClientConfiguration($registration_parameters, $client);
$client->set('token_endpoint_auth_method', $registration_parameters['token_endpoint_auth_method']);
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('jti')) {
return [];
}
$jti = $jwt->getClaim('jti');
Assertion::true($this->isJtiValid($jti), sprintf('Invalid token ID "%s".', $jti));
return ['jti'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('iss')) {
return [];
}
$issuer = $jwt->getClaim('iss');
Assertion::true($this->isIssuerAllowed($issuer), sprintf('The issuer "%s" is not allowed.', $issuer));
return ['iss'];
}
/**
* {@inheritDoc}
*/
public function create($aggregateClass, DomainEventStreamInterface $domainEventStream)
{
$methodCall = sprintf('%s::%s', $aggregateClass, $this->staticConstructorMethod);
Assert::true(method_exists($aggregateClass, $this->staticConstructorMethod), sprintf('NamedConstructorAggregateFactory expected %s to exist', $methodCall));
$aggregate = call_user_func($methodCall);
Assert::isInstanceOf($aggregate, $aggregateClass);
$aggregate->initializeState($domainEventStream);
return $aggregate;
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('sub')) {
return [];
}
$subject = $jwt->getClaim('sub');
Assertion::true($this->isSubjectAllowed($subject), sprintf('The subject "%s" is not allowed.', $subject));
return ['sub'];
}
/**
* @param int|float|string $step
* @param int|float|string|null $base
*/
public function __construct($step, $base = null)
{
Assertion::classExists(Decimal::class);
Assertion::numeric($step);
$decimalStep = Decimal::fromString((string) $step);
Assertion::true($decimalStep->comp(DecimalConstants::zero()) > 0);
thatNullOr($base)->numeric();
$this->step = $decimalStep;
$this->base = null === $base ? DecimalConstants::zero() : Decimal::fromString((string) $base);
}
/**
* {@inheritdoc}
*/
public function getResponseTypes($names)
{
Assertion::true($this->isResponseTypeSupported($names), sprintf('The response type "%s" is not supported.', $names));
$response_types = explode(' ', $names);
$types = [];
foreach ($response_types as $response_type) {
$type = $this->response_types[$response_type];
$types[] = $type;
}
return $types;
}
/**
* @param \stdClass $obj
* @param array $context
* @return TwitterMedia
*/
public function unserialize($obj, array $context = [])
{
Assertion::true($this->canUnserialize($obj), 'object is not unserializable');
$sizesObjects = [];
if ($obj->sizes) {
foreach ($obj->sizes as $sizeName => $sizeObj) {
$sizesObjects[$sizeName] = $this->mediaSizeSerializer->unserialize($sizeObj, [TwitterMediaSizeSerializer::NAME_VAR => $sizeName]);
}
}
return TwitterMedia::create($obj->id, $obj->media_url, $obj->media_url_https, $obj->url, $obj->display_url, $obj->expanded_url, $sizesObjects, $obj->type, $this->entityIndicesSerializer->unserialize($obj->indices));
}
/**
* @param \stdClass $obj
* @param array $context
* @return TwitterDelete
*/
public function unserialize($obj, array $context = [])
{
Assertion::true($this->canUnserialize($obj), 'object is not unserializable');
$d = $obj->delete;
if (isset($d->status)) {
$ref = $d->status;
$type = TwitterDelete::TWEET;
} else {
$ref = $d->direct_message;
$type = TwitterDelete::DM;
}
return TwitterDelete::create($type, $ref->id, $ref->user_id, (new \DateTimeImmutable())->setTimestamp((int) floor($d->timestamp_ms / 1000)) ?: new \DateTimeImmutable());
}
/**
* {@inheritdoc}
*/
public function sign(JWKInterface $key, $input)
{
$this->checkKey($key);
Assertion::true($key->has('d'), 'The key is not a private key');
$priv = new RSAKey($key);
if ($this->getSignatureMethod() === self::SIGNATURE_PSS) {
$signature = JoseRSA::sign($priv, $input, $this->getAlgorithm());
$result = is_string($signature);
} else {
$result = openssl_sign($input, $signature, $priv->toPEM(), $this->getAlgorithm());
}
Assertion::true($result, 'An error occurred during the creation of the signature');
return $signature;
}
/**
* {@inheritdoc}
*/
public function decryptKey(JWKInterface $key, $encrypted_key, array $header)
{
$this->checkKey($key);
Assertion::true($key->has('d'), 'The key is not a private key');
$priv = new RSAKey($key);
if (self::ENCRYPTION_OAEP === $this->getEncryptionMode()) {
$decrypted = JoseRSA::decrypt($priv, $encrypted_key, $this->getHashAlgorithm());
Assertion::string($decrypted, 'Unable to decrypt the data.');
return $decrypted;
} else {
$res = openssl_private_decrypt($encrypted_key, $decrypted, $priv->toPEM(), OPENSSL_PKCS1_PADDING | OPENSSL_RAW_DATA);
Assertion::true($res, 'Unable to decrypt the data.');
return $decrypted;
}
}
/**
* {@inheritdoc}
*/
public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response)
{
$assertion = RequestBody::getParameter($request, 'assertion');
try {
Assertion::notNull($assertion, 'Parameter "assertion" is missing.');
$jwt = $this->getJWTLoader()->load($assertion, $this->key_encryption_key_set, $this->encryption_required);
Assertion::isInstanceOf($jwt, JWSInterface::class, 'Assertion does not contain signed claims.');
Assertion::true($jwt->hasClaim('sub'), 'Assertion does not contain "sub" claims.');
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
//We modify the response:
// - We add the subject as the client public id
// - We transmit the JWT to the response for further needs
$grant_type_response->setClientPublicId($jwt->getClaim('sub'));
$grant_type_response->setAdditionalData('jwt', $jwt);
}
