/** * @param array $payload * * @return string */ private function sign(array $payload) { $payload = array_merge($payload, $this->getAdditionalPayload()); $headers = $this->getSignatureHeaders(); $signature_key = $this->signature_jwkset->getKey(0); if ($signature_key->has('kid')) { $headers['kid'] = $signature_key->get('kid'); } return $this->jwt_creator->sign($payload, $headers, $signature_key); }
/** * @param array $claims * @param \OAuth2\Client\ClientInterface $client * * @return string */ private function signAndEncrypt($claims, ClientInterface $client) { $signature_key = $this->signature_key_set->getKey(0); Assertion::notNull($signature_key, 'Unable to find a key to sign the userinfo response. Please verify the selected key set contains suitable keys.'); $jwt = $this->getJWTCreator()->sign($claims, ['typ' => 'JWT', 'alg' => $this->signature_algorithm], $signature_key); if ($client->hasPublicKeySet() && $client->has('id_token_encrypted_response_alg') && $client->has('id_token_encrypted_response_enc')) { $key_set = $client->getPublicKeySet(); $key = $key_set->selectKey('enc'); if (null !== $key) { $jwt = $this->getJWTCreator()->encrypt($jwt, ['alg' => $client->get('id_token_encrypted_response_alg'), 'enc' => $client->get('id_token_encrypted_response_enc')], $key); } } return $jwt; }
/** * {@inheritdoc} */ public function populateAccessToken(AccessTokenInterface &$access_token, ClientInterface $client, ResourceOwnerInterface $resource_owner, RefreshTokenInterface $refresh_token = null, ClientInterface $resource_server = null) { $payload = $this->preparePayload($access_token, $resource_server); $signature_header = $this->prepareSignatureHeader(); $signature_key = $this->signature_key_set->getKey(0); Assertion::notNull($signature_key, 'Unable to find a key to sign the Access Token. Please verify the selected key set contains suitable keys.'); $encryption_key = $this->key_encryption_key_set->getKey(0); Assertion::notNull($signature_key, 'Unable to find a key to encrypt the Access Token. Please verify the selected key set contains suitable keys.'); $jwt = $this->getJWTCreator()->sign($payload, $signature_header, $signature_key); $encryption_header = $this->prepareEncryptionHeader($client, $resource_server); $recipient_key = $encryption_key; $jwt = $this->getJWTCreator()->encrypt($jwt, $encryption_header, $recipient_key); $access_token->setToken($jwt); }
/** * {@inheritdoc} */ public static function createFromKeySet(JWKSetInterface $jwk_set, $key_index) { Assertion::integer($key_index); return $jwk_set->getKey($key_index); }