상속: extends Jose\Object\JWTInterface
예제 #1
0
 /**
  * @param \Jose\Object\JWSInterface $jws
  * @param array                     $data
  */
 private static function populatePayload(JWSInterface &$jws, array $data)
 {
     $is_encoded = null;
     foreach ($jws->getSignatures() as $signature) {
         if (null === $is_encoded) {
             $is_encoded = self::isPayloadEncoded($signature);
         }
         Assertion::eq($is_encoded, self::isPayloadEncoded($signature), 'Foreign payload encoding detected. The JWS cannot be loaded.');
     }
     if (array_key_exists('payload', $data)) {
         $payload = $data['payload'];
         $jws = $jws->withAttachedPayload();
         $jws = $jws->withEncodedPayload($payload);
         if (false !== $is_encoded) {
             $payload = Base64Url::decode($payload);
         }
         $json = json_decode($payload, true);
         if (null !== $json && !empty($payload)) {
             $payload = $json;
         }
         $jws = $jws->withPayload($payload);
     } else {
         $jws = $jws->withDetachedPayload();
     }
 }
예제 #2
0
 /**
  * {@inheritdoc}
  */
 public function checkJWS(Object\JWSInterface $jws, $signature)
 {
     Assertion::integer($signature);
     Assertion::lessThan($signature, $jws->countSignatures());
     $checked_claims = $this->checkJWT($jws);
     $protected_headers = $jws->getSignature($signature)->getProtectedHeaders();
     $headers = $jws->getSignature($signature)->getHeaders();
     $this->checkHeaders($protected_headers, $headers, $checked_claims);
 }
예제 #3
0
파일: Signer.php 프로젝트: spomky-labs/jose
 /**
  * @param \Jose\Object\JWSInterface       $jws
  * @param \Jose\Object\SignatureInterface $signature
  *
  * @return string
  */
 private function getInputToSign(Object\JWSInterface $jws, Object\SignatureInterface $signature)
 {
     $this->checkB64HeaderAndCrit($signature);
     $encoded_protected_headers = $signature->getEncodedProtectedHeaders();
     $payload = $jws->getPayload();
     if (!$signature->hasProtectedHeader('b64') || true === $signature->getProtectedHeader('b64')) {
         $encoded_payload = Base64Url::encode(is_string($payload) ? $payload : json_encode($payload));
         return sprintf('%s.%s', $encoded_protected_headers, $encoded_payload);
     }
     return sprintf('%s.%s', $encoded_protected_headers, $payload);
 }
예제 #4
0
 /**
  * @param \Jose\Object\JWSInterface $jws
  *
  * @return \Jose\Algorithm\Signature\SignatureInterface
  */
 private function getAlgorithm(JWSInterface $jws)
 {
     if (!$jws->hasHeader('alg')) {
         throw new \InvalidArgumentException('No "alg" parameter set in the header.');
     }
     $alg = $jws->getHeader('alg');
     $algorithm = $this->getJWAManager()->getAlgorithm($alg);
     if (!$algorithm instanceof SignatureInterface) {
         throw new \RuntimeException(sprintf('The algorithm "%s" is not supported or does not implement SignatureInterface.', $alg));
     }
     return $algorithm;
 }
 /**
  * @param \Jose\Object\JWSInterface         $jws
  * @param \OAuth2\Client\JWTClientInterface $client
  *
  * @throws \OAuth2\Exception\BaseExceptionInterface
  */
 public function verifySignature(JWSInterface $jws, JWTClientInterface $client)
 {
     if (!in_array($jws->getHeader('alg'), $client->getAllowedSignatureAlgorithms())) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, sprintf('Algorithm not allowed. Authorized algorithms: %s.', json_encode($client->getAllowedSignatureAlgorithms())));
     }
     try {
         if (false === $this->verifier->verify($jws, $this->key_set)) {
             throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid signature.');
         }
     } catch (\Exception $e) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, $e->getMessage());
     }
 }
예제 #6
0
 /**
  * @param \Jose\Object\JWSInterface $jws
  * @param null|string               $detached_payload
  */
 private function checkPayload(Object\JWSInterface $jws, $detached_payload = null)
 {
     Assertion::false(null !== $detached_payload && !empty($jws->getPayload()), 'A detached payload is set, but the JWS already has a payload.');
     Assertion::true(!empty($jws->getPayload()) || null !== $detached_payload, 'No payload.');
 }
예제 #7
0
 /**
  * {@inheritdoc}
  */
 public function verify(Object\JWSInterface $jws, Object\JWKSetInterface $signature_key_set, $detached_payload = null)
 {
     Assertion::inArray($jws->getSignature(0)->getProtectedHeader('alg'), $this->getSupportedSignatureAlgorithms(), sprintf('The signature algorithm "%s" is not supported or not allowed.', $jws->getSignature(0)->getProtectedHeader('alg')));
     $index = null;
     $this->verifier->verifyWithKeySet($jws, $signature_key_set, $detached_payload, $index);
     Assertion::notNull($index, 'JWS signature(s) verification failed.');
     $this->checker_manager->checkJWS($jws, $index);
     return $index;
 }