/** * @param Context $context * @param string $token * @param string|resource $key * * @return array */ public static function decode(Context $context, $token, $key) { if (empty($token) || trim($token) === '') { throw new JoseJwtException('Incoming token expected to be in compact serialization form, but is empty'); } $parts = explode('.', $token); if (count($parts) == 5) { return Jwe::decode($context, $token, $key); } $decodedParts = []; foreach ($parts as $part) { $decodedParts[] = UrlSafeB64Encoder::decode($part); } $header = json_decode($decodedParts[0], true); if (null == $header) { throw new JoseJwtException('Invalid header'); } // signed or plain JWT $signedInput = $parts[0] . '.' . $parts[1]; $algorithmId = $header['alg']; $algorithm = $context->jwsAlgorithms()->get($algorithmId); if (null === $algorithm) { throw new JoseJwtException(sprintf('Invalid algorithm "%s"', $algorithmId)); } if (false === $algorithm->verify($decodedParts[2], $signedInput, $key)) { throw new IntegrityException('Invalid signature'); } return json_decode($decodedParts[1], true); }
/** * @dataProvider rsa_decrypt_provider */ public function test_rsa_decrypt($tokenName) { $payload = Jwe::decode($this->context, $this->tokens[$tokenName], $this->getRsaPrivateKey()); $payload = json_decode($payload, true); $this->assertEquals($this->payload, $payload); }