/**
* @param int $period
*
* @return self
*/
private function setPeriod($period)
{
Assertion::integer($period, 'Period must be at least 1.');
Assertion::greaterThan($period, 0, 'Period must be at least 1.');
$this->setParameter('period', $period);
return $this;
}
/**
* StorableJWKSet constructor.
*
* @param string $filename
* @param array $parameters
* @param int $nb_keys
*/
public function __construct($filename, array $parameters, $nb_keys)
{
Assertion::integer($nb_keys, 'The key set must contain at least one key.');
Assertion::greaterThan($nb_keys, 0, 'The key set must contain at least one key.');
$this->setFilename($filename);
$this->parameters = $parameters;
$this->nb_keys = $nb_keys;
}
public function __construct(string $eventStore = 'cqrs.event_store.cqrs_default', UuidInterface $previousEventId = null, int $delaySeconds = 0, int $throttleMicroseconds = 1000000)
{
Assertion::greaterOrEqualThan($delaySeconds, 0);
Assertion::greaterThan($throttleMicroseconds, 0);
$this->eventStore = $eventStore;
$this->delaySeconds = $delaySeconds;
$this->throttleMicroseconds = $throttleMicroseconds;
}
/**
* @param $page
* @param $itemsPerPage
*
* @throws \InvalidArgumentException
*
* @return Item[]
*/
public function paginate($page, $itemsPerPage)
{
Assertion::integer($page, 'Page should be an integer');
Assertion::integer($itemsPerPage, 'ItemsPerPage should be an integer');
Assertion::greaterThan($page, 0, 'Page should be grater than 0');
Assertion::greaterThan($itemsPerPage, 0, 'ItemsPerPage should be grater than 0');
return array_slice($this->findBy([], ['price' => 'ASC']), $page - 1, $itemsPerPage);
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('exp')) {
return [];
}
$exp = (int) $jwt->getClaim('exp');
Assertion::greaterThan($exp, time(), 'The JWT has expired.');
return ['exp'];
}
/**
* @param \Jose\JWTCreatorInterface $jwt_creator
* @param string $issuer
* @param string $signature_algorithm
* @param \Jose\Object\JWKSetInterface $signature_key_set
*/
public function enableSignedResponsesSupport(JWTCreatorInterface $jwt_creator, $issuer, $signature_algorithm, JWKSetInterface $signature_key_set)
{
Assertion::string($issuer);
Assertion::inArray($signature_algorithm, $jwt_creator->getSupportedSignatureAlgorithms());
Assertion::greaterThan($signature_key_set->countKeys(), 0, 'The signature key set must have at least one key.');
$this->setJWTCreator($jwt_creator);
$this->setIssuer($issuer);
$this->signature_key_set = $signature_key_set;
$this->signature_algorithm = $signature_algorithm;
}
/**
* JWTAccessTokenManager constructor.
*
* @param \Jose\JWTCreatorInterface $jwt_creator
* @param \Jose\JWTLoaderInterface $jwt_loader
* @param string $signature_algorithm
* @param \Jose\Object\JWKSetInterface $signature_key_set
* @param string $issuer
* @param string $key_encryption_algorithm
* @param string $content_encryption_algorithm
* @param \Jose\Object\JWKSetInterface $key_encryption_key_set
*/
public function __construct(JWTCreatorInterface $jwt_creator, JWTLoaderInterface $jwt_loader, $signature_algorithm, JWKSetInterface $signature_key_set, $key_encryption_algorithm, $content_encryption_algorithm, JWKSetInterface $key_encryption_key_set, $issuer)
{
Assertion::string($signature_algorithm);
Assertion::string($key_encryption_algorithm);
Assertion::string($content_encryption_algorithm);
Assertion::greaterThan($signature_key_set->countKeys(), 0, 'The signature key set must have at least one key.');
Assertion::greaterThan($key_encryption_key_set->countKeys(), 0, 'The encryption key set must have at least one key.');
Assertion::inArray($signature_algorithm, $jwt_creator->getSupportedSignatureAlgorithms());
Assertion::inArray($key_encryption_algorithm, $jwt_creator->getSupportedKeyEncryptionAlgorithms());
Assertion::inArray($content_encryption_algorithm, $jwt_creator->getSupportedContentEncryptionAlgorithms());
$this->signature_algorithm = $signature_algorithm;
$this->key_encryption_algorithm = $key_encryption_algorithm;
$this->content_encryption_algorithm = $content_encryption_algorithm;
$this->setIssuer($issuer);
$this->signature_key_set = $signature_key_set;
$this->key_encryption_key_set = $key_encryption_key_set;
$this->setJWTCreator($jwt_creator);
$this->setJWTLoader($jwt_loader);
}
/**
* {@inheritdoc}
*/
public function encrypt(Object\JWEInterface &$jwe)
{
Assertion::false($jwe->isEncrypted(), 'The JWE is already encrypted.');
Assertion::greaterThan($jwe->countRecipients(), 0, 'The JWE does not contain recipient.');
$additional_headers = [];
$nb_recipients = $jwe->countRecipients();
$content_encryption_algorithm = $this->getContentEncryptionAlgorithm($jwe);
$compression_method = $this->getCompressionMethod($jwe);
$key_management_mode = $this->getKeyManagementMode($jwe);
$cek = $this->determineCEK($jwe, $content_encryption_algorithm, $key_management_mode, $additional_headers);
for ($i = 0; $i < $nb_recipients; $i++) {
$this->processRecipient($jwe, $jwe->getRecipient($i), $cek, $content_encryption_algorithm, $additional_headers);
}
if (!empty($additional_headers) && 1 === $jwe->countRecipients()) {
$jwe = $jwe->withSharedProtectedHeaders(array_merge($jwe->getSharedProtectedHeaders(), $additional_headers));
}
$iv_size = $content_encryption_algorithm->getIVSize();
$iv = $this->createIV($iv_size);
$this->encryptJWE($jwe, $content_encryption_algorithm, $cek, $iv, $compression_method);
}
/**
* {@inheritdoc}
*/
public function enableEncryptedRequestObjectSupport(JWKSetInterface $key_encryption_key_set, $require_encryption)
{
Assertion::boolean($require_encryption);
Assertion::true($this->isRequestObjectSupportEnabled(), 'Request object support must be enabled first.');
Assertion::greaterThan($key_encryption_key_set->countKeys(), 0, 'The encryption key set must have at least one key.');
$this->require_encryption = $require_encryption;
$this->key_encryption_key_set = $key_encryption_key_set;
}
/**
* @param int $id_token_lifetime
*/
public function setIdTokenLifetime($id_token_lifetime)
{
Assertion::integer($id_token_lifetime);
Assertion::greaterThan($id_token_lifetime, 0);
$this->id_token_lifetime = $id_token_lifetime;
}
/**
* Return the time for the given number of revolutions.
*
* @param int $revs
*
* @throws \OutOfBoundsException If revs <= 0
*
* @return float
*/
public function getRevTime($revs)
{
Assertion::greaterThan($revs, 0, 'Revolutions must be more than 0, got %s');
return $this->netTime / $revs;
}
public function __construct($limit)
{
$limit = (int) $limit;
Assertion::greaterThan($limit, 0, 'Limit must be greater than 0');
$this->limit = $limit;
}
/**
* @param string $name
* @param string $storage_path
* @param int $nb_keys
* @param array $key_configuration
* @param bool $is_rotatable
* @param bool $is_public
*
* @return array
*/
private static function getRandomJWKSetConfiguration($name, $storage_path, $nb_keys, array $key_configuration, $is_rotatable = false, $is_public = true)
{
self::checkParameters($name, $is_public);
Assertion::string($storage_path);
Assertion::notEmpty($storage_path);
Assertion::integer($nb_keys);
Assertion::greaterThan($nb_keys, 0);
Assertion::boolean($is_rotatable);
return [self::BUNDLE_ALIAS => ['key_sets' => [$name => ['auto' => ['is_rotatable' => $is_rotatable, 'is_public' => $is_public, 'nb_keys' => $nb_keys, 'key_configuration' => $key_configuration, 'storage_path' => $storage_path]]]]];
}
/**
* Decryption.
*
* @param \Jose\KeyConverter\RSAKey $key
* @param string $ciphertext
* @param string $hash_algorithm
*
* @return string
*/
public static function decrypt(RSAKey $key, $ciphertext, $hash_algorithm)
{
Assertion::greaterThan($key->getModulusLength(), 0);
$hash = Hash::$hash_algorithm();
$ciphertext = str_split($ciphertext, $key->getModulusLength());
$ciphertext[count($ciphertext) - 1] = str_pad($ciphertext[count($ciphertext) - 1], $key->getModulusLength(), chr(0), STR_PAD_LEFT);
$plaintext = '';
foreach ($ciphertext as $c) {
$temp = self::getRSAESOAEP($key, $c, $hash);
$plaintext .= $temp;
}
return $plaintext;
}
/**
* @param int $initial_access_token_lifetime
*/
public function setInitialAccessTokenLifetime($initial_access_token_lifetime)
{
Assertion::integer($initial_access_token_lifetime);
Assertion::greaterThan($initial_access_token_lifetime, 0);
$this->initial_access_token_lifetime = $initial_access_token_lifetime;
}
/**
* @dataProvider invalidGreaterProvider
*/
public function testGreaterThanThrowsException($value, $limit)
{
$this->setExpectedException('Assert\\AssertionFailedException', null, Assertion::INVALID_GREATER);
Assertion::greaterThan($value, $limit);
}
/**
* Validate price:
* 0 < $price < 10000
* @param $price
*/
public static function price($price)
{
Assert::digit($price);
Assert::greaterThan($price, 0);
Assert::lessThan($price, 10000);
}
/**
* @param \Jose\Object\JWKSetInterface $jwk_set
*/
private function checkJWKSet(Object\JWKSetInterface $jwk_set)
{
Assertion::greaterThan(count($jwk_set), 0, 'No key in the key set.');
}
/**
* @param int $duration
*
* @throws \InvalidArgumentException
*
* @return static
*/
public function withDuration($duration)
{
Assertion::integer($duration);
Assertion::greaterThan($duration, VideoInterface::DURATION_LOWER_LIMIT);
Assertion::lessThan($duration, VideoInterface::DURATION_UPPER_LIMIT);
$instance = clone $this;
$instance->duration = $duration;
return $instance;
}
/**
* @param int $authorization_code_max_length
*/
public function setAuthorizationCodeMaxLength($authorization_code_max_length)
{
Assertion::integer($authorization_code_max_length);
Assertion::greaterThan($authorization_code_max_length, $this->getAuthorizationCodeMinLength());
$this->authorization_code_max_length = $authorization_code_max_length;
}
/**
* {@inheritdoc}
*/
public function toJSON()
{
Assertion::greaterThan($this->countSignatures(), 0, 'No signature.');
$data = [];
$this->checkPayloadEncoding();
if (false === $this->isPayloadDetached()) {
$data['payload'] = $this->getEncodedPayload($this->getSignature(0));
}
$data['signatures'] = [];
foreach ($this->getSignatures() as $signature) {
$tmp = ['signature' => Base64Url::encode($signature->getSignature())];
$values = ['protected' => $signature->getEncodedProtectedHeaders(), 'header' => $signature->getHeaders()];
foreach ($values as $key => $value) {
if (!empty($value)) {
$tmp[$key] = $value;
}
}
$data['signatures'][] = $tmp;
}
return json_encode($data);
}
/**
* @param int $access_token_max_length
*/
public function setAccessTokenMaxLength($access_token_max_length)
{
Assertion::integer($access_token_max_length);
Assertion::greaterThan($access_token_max_length, $this->getAccessTokenMinLength());
$this->access_token_max_length = $access_token_max_length;
}
/**
* @param int $refresh_token_max_length
*/
public function setRefreshTokenMaxLength($refresh_token_max_length)
{
Assertion::integer($refresh_token_max_length);
Assertion::greaterThan($refresh_token_max_length, $this->getRefreshTokenMinLength());
$this->refresh_token_max_length = $refresh_token_max_length;
}
/**
* @param string $kek The Key Encryption Key
* @param string $key The key to unwrap
* @param bool $padding_enabled If false, the AIV check must be RFC3394 compliant, else it must be RFC5649 or RFC3394 compliant
*
* @return string The key unwrapped
*/
public static function unwrap($kek, $key, $padding_enabled = false)
{
self::checkKEKSize($kek);
$P = str_split($key, 8);
$A = $P[0];
$N = count($P);
Assertion::greaterThan($N, 1, 'Bad data');
$encryptor = self::getEncryptor($kek);
if (2 === $N) {
$B = $encryptor->decrypt($P[0] . $P[1]);
$unwrapped = self::getLSB($B);
$A = self::getMSB($B);
} else {
$R = $P;
for ($j = 5; $j >= 0; --$j) {
for ($i = $N - 1; $i >= 1; --$i) {
$t = $i + $j * ($N - 1);
$B = $encryptor->decrypt((self::toXBits(64, $t) ^ $A) . $R[$i]);
$A = self::getMSB($B);
$R[$i] = self::getLSB($B);
}
}
unset($R[0]);
$unwrapped = implode('', $R);
}
Assertion::true(self::checkInitialValue($unwrapped, $padding_enabled, $A), 'Integrity check failed');
return $unwrapped;
}
/**
* @param \Jose\Object\JWKSetInterface $jwk_set
*/
private function checkJWKSet(Object\JWKSetInterface $jwk_set)
{
Assertion::greaterThan($jwk_set->countKeys(), 0, 'There is no key in the key set.');
}
/**
* @param int $digits
*/
private function setDigits($digits)
{
Assertion::greaterThan((int) $digits, 0, 'Digits must be at least 1.');
$this->parameters['digits'] = (int) $digits;
}
/**
* @param int $access_token_lifetime
*/
public function setAccessTokenLifetime($access_token_lifetime)
{
Assertion::integer($access_token_lifetime);
Assertion::greaterThan($access_token_lifetime, 0);
$this->access_token_lifetime = $access_token_lifetime;
}
