/**
* {@inheritdoc}
*/
public function checkPKCEInput($code_challenge_method, $code_challenge, $code_verifier)
{
Assertion::true($this->hasPKCEMethod($code_challenge_method), sprintf('Unsupported code challenge method "%s".', $code_challenge_method));
$method = $this->getPKCEMethod($code_challenge_method);
Assertion::notNull($code_verifier, 'The parameter "code_verifier" is required.');
Assertion::true($method->isChallengeVerified($code_verifier, $code_challenge), 'Invalid parameter "code_verifier".');
}
/**
* SimpleStringAccessTokenManager constructor.
*
* @param string $class
* @param \Doctrine\Common\Persistence\ManagerRegistry $manager_registry
* @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $event_dispatcher
*/
public function __construct($class, ManagerRegistry $manager_registry, EventDispatcherInterface $event_dispatcher)
{
$this->class = $class;
$this->event_dispatcher = $event_dispatcher;
$this->entity_manager = $manager_registry->getManagerForClass($class);
Assertion::notNull($this->entity_manager, sprintf('Unable to find the entity manager for the class "%s"', $class));
$this->entity_repository = $this->entity_manager->getRepository($class);
}
/**
* @param LetterGuessedCorrectly $event
*/
public function applyLetterGuessedCorrectly(LetterGuessedCorrectly $event)
{
$readModel = $this->repository->findBy(["gameId" => $event->getGameId()]);
Assertion::notNull($readModel, "Readmodel doesn't hold an object");
$lastResult = end($readModel);
$readModel = $lastResult->setLetterCorrectlyGuessed($event->getLetters());
$this->repository->save($readModel);
}
/**
* @param mixed $data
* @throws \InvalidArgumentException
*/
public function __construct($data)
{
Assertion::notNull($data, 'Data must not be null');
if (is_object($data)) {
throw new \InvalidArgumentException('Complex data must only be structured as array. An object is not allowed');
}
$this->data = $data;
}
/**
* @Then the role and admin fixtures should be applied
*/
public function theRoleAndAdminFixturesShouldBeApplied()
{
$em = $this->getEntityManager();
$roleRepository = $em->getRepository('Account:Role');
$userRepository = $em->getRepository('Account:User');
Assertion::notNull($roleRepository->findOneBy(['role' => 'ROLE_USER']));
Assertion::notNull($roleRepository->findOneBy(['role' => 'ROLE_ADMIN']));
Assertion::notNull($userRepository->findOneBy(['username' => 'admin']));
}
/**
* @param string $basketId
*
* @return Response
*/
public function addProductToBasketAction(Request $request, $basketId)
{
$basketId = new BasketId($basketId);
$productToAdd = $request->request->get('productId');
$productName = $request->request->get('productName');
Assert::notNull($productName);
$command = new AddProductToBasket($basketId, $productToAdd, $productName);
$this->commandBus->dispatch($command);
return new Response();
}
/**
* @param string $result
* @param Coords $target
* @param Coords $startPoint
* @param Coords $endPoint
*/
private function __construct($result, Coords $target, Coords $startPoint = null, Coords $endPoint = null)
{
Assertion::choice($result, [static::HIT, static::MISS, static::SANK, static::WIN]);
if (in_array($result, [static::SANK, static::WIN])) {
Assertion::notNull($startPoint);
Assertion::notNull($endPoint);
}
$this->result = $result;
$this->startPoint = $startPoint;
$this->endPoint = $endPoint;
$this->target = $target;
}
/**
* @param $anAgentDescriptionOrRole
* @param ActionDescription $anActionDescriptionOrNull
*/
private function __construct($anAgentDescriptionOrRole, ActionDescription $anActionDescriptionOrNull = null)
{
if ($anAgentDescriptionOrRole instanceof AgentDescription) {
$this->agentDescription = $anAgentDescriptionOrRole;
} else {
if ($anAgentDescriptionOrRole instanceof RoleDescription) {
Assertion::notNull($anActionDescriptionOrNull, 'ActionDescription is required when ProcessSep is setup with a RoleDescription.');
$this->role = $anAgentDescriptionOrRole;
$this->actionDescription = $anActionDescriptionOrNull;
}
}
}
/**
* {@inheritdoc}
*/
public function getEncodedPayload(SignatureInterface $signature)
{
if (true === $this->isPayloadDetached()) {
return;
}
if (null !== $this->encoded_payload) {
return $this->encoded_payload;
}
$payload = $this->getPayload();
if (!is_string($payload)) {
$payload = json_encode($payload);
}
Assertion::notNull($payload, 'Unsupported payload.');
return $this->isPayloadEncoded($signature) ? Base64Url::encode($payload) : $payload;
}
/**
* {@inheritdoc}
*/
public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response)
{
$assertion = RequestBody::getParameter($request, 'assertion');
try {
Assertion::notNull($assertion, 'Parameter "assertion" is missing.');
$jwt = $this->getJWTLoader()->load($assertion, $this->key_encryption_key_set, $this->encryption_required);
Assertion::isInstanceOf($jwt, JWSInterface::class, 'Assertion does not contain signed claims.');
Assertion::true($jwt->hasClaim('sub'), 'Assertion does not contain "sub" claims.');
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
//We modify the response:
// - We add the subject as the client public id
// - We transmit the JWT to the response for further needs
$grant_type_response->setClientPublicId($jwt->getClaim('sub'));
$grant_type_response->setAdditionalData('jwt', $jwt);
}
/**
* {@inheritdoc}
*/
public function processUserAccount(ServerRequestInterface $request, ResponseInterface &$response, AuthorizationInterface $authorization, UserAccountInterface &$user_account = null)
{
// The query parameter 'id_token_hint' and the Id Token Manager are set
if ($authorization->hasQueryParam('id_token_hint') && null !== $this->getIdTokenManager()) {
try {
$id_token_hint = $this->getIdTokenManager()->loadIdToken($authorization->getQueryParam('id_token_hint'));
Assertion::true($id_token_hint->hasClaim('sub'), 'Invalid "id_token_hint" parameter.');
$public_id = $this->getIdTokenManager()->getPublicIdFromSubjectIdentifier($id_token_hint->getClaim('sub'));
Assertion::notNull($public_id, 'Invalid "id_token_hint" parameter.');
if (null === $user_account) {
$user_account = $this->getUserAccountManager()->getUserAccountByPublicId($public_id);
} else {
if ($user_account->getPublicId() !== $public_id) {
throw new RedirectToLoginPageException($authorization);
}
}
} catch (\InvalidArgumentException $e) {
throw new CreateRedirectionException($authorization, ExceptionManagerInterface::BAD_REQUEST, $e->getMessage());
}
}
}
/**
* @param array $params
* @param string $request
* @param \OAuth2\Client\ClientInterface|null $client
*
* @throws \OAuth2\Exception\BadRequestExceptionInterface
*
* @return \Jose\Object\JWSInterface
*/
private function loadRequest(array $params, $request, ClientInterface &$client = null)
{
$jwt = $this->getJWTLoader()->load($request, $this->key_encryption_key_set, $this->require_encryption);
try {
Assertion::true($jwt->hasClaims(), 'The request object does not contain claims.');
$client = $this->getClient(array_merge($params, $jwt->getClaims()));
$public_key_set = $client->getPublicKeySet();
Assertion::notNull($public_key_set, 'The client does not have signature capabilities.');
$this->getJWTLoader()->verify($jwt, $public_key_set);
$missing_claims = array_keys(array_diff_key(array_flip($this->mandatory_claims), $jwt->getClaims()));
Assertion::true(0 === count($missing_claims), 'The following mandatory claims are missing: %s.', json_encode($missing_claims));
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST_OBJECT, $e->getMessage());
}
return $jwt;
}
/**
* @param string $address
*/
public function setAddress($address)
{
Assertion::notNull($address);
Assertion::string($address);
$this->address = $address;
}
/**
* {@inheritdoc}
*/
public function createIdToken(ClientInterface $client, UserAccountInterface $user_account, $redirect_uri, $claims_locales, array $request_claims, array $scope, array $id_token_claims = [], AccessTokenInterface $access_token = null, AuthCodeInterface $auth_code = null)
{
$id_token = $this->createEmptyIdToken();
$exp = null !== $access_token ? $access_token->getExpiresAt() : time() + $this->getLifetime($client);
$claims = array_merge($this->getUserinfo()->getUserinfo($client, $user_account, $redirect_uri, $claims_locales, $request_claims, $scope), ['jti' => Base64Url::encode(random_bytes(25)), 'iss' => $this->getIssuer(), 'aud' => [$client->getPublicId(), $this->getIssuer()], 'iat' => time(), 'nbf' => time(), 'exp' => $exp]);
foreach (['at_hash' => $access_token, 'c_hash' => $auth_code] as $key => $token) {
if (null !== $token) {
$claims[$key] = $this->getHash($token->getToken());
}
}
foreach (['last_login_at' => 'auth_time', 'amr' => 'amr', 'acr' => 'acr'] as $claim => $key) {
if ($user_account->has($claim)) {
$claims[$key] = $user_account->get($claim);
}
}
$headers = ['typ' => 'JWT', 'alg' => $this->getSignatureAlgorithm()];
$signature_key = $this->signature_key_set->selectKey('sig', $this->getSignatureAlgorithm());
Assertion::notNull($signature_key, 'Unable to find a key to sign the ID Token. Please verify the selected key set contains suitable keys.');
if ($signature_key->has('kid')) {
$headers['kid'] = $signature_key->get('kid');
}
if (!empty($id_token_claims)) {
$claims = array_merge($claims, $id_token_claims);
}
$jwt = $this->jwt_creator->sign($claims, $headers, $signature_key);
if ($client->hasPublicKeySet() && $client->has('id_token_encrypted_response_alg') && $client->has('id_token_encrypted_response_enc')) {
$key_set = $client->getPublicKeySet();
$key = $key_set->selectKey('enc');
if (null !== $key) {
$headers = ['typ' => 'JWT', 'jti' => Base64Url::encode(random_bytes(25)), 'alg' => $client->get('id_token_encrypted_response_alg'), 'enc' => $client->get('id_token_encrypted_response_enc')];
$jwt = $this->jwt_creator->encrypt($jwt, $headers, $key);
}
}
$id_token->setToken($jwt);
$id_token->setExpiresAt($exp);
$id_token->setClientPublicId($client->getPublicId());
$id_token->setResourceOwnerPublicId($user_account->getUserPublicId());
return $id_token;
}
private function checkRequestAndClient(ServerRequestInterface $request, ClientInterface $client)
{
Assertion::true($this->isRequestSecured($request), 'The request must be secured.');
Assertion::true($client->has('registration_access_token'), 'Invalid client.');
$values = [];
$token = $this->bearer_token->findToken($request, $values);
Assertion::notNull($token, 'Initial Access Token is missing or invalid.');
Assertion::eq($token, $client->get('registration_access_token'), 'Initial Access Token is missing or invalid.');
}
public function testInvalidNotNull()
{
$this->setExpectedException('Assert\\AssertionFailedException', null, Assertion::VALUE_NULL);
Assertion::notNull(null);
}
public function getTargetPropertyName() : string
{
Assertion::notNull($this->targetPropertyName);
return $this->targetPropertyName;
}
/**
* {@inheritdoc}
*/
public function verify(Object\JWSInterface $jws, Object\JWKSetInterface $signature_key_set, $detached_payload = null)
{
Assertion::inArray($jws->getSignature(0)->getProtectedHeader('alg'), $this->getSupportedSignatureAlgorithms(), sprintf('The signature algorithm "%s" is not supported or not allowed.', $jws->getSignature(0)->getProtectedHeader('alg')));
$index = null;
$this->verifier->verifyWithKeySet($jws, $signature_key_set, $detached_payload, $index);
Assertion::notNull($index, 'JWS signature(s) verification failed.');
$this->checker_manager->checkJWS($jws, $index);
return $index;
}
/**
* Validate id:
* $id !== null
* @param $id
*/
public static function id($id)
{
Assert::notNull($id);
}
/**
* Static constructor.
*
* @param string $type
* @param TwitterUser $source
* @param TwitterUser $target
* @param TwitterEventTarget $object
* @param \DateTimeInterface $date
*
* @return TwitterEvent
*/
public static function create($type, TwitterUser $source, TwitterUser $target = null, TwitterEventTarget $object = null, \DateTimeInterface $date = null)
{
$obj = new self();
Assertion::notNull($date);
Assertion::eq(new \DateTimeZone('UTC'), $date->getTimezone());
$obj->type = $type;
$obj->source = $source;
$obj->target = $target;
$obj->object = $object;
$obj->date = $date;
return $obj;
}
/**
* @param string $method
*
* @throws \InvalidArgumentException
*
* @return \Jose\Compression\CompressionInterface
*/
private function getCompressionMethod($method)
{
$compression_method = $this->getCompressionManager()->getCompressionAlgorithm($method);
Assertion::notNull($compression_method, sprintf('Compression method "%s" not supported', $method));
return $compression_method;
}
public function getIdentity() : Identity
{
Assertion::notNull($this->identity);
return $this->identity;
}
public function getRecordId() : RecordId
{
Assertion::notNull($this->recordId);
return $this->recordId;
}
/**
* @param $curve
*
* @return string
*/
private function getOID($curve)
{
$curves = $this->getSupportedCurves();
$oid = array_key_exists($curve, $curves) ? $curves[$curve] : null;
Assertion::notNull($oid, 'Unsupported curve');
return $oid;
}
/**
* @param string $password
*/
public function setPassword($password)
{
Assertion::notNull($password);
$this->password = $password;
}
/**
* @Then I should get an error
*/
public function iShouldGetAnError()
{
Assertion::notNull($this->exception);
Assertion::isInstanceOf($this->exception, \InvalidArgumentException::class);
}
protected function guardRequiredState()
{
parent::guardRequiredState();
Assertion::notNull($this->auth_token);
Assertion::date($this->token_expire_date, DATE_ISO8601);
}
/**
* @param string $pem
* @param string[] $matches
* @param null|string $password
*
* @return string
*/
private static function decodePem($pem, array $matches, $password = null)
{
Assertion::notNull($password, 'Password required for encrypted keys.');
$iv = pack('H*', trim($matches[2]));
$iv_sub = mb_substr($iv, 0, 8, '8bit');
$symkey = pack('H*', md5($password . $iv_sub));
$symkey .= pack('H*', md5($symkey . $password . $iv_sub));
$key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $pem);
$ciphertext = base64_decode(preg_replace('#-.*-|\\r|\\n#', '', $key));
$decoded = openssl_decrypt($ciphertext, strtolower($matches[1]), $symkey, true, $iv);
$number = preg_match_all('#-{5}.*-{5}#', $pem, $result);
Assertion::eq($number, 2, 'Unable to load the key');
$pem = $result[0][0] . PHP_EOL;
$pem .= chunk_split(base64_encode($decoded), 64);
$pem .= $result[0][1] . PHP_EOL;
return $pem;
}
public function getFormErrorSequence() : FormErrorSequence
{
Assertion::notNull($this->formErrorSequence, 'Form errors can only be retrieved when bind result was not successful');
return $this->formErrorSequence;
}
/**
* Resets the Temporal object to its initial value
*
* @return int Returns the initial value
*/
public function reset()
{
Assertion::notNull(self::$redis, "Redis connection hasn't been set");
// Remove each individual key
$items = self::$redis->sMembers($this->identifier);
foreach ($items as $i) {
self::$redis->delete($i);
}
// Remove the set and check its emptiness
self::$redis->delete($this->identifier);
Assertion::count(self::$redis->sMembers($this->identifier), 0);
return $this->initialNumber;
}
