diff options
Diffstat (limited to 'vendor/web-token/jwt-signature')
20 files changed, 1945 insertions, 1945 deletions
diff --git a/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php b/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php index 4f982e7..ce340f6 100644 --- a/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php +++ b/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php @@ -1,41 +1,41 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Algorithm; - -use Jose\Component\Core\Algorithm; -use Jose\Component\Core\JWK; - -interface SignatureAlgorithm extends Algorithm -{ - /** - * Sign the input. - * - * @param JWK $key The private key used to sign the data - * @param string $input The input - * - * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation - */ - public function sign(JWK $key, string $input): string; - - /** - * Verify the signature of data. - * - * @param JWK $key The private key used to sign the data - * @param string $input The input - * @param string $signature The signature to verify - * - * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation - */ - public function verify(JWK $key, string $input, string $signature): bool; -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Algorithm;
+
+use Jose\Component\Core\Algorithm;
+use Jose\Component\Core\JWK;
+
+interface SignatureAlgorithm extends Algorithm
+{
+ /**
+ * Sign the input.
+ *
+ * @param JWK $key The private key used to sign the data
+ * @param string $input The input
+ *
+ * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation
+ */
+ public function sign(JWK $key, string $input): string;
+
+ /**
+ * Verify the signature of data.
+ *
+ * @param JWK $key The private key used to sign the data
+ * @param string $input The input
+ * @param string $signature The signature to verify
+ *
+ * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation
+ */
+ public function verify(JWK $key, string $input, string $signature): bool;
+}
diff --git a/vendor/web-token/jwt-signature/JWS.php b/vendor/web-token/jwt-signature/JWS.php index fe94f33..0c7bac1 100644 --- a/vendor/web-token/jwt-signature/JWS.php +++ b/vendor/web-token/jwt-signature/JWS.php @@ -1,159 +1,159 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Core\JWT; - -class JWS implements JWT -{ - /** - * @var bool - */ - private $isPayloadDetached = false; - - /** - * @var string|null - */ - private $encodedPayload = null; - - /** - * @var Signature[] - */ - private $signatures = []; - - /** - * @var string|null - */ - private $payload = null; - - /** - * JWS constructor. - */ - private function __construct(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false) - { - $this->payload = $payload; - $this->encodedPayload = $encodedPayload; - $this->isPayloadDetached = $isPayloadDetached; - } - - /** - * Creates a JWS object. - * - * @return JWS - */ - public static function create(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false): self - { - return new self($payload, $encodedPayload, $isPayloadDetached); - } - - public function getPayload(): ?string - { - return $this->payload; - } - - /** - * Returns true if the payload is detached. - */ - public function isPayloadDetached(): bool - { - return $this->isPayloadDetached; - } - - /** - * Returns the Base64Url encoded payload. - * If the payload is detached, this method returns null. - */ - public function getEncodedPayload(): ?string - { - if (true === $this->isPayloadDetached()) { - return null; - } - - return $this->encodedPayload; - } - - /** - * Returns the signatures associated with the JWS. - * - * @return Signature[] - */ - public function getSignatures(): array - { - return $this->signatures; - } - - /** - * Returns the signature at the given index. - */ - public function getSignature(int $id): Signature - { - if (isset($this->signatures[$id])) { - return $this->signatures[$id]; - } - - throw new \InvalidArgumentException('The signature does not exist.'); - } - - /** - * This method adds a signature to the JWS object. - * Its returns a new JWS object. - * - * @internal - * - * @return JWS - */ - public function addSignature(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self - { - $jws = clone $this; - $jws->signatures[] = Signature::create($signature, $protectedHeader, $encodedProtectedHeader, $header); - - return $jws; - } - - /** - * Returns the number of signature associated with the JWS. - */ - public function countSignatures(): int - { - return \count($this->signatures); - } - - /** - * This method splits the JWS into a list of JWSs. - * It is only useful when the JWS contains more than one signature (JSON General Serialization). - * - * @return JWS[] - */ - public function split(): array - { - $result = []; - foreach ($this->signatures as $signature) { - $jws = self::create( - $this->payload, - $this->encodedPayload, - $this->isPayloadDetached - ); - $jws = $jws->addSignature( - $signature->getSignature(), - $signature->getProtectedHeader(), - $signature->getEncodedProtectedHeader(), - $signature->getHeader() - ); - - $result[] = $jws; - } - - return $result; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Core\JWT;
+
+class JWS implements JWT
+{
+ /**
+ * @var bool
+ */
+ private $isPayloadDetached = false;
+
+ /**
+ * @var string|null
+ */
+ private $encodedPayload = null;
+
+ /**
+ * @var Signature[]
+ */
+ private $signatures = [];
+
+ /**
+ * @var string|null
+ */
+ private $payload = null;
+
+ /**
+ * JWS constructor.
+ */
+ private function __construct(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false)
+ {
+ $this->payload = $payload;
+ $this->encodedPayload = $encodedPayload;
+ $this->isPayloadDetached = $isPayloadDetached;
+ }
+
+ /**
+ * Creates a JWS object.
+ *
+ * @return JWS
+ */
+ public static function create(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false): self
+ {
+ return new self($payload, $encodedPayload, $isPayloadDetached);
+ }
+
+ public function getPayload(): ?string
+ {
+ return $this->payload;
+ }
+
+ /**
+ * Returns true if the payload is detached.
+ */
+ public function isPayloadDetached(): bool
+ {
+ return $this->isPayloadDetached;
+ }
+
+ /**
+ * Returns the Base64Url encoded payload.
+ * If the payload is detached, this method returns null.
+ */
+ public function getEncodedPayload(): ?string
+ {
+ if (true === $this->isPayloadDetached()) {
+ return null;
+ }
+
+ return $this->encodedPayload;
+ }
+
+ /**
+ * Returns the signatures associated with the JWS.
+ *
+ * @return Signature[]
+ */
+ public function getSignatures(): array
+ {
+ return $this->signatures;
+ }
+
+ /**
+ * Returns the signature at the given index.
+ */
+ public function getSignature(int $id): Signature
+ {
+ if (isset($this->signatures[$id])) {
+ return $this->signatures[$id];
+ }
+
+ throw new \InvalidArgumentException('The signature does not exist.');
+ }
+
+ /**
+ * This method adds a signature to the JWS object.
+ * Its returns a new JWS object.
+ *
+ * @internal
+ *
+ * @return JWS
+ */
+ public function addSignature(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self
+ {
+ $jws = clone $this;
+ $jws->signatures[] = Signature::create($signature, $protectedHeader, $encodedProtectedHeader, $header);
+
+ return $jws;
+ }
+
+ /**
+ * Returns the number of signature associated with the JWS.
+ */
+ public function countSignatures(): int
+ {
+ return \count($this->signatures);
+ }
+
+ /**
+ * This method splits the JWS into a list of JWSs.
+ * It is only useful when the JWS contains more than one signature (JSON General Serialization).
+ *
+ * @return JWS[]
+ */
+ public function split(): array
+ {
+ $result = [];
+ foreach ($this->signatures as $signature) {
+ $jws = self::create(
+ $this->payload,
+ $this->encodedPayload,
+ $this->isPayloadDetached
+ );
+ $jws = $jws->addSignature(
+ $signature->getSignature(),
+ $signature->getProtectedHeader(),
+ $signature->getEncodedProtectedHeader(),
+ $signature->getHeader()
+ );
+
+ $result[] = $jws;
+ }
+
+ return $result;
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSBuilder.php b/vendor/web-token/jwt-signature/JWSBuilder.php index 7d8bf43..2877f7d 100644 --- a/vendor/web-token/jwt-signature/JWSBuilder.php +++ b/vendor/web-token/jwt-signature/JWSBuilder.php @@ -1,213 +1,213 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Base64Url\Base64Url; -use Jose\Component\Core\AlgorithmManager; -use Jose\Component\Core\Converter\JsonConverter; -use Jose\Component\Core\JWK; -use Jose\Component\Core\Util\KeyChecker; -use Jose\Component\Signature\Algorithm\SignatureAlgorithm; - -class JWSBuilder -{ - /** - * @var JsonConverter - */ - private $jsonConverter; - - /** - * @var string|null - */ - private $payload; - - /** - * @var bool - */ - private $isPayloadDetached; - - /** - * @var array - */ - private $signatures = []; - - /** - * @var AlgorithmManager - */ - private $signatureAlgorithmManager; - - /** - * @var bool|null - */ - private $isPayloadEncoded = null; - - /** - * JWSBuilder constructor. - */ - public function __construct(?JsonConverter $jsonConverter, AlgorithmManager $signatureAlgorithmManager) - { - $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); - $this->signatureAlgorithmManager = $signatureAlgorithmManager; - } - - /** - * Returns the algorithm manager associated to the builder. - */ - public function getSignatureAlgorithmManager(): AlgorithmManager - { - return $this->signatureAlgorithmManager; - } - - /** - * Reset the current data. - * - * @return JWSBuilder - */ - public function create(): self - { - $this->payload = null; - $this->isPayloadDetached = false; - $this->signatures = []; - $this->isPayloadEncoded = null; - - return $this; - } - - /** - * Set the payload. - * This method will return a new JWSBuilder object. - * - * @return JWSBuilder - */ - public function withPayload(string $payload, bool $isPayloadDetached = false): self - { - if (false === \mb_detect_encoding($payload, 'UTF-8', true)) { - throw new \InvalidArgumentException('The payload must be encoded in UTF-8'); - } - $clone = clone $this; - $clone->payload = $payload; - $clone->isPayloadDetached = $isPayloadDetached; - - return $clone; - } - - /** - * Adds the information needed to compute the signature. - * This method will return a new JWSBuilder object. - * - * @return JWSBuilder - */ - public function addSignature(JWK $signatureKey, array $protectedHeader, array $header = []): self - { - $this->checkB64AndCriticalHeader($protectedHeader); - $isPayloadEncoded = $this->checkIfPayloadIsEncoded($protectedHeader); - if (null === $this->isPayloadEncoded) { - $this->isPayloadEncoded = $isPayloadEncoded; - } elseif ($this->isPayloadEncoded !== $isPayloadEncoded) { - throw new \InvalidArgumentException('Foreign payload encoding detected.'); - } - $this->checkDuplicatedHeaderParameters($protectedHeader, $header); - KeyChecker::checkKeyUsage($signatureKey, 'signature'); - $signatureAlgorithm = $this->findSignatureAlgorithm($signatureKey, $protectedHeader, $header); - KeyChecker::checkKeyAlgorithm($signatureKey, $signatureAlgorithm->name()); - $clone = clone $this; - $clone->signatures[] = [ - 'signature_algorithm' => $signatureAlgorithm, - 'signature_key' => $signatureKey, - 'protected_header' => $protectedHeader, - 'header' => $header, - ]; - - return $clone; - } - - /** - * Computes all signatures and return the expected JWS object. - */ - public function build(): JWS - { - if (null === $this->payload) { - throw new \RuntimeException('The payload is not set.'); - } - if (0 === \count($this->signatures)) { - throw new \RuntimeException('At least one signature must be set.'); - } - - $encodedPayload = false === $this->isPayloadEncoded ? $this->payload : Base64Url::encode($this->payload); - $jws = JWS::create($this->payload, $encodedPayload, $this->isPayloadDetached); - foreach ($this->signatures as $signature) { - /** @var SignatureAlgorithm $signatureAlgorithm */ - $signatureAlgorithm = $signature['signature_algorithm']; - /** @var JWK $signatureKey */ - $signatureKey = $signature['signature_key']; - /** @var array $protectedHeader */ - $protectedHeader = $signature['protected_header']; - /** @var array $header */ - $header = $signature['header']; - $encodedProtectedHeader = empty($protectedHeader) ? null : Base64Url::encode($this->jsonConverter->encode($protectedHeader)); - $input = \sprintf('%s.%s', $encodedProtectedHeader, $encodedPayload); - $s = $signatureAlgorithm->sign($signatureKey, $input); - $jws = $jws->addSignature($s, $protectedHeader, $encodedProtectedHeader, $header); - } - - return $jws; - } - - private function checkIfPayloadIsEncoded(array $protectedHeader): bool - { - return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64']; - } - - private function checkB64AndCriticalHeader(array $protectedHeader) - { - if (!\array_key_exists('b64', $protectedHeader)) { - return; - } - if (!\array_key_exists('crit', $protectedHeader)) { - throw new \LogicException('The protected header parameter "crit" is mandatory when protected header parameter "b64" is set.'); - } - if (!\is_array($protectedHeader['crit'])) { - throw new \LogicException('The protected header parameter "crit" must be an array.'); - } - if (!\in_array('b64', $protectedHeader['crit'], true)) { - throw new \LogicException('The protected header parameter "crit" must contain "b64" when protected header parameter "b64" is set.'); - } - } - - private function findSignatureAlgorithm(JWK $key, array $protectedHeader, array $header): SignatureAlgorithm - { - $completeHeader = \array_merge($header, $protectedHeader); - if (!\array_key_exists('alg', $completeHeader)) { - throw new \InvalidArgumentException('No "alg" parameter set in the header.'); - } - if ($key->has('alg') && $key->get('alg') !== $completeHeader['alg']) { - throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not allowed with this key.', $completeHeader['alg'])); - } - - $signatureAlgorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']); - if (!$signatureAlgorithm instanceof SignatureAlgorithm) { - throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported.', $completeHeader['alg'])); - } - - return $signatureAlgorithm; - } - - private function checkDuplicatedHeaderParameters(array $header1, array $header2) - { - $inter = \array_intersect_key($header1, $header2); - if (!empty($inter)) { - throw new \InvalidArgumentException(\sprintf('The header contains duplicated entries: %s.', \implode(', ', \array_keys($inter)))); - } - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Base64Url\Base64Url;
+use Jose\Component\Core\AlgorithmManager;
+use Jose\Component\Core\Converter\JsonConverter;
+use Jose\Component\Core\JWK;
+use Jose\Component\Core\Util\KeyChecker;
+use Jose\Component\Signature\Algorithm\SignatureAlgorithm;
+
+class JWSBuilder
+{
+ /**
+ * @var JsonConverter
+ */
+ private $jsonConverter;
+
+ /**
+ * @var string|null
+ */
+ private $payload;
+
+ /**
+ * @var bool
+ */
+ private $isPayloadDetached;
+
+ /**
+ * @var array
+ */
+ private $signatures = [];
+
+ /**
+ * @var AlgorithmManager
+ */
+ private $signatureAlgorithmManager;
+
+ /**
+ * @var bool|null
+ */
+ private $isPayloadEncoded = null;
+
+ /**
+ * JWSBuilder constructor.
+ */
+ public function __construct(?JsonConverter $jsonConverter, AlgorithmManager $signatureAlgorithmManager)
+ {
+ $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter();
+ $this->signatureAlgorithmManager = $signatureAlgorithmManager;
+ }
+
+ /**
+ * Returns the algorithm manager associated to the builder.
+ */
+ public function getSignatureAlgorithmManager(): AlgorithmManager
+ {
+ return $this->signatureAlgorithmManager;
+ }
+
+ /**
+ * Reset the current data.
+ *
+ * @return JWSBuilder
+ */
+ public function create(): self
+ {
+ $this->payload = null;
+ $this->isPayloadDetached = false;
+ $this->signatures = [];
+ $this->isPayloadEncoded = null;
+
+ return $this;
+ }
+
+ /**
+ * Set the payload.
+ * This method will return a new JWSBuilder object.
+ *
+ * @return JWSBuilder
+ */
+ public function withPayload(string $payload, bool $isPayloadDetached = false): self
+ {
+ if (false === \mb_detect_encoding($payload, 'UTF-8', true)) {
+ throw new \InvalidArgumentException('The payload must be encoded in UTF-8');
+ }
+ $clone = clone $this;
+ $clone->payload = $payload;
+ $clone->isPayloadDetached = $isPayloadDetached;
+
+ return $clone;
+ }
+
+ /**
+ * Adds the information needed to compute the signature.
+ * This method will return a new JWSBuilder object.
+ *
+ * @return JWSBuilder
+ */
+ public function addSignature(JWK $signatureKey, array $protectedHeader, array $header = []): self
+ {
+ $this->checkB64AndCriticalHeader($protectedHeader);
+ $isPayloadEncoded = $this->checkIfPayloadIsEncoded($protectedHeader);
+ if (null === $this->isPayloadEncoded) {
+ $this->isPayloadEncoded = $isPayloadEncoded;
+ } elseif ($this->isPayloadEncoded !== $isPayloadEncoded) {
+ throw new \InvalidArgumentException('Foreign payload encoding detected.');
+ }
+ $this->checkDuplicatedHeaderParameters($protectedHeader, $header);
+ KeyChecker::checkKeyUsage($signatureKey, 'signature');
+ $signatureAlgorithm = $this->findSignatureAlgorithm($signatureKey, $protectedHeader, $header);
+ KeyChecker::checkKeyAlgorithm($signatureKey, $signatureAlgorithm->name());
+ $clone = clone $this;
+ $clone->signatures[] = [
+ 'signature_algorithm' => $signatureAlgorithm,
+ 'signature_key' => $signatureKey,
+ 'protected_header' => $protectedHeader,
+ 'header' => $header,
+ ];
+
+ return $clone;
+ }
+
+ /**
+ * Computes all signatures and return the expected JWS object.
+ */
+ public function build(): JWS
+ {
+ if (null === $this->payload) {
+ throw new \RuntimeException('The payload is not set.');
+ }
+ if (0 === \count($this->signatures)) {
+ throw new \RuntimeException('At least one signature must be set.');
+ }
+
+ $encodedPayload = false === $this->isPayloadEncoded ? $this->payload : Base64Url::encode($this->payload);
+ $jws = JWS::create($this->payload, $encodedPayload, $this->isPayloadDetached);
+ foreach ($this->signatures as $signature) {
+ /** @var SignatureAlgorithm $signatureAlgorithm */
+ $signatureAlgorithm = $signature['signature_algorithm'];
+ /** @var JWK $signatureKey */
+ $signatureKey = $signature['signature_key'];
+ /** @var array $protectedHeader */
+ $protectedHeader = $signature['protected_header'];
+ /** @var array $header */
+ $header = $signature['header'];
+ $encodedProtectedHeader = empty($protectedHeader) ? null : Base64Url::encode($this->jsonConverter->encode($protectedHeader));
+ $input = \sprintf('%s.%s', $encodedProtectedHeader, $encodedPayload);
+ $s = $signatureAlgorithm->sign($signatureKey, $input);
+ $jws = $jws->addSignature($s, $protectedHeader, $encodedProtectedHeader, $header);
+ }
+
+ return $jws;
+ }
+
+ private function checkIfPayloadIsEncoded(array $protectedHeader): bool
+ {
+ return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64'];
+ }
+
+ private function checkB64AndCriticalHeader(array $protectedHeader)
+ {
+ if (!\array_key_exists('b64', $protectedHeader)) {
+ return;
+ }
+ if (!\array_key_exists('crit', $protectedHeader)) {
+ throw new \LogicException('The protected header parameter "crit" is mandatory when protected header parameter "b64" is set.');
+ }
+ if (!\is_array($protectedHeader['crit'])) {
+ throw new \LogicException('The protected header parameter "crit" must be an array.');
+ }
+ if (!\in_array('b64', $protectedHeader['crit'], true)) {
+ throw new \LogicException('The protected header parameter "crit" must contain "b64" when protected header parameter "b64" is set.');
+ }
+ }
+
+ private function findSignatureAlgorithm(JWK $key, array $protectedHeader, array $header): SignatureAlgorithm
+ {
+ $completeHeader = \array_merge($header, $protectedHeader);
+ if (!\array_key_exists('alg', $completeHeader)) {
+ throw new \InvalidArgumentException('No "alg" parameter set in the header.');
+ }
+ if ($key->has('alg') && $key->get('alg') !== $completeHeader['alg']) {
+ throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not allowed with this key.', $completeHeader['alg']));
+ }
+
+ $signatureAlgorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']);
+ if (!$signatureAlgorithm instanceof SignatureAlgorithm) {
+ throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported.', $completeHeader['alg']));
+ }
+
+ return $signatureAlgorithm;
+ }
+
+ private function checkDuplicatedHeaderParameters(array $header1, array $header2)
+ {
+ $inter = \array_intersect_key($header1, $header2);
+ if (!empty($inter)) {
+ throw new \InvalidArgumentException(\sprintf('The header contains duplicated entries: %s.', \implode(', ', \array_keys($inter))));
+ }
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSBuilderFactory.php b/vendor/web-token/jwt-signature/JWSBuilderFactory.php index 1c0e6c9..a5885d7 100644 --- a/vendor/web-token/jwt-signature/JWSBuilderFactory.php +++ b/vendor/web-token/jwt-signature/JWSBuilderFactory.php @@ -1,51 +1,51 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Core\AlgorithmManagerFactory; -use Jose\Component\Core\Converter\JsonConverter; - -class JWSBuilderFactory -{ - /** - * @var JsonConverter|null - */ - private $jsonConverter; - - /** - * @var AlgorithmManagerFactory - */ - private $signatureAlgorithmManagerFactory; - - /** - * JWSBuilderFactory constructor. - */ - public function __construct(?JsonConverter $jsonConverter, AlgorithmManagerFactory $signatureAlgorithmManagerFactory) - { - $this->jsonConverter = $jsonConverter; - $this->signatureAlgorithmManagerFactory = $signatureAlgorithmManagerFactory; - } - - /** - * This method creates a JWSBuilder using the given algorithm aliases. - * - * @param string[] $algorithms - */ - public function create(array $algorithms): JWSBuilder - { - $algorithmManager = $this->signatureAlgorithmManagerFactory->create($algorithms); - - return new JWSBuilder($this->jsonConverter, $algorithmManager); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Core\AlgorithmManagerFactory;
+use Jose\Component\Core\Converter\JsonConverter;
+
+class JWSBuilderFactory
+{
+ /**
+ * @var JsonConverter|null
+ */
+ private $jsonConverter;
+
+ /**
+ * @var AlgorithmManagerFactory
+ */
+ private $signatureAlgorithmManagerFactory;
+
+ /**
+ * JWSBuilderFactory constructor.
+ */
+ public function __construct(?JsonConverter $jsonConverter, AlgorithmManagerFactory $signatureAlgorithmManagerFactory)
+ {
+ $this->jsonConverter = $jsonConverter;
+ $this->signatureAlgorithmManagerFactory = $signatureAlgorithmManagerFactory;
+ }
+
+ /**
+ * This method creates a JWSBuilder using the given algorithm aliases.
+ *
+ * @param string[] $algorithms
+ */
+ public function create(array $algorithms): JWSBuilder
+ {
+ $algorithmManager = $this->signatureAlgorithmManagerFactory->create($algorithms);
+
+ return new JWSBuilder($this->jsonConverter, $algorithmManager);
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSLoader.php b/vendor/web-token/jwt-signature/JWSLoader.php index b7eb8dd..23da3de 100644 --- a/vendor/web-token/jwt-signature/JWSLoader.php +++ b/vendor/web-token/jwt-signature/JWSLoader.php @@ -1,122 +1,122 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Checker\HeaderCheckerManager; -use Jose\Component\Core\JWK; -use Jose\Component\Core\JWKSet; -use Jose\Component\Signature\Serializer\JWSSerializerManager; - -class JWSLoader -{ - /** - * @var JWSVerifier - */ - private $jwsVerifier; - - /** - * @var HeaderCheckerManager|null - */ - private $headerCheckerManager; - - /** - * @var JWSSerializerManager - */ - private $serializerManager; - - /** - * JWSLoader constructor. - */ - public function __construct(JWSSerializerManager $serializerManager, JWSVerifier $jwsVerifier, ?HeaderCheckerManager $headerCheckerManager) - { - $this->serializerManager = $serializerManager; - $this->jwsVerifier = $jwsVerifier; - $this->headerCheckerManager = $headerCheckerManager; - } - - /** - * Returns the JWSVerifier associated to the JWSLoader. - */ - public function getJwsVerifier(): JWSVerifier - { - return $this->jwsVerifier; - } - - /** - * Returns the Header Checker Manager associated to the JWSLoader. - */ - public function getHeaderCheckerManager(): ?HeaderCheckerManager - { - return $this->headerCheckerManager; - } - - /** - * Returns the JWSSerializer associated to the JWSLoader. - */ - public function getSerializerManager(): JWSSerializerManager - { - return $this->serializerManager; - } - - /** - * This method will try to load and verify the token using the given key. - * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown. - * - * @throws \Exception - */ - public function loadAndVerifyWithKey(string $token, JWK $key, ?int &$signature, ?string $payload = null): JWS - { - $keyset = new JWKSet([$key]); - - return $this->loadAndVerifyWithKeySet($token, $keyset, $signature, $payload); - } - - /** - * This method will try to load and verify the token using the given key set. - * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown. - * - * @throws \Exception - */ - public function loadAndVerifyWithKeySet(string $token, JWKSet $keyset, ?int &$signature, ?string $payload = null): JWS - { - try { - $jws = $this->serializerManager->unserialize($token); - $nbSignatures = $jws->countSignatures(); - for ($i = 0; $i < $nbSignatures; ++$i) { - if ($this->processSignature($jws, $keyset, $i, $payload)) { - $signature = $i; - - return $jws; - } - } - } catch (\Exception $e) { - // Nothing to do. Exception thrown just after - } - - throw new \Exception('Unable to load and verify the token.'); - } - - private function processSignature(JWS $jws, JWKSet $keyset, int $signature, ?string $payload): bool - { - try { - if (null !== $this->headerCheckerManager) { - $this->headerCheckerManager->check($jws, $signature); - } - - return $this->jwsVerifier->verifyWithKeySet($jws, $keyset, $signature, $payload); - } catch (\Exception $e) { - return false; - } - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Checker\HeaderCheckerManager;
+use Jose\Component\Core\JWK;
+use Jose\Component\Core\JWKSet;
+use Jose\Component\Signature\Serializer\JWSSerializerManager;
+
+class JWSLoader
+{
+ /**
+ * @var JWSVerifier
+ */
+ private $jwsVerifier;
+
+ /**
+ * @var HeaderCheckerManager|null
+ */
+ private $headerCheckerManager;
+
+ /**
+ * @var JWSSerializerManager
+ */
+ private $serializerManager;
+
+ /**
+ * JWSLoader constructor.
+ */
+ public function __construct(JWSSerializerManager $serializerManager, JWSVerifier $jwsVerifier, ?HeaderCheckerManager $headerCheckerManager)
+ {
+ $this->serializerManager = $serializerManager;
+ $this->jwsVerifier = $jwsVerifier;
+ $this->headerCheckerManager = $headerCheckerManager;
+ }
+
+ /**
+ * Returns the JWSVerifier associated to the JWSLoader.
+ */
+ public function getJwsVerifier(): JWSVerifier
+ {
+ return $this->jwsVerifier;
+ }
+
+ /**
+ * Returns the Header Checker Manager associated to the JWSLoader.
+ */
+ public function getHeaderCheckerManager(): ?HeaderCheckerManager
+ {
+ return $this->headerCheckerManager;
+ }
+
+ /**
+ * Returns the JWSSerializer associated to the JWSLoader.
+ */
+ public function getSerializerManager(): JWSSerializerManager
+ {
+ return $this->serializerManager;
+ }
+
+ /**
+ * This method will try to load and verify the token using the given key.
+ * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown.
+ *
+ * @throws \Exception
+ */
+ public function loadAndVerifyWithKey(string $token, JWK $key, ?int &$signature, ?string $payload = null): JWS
+ {
+ $keyset = new JWKSet([$key]);
+
+ return $this->loadAndVerifyWithKeySet($token, $keyset, $signature, $payload);
+ }
+
+ /**
+ * This method will try to load and verify the token using the given key set.
+ * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown.
+ *
+ * @throws \Exception
+ */
+ public function loadAndVerifyWithKeySet(string $token, JWKSet $keyset, ?int &$signature, ?string $payload = null): JWS
+ {
+ try {
+ $jws = $this->serializerManager->unserialize($token);
+ $nbSignatures = $jws->countSignatures();
+ for ($i = 0; $i < $nbSignatures; ++$i) {
+ if ($this->processSignature($jws, $keyset, $i, $payload)) {
+ $signature = $i;
+
+ return $jws;
+ }
+ }
+ } catch (\Exception $e) {
+ // Nothing to do. Exception thrown just after
+ }
+
+ throw new \Exception('Unable to load and verify the token.');
+ }
+
+ private function processSignature(JWS $jws, JWKSet $keyset, int $signature, ?string $payload): bool
+ {
+ try {
+ if (null !== $this->headerCheckerManager) {
+ $this->headerCheckerManager->check($jws, $signature);
+ }
+
+ return $this->jwsVerifier->verifyWithKeySet($jws, $keyset, $signature, $payload);
+ } catch (\Exception $e) {
+ return false;
+ }
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSLoaderFactory.php b/vendor/web-token/jwt-signature/JWSLoaderFactory.php index 3517cd5..d2ed58b 100644 --- a/vendor/web-token/jwt-signature/JWSLoaderFactory.php +++ b/vendor/web-token/jwt-signature/JWSLoaderFactory.php @@ -1,62 +1,62 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Checker\HeaderCheckerManagerFactory; -use Jose\Component\Signature\Serializer\JWSSerializerManagerFactory; - -class JWSLoaderFactory -{ - /** - * @var JWSVerifierFactory - */ - private $jwsVerifierFactory; - - /** - * @var JWSSerializerManagerFactory - */ - private $jwsSerializerManagerFactory; - - /** - * @var HeaderCheckerManagerFactory|null - */ - private $headerCheckerManagerFactory = null; - - /** - * JWSLoaderFactory constructor. - */ - public function __construct(JWSSerializerManagerFactory $jwsSerializerManagerFactory, JWSVerifierFactory $jwsVerifierFactory, ?HeaderCheckerManagerFactory $headerCheckerManagerFactory) - { - $this->jwsSerializerManagerFactory = $jwsSerializerManagerFactory; - $this->jwsVerifierFactory = $jwsVerifierFactory; - $this->headerCheckerManagerFactory = $headerCheckerManagerFactory; - } - - /** - * Creates a JWSLoader using the given serializer aliases, signature algorithm aliases and (optionally) - * the header checker aliases. - */ - public function create(array $serializers, array $algorithms, array $headerCheckers = []): JWSLoader - { - $serializerManager = $this->jwsSerializerManagerFactory->create($serializers); - $jwsVerifier = $this->jwsVerifierFactory->create($algorithms); - if (null !== $this->headerCheckerManagerFactory) { - $headerCheckerManager = $this->headerCheckerManagerFactory->create($headerCheckers); - } else { - $headerCheckerManager = null; - } - - return new JWSLoader($serializerManager, $jwsVerifier, $headerCheckerManager); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Checker\HeaderCheckerManagerFactory;
+use Jose\Component\Signature\Serializer\JWSSerializerManagerFactory;
+
+class JWSLoaderFactory
+{
+ /**
+ * @var JWSVerifierFactory
+ */
+ private $jwsVerifierFactory;
+
+ /**
+ * @var JWSSerializerManagerFactory
+ */
+ private $jwsSerializerManagerFactory;
+
+ /**
+ * @var HeaderCheckerManagerFactory|null
+ */
+ private $headerCheckerManagerFactory = null;
+
+ /**
+ * JWSLoaderFactory constructor.
+ */
+ public function __construct(JWSSerializerManagerFactory $jwsSerializerManagerFactory, JWSVerifierFactory $jwsVerifierFactory, ?HeaderCheckerManagerFactory $headerCheckerManagerFactory)
+ {
+ $this->jwsSerializerManagerFactory = $jwsSerializerManagerFactory;
+ $this->jwsVerifierFactory = $jwsVerifierFactory;
+ $this->headerCheckerManagerFactory = $headerCheckerManagerFactory;
+ }
+
+ /**
+ * Creates a JWSLoader using the given serializer aliases, signature algorithm aliases and (optionally)
+ * the header checker aliases.
+ */
+ public function create(array $serializers, array $algorithms, array $headerCheckers = []): JWSLoader
+ {
+ $serializerManager = $this->jwsSerializerManagerFactory->create($serializers);
+ $jwsVerifier = $this->jwsVerifierFactory->create($algorithms);
+ if (null !== $this->headerCheckerManagerFactory) {
+ $headerCheckerManager = $this->headerCheckerManagerFactory->create($headerCheckers);
+ } else {
+ $headerCheckerManager = null;
+ }
+
+ return new JWSLoader($serializerManager, $jwsVerifier, $headerCheckerManager);
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSTokenSupport.php b/vendor/web-token/jwt-signature/JWSTokenSupport.php index 667f3fc..8fb3137 100644 --- a/vendor/web-token/jwt-signature/JWSTokenSupport.php +++ b/vendor/web-token/jwt-signature/JWSTokenSupport.php @@ -1,38 +1,38 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Checker\TokenTypeSupport; -use Jose\Component\Core\JWT; - -final class JWSTokenSupport implements TokenTypeSupport -{ - public function supports(JWT $jwt): bool - { - return $jwt instanceof JWS; - } - - public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void - { - if (!$jwt instanceof JWS) { - return; - } - - if ($index > $jwt->countSignatures()) { - throw new \InvalidArgumentException('Unknown signature index.'); - } - $protectedHeader = $jwt->getSignature($index)->getProtectedHeader(); - $unprotectedHeader = $jwt->getSignature($index)->getHeader(); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Checker\TokenTypeSupport;
+use Jose\Component\Core\JWT;
+
+final class JWSTokenSupport implements TokenTypeSupport
+{
+ public function supports(JWT $jwt): bool
+ {
+ return $jwt instanceof JWS;
+ }
+
+ public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void
+ {
+ if (!$jwt instanceof JWS) {
+ return;
+ }
+
+ if ($index > $jwt->countSignatures()) {
+ throw new \InvalidArgumentException('Unknown signature index.');
+ }
+ $protectedHeader = $jwt->getSignature($index)->getProtectedHeader();
+ $unprotectedHeader = $jwt->getSignature($index)->getHeader();
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSVerifier.php b/vendor/web-token/jwt-signature/JWSVerifier.php index bf49150..c5a536c 100644 --- a/vendor/web-token/jwt-signature/JWSVerifier.php +++ b/vendor/web-token/jwt-signature/JWSVerifier.php @@ -1,160 +1,160 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Base64Url\Base64Url; -use Jose\Component\Core\AlgorithmManager; -use Jose\Component\Core\JWK; -use Jose\Component\Core\JWKSet; -use Jose\Component\Core\Util\KeyChecker; -use Jose\Component\Signature\Algorithm\SignatureAlgorithm; - -class JWSVerifier -{ - /** - * @var AlgorithmManager - */ - private $signatureAlgorithmManager; - - /** - * JWSVerifier constructor. - */ - public function __construct(AlgorithmManager $signatureAlgorithmManager) - { - $this->signatureAlgorithmManager = $signatureAlgorithmManager; - } - - /** - * Returns the algorithm manager associated to the JWSVerifier. - */ - public function getSignatureAlgorithmManager(): AlgorithmManager - { - return $this->signatureAlgorithmManager; - } - - /** - * This method will try to verify the JWS object using the given key and for the given signature. - * It returns true if the signature is verified, otherwise false. - * - * @return bool true if the verification of the signature succeeded, else false - */ - public function verifyWithKey(JWS $jws, JWK $jwk, int $signature, ?string $detachedPayload = null): bool - { - $jwkset = new JWKSet([$jwk]); - - return $this->verifyWithKeySet($jws, $jwkset, $signature, $detachedPayload); - } - - /** - * This method will try to verify the JWS object using the given key set and for the given signature. - * It returns true if the signature is verified, otherwise false. - * - * @param JWS $jws A JWS object - * @param JWKSet $jwkset The signature will be verified using keys in the key set - * @param string|null $detachedPayload If not null, the value must be the detached payload encoded in Base64 URL safe. If the input contains a payload, throws an exception. - * - * @return bool true if the verification of the signature succeeded, else false - */ - public function verifyWithKeySet(JWS $jws, JWKSet $jwkset, int $signature, ?string $detachedPayload = null): bool - { - $this->checkJWKSet($jwkset); - $this->checkSignatures($jws); - $this->checkPayload($jws, $detachedPayload); - - $signature = $jws->getSignature($signature); - - return $this->verifySignature($jws, $jwkset, $signature, $detachedPayload); - } - - private function verifySignature(JWS $jws, JWKSet $jwkset, Signature $signature, ?string $detachedPayload = null): bool - { - $input = $this->getInputToVerify($jws, $signature, $detachedPayload); - foreach ($jwkset->all() as $jwk) { - $algorithm = $this->getAlgorithm($signature); - - try { - KeyChecker::checkKeyUsage($jwk, 'verification'); - KeyChecker::checkKeyAlgorithm($jwk, $algorithm->name()); - if (!\in_array($jwk->get('kty'), $algorithm->allowedKeyTypes(), true)) { - throw new \InvalidArgumentException('Wrong key type.'); - } - if (true === $algorithm->verify($jwk, $input, $signature->getSignature())) { - return true; - } - } catch (\Exception $e) { - //We do nothing, we continue with other keys - continue; - } - } - - return false; - } - - private function getInputToVerify(JWS $jws, Signature $signature, ?string $detachedPayload): string - { - $encodedProtectedHeader = $signature->getEncodedProtectedHeader(); - if (!$signature->hasProtectedHeaderParameter('b64') || true === $signature->getProtectedHeaderParameter('b64')) { - if (null !== $jws->getEncodedPayload()) { - return \sprintf('%s.%s', $encodedProtectedHeader, $jws->getEncodedPayload()); - } - - $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload(); - - return \sprintf('%s.%s', $encodedProtectedHeader, Base64Url::encode($payload)); - } - - $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload(); - - return \sprintf('%s.%s', $encodedProtectedHeader, $payload); - } - - private function checkSignatures(JWS $jws) - { - if (0 === $jws->countSignatures()) { - throw new \InvalidArgumentException('The JWS does not contain any signature.'); - } - } - - private function checkJWKSet(JWKSet $jwkset) - { - if (0 === \count($jwkset)) { - throw new \InvalidArgumentException('There is no key in the key set.'); - } - } - - private function checkPayload(JWS $jws, ?string $detachedPayload = null) - { - if (null !== $detachedPayload && !empty($jws->getPayload())) { - throw new \InvalidArgumentException('A detached payload is set, but the JWS already has a payload.'); - } - if (empty($jws->getPayload()) && null === $detachedPayload) { - throw new \InvalidArgumentException('The JWS has a detached payload, but no payload is provided.'); - } - } - - private function getAlgorithm(Signature $signature): SignatureAlgorithm - { - $completeHeader = \array_merge($signature->getProtectedHeader(), $signature->getHeader()); - if (!\array_key_exists('alg', $completeHeader)) { - throw new \InvalidArgumentException('No "alg" parameter set in the header.'); - } - - $algorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']); - if (!$algorithm instanceof SignatureAlgorithm) { - throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported or is not a signature algorithm.', $completeHeader['alg'])); - } - - return $algorithm; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Base64Url\Base64Url;
+use Jose\Component\Core\AlgorithmManager;
+use Jose\Component\Core\JWK;
+use Jose\Component\Core\JWKSet;
+use Jose\Component\Core\Util\KeyChecker;
+use Jose\Component\Signature\Algorithm\SignatureAlgorithm;
+
+class JWSVerifier
+{
+ /**
+ * @var AlgorithmManager
+ */
+ private $signatureAlgorithmManager;
+
+ /**
+ * JWSVerifier constructor.
+ */
+ public function __construct(AlgorithmManager $signatureAlgorithmManager)
+ {
+ $this->signatureAlgorithmManager = $signatureAlgorithmManager;
+ }
+
+ /**
+ * Returns the algorithm manager associated to the JWSVerifier.
+ */
+ public function getSignatureAlgorithmManager(): AlgorithmManager
+ {
+ return $this->signatureAlgorithmManager;
+ }
+
+ /**
+ * This method will try to verify the JWS object using the given key and for the given signature.
+ * It returns true if the signature is verified, otherwise false.
+ *
+ * @return bool true if the verification of the signature succeeded, else false
+ */
+ public function verifyWithKey(JWS $jws, JWK $jwk, int $signature, ?string $detachedPayload = null): bool
+ {
+ $jwkset = new JWKSet([$jwk]);
+
+ return $this->verifyWithKeySet($jws, $jwkset, $signature, $detachedPayload);
+ }
+
+ /**
+ * This method will try to verify the JWS object using the given key set and for the given signature.
+ * It returns true if the signature is verified, otherwise false.
+ *
+ * @param JWS $jws A JWS object
+ * @param JWKSet $jwkset The signature will be verified using keys in the key set
+ * @param string|null $detachedPayload If not null, the value must be the detached payload encoded in Base64 URL safe. If the input contains a payload, throws an exception.
+ *
+ * @return bool true if the verification of the signature succeeded, else false
+ */
+ public function verifyWithKeySet(JWS $jws, JWKSet $jwkset, int $signature, ?string $detachedPayload = null): bool
+ {
+ $this->checkJWKSet($jwkset);
+ $this->checkSignatures($jws);
+ $this->checkPayload($jws, $detachedPayload);
+
+ $signature = $jws->getSignature($signature);
+
+ return $this->verifySignature($jws, $jwkset, $signature, $detachedPayload);
+ }
+
+ private function verifySignature(JWS $jws, JWKSet $jwkset, Signature $signature, ?string $detachedPayload = null): bool
+ {
+ $input = $this->getInputToVerify($jws, $signature, $detachedPayload);
+ foreach ($jwkset->all() as $jwk) {
+ $algorithm = $this->getAlgorithm($signature);
+
+ try {
+ KeyChecker::checkKeyUsage($jwk, 'verification');
+ KeyChecker::checkKeyAlgorithm($jwk, $algorithm->name());
+ if (!\in_array($jwk->get('kty'), $algorithm->allowedKeyTypes(), true)) {
+ throw new \InvalidArgumentException('Wrong key type.');
+ }
+ if (true === $algorithm->verify($jwk, $input, $signature->getSignature())) {
+ return true;
+ }
+ } catch (\Exception $e) {
+ //We do nothing, we continue with other keys
+ continue;
+ }
+ }
+
+ return false;
+ }
+
+ private function getInputToVerify(JWS $jws, Signature $signature, ?string $detachedPayload): string
+ {
+ $encodedProtectedHeader = $signature->getEncodedProtectedHeader();
+ if (!$signature->hasProtectedHeaderParameter('b64') || true === $signature->getProtectedHeaderParameter('b64')) {
+ if (null !== $jws->getEncodedPayload()) {
+ return \sprintf('%s.%s', $encodedProtectedHeader, $jws->getEncodedPayload());
+ }
+
+ $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload();
+
+ return \sprintf('%s.%s', $encodedProtectedHeader, Base64Url::encode($payload));
+ }
+
+ $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload();
+
+ return \sprintf('%s.%s', $encodedProtectedHeader, $payload);
+ }
+
+ private function checkSignatures(JWS $jws)
+ {
+ if (0 === $jws->countSignatures()) {
+ throw new \InvalidArgumentException('The JWS does not contain any signature.');
+ }
+ }
+
+ private function checkJWKSet(JWKSet $jwkset)
+ {
+ if (0 === \count($jwkset)) {
+ throw new \InvalidArgumentException('There is no key in the key set.');
+ }
+ }
+
+ private function checkPayload(JWS $jws, ?string $detachedPayload = null)
+ {
+ if (null !== $detachedPayload && !empty($jws->getPayload())) {
+ throw new \InvalidArgumentException('A detached payload is set, but the JWS already has a payload.');
+ }
+ if (empty($jws->getPayload()) && null === $detachedPayload) {
+ throw new \InvalidArgumentException('The JWS has a detached payload, but no payload is provided.');
+ }
+ }
+
+ private function getAlgorithm(Signature $signature): SignatureAlgorithm
+ {
+ $completeHeader = \array_merge($signature->getProtectedHeader(), $signature->getHeader());
+ if (!\array_key_exists('alg', $completeHeader)) {
+ throw new \InvalidArgumentException('No "alg" parameter set in the header.');
+ }
+
+ $algorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']);
+ if (!$algorithm instanceof SignatureAlgorithm) {
+ throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported or is not a signature algorithm.', $completeHeader['alg']));
+ }
+
+ return $algorithm;
+ }
+}
diff --git a/vendor/web-token/jwt-signature/JWSVerifierFactory.php b/vendor/web-token/jwt-signature/JWSVerifierFactory.php index 49bb868..7230871 100644 --- a/vendor/web-token/jwt-signature/JWSVerifierFactory.php +++ b/vendor/web-token/jwt-signature/JWSVerifierFactory.php @@ -1,44 +1,44 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -use Jose\Component\Core\AlgorithmManagerFactory; - -class JWSVerifierFactory -{ - /** - * @var AlgorithmManagerFactory - */ - private $algorithmManagerFactory; - - /** - * JWSVerifierFactory constructor. - */ - public function __construct(AlgorithmManagerFactory $algorithmManagerFactory) - { - $this->algorithmManagerFactory = $algorithmManagerFactory; - } - - /** - * Creates a JWSVerifier using the given signature algorithm aliases. - * - * @param string[] $algorithms - */ - public function create(array $algorithms): JWSVerifier - { - $algorithmManager = $this->algorithmManagerFactory->create($algorithms); - - return new JWSVerifier($algorithmManager); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+use Jose\Component\Core\AlgorithmManagerFactory;
+
+class JWSVerifierFactory
+{
+ /**
+ * @var AlgorithmManagerFactory
+ */
+ private $algorithmManagerFactory;
+
+ /**
+ * JWSVerifierFactory constructor.
+ */
+ public function __construct(AlgorithmManagerFactory $algorithmManagerFactory)
+ {
+ $this->algorithmManagerFactory = $algorithmManagerFactory;
+ }
+
+ /**
+ * Creates a JWSVerifier using the given signature algorithm aliases.
+ *
+ * @param string[] $algorithms
+ */
+ public function create(array $algorithms): JWSVerifier
+ {
+ $algorithmManager = $this->algorithmManagerFactory->create($algorithms);
+
+ return new JWSVerifier($algorithmManager);
+ }
+}
diff --git a/vendor/web-token/jwt-signature/LICENSE b/vendor/web-token/jwt-signature/LICENSE index a098645..ce18b6a 100644 --- a/vendor/web-token/jwt-signature/LICENSE +++ b/vendor/web-token/jwt-signature/LICENSE @@ -1,21 +1,21 @@ -The MIT License (MIT) - -Copyright (c) 2014-2018 Spomky-Labs - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +The MIT License (MIT)
+
+Copyright (c) 2014-2018 Spomky-Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php b/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php index 7e26d79..9518543 100644 --- a/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php +++ b/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php @@ -1,97 +1,97 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -use Base64Url\Base64Url; -use Jose\Component\Core\Converter\JsonConverter; -use Jose\Component\Signature\JWS; - -final class CompactSerializer extends Serializer -{ - public const NAME = 'jws_compact'; - - /** - * @var JsonConverter - */ - private $jsonConverter; - - /** - * JSONFlattenedSerializer constructor. - */ - public function __construct(?JsonConverter $jsonConverter = null) - { - $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); - } - - public function displayName(): string - { - return 'JWS Compact'; - } - - public function name(): string - { - return self::NAME; - } - - public function serialize(JWS $jws, ?int $signatureIndex = null): string - { - if (null === $signatureIndex) { - $signatureIndex = 0; - } - $signature = $jws->getSignature($signatureIndex); - if (!empty($signature->getHeader())) { - throw new \LogicException('The signature contains unprotected header parameters and cannot be converted into compact JSON.'); - } - if (!$this->isPayloadEncoded($signature->getProtectedHeader()) && !empty($jws->getEncodedPayload())) { - if (1 !== \preg_match('/^[\x{20}-\x{2d}|\x{2f}-\x{7e}]*$/u', $jws->getPayload())) { - throw new \LogicException('Unable to convert the JWS with non-encoded payload.'); - } - } - - return \sprintf( - '%s.%s.%s', - $signature->getEncodedProtectedHeader(), - $jws->getEncodedPayload(), - Base64Url::encode($signature->getSignature()) - ); - } - - public function unserialize(string $input): JWS - { - $parts = \explode('.', $input); - if (3 !== \count($parts)) { - throw new \InvalidArgumentException('Unsupported input'); - } - - try { - $encodedProtectedHeader = $parts[0]; - $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($parts[0])); - if (empty($parts[1])) { - $payload = null; - $encodedPayload = null; - } else { - $encodedPayload = $parts[1]; - $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload; - } - $signature = Base64Url::decode($parts[2]); - - $jws = JWS::create($payload, $encodedPayload, empty($parts[1])); - $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader); - - return $jws; - } catch (\Error | \Exception $e) { - throw new \InvalidArgumentException('Unsupported input'); - } - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+use Base64Url\Base64Url;
+use Jose\Component\Core\Converter\JsonConverter;
+use Jose\Component\Signature\JWS;
+
+final class CompactSerializer extends Serializer
+{
+ public const NAME = 'jws_compact';
+
+ /**
+ * @var JsonConverter
+ */
+ private $jsonConverter;
+
+ /**
+ * JSONFlattenedSerializer constructor.
+ */
+ public function __construct(?JsonConverter $jsonConverter = null)
+ {
+ $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter();
+ }
+
+ public function displayName(): string
+ {
+ return 'JWS Compact';
+ }
+
+ public function name(): string
+ {
+ return self::NAME;
+ }
+
+ public function serialize(JWS $jws, ?int $signatureIndex = null): string
+ {
+ if (null === $signatureIndex) {
+ $signatureIndex = 0;
+ }
+ $signature = $jws->getSignature($signatureIndex);
+ if (!empty($signature->getHeader())) {
+ throw new \LogicException('The signature contains unprotected header parameters and cannot be converted into compact JSON.');
+ }
+ if (!$this->isPayloadEncoded($signature->getProtectedHeader()) && !empty($jws->getEncodedPayload())) {
+ if (1 !== \preg_match('/^[\x{20}-\x{2d}|\x{2f}-\x{7e}]*$/u', $jws->getPayload())) {
+ throw new \LogicException('Unable to convert the JWS with non-encoded payload.');
+ }
+ }
+
+ return \sprintf(
+ '%s.%s.%s',
+ $signature->getEncodedProtectedHeader(),
+ $jws->getEncodedPayload(),
+ Base64Url::encode($signature->getSignature())
+ );
+ }
+
+ public function unserialize(string $input): JWS
+ {
+ $parts = \explode('.', $input);
+ if (3 !== \count($parts)) {
+ throw new \InvalidArgumentException('Unsupported input');
+ }
+
+ try {
+ $encodedProtectedHeader = $parts[0];
+ $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($parts[0]));
+ if (empty($parts[1])) {
+ $payload = null;
+ $encodedPayload = null;
+ } else {
+ $encodedPayload = $parts[1];
+ $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload;
+ }
+ $signature = Base64Url::decode($parts[2]);
+
+ $jws = JWS::create($payload, $encodedPayload, empty($parts[1]));
+ $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader);
+
+ return $jws;
+ } catch (\Error | \Exception $e) {
+ throw new \InvalidArgumentException('Unsupported input');
+ }
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php b/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php index 82b79ab..0391c67 100644 --- a/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php +++ b/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php @@ -1,109 +1,109 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -use Base64Url\Base64Url; -use Jose\Component\Core\Converter\JsonConverter; -use Jose\Component\Signature\JWS; - -final class JSONFlattenedSerializer extends Serializer -{ - public const NAME = 'jws_json_flattened'; - - /** - * @var JsonConverter|\Jose\Component\Core\Util\JsonConverter|null - */ - private $jsonConverter; - - /** - * JSONFlattenedSerializer constructor. - */ - public function __construct(?JsonConverter $jsonConverter = null) - { - $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); - } - - public function displayName(): string - { - return 'JWS JSON Flattened'; - } - - public function name(): string - { - return self::NAME; - } - - public function serialize(JWS $jws, ?int $signatureIndex = null): string - { - if (null === $signatureIndex) { - $signatureIndex = 0; - } - $signature = $jws->getSignature($signatureIndex); - - $data = []; - $values = [ - 'payload' => $jws->getEncodedPayload(), - 'protected' => $signature->getEncodedProtectedHeader(), - 'header' => $signature->getHeader(), - ]; - - foreach ($values as $key => $value) { - if (!empty($value)) { - $data[$key] = $value; - } - } - $data['signature'] = Base64Url::encode($signature->getSignature()); - - return $this->jsonConverter->encode($data); - } - - public function unserialize(string $input): JWS - { - $data = $this->jsonConverter->decode($input); - if (!\is_array($data) || !\array_key_exists('signature', $data)) { - throw new \InvalidArgumentException('Unsupported input.'); - } - - $signature = Base64Url::decode($data['signature']); - - if (\array_key_exists('protected', $data)) { - $encodedProtectedHeader = $data['protected']; - $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($data['protected'])); - } else { - $encodedProtectedHeader = null; - $protectedHeader = []; - } - if (\array_key_exists('header', $data)) { - if (!\is_array($data['header'])) { - throw new \InvalidArgumentException('Bad header.'); - } - $header = $data['header']; - } else { - $header = []; - } - - if (\array_key_exists('payload', $data)) { - $encodedPayload = $data['payload']; - $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload; - } else { - $payload = null; - $encodedPayload = null; - } - - $jws = JWS::create($payload, $encodedPayload, null === $encodedPayload); - $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader, $header); - - return $jws; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+use Base64Url\Base64Url;
+use Jose\Component\Core\Converter\JsonConverter;
+use Jose\Component\Signature\JWS;
+
+final class JSONFlattenedSerializer extends Serializer
+{
+ public const NAME = 'jws_json_flattened';
+
+ /**
+ * @var JsonConverter|\Jose\Component\Core\Util\JsonConverter|null
+ */
+ private $jsonConverter;
+
+ /**
+ * JSONFlattenedSerializer constructor.
+ */
+ public function __construct(?JsonConverter $jsonConverter = null)
+ {
+ $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter();
+ }
+
+ public function displayName(): string
+ {
+ return 'JWS JSON Flattened';
+ }
+
+ public function name(): string
+ {
+ return self::NAME;
+ }
+
+ public function serialize(JWS $jws, ?int $signatureIndex = null): string
+ {
+ if (null === $signatureIndex) {
+ $signatureIndex = 0;
+ }
+ $signature = $jws->getSignature($signatureIndex);
+
+ $data = [];
+ $values = [
+ 'payload' => $jws->getEncodedPayload(),
+ 'protected' => $signature->getEncodedProtectedHeader(),
+ 'header' => $signature->getHeader(),
+ ];
+
+ foreach ($values as $key => $value) {
+ if (!empty($value)) {
+ $data[$key] = $value;
+ }
+ }
+ $data['signature'] = Base64Url::encode($signature->getSignature());
+
+ return $this->jsonConverter->encode($data);
+ }
+
+ public function unserialize(string $input): JWS
+ {
+ $data = $this->jsonConverter->decode($input);
+ if (!\is_array($data) || !\array_key_exists('signature', $data)) {
+ throw new \InvalidArgumentException('Unsupported input.');
+ }
+
+ $signature = Base64Url::decode($data['signature']);
+
+ if (\array_key_exists('protected', $data)) {
+ $encodedProtectedHeader = $data['protected'];
+ $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($data['protected']));
+ } else {
+ $encodedProtectedHeader = null;
+ $protectedHeader = [];
+ }
+ if (\array_key_exists('header', $data)) {
+ if (!\is_array($data['header'])) {
+ throw new \InvalidArgumentException('Bad header.');
+ }
+ $header = $data['header'];
+ } else {
+ $header = [];
+ }
+
+ if (\array_key_exists('payload', $data)) {
+ $encodedPayload = $data['payload'];
+ $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload;
+ } else {
+ $payload = null;
+ $encodedPayload = null;
+ }
+
+ $jws = JWS::create($payload, $encodedPayload, null === $encodedPayload);
+ $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader, $header);
+
+ return $jws;
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php b/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php index 35958c6..308c97c 100644 --- a/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php +++ b/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php @@ -1,174 +1,174 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -use Base64Url\Base64Url; -use Jose\Component\Core\Converter\JsonConverter; -use Jose\Component\Signature\JWS; - -final class JSONGeneralSerializer extends Serializer -{ - public const NAME = 'jws_json_general'; - - /** - * @var \Jose\Component\Core\Util\JsonConverter - */ - private $jsonConverter; - - /** - * JSONFlattenedSerializer constructor. - */ - public function __construct(?JsonConverter $jsonConverter = null) - { - $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); - } - - public function displayName(): string - { - return 'JWS JSON General'; - } - - public function name(): string - { - return self::NAME; - } - - public function serialize(JWS $jws, ?int $signatureIndex = null): string - { - if (0 === $jws->countSignatures()) { - throw new \LogicException('No signature.'); - } - - $data = []; - $this->checkPayloadEncoding($jws); - - if (false === $jws->isPayloadDetached()) { - $data['payload'] = $jws->getEncodedPayload(); - } - - $data['signatures'] = []; - foreach ($jws->getSignatures() as $signature) { - $tmp = ['signature' => Base64Url::encode($signature->getSignature())]; - $values = [ - 'protected' => $signature->getEncodedProtectedHeader(), - 'header' => $signature->getHeader(), - ]; - - foreach ($values as $key => $value) { - if (!empty($value)) { - $tmp[$key] = $value; - } - } - $data['signatures'][] = $tmp; - } - - return $this->jsonConverter->encode($data); - } - - private function checkData($data) - { - if (!\is_array($data) || !\array_key_exists('signatures', $data)) { - throw new \InvalidArgumentException('Unsupported input.'); - } - } - - private function checkSignature($signature) - { - if (!\is_array($signature) || !\array_key_exists('signature', $signature)) { - throw new \InvalidArgumentException('Unsupported input.'); - } - } - - public function unserialize(string $input): JWS - { - $data = $this->jsonConverter->decode($input); - $this->checkData($data); - - $isPayloadEncoded = null; - $rawPayload = \array_key_exists('payload', $data) ? $data['payload'] : null; - $signatures = []; - foreach ($data['signatures'] as $signature) { - $this->checkSignature($signature); - list($encodedProtectedHeader, $protectedHeader, $header) = $this->processHeaders($signature); - $signatures[] = [ - 'signature' => Base64Url::decode($signature['signature']), - 'protected' => $protectedHeader, - 'encoded_protected' => $encodedProtectedHeader, - 'header' => $header, - ]; - $isPayloadEncoded = $this->processIsPayloadEncoded($isPayloadEncoded, $protectedHeader); - } - - $payload = $this->processPayload($rawPayload, $isPayloadEncoded); - $jws = JWS::create($payload, $rawPayload); - foreach ($signatures as $signature) { - $jws = $jws->addSignature( - $signature['signature'], - $signature['protected'], - $signature['encoded_protected'], - $signature['header'] - ); - } - - return $jws; - } - - private function processIsPayloadEncoded(?bool $isPayloadEncoded, array $protectedHeader): bool - { - if (null === $isPayloadEncoded) { - return self::isPayloadEncoded($protectedHeader); - } - if ($this->isPayloadEncoded($protectedHeader) !== $isPayloadEncoded) { - throw new \InvalidArgumentException('Foreign payload encoding detected.'); - } - - return $isPayloadEncoded; - } - - private function processHeaders(array $signature): array - { - $encodedProtectedHeader = \array_key_exists('protected', $signature) ? $signature['protected'] : null; - $protectedHeader = null !== $encodedProtectedHeader ? $this->jsonConverter->decode(Base64Url::decode($encodedProtectedHeader)) : []; - $header = \array_key_exists('header', $signature) ? $signature['header'] : []; - - return [$encodedProtectedHeader, $protectedHeader, $header]; - } - - private function processPayload(?string $rawPayload, ?bool $isPayloadEncoded): ?string - { - if (null === $rawPayload) { - return null; - } - - return false === $isPayloadEncoded ? $rawPayload : Base64Url::decode($rawPayload); - } - - private function checkPayloadEncoding(JWS $jws) - { - if ($jws->isPayloadDetached()) { - return; - } - $is_encoded = null; - foreach ($jws->getSignatures() as $signature) { - if (null === $is_encoded) { - $is_encoded = $this->isPayloadEncoded($signature->getProtectedHeader()); - } - if (false === $jws->isPayloadDetached()) { - if ($is_encoded !== $this->isPayloadEncoded($signature->getProtectedHeader())) { - throw new \LogicException('Foreign payload encoding detected.'); - } - } - } - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+use Base64Url\Base64Url;
+use Jose\Component\Core\Converter\JsonConverter;
+use Jose\Component\Signature\JWS;
+
+final class JSONGeneralSerializer extends Serializer
+{
+ public const NAME = 'jws_json_general';
+
+ /**
+ * @var \Jose\Component\Core\Util\JsonConverter
+ */
+ private $jsonConverter;
+
+ /**
+ * JSONFlattenedSerializer constructor.
+ */
+ public function __construct(?JsonConverter $jsonConverter = null)
+ {
+ $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter();
+ }
+
+ public function displayName(): string
+ {
+ return 'JWS JSON General';
+ }
+
+ public function name(): string
+ {
+ return self::NAME;
+ }
+
+ public function serialize(JWS $jws, ?int $signatureIndex = null): string
+ {
+ if (0 === $jws->countSignatures()) {
+ throw new \LogicException('No signature.');
+ }
+
+ $data = [];
+ $this->checkPayloadEncoding($jws);
+
+ if (false === $jws->isPayloadDetached()) {
+ $data['payload'] = $jws->getEncodedPayload();
+ }
+
+ $data['signatures'] = [];
+ foreach ($jws->getSignatures() as $signature) {
+ $tmp = ['signature' => Base64Url::encode($signature->getSignature())];
+ $values = [
+ 'protected' => $signature->getEncodedProtectedHeader(),
+ 'header' => $signature->getHeader(),
+ ];
+
+ foreach ($values as $key => $value) {
+ if (!empty($value)) {
+ $tmp[$key] = $value;
+ }
+ }
+ $data['signatures'][] = $tmp;
+ }
+
+ return $this->jsonConverter->encode($data);
+ }
+
+ private function checkData($data)
+ {
+ if (!\is_array($data) || !\array_key_exists('signatures', $data)) {
+ throw new \InvalidArgumentException('Unsupported input.');
+ }
+ }
+
+ private function checkSignature($signature)
+ {
+ if (!\is_array($signature) || !\array_key_exists('signature', $signature)) {
+ throw new \InvalidArgumentException('Unsupported input.');
+ }
+ }
+
+ public function unserialize(string $input): JWS
+ {
+ $data = $this->jsonConverter->decode($input);
+ $this->checkData($data);
+
+ $isPayloadEncoded = null;
+ $rawPayload = \array_key_exists('payload', $data) ? $data['payload'] : null;
+ $signatures = [];
+ foreach ($data['signatures'] as $signature) {
+ $this->checkSignature($signature);
+ list($encodedProtectedHeader, $protectedHeader, $header) = $this->processHeaders($signature);
+ $signatures[] = [
+ 'signature' => Base64Url::decode($signature['signature']),
+ 'protected' => $protectedHeader,
+ 'encoded_protected' => $encodedProtectedHeader,
+ 'header' => $header,
+ ];
+ $isPayloadEncoded = $this->processIsPayloadEncoded($isPayloadEncoded, $protectedHeader);
+ }
+
+ $payload = $this->processPayload($rawPayload, $isPayloadEncoded);
+ $jws = JWS::create($payload, $rawPayload);
+ foreach ($signatures as $signature) {
+ $jws = $jws->addSignature(
+ $signature['signature'],
+ $signature['protected'],
+ $signature['encoded_protected'],
+ $signature['header']
+ );
+ }
+
+ return $jws;
+ }
+
+ private function processIsPayloadEncoded(?bool $isPayloadEncoded, array $protectedHeader): bool
+ {
+ if (null === $isPayloadEncoded) {
+ return self::isPayloadEncoded($protectedHeader);
+ }
+ if ($this->isPayloadEncoded($protectedHeader) !== $isPayloadEncoded) {
+ throw new \InvalidArgumentException('Foreign payload encoding detected.');
+ }
+
+ return $isPayloadEncoded;
+ }
+
+ private function processHeaders(array $signature): array
+ {
+ $encodedProtectedHeader = \array_key_exists('protected', $signature) ? $signature['protected'] : null;
+ $protectedHeader = null !== $encodedProtectedHeader ? $this->jsonConverter->decode(Base64Url::decode($encodedProtectedHeader)) : [];
+ $header = \array_key_exists('header', $signature) ? $signature['header'] : [];
+
+ return [$encodedProtectedHeader, $protectedHeader, $header];
+ }
+
+ private function processPayload(?string $rawPayload, ?bool $isPayloadEncoded): ?string
+ {
+ if (null === $rawPayload) {
+ return null;
+ }
+
+ return false === $isPayloadEncoded ? $rawPayload : Base64Url::decode($rawPayload);
+ }
+
+ private function checkPayloadEncoding(JWS $jws)
+ {
+ if ($jws->isPayloadDetached()) {
+ return;
+ }
+ $is_encoded = null;
+ foreach ($jws->getSignatures() as $signature) {
+ if (null === $is_encoded) {
+ $is_encoded = $this->isPayloadEncoded($signature->getProtectedHeader());
+ }
+ if (false === $jws->isPayloadDetached()) {
+ if ($is_encoded !== $this->isPayloadEncoded($signature->getProtectedHeader())) {
+ throw new \LogicException('Foreign payload encoding detected.');
+ }
+ }
+ }
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php index 285aef4..c25795a 100644 --- a/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php @@ -1,42 +1,42 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -use Jose\Component\Signature\JWS; - -interface JWSSerializer -{ - /** - * The name of the serialization. - */ - public function name(): string; - - public function displayName(): string; - - /** - * Converts a JWS into a string. - * - * @throws \Exception - */ - public function serialize(JWS $jws, ?int $signatureIndex = null): string; - - /** - * Loads data and return a JWS object. - * - * @param string $input A string that represents a JWS - * - * @throws \Exception - */ - public function unserialize(string $input): JWS; -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+use Jose\Component\Signature\JWS;
+
+interface JWSSerializer
+{
+ /**
+ * The name of the serialization.
+ */
+ public function name(): string;
+
+ public function displayName(): string;
+
+ /**
+ * Converts a JWS into a string.
+ *
+ * @throws \Exception
+ */
+ public function serialize(JWS $jws, ?int $signatureIndex = null): string;
+
+ /**
+ * Loads data and return a JWS object.
+ *
+ * @param string $input A string that represents a JWS
+ *
+ * @throws \Exception
+ */
+ public function unserialize(string $input): JWS;
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php index 198dfd1..fc7a714 100644 --- a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php @@ -1,104 +1,104 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -use Jose\Component\Signature\JWS; - -class JWSSerializerManager -{ - /** - * @var JWSSerializer[] - */ - private $serializers = []; - - /** - * JWSSerializerManager constructor. - * - * @param JWSSerializer[] $serializers - */ - public function __construct(array $serializers) - { - foreach ($serializers as $serializer) { - $this->add($serializer); - } - } - - /** - * @deprecated Will be removed in v2.0. Please use constructor instead - * - * @param JWSSerializer[] $serializers - * - * @return JWSSerializerManager - */ - public static function create(array $serializers): self - { - return new self($serializers); - } - - /** - * @return JWSSerializerManager - */ - private function add(JWSSerializer $serializer): self - { - $this->serializers[$serializer->name()] = $serializer; - - return $this; - } - - /** - * @return string[] - */ - public function list(): array - { - return \array_keys($this->serializers); - } - - /** - * Converts a JWS into a string. - * - * @throws \Exception - */ - public function serialize(string $name, JWS $jws, ?int $signatureIndex = null): string - { - if (!\array_key_exists($name, $this->serializers)) { - throw new \InvalidArgumentException(\sprintf('Unsupported serializer "%s".', $name)); - } - - return ($this->serializers[$name])->serialize($jws, $signatureIndex); - } - - /** - * Loads data and return a JWS object. - * - * @param string $input A string that represents a JWS - * @param string|null $name the name of the serializer if the input is unserialized - * - * @throws \Exception - */ - public function unserialize(string $input, ?string &$name = null): JWS - { - foreach ($this->serializers as $serializer) { - try { - $jws = $serializer->unserialize($input); - $name = $serializer->name(); - - return $jws; - } catch (\InvalidArgumentException $e) { - continue; - } - } - - throw new \InvalidArgumentException('Unsupported input.'); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+use Jose\Component\Signature\JWS;
+
+class JWSSerializerManager
+{
+ /**
+ * @var JWSSerializer[]
+ */
+ private $serializers = [];
+
+ /**
+ * JWSSerializerManager constructor.
+ *
+ * @param JWSSerializer[] $serializers
+ */
+ public function __construct(array $serializers)
+ {
+ foreach ($serializers as $serializer) {
+ $this->add($serializer);
+ }
+ }
+
+ /**
+ * @deprecated Will be removed in v2.0. Please use constructor instead
+ *
+ * @param JWSSerializer[] $serializers
+ *
+ * @return JWSSerializerManager
+ */
+ public static function create(array $serializers): self
+ {
+ return new self($serializers);
+ }
+
+ /**
+ * @return JWSSerializerManager
+ */
+ private function add(JWSSerializer $serializer): self
+ {
+ $this->serializers[$serializer->name()] = $serializer;
+
+ return $this;
+ }
+
+ /**
+ * @return string[]
+ */
+ public function list(): array
+ {
+ return \array_keys($this->serializers);
+ }
+
+ /**
+ * Converts a JWS into a string.
+ *
+ * @throws \Exception
+ */
+ public function serialize(string $name, JWS $jws, ?int $signatureIndex = null): string
+ {
+ if (!\array_key_exists($name, $this->serializers)) {
+ throw new \InvalidArgumentException(\sprintf('Unsupported serializer "%s".', $name));
+ }
+
+ return ($this->serializers[$name])->serialize($jws, $signatureIndex);
+ }
+
+ /**
+ * Loads data and return a JWS object.
+ *
+ * @param string $input A string that represents a JWS
+ * @param string|null $name the name of the serializer if the input is unserialized
+ *
+ * @throws \Exception
+ */
+ public function unserialize(string $input, ?string &$name = null): JWS
+ {
+ foreach ($this->serializers as $serializer) {
+ try {
+ $jws = $serializer->unserialize($input);
+ $name = $serializer->name();
+
+ return $jws;
+ } catch (\InvalidArgumentException $e) {
+ continue;
+ }
+ }
+
+ throw new \InvalidArgumentException('Unsupported input.');
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php index 1b2c234..043f141 100644 --- a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php @@ -1,64 +1,64 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -class JWSSerializerManagerFactory -{ - /** - * @var JWSSerializer[] - */ - private $serializers = []; - - /** - * @param string[] $names - */ - public function create(array $names): JWSSerializerManager - { - $serializers = []; - foreach ($names as $name) { - if (!\array_key_exists($name, $this->serializers)) { - throw new \InvalidArgumentException(\sprintf('Unsupported serialiser "%s".', $name)); - } - $serializers[] = $this->serializers[$name]; - } - - return JWSSerializerManager::create($serializers); - } - - /** - * @return string[] - */ - public function names(): array - { - return \array_keys($this->serializers); - } - - /** - * @return JWSSerializer[] - */ - public function all(): array - { - return $this->serializers; - } - - /** - * @return JWSSerializerManagerFactory - */ - public function add(JWSSerializer $serializer): self - { - $this->serializers[$serializer->name()] = $serializer; - - return $this; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+class JWSSerializerManagerFactory
+{
+ /**
+ * @var JWSSerializer[]
+ */
+ private $serializers = [];
+
+ /**
+ * @param string[] $names
+ */
+ public function create(array $names): JWSSerializerManager
+ {
+ $serializers = [];
+ foreach ($names as $name) {
+ if (!\array_key_exists($name, $this->serializers)) {
+ throw new \InvalidArgumentException(\sprintf('Unsupported serialiser "%s".', $name));
+ }
+ $serializers[] = $this->serializers[$name];
+ }
+
+ return JWSSerializerManager::create($serializers);
+ }
+
+ /**
+ * @return string[]
+ */
+ public function names(): array
+ {
+ return \array_keys($this->serializers);
+ }
+
+ /**
+ * @return JWSSerializer[]
+ */
+ public function all(): array
+ {
+ return $this->serializers;
+ }
+
+ /**
+ * @return JWSSerializerManagerFactory
+ */
+ public function add(JWSSerializer $serializer): self
+ {
+ $this->serializers[$serializer->name()] = $serializer;
+
+ return $this;
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Serializer/Serializer.php b/vendor/web-token/jwt-signature/Serializer/Serializer.php index 85636b6..ea9971a 100644 --- a/vendor/web-token/jwt-signature/Serializer/Serializer.php +++ b/vendor/web-token/jwt-signature/Serializer/Serializer.php @@ -1,22 +1,22 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Serializer; - -abstract class Serializer implements JWSSerializer -{ - protected function isPayloadEncoded(array $protectedHeader): bool - { - return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64']; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Serializer;
+
+abstract class Serializer implements JWSSerializer
+{
+ protected function isPayloadEncoded(array $protectedHeader): bool
+ {
+ return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64'];
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Signature.php b/vendor/web-token/jwt-signature/Signature.php index 9b2ef20..23892f1 100644 --- a/vendor/web-token/jwt-signature/Signature.php +++ b/vendor/web-token/jwt-signature/Signature.php @@ -1,144 +1,144 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature; - -class Signature -{ - /** - * @var string|null - */ - private $encodedProtectedHeader; - - /** - * @var array - */ - private $protectedHeader; - - /** - * @var array - */ - private $header; - - /** - * @var string - */ - private $signature; - - /** - * Signature constructor. - */ - private function __construct(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header) - { - $this->protectedHeader = null === $encodedProtectedHeader ? [] : $protectedHeader; - $this->encodedProtectedHeader = $encodedProtectedHeader; - $this->signature = $signature; - $this->header = $header; - } - - /** - * Creates a new signature. - * - * @internal - * - * @return Signature - */ - public static function create(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self - { - return new self($signature, $protectedHeader, $encodedProtectedHeader, $header); - } - - /** - * The protected header associated with the signature. - */ - public function getProtectedHeader(): array - { - return $this->protectedHeader; - } - - /** - * The unprotected header associated with the signature. - */ - public function getHeader(): array - { - return $this->header; - } - - /** - * The protected header associated with the signature. - */ - public function getEncodedProtectedHeader(): ?string - { - return $this->encodedProtectedHeader; - } - - /** - * Returns the value of the protected header of the specified key. - * - * @param string $key The key - * - * @return mixed|null Header value - */ - public function getProtectedHeaderParameter(string $key) - { - if ($this->hasProtectedHeaderParameter($key)) { - return $this->getProtectedHeader()[$key]; - } - - throw new \InvalidArgumentException(\sprintf('The protected header "%s" does not exist', $key)); - } - - /** - * Returns true if the protected header has the given parameter. - * - * @param string $key The key - */ - public function hasProtectedHeaderParameter(string $key): bool - { - return \array_key_exists($key, $this->getProtectedHeader()); - } - - /** - * Returns the value of the unprotected header of the specified key. - * - * @param string $key The key - * - * @return mixed|null Header value - */ - public function getHeaderParameter(string $key) - { - if ($this->hasHeaderParameter($key)) { - return $this->header[$key]; - } - - throw new \InvalidArgumentException(\sprintf('The header "%s" does not exist', $key)); - } - - /** - * Returns true if the unprotected header has the given parameter. - * - * @param string $key The key - */ - public function hasHeaderParameter(string $key): bool - { - return \array_key_exists($key, $this->header); - } - - /** - * Returns the value of the signature. - */ - public function getSignature(): string - { - return $this->signature; - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature;
+
+class Signature
+{
+ /**
+ * @var string|null
+ */
+ private $encodedProtectedHeader;
+
+ /**
+ * @var array
+ */
+ private $protectedHeader;
+
+ /**
+ * @var array
+ */
+ private $header;
+
+ /**
+ * @var string
+ */
+ private $signature;
+
+ /**
+ * Signature constructor.
+ */
+ private function __construct(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header)
+ {
+ $this->protectedHeader = null === $encodedProtectedHeader ? [] : $protectedHeader;
+ $this->encodedProtectedHeader = $encodedProtectedHeader;
+ $this->signature = $signature;
+ $this->header = $header;
+ }
+
+ /**
+ * Creates a new signature.
+ *
+ * @internal
+ *
+ * @return Signature
+ */
+ public static function create(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self
+ {
+ return new self($signature, $protectedHeader, $encodedProtectedHeader, $header);
+ }
+
+ /**
+ * The protected header associated with the signature.
+ */
+ public function getProtectedHeader(): array
+ {
+ return $this->protectedHeader;
+ }
+
+ /**
+ * The unprotected header associated with the signature.
+ */
+ public function getHeader(): array
+ {
+ return $this->header;
+ }
+
+ /**
+ * The protected header associated with the signature.
+ */
+ public function getEncodedProtectedHeader(): ?string
+ {
+ return $this->encodedProtectedHeader;
+ }
+
+ /**
+ * Returns the value of the protected header of the specified key.
+ *
+ * @param string $key The key
+ *
+ * @return mixed|null Header value
+ */
+ public function getProtectedHeaderParameter(string $key)
+ {
+ if ($this->hasProtectedHeaderParameter($key)) {
+ return $this->getProtectedHeader()[$key];
+ }
+
+ throw new \InvalidArgumentException(\sprintf('The protected header "%s" does not exist', $key));
+ }
+
+ /**
+ * Returns true if the protected header has the given parameter.
+ *
+ * @param string $key The key
+ */
+ public function hasProtectedHeaderParameter(string $key): bool
+ {
+ return \array_key_exists($key, $this->getProtectedHeader());
+ }
+
+ /**
+ * Returns the value of the unprotected header of the specified key.
+ *
+ * @param string $key The key
+ *
+ * @return mixed|null Header value
+ */
+ public function getHeaderParameter(string $key)
+ {
+ if ($this->hasHeaderParameter($key)) {
+ return $this->header[$key];
+ }
+
+ throw new \InvalidArgumentException(\sprintf('The header "%s" does not exist', $key));
+ }
+
+ /**
+ * Returns true if the unprotected header has the given parameter.
+ *
+ * @param string $key The key
+ */
+ public function hasHeaderParameter(string $key): bool
+ {
+ return \array_key_exists($key, $this->header);
+ }
+
+ /**
+ * Returns the value of the signature.
+ */
+ public function getSignature(): string
+ {
+ return $this->signature;
+ }
+}
diff --git a/vendor/web-token/jwt-signature/Util/RSA.php b/vendor/web-token/jwt-signature/Util/RSA.php index e71e6da..0501df2 100644 --- a/vendor/web-token/jwt-signature/Util/RSA.php +++ b/vendor/web-token/jwt-signature/Util/RSA.php @@ -1,229 +1,229 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Signature\Util; - -use Jose\Component\Core\Util\BigInteger; -use Jose\Component\Core\Util\Hash; -use Jose\Component\Core\Util\RSAKey; - -/** - * @internal - */ -class RSA -{ - /** - * Probabilistic Signature Scheme. - */ - public const SIGNATURE_PSS = 1; - - /** - * Use the PKCS#1. - */ - public const SIGNATURE_PKCS1 = 2; - - private static function convertIntegerToOctetString(BigInteger $x, int $xLen): string - { - $x = $x->toBytes(); - if (\mb_strlen($x, '8bit') > $xLen) { - throw new \RuntimeException(); - } - - return \str_pad($x, $xLen, \chr(0), STR_PAD_LEFT); - } - - /** - * MGF1. - */ - private static function getMGF1(string $mgfSeed, int $maskLen, Hash $mgfHash): string - { - $t = ''; - $count = \ceil($maskLen / $mgfHash->getLength()); - for ($i = 0; $i < $count; ++$i) { - $c = \pack('N', $i); - $t .= $mgfHash->hash($mgfSeed.$c); - } - - return \mb_substr($t, 0, $maskLen, '8bit'); - } - - /** - * EMSA-PSS-ENCODE. - */ - private static function encodeEMSAPSS(string $message, int $modulusLength, Hash $hash): string - { - $emLen = ($modulusLength + 1) >> 3; - $sLen = $hash->getLength(); - $mHash = $hash->hash($message); - if ($emLen <= $hash->getLength() + $sLen + 2) { - throw new \RuntimeException(); - } - $salt = \random_bytes($sLen); - $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt; - $h = $hash->hash($m2); - $ps = \str_repeat(\chr(0), $emLen - $sLen - $hash->getLength() - 2); - $db = $ps.\chr(1).$salt; - $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash); - $maskedDB = $db ^ $dbMask; - $maskedDB[0] = ~\chr(0xFF << ($modulusLength & 7)) & $maskedDB[0]; - $em = $maskedDB.$h.\chr(0xBC); - - return $em; - } - - /** - * EMSA-PSS-VERIFY. - */ - private static function verifyEMSAPSS(string $m, string $em, int $emBits, Hash $hash): bool - { - $emLen = ($emBits + 1) >> 3; - $sLen = $hash->getLength(); - $mHash = $hash->hash($m); - if ($emLen < $hash->getLength() + $sLen + 2) { - throw new \InvalidArgumentException(); - } - if ($em[\mb_strlen($em, '8bit') - 1] !== \chr(0xBC)) { - throw new \InvalidArgumentException(); - } - $maskedDB = \mb_substr($em, 0, -$hash->getLength() - 1, '8bit'); - $h = \mb_substr($em, -$hash->getLength() - 1, $hash->getLength(), '8bit'); - $temp = \chr(0xFF << ($emBits & 7)); - if ((~$maskedDB[0] & $temp) !== $temp) { - throw new \InvalidArgumentException(); - } - $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash/*MGF*/); - $db = $maskedDB ^ $dbMask; - $db[0] = ~\chr(0xFF << ($emBits & 7)) & $db[0]; - $temp = $emLen - $hash->getLength() - $sLen - 2; - if (\mb_substr($db, 0, $temp, '8bit') !== \str_repeat(\chr(0), $temp)) { - throw new \InvalidArgumentException(); - } - if (1 !== \ord($db[$temp])) { - throw new \InvalidArgumentException(); - } - $salt = \mb_substr($db, $temp + 1, null, '8bit'); // should be $sLen long - $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt; - $h2 = $hash->hash($m2); - - return \hash_equals($h, $h2); - } - - private static function encodeEMSA15(string $m, int $emBits, Hash $hash): string - { - $h = $hash->hash($m); - switch ($hash->name()) { - case 'sha256': - $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20"; - - break; - case 'sha384': - $t = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30"; - - break; - case 'sha512': - $t = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40"; - - break; - default: - throw new \InvalidArgumentException(); - } - $t .= $h; - $tLen = \mb_strlen($t, '8bit'); - if ($emBits < $tLen + 11) { - throw new \RuntimeException(); - } - $ps = \str_repeat(\chr(0xFF), $emBits - $tLen - 3); - $em2 = "\0\1$ps\0$t"; - - return $em2; - } - - public static function sign(RSAKey $key, string $message, string $hash, int $mode): string - { - switch ($mode) { - case self::SIGNATURE_PSS: - return self::signWithPSS($key, $message, $hash); - case self::SIGNATURE_PKCS1: - return self::signWithPKCS15($key, $message, $hash); - default: - throw new \InvalidArgumentException('Unsupported mode.'); - } - } - - /** - * Create a signature. - */ - public static function signWithPSS(RSAKey $key, string $message, string $hash): string - { - $em = self::encodeEMSAPSS($message, 8 * $key->getModulusLength() - 1, Hash::$hash()); - $message = BigInteger::createFromBinaryString($em); - $signature = RSAKey::exponentiate($key, $message); - - return self::convertIntegerToOctetString($signature, $key->getModulusLength()); - } - - /** - * Create a signature. - */ - public static function signWithPKCS15(RSAKey $key, string $message, string $hash): string - { - $em = self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash()); - $message = BigInteger::createFromBinaryString($em); - $signature = RSAKey::exponentiate($key, $message); - - return self::convertIntegerToOctetString($signature, $key->getModulusLength()); - } - - public static function verify(RSAKey $key, string $message, string $signature, string $hash, int $mode): bool - { - switch ($mode) { - case self::SIGNATURE_PSS: - return self::verifyWithPSS($key, $message, $signature, $hash); - case self::SIGNATURE_PKCS1: - return self::verifyWithPKCS15($key, $message, $signature, $hash); - default: - throw new \InvalidArgumentException('Unsupported mode.'); - } - } - - /** - * Verifies a signature. - */ - public static function verifyWithPSS(RSAKey $key, string $message, string $signature, string $hash): bool - { - if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) { - throw new \InvalidArgumentException(); - } - $s2 = BigInteger::createFromBinaryString($signature); - $m2 = RSAKey::exponentiate($key, $s2); - $em = self::convertIntegerToOctetString($m2, $key->getModulusLength()); - $modBits = 8 * $key->getModulusLength(); - - return self::verifyEMSAPSS($message, $em, $modBits - 1, Hash::$hash()); - } - - /** - * Verifies a signature. - */ - public static function verifyWithPKCS15(RSAKey $key, string $message, string $signature, string $hash): bool - { - if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) { - throw new \InvalidArgumentException(); - } - $signature = BigInteger::createFromBinaryString($signature); - $m2 = RSAKey::exponentiate($key, $signature); - $em = self::convertIntegerToOctetString($m2, $key->getModulusLength()); - - return \hash_equals($em, self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash())); - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Util;
+
+use Jose\Component\Core\Util\BigInteger;
+use Jose\Component\Core\Util\Hash;
+use Jose\Component\Core\Util\RSAKey;
+
+/**
+ * @internal
+ */
+class RSA
+{
+ /**
+ * Probabilistic Signature Scheme.
+ */
+ public const SIGNATURE_PSS = 1;
+
+ /**
+ * Use the PKCS#1.
+ */
+ public const SIGNATURE_PKCS1 = 2;
+
+ private static function convertIntegerToOctetString(BigInteger $x, int $xLen): string
+ {
+ $x = $x->toBytes();
+ if (\mb_strlen($x, '8bit') > $xLen) {
+ throw new \RuntimeException();
+ }
+
+ return \str_pad($x, $xLen, \chr(0), STR_PAD_LEFT);
+ }
+
+ /**
+ * MGF1.
+ */
+ private static function getMGF1(string $mgfSeed, int $maskLen, Hash $mgfHash): string
+ {
+ $t = '';
+ $count = \ceil($maskLen / $mgfHash->getLength());
+ for ($i = 0; $i < $count; ++$i) {
+ $c = \pack('N', $i);
+ $t .= $mgfHash->hash($mgfSeed.$c);
+ }
+
+ return \mb_substr($t, 0, $maskLen, '8bit');
+ }
+
+ /**
+ * EMSA-PSS-ENCODE.
+ */
+ private static function encodeEMSAPSS(string $message, int $modulusLength, Hash $hash): string
+ {
+ $emLen = ($modulusLength + 1) >> 3;
+ $sLen = $hash->getLength();
+ $mHash = $hash->hash($message);
+ if ($emLen <= $hash->getLength() + $sLen + 2) {
+ throw new \RuntimeException();
+ }
+ $salt = \random_bytes($sLen);
+ $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt;
+ $h = $hash->hash($m2);
+ $ps = \str_repeat(\chr(0), $emLen - $sLen - $hash->getLength() - 2);
+ $db = $ps.\chr(1).$salt;
+ $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash);
+ $maskedDB = $db ^ $dbMask;
+ $maskedDB[0] = ~\chr(0xFF << ($modulusLength & 7)) & $maskedDB[0];
+ $em = $maskedDB.$h.\chr(0xBC);
+
+ return $em;
+ }
+
+ /**
+ * EMSA-PSS-VERIFY.
+ */
+ private static function verifyEMSAPSS(string $m, string $em, int $emBits, Hash $hash): bool
+ {
+ $emLen = ($emBits + 1) >> 3;
+ $sLen = $hash->getLength();
+ $mHash = $hash->hash($m);
+ if ($emLen < $hash->getLength() + $sLen + 2) {
+ throw new \InvalidArgumentException();
+ }
+ if ($em[\mb_strlen($em, '8bit') - 1] !== \chr(0xBC)) {
+ throw new \InvalidArgumentException();
+ }
+ $maskedDB = \mb_substr($em, 0, -$hash->getLength() - 1, '8bit');
+ $h = \mb_substr($em, -$hash->getLength() - 1, $hash->getLength(), '8bit');
+ $temp = \chr(0xFF << ($emBits & 7));
+ if ((~$maskedDB[0] & $temp) !== $temp) {
+ throw new \InvalidArgumentException();
+ }
+ $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash/*MGF*/);
+ $db = $maskedDB ^ $dbMask;
+ $db[0] = ~\chr(0xFF << ($emBits & 7)) & $db[0];
+ $temp = $emLen - $hash->getLength() - $sLen - 2;
+ if (\mb_substr($db, 0, $temp, '8bit') !== \str_repeat(\chr(0), $temp)) {
+ throw new \InvalidArgumentException();
+ }
+ if (1 !== \ord($db[$temp])) {
+ throw new \InvalidArgumentException();
+ }
+ $salt = \mb_substr($db, $temp + 1, null, '8bit'); // should be $sLen long
+ $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt;
+ $h2 = $hash->hash($m2);
+
+ return \hash_equals($h, $h2);
+ }
+
+ private static function encodeEMSA15(string $m, int $emBits, Hash $hash): string
+ {
+ $h = $hash->hash($m);
+ switch ($hash->name()) {
+ case 'sha256':
+ $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20";
+
+ break;
+ case 'sha384':
+ $t = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30";
+
+ break;
+ case 'sha512':
+ $t = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40";
+
+ break;
+ default:
+ throw new \InvalidArgumentException();
+ }
+ $t .= $h;
+ $tLen = \mb_strlen($t, '8bit');
+ if ($emBits < $tLen + 11) {
+ throw new \RuntimeException();
+ }
+ $ps = \str_repeat(\chr(0xFF), $emBits - $tLen - 3);
+ $em2 = "\0\1$ps\0$t";
+
+ return $em2;
+ }
+
+ public static function sign(RSAKey $key, string $message, string $hash, int $mode): string
+ {
+ switch ($mode) {
+ case self::SIGNATURE_PSS:
+ return self::signWithPSS($key, $message, $hash);
+ case self::SIGNATURE_PKCS1:
+ return self::signWithPKCS15($key, $message, $hash);
+ default:
+ throw new \InvalidArgumentException('Unsupported mode.');
+ }
+ }
+
+ /**
+ * Create a signature.
+ */
+ public static function signWithPSS(RSAKey $key, string $message, string $hash): string
+ {
+ $em = self::encodeEMSAPSS($message, 8 * $key->getModulusLength() - 1, Hash::$hash());
+ $message = BigInteger::createFromBinaryString($em);
+ $signature = RSAKey::exponentiate($key, $message);
+
+ return self::convertIntegerToOctetString($signature, $key->getModulusLength());
+ }
+
+ /**
+ * Create a signature.
+ */
+ public static function signWithPKCS15(RSAKey $key, string $message, string $hash): string
+ {
+ $em = self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash());
+ $message = BigInteger::createFromBinaryString($em);
+ $signature = RSAKey::exponentiate($key, $message);
+
+ return self::convertIntegerToOctetString($signature, $key->getModulusLength());
+ }
+
+ public static function verify(RSAKey $key, string $message, string $signature, string $hash, int $mode): bool
+ {
+ switch ($mode) {
+ case self::SIGNATURE_PSS:
+ return self::verifyWithPSS($key, $message, $signature, $hash);
+ case self::SIGNATURE_PKCS1:
+ return self::verifyWithPKCS15($key, $message, $signature, $hash);
+ default:
+ throw new \InvalidArgumentException('Unsupported mode.');
+ }
+ }
+
+ /**
+ * Verifies a signature.
+ */
+ public static function verifyWithPSS(RSAKey $key, string $message, string $signature, string $hash): bool
+ {
+ if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) {
+ throw new \InvalidArgumentException();
+ }
+ $s2 = BigInteger::createFromBinaryString($signature);
+ $m2 = RSAKey::exponentiate($key, $s2);
+ $em = self::convertIntegerToOctetString($m2, $key->getModulusLength());
+ $modBits = 8 * $key->getModulusLength();
+
+ return self::verifyEMSAPSS($message, $em, $modBits - 1, Hash::$hash());
+ }
+
+ /**
+ * Verifies a signature.
+ */
+ public static function verifyWithPKCS15(RSAKey $key, string $message, string $signature, string $hash): bool
+ {
+ if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) {
+ throw new \InvalidArgumentException();
+ }
+ $signature = BigInteger::createFromBinaryString($signature);
+ $m2 = RSAKey::exponentiate($key, $signature);
+ $em = self::convertIntegerToOctetString($m2, $key->getModulusLength());
+
+ return \hash_equals($em, self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash()));
+ }
+}
diff --git a/vendor/web-token/jwt-signature/composer.json b/vendor/web-token/jwt-signature/composer.json index e0ceab9..c7503a0 100644 --- a/vendor/web-token/jwt-signature/composer.json +++ b/vendor/web-token/jwt-signature/composer.json @@ -1,49 +1,49 @@ -{ - "name": "web-token/jwt-signature", - "description": "Signature component of the JWT Framework.", - "type": "library", - "license": "MIT", - "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], - "homepage": "https://github.com/web-token", - "authors": [ - { - "name": "Florent Morselli", - "homepage": "https://github.com/Spomky" - },{ - "name": "All contributors", - "homepage": "https://github.com/web-token/jwt-signature/contributors" - } - ], - "autoload": { - "psr-4": { - "Jose\\Component\\Signature\\": "" - } - }, - "require": { - "web-token/jwt-core": "^1.3", - "web-token/jwt-signature-algorithm-ecdsa": "^1.3", - "web-token/jwt-signature-algorithm-eddsa": "^1.3", - "web-token/jwt-signature-algorithm-hmac": "^1.3", - "web-token/jwt-signature-algorithm-none": "^1.3", - "web-token/jwt-signature-algorithm-rsa": "^1.3" - }, - "require-dev": { - "phpunit/phpunit": "^6.0|^7.0" - }, - "suggest": { - "web-token/jwt-signature-algorithm-ecdsa": "ECDSA Based Signature Algorithms", - "web-token/jwt-signature-algorithm-eddsa": "EdDSA Based Signature Algorithms", - "web-token/jwt-signature-algorithm-hmac": "HMAC Based Signature Algorithms", - "web-token/jwt-signature-algorithm-none": "None Signature Algorithm", - "web-token/jwt-signature-algorithm-rsa": "RSA Based Signature Algorithms", - "web-token/jwt-signature-algorithm-experimental": "Experimental Signature Algorithms" - }, - "extra": { - "branch-alias": { - "dev-master": "1.3.x-dev" - } - }, - "config": { - "sort-packages": true - } -} +{
+ "name": "web-token/jwt-signature",
+ "description": "Signature component of the JWT Framework.",
+ "type": "library",
+ "license": "MIT",
+ "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
+ "homepage": "https://github.com/web-token",
+ "authors": [
+ {
+ "name": "Florent Morselli",
+ "homepage": "https://github.com/Spomky"
+ },{
+ "name": "All contributors",
+ "homepage": "https://github.com/web-token/jwt-signature/contributors"
+ }
+ ],
+ "autoload": {
+ "psr-4": {
+ "Jose\\Component\\Signature\\": ""
+ }
+ },
+ "require": {
+ "web-token/jwt-core": "^1.3",
+ "web-token/jwt-signature-algorithm-ecdsa": "^1.3",
+ "web-token/jwt-signature-algorithm-eddsa": "^1.3",
+ "web-token/jwt-signature-algorithm-hmac": "^1.3",
+ "web-token/jwt-signature-algorithm-none": "^1.3",
+ "web-token/jwt-signature-algorithm-rsa": "^1.3"
+ },
+ "require-dev": {
+ "phpunit/phpunit": "^6.0|^7.0"
+ },
+ "suggest": {
+ "web-token/jwt-signature-algorithm-ecdsa": "ECDSA Based Signature Algorithms",
+ "web-token/jwt-signature-algorithm-eddsa": "EdDSA Based Signature Algorithms",
+ "web-token/jwt-signature-algorithm-hmac": "HMAC Based Signature Algorithms",
+ "web-token/jwt-signature-algorithm-none": "None Signature Algorithm",
+ "web-token/jwt-signature-algorithm-rsa": "RSA Based Signature Algorithms",
+ "web-token/jwt-signature-algorithm-experimental": "Experimental Signature Algorithms"
+ },
+ "extra": {
+ "branch-alias": {
+ "dev-master": "1.3.x-dev"
+ }
+ },
+ "config": {
+ "sort-packages": true
+ }
+}
|