primo commit
This commit is contained in:
57
libraries/vendor/web-token/jwt-library/NestedToken/NestedTokenLoader.php
vendored
Normal file
57
libraries/vendor/web-token/jwt-library/NestedToken/NestedTokenLoader.php
vendored
Normal file
@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Jose\Component\NestedToken;
|
||||
|
||||
use InvalidArgumentException;
|
||||
use Jose\Component\Core\JWKSet;
|
||||
use Jose\Component\Encryption\JWE;
|
||||
use Jose\Component\Encryption\JWELoader;
|
||||
use Jose\Component\Signature\JWS;
|
||||
use Jose\Component\Signature\JWSLoader;
|
||||
use function is_string;
|
||||
|
||||
class NestedTokenLoader
|
||||
{
|
||||
public function __construct(
|
||||
private readonly JWELoader $jweLoader,
|
||||
private readonly JWSLoader $jwsLoader
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method will try to load, decrypt and verify the token. In case of failure, an exception is thrown, otherwise
|
||||
* returns the JWS and populates the $signature variable.
|
||||
*/
|
||||
public function load(string $token, JWKSet $encryptionKeySet, JWKSet $signatureKeySet, ?int &$signature = null): JWS
|
||||
{
|
||||
$recipient = null;
|
||||
$jwe = $this->jweLoader->loadAndDecryptWithKeySet($token, $encryptionKeySet, $recipient);
|
||||
$this->checkContentTypeHeader($jwe, $recipient);
|
||||
if ($jwe->getPayload() === null) {
|
||||
throw new InvalidArgumentException('The token has no payload.');
|
||||
}
|
||||
|
||||
return $this->jwsLoader->loadAndVerifyWithKeySet($jwe->getPayload(), $signatureKeySet, $signature);
|
||||
}
|
||||
|
||||
private function checkContentTypeHeader(JWE $jwe, int $recipient): void
|
||||
{
|
||||
$cty = match (true) {
|
||||
$jwe->hasSharedProtectedHeaderParameter('cty') => $jwe->getSharedProtectedHeaderParameter('cty'),
|
||||
$jwe->hasSharedHeaderParameter('cty') => $jwe->getSharedHeaderParameter('cty'),
|
||||
$jwe->getRecipient($recipient)
|
||||
->hasHeaderParameter('cty') => $jwe->getRecipient($recipient)
|
||||
->getHeaderParameter('cty'),
|
||||
default => throw new InvalidArgumentException('The token is not a nested token.'),
|
||||
};
|
||||
if (! is_string($cty)) {
|
||||
throw new InvalidArgumentException('Invalid "cty" header parameter.');
|
||||
}
|
||||
|
||||
if (strcasecmp($cty, 'jwt') !== 0) {
|
||||
throw new InvalidArgumentException('The token is not a nested token.');
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user