Failed Conditions
Push — v7 ( 79e5af...524357 )
by Florent
02:58
created

KeyChecker::checkKeyAlgorithm()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 10
Code Lines 5

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 10
rs 9.4285
c 0
b 0
f 0
cc 3
eloc 5
nc 3
nop 2
1
<?php
2
3
declare(strict_types=1);
4
5
/*
6
 * The MIT License (MIT)
7
 *
8
 * Copyright (c) 2014-2017 Spomky-Labs
9
 *
10
 * This software may be modified and distributed under the terms
11
 * of the MIT license.  See the LICENSE file for details.
12
 */
13
14
namespace Jose\Component\Core\Util;
15
16
use Jose\Component\Core\JWK;
17
18
final class KeyChecker
19
{
20
    /**
21
     * @param JWK    $key
22
     * @param string $usage
23
     *
24
     * @throws \InvalidArgumentException
25
     *
26
     * @return bool
27
     */
28
    public static function checkKeyUsage(JWK $key, string $usage): bool
29
    {
30
        if ($key->has('use')) {
31
            return self::checkUsage($key, $usage);
32
        }
33
        if ($key->has('key_ops')) {
34
            return self::checkOperation($key, $usage);
35
        }
36
37
        return true;
38
    }
39
40
    /**
41
     * @param JWK    $key
42
     * @param string $usage
43
     *
44
     * @return bool
45
     */
46
    private static function checkOperation(JWK $key, string $usage): bool
47
    {
48
        $ops = $key->get('key_ops');
49
        if (!is_array($ops)) {
50
            $ops = [$ops];
51
        }
52
        switch ($usage) {
53
            case 'verification':
54
                if (!in_array('verify', $ops)) {
55
                    throw new \InvalidArgumentException('Key cannot be used to verify a signature');
56
                }
57
58
                return true;
59
            case 'signature':
60
                if (!in_array('sign', $ops)) {
61
                    throw new \InvalidArgumentException('Key cannot be used to sign');
62
                }
63
64
                return true;
65
            case 'encryption':
66
                if (!in_array('encrypt', $ops) && !in_array('wrapKey', $ops)) {
67
                    throw new \InvalidArgumentException('Key cannot be used to encrypt');
68
                }
69
70
                return true;
71
            case 'decryption':
72
                if (!in_array('decrypt', $ops) && !in_array('unwrapKey', $ops)) {
73
                    throw new \InvalidArgumentException('Key cannot be used to decrypt');
74
                }
75
76
                return true;
77
            default:
78
                throw new \InvalidArgumentException('Unsupported key usage.');
79
        }
80
    }
81
82
    /**
83
     * @param JWK    $key
84
     * @param string $usage
85
     *
86
     * @return bool
87
     */
88
    private static function checkUsage(JWK $key, string $usage): bool
89
    {
90
        $use = $key->get('use');
91
        switch ($usage) {
92
            case 'verification':
93
            case 'signature':
94
                if ('sig' !== $use) {
95
                    throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
96
                }
97
98
                return true;
99
            case 'encryption':
100
            case 'decryption':
101
                if ('enc' !== $use) {
102
                    throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
103
                }
104
105
                return true;
106
            default:
107
                throw new \InvalidArgumentException('Unsupported key usage.');
108
        }
109
    }
110
111
    /**
112
     * @param JWK    $key
113
     * @param string $algorithm
114
     */
115
    public static function checkKeyAlgorithm(JWK $key, string $algorithm)
116
    {
117
        if (!$key->has('alg')) {
118
            return;
119
        }
120
121
        if ($key->get('alg') !== $algorithm) {
122
            throw new \InvalidArgumentException(sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
123
        }
124
    }
125
}
126