|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* The MIT License (MIT) |
|
5
|
|
|
* |
|
6
|
|
|
* Copyright (c) 2014-2016 Spomky-Labs |
|
7
|
|
|
* |
|
8
|
|
|
* This software may be modified and distributed under the terms |
|
9
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Jose\Factory; |
|
13
|
|
|
|
|
14
|
|
|
use Assert\Assertion; |
|
15
|
|
|
use Jose\Encrypter; |
|
16
|
|
|
use Jose\Object\JWKInterface; |
|
17
|
|
|
use Jose\Signer; |
|
18
|
|
|
use Psr\Log\LoggerInterface; |
|
19
|
|
|
|
|
20
|
|
|
final class JWTCreator |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* @var \Psr\Log\LoggerInterface |
|
24
|
|
|
*/ |
|
25
|
|
|
private $logger; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* @var \Jose\EncrypterInterface|null |
|
29
|
|
|
*/ |
|
30
|
|
|
private $encrypter = null; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* @var \Jose\SignerInterface |
|
34
|
|
|
*/ |
|
35
|
|
|
private $signer; |
|
36
|
|
|
|
|
37
|
|
|
/** |
|
38
|
|
|
* JWTCreator constructor. |
|
39
|
|
|
* |
|
40
|
|
|
* @param string[]|\Jose\Algorithm\SignatureAlgorithmInterface[] $supported_signature_algorithms |
|
41
|
|
|
* @param \Psr\Log\LoggerInterface|null $logger |
|
42
|
|
|
*/ |
|
43
|
|
|
public function __construct(array $supported_signature_algorithms, LoggerInterface $logger = null) |
|
44
|
|
|
{ |
|
45
|
|
|
Assertion::notEmpty($supported_signature_algorithms, $logger); |
|
|
|
|
|
|
46
|
|
|
|
|
47
|
|
|
$this->logger = $logger; |
|
48
|
|
|
$this->signer = Signer::createSigner($supported_signature_algorithms, $logger); |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* @param string[]|\Jose\Algorithm\KeyEncryptionAlgorithmInterface[] $supported_key_encryption_algorithms |
|
53
|
|
|
* @param string[]|\Jose\Algorithm\ContentEncryptionAlgorithmInterface[] $supported_content_encryption_algorithms |
|
54
|
|
|
* @param string[]|\Jose\Compression\CompressionInterface $supported_compression_methods |
|
55
|
|
|
*/ |
|
56
|
|
|
public function enableEncryptionSupport(array $supported_key_encryption_algorithms, |
|
57
|
|
|
array $supported_content_encryption_algorithms, |
|
58
|
|
|
array $supported_compression_methods = ['DEF', 'ZLIB', 'GZ'] |
|
59
|
|
|
) { |
|
60
|
|
|
Assertion::notEmpty($supported_key_encryption_algorithms, 'At least one key encryption algorithm must be set.'); |
|
61
|
|
|
Assertion::notEmpty($supported_content_encryption_algorithms, 'At least one content encryption algorithm must be set.'); |
|
62
|
|
|
|
|
63
|
|
|
$this->encrypter = Encrypter::createEncrypter( |
|
64
|
|
|
$supported_key_encryption_algorithms, |
|
65
|
|
|
$supported_content_encryption_algorithms, |
|
66
|
|
|
$supported_compression_methods, |
|
67
|
|
|
$this->logger |
|
68
|
|
|
); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* @param mixed $payload |
|
73
|
|
|
* @param array $signature_protected_headers |
|
74
|
|
|
* @param \Jose\Object\JWKInterface $signature_key |
|
75
|
|
|
* |
|
76
|
|
|
* @return string |
|
77
|
|
|
*/ |
|
78
|
|
|
public function sign($payload, array $signature_protected_headers, JWKInterface $signature_key) |
|
79
|
|
|
{ |
|
80
|
|
|
$jws = JWSFactory::createJWS($payload); |
|
81
|
|
|
|
|
82
|
|
|
$jws = $jws->addSignature($signature_key, $signature_protected_headers); |
|
83
|
|
|
$this->signer->sign($jws); |
|
84
|
|
|
|
|
85
|
|
|
return $jws->toCompactJSON(0); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
/** |
|
89
|
|
|
* @param string $payload |
|
90
|
|
|
* @param array $encryption_protected_headers |
|
91
|
|
|
* @param \Jose\Object\JWKInterface $encryption_key |
|
92
|
|
|
* |
|
93
|
|
|
* @return string |
|
94
|
|
|
*/ |
|
95
|
|
|
public function encrypt($payload, array $encryption_protected_headers, JWKInterface $encryption_key) |
|
96
|
|
|
{ |
|
97
|
|
|
Assertion::notNull($this->encrypter, 'The encryption support is not enabled'); |
|
98
|
|
|
|
|
99
|
|
|
$jwe = JWEFactory::createJWE($payload, $encryption_protected_headers); |
|
100
|
|
|
$jwe = $jwe->addRecipient($encryption_key); |
|
101
|
|
|
$this->encrypter->encrypt($jwe); |
|
102
|
|
|
|
|
103
|
|
|
return $jwe->toCompactJSON(0); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
/** |
|
107
|
|
|
* @return string[] |
|
108
|
|
|
*/ |
|
109
|
|
|
public function getSignatureAlgorithms() |
|
110
|
|
|
{ |
|
111
|
|
|
return $this->signer->getSupportedSignatureAlgorithms(); |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
/** |
|
115
|
|
|
* @return string[] |
|
116
|
|
|
*/ |
|
117
|
|
|
public function getSupportedKeyEncryptionAlgorithms() |
|
118
|
|
|
{ |
|
119
|
|
|
return null === $this->encrypter ? [] : $this->encrypter->getSupportedKeyEncryptionAlgorithms(); |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
/** |
|
123
|
|
|
* @return string[] |
|
124
|
|
|
*/ |
|
125
|
|
|
public function getSupportedContentEncryptionAlgorithms() |
|
126
|
|
|
{ |
|
127
|
|
|
return null === $this->encrypter ? [] : $this->encrypter->getSupportedContentEncryptionAlgorithms(); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
/** |
|
131
|
|
|
* @return string[] |
|
132
|
|
|
*/ |
|
133
|
|
|
public function getSupportedCompressionMethods() |
|
134
|
|
|
{ |
|
135
|
|
|
return null === $this->encrypter ? [] : $this->encrypter->getSupportedCompressionMethods(); |
|
136
|
|
|
} |
|
137
|
|
|
} |
|
138
|
|
|
|
Spomky-Labs /
jose
This check looks at variables that have been passed in as parameters and are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.