|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* The MIT License (MIT) |
|
5
|
|
|
* |
|
6
|
|
|
* Copyright (c) 2014-2015 Spomky-Labs |
|
7
|
|
|
* |
|
8
|
|
|
* This software may be modified and distributed under the terms |
|
9
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Jose; |
|
13
|
|
|
|
|
14
|
|
|
use Jose\Algorithm\JWAManagerInterface; |
|
15
|
|
|
use Jose\Algorithm\Signature\SignatureAlgorithmInterface; |
|
16
|
|
|
use Jose\Behaviour\HasCheckerManager; |
|
17
|
|
|
use Jose\Behaviour\HasJWAManager; |
|
18
|
|
|
use Jose\Behaviour\HasKeyChecker; |
|
19
|
|
|
use Jose\Checker\CheckerManagerInterface; |
|
20
|
|
|
use Jose\Object\JWKSetInterface; |
|
21
|
|
|
use Jose\Object\JWSInterface; |
|
22
|
|
|
use Jose\Object\SignatureInterface; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
*/ |
|
26
|
|
|
final class Verifier implements VerifierInterface |
|
27
|
|
|
{ |
|
28
|
|
|
use HasKeyChecker; |
|
29
|
|
|
use HasJWAManager; |
|
30
|
|
|
use HasCheckerManager; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* Loader constructor. |
|
34
|
|
|
* |
|
35
|
|
|
* @param \Jose\Algorithm\JWAManagerInterface $jwa_manager |
|
36
|
|
|
* @param \Jose\Checker\CheckerManagerInterface $checker_manager |
|
37
|
|
|
*/ |
|
38
|
|
|
public function __construct( |
|
39
|
|
|
JWAManagerInterface $jwa_manager, |
|
40
|
|
|
CheckerManagerInterface $checker_manager) |
|
41
|
|
|
{ |
|
42
|
|
|
$this->setJWAManager($jwa_manager); |
|
43
|
|
|
$this->setCheckerManager($checker_manager); |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* {@inheritdoc} |
|
48
|
|
|
* |
|
49
|
|
|
* @throws \InvalidArgumentException |
|
50
|
|
|
*/ |
|
51
|
|
|
public function verify(JWSInterface $jws, JWKSetInterface $jwk_set, $detached_payload = null) |
|
52
|
|
|
{ |
|
53
|
|
|
if (null !== $detached_payload && !empty($jws->getEncodedPayload())) { |
|
54
|
|
|
throw new \InvalidArgumentException('A detached payload is set, but the JWS already has a payload.'); |
|
55
|
|
|
} |
|
56
|
|
|
if (0 === count($jwk_set)) { |
|
57
|
|
|
throw new \InvalidArgumentException('No key in the key set.'); |
|
58
|
|
|
} |
|
59
|
|
|
foreach ($jws->getSignatures() as $signature) { |
|
60
|
|
|
$input = $signature->getEncodedProtectedHeaders().'.'.(null === $detached_payload ? $jws->getEncodedPayload() : $detached_payload); |
|
61
|
|
|
|
|
62
|
|
|
foreach ($jwk_set->getKeys() as $jwk) { |
|
63
|
|
|
$algorithm = $this->getAlgorithm($signature); |
|
64
|
|
|
if (!$this->checkKeyUsage($jwk, 'verification')) { |
|
65
|
|
|
continue; |
|
66
|
|
|
} |
|
67
|
|
|
if (!$this->checkKeyAlgorithm($jwk, $algorithm->getAlgorithmName())) { |
|
68
|
|
|
continue; |
|
69
|
|
|
} |
|
70
|
|
|
try { |
|
71
|
|
|
if (true === $algorithm->verify($jwk, $input, $signature->getSignature())) { |
|
72
|
|
|
return true; |
|
73
|
|
|
} |
|
74
|
|
|
} catch (\Exception $e) { |
|
75
|
|
|
//We do nothing, we continue with other keys |
|
76
|
|
|
continue; |
|
77
|
|
|
} |
|
78
|
|
|
} |
|
79
|
|
|
} |
|
80
|
|
|
|
|
81
|
|
|
|
|
82
|
|
|
return false; |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* @param \Jose\Object\SignatureInterface $signature |
|
87
|
|
|
* |
|
88
|
|
|
* @return \Jose\Algorithm\Signature\SignatureAlgorithmInterface|null |
|
89
|
|
|
*/ |
|
90
|
|
|
private function getAlgorithm(SignatureInterface $signature) |
|
91
|
|
|
{ |
|
92
|
|
|
$complete_headers = array_merge( |
|
93
|
|
|
$signature->getProtectedHeaders(), |
|
94
|
|
|
$signature->getHeaders() |
|
95
|
|
|
); |
|
96
|
|
|
if (!array_key_exists('alg', $complete_headers)) { |
|
97
|
|
|
throw new \InvalidArgumentException('No "alg" parameter set in the header.'); |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
$algorithm = $this->getJWAManager()->getAlgorithm($complete_headers['alg']); |
|
101
|
|
|
if (!$algorithm instanceof SignatureAlgorithmInterface) { |
|
|
|
|
|
|
102
|
|
|
throw new \RuntimeException(sprintf('The algorithm "%s" is not supported or does not implement SignatureInterface.', $complete_headers['alg'])); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
return $algorithm; |
|
106
|
|
|
} |
|
107
|
|
|
} |
|
108
|
|
|
|
Spomky-Labs /
jose
This error could be the result of:
1. Missing dependencies
PHP Analyzer uses your
composer.jsonfile (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects thecomposer.jsonto be in the root folder of your repository.Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the
requireorrequire-devsection?2. Missing use statement
PHP does not complain about undefined classes in
ìnstanceofchecks. For example, the following PHP code will work perfectly fine:If you have not tested against this specific condition, such errors might go unnoticed.