1
|
|
|
<?php declare(strict_types=1); |
2
|
|
|
|
3
|
|
|
namespace CustomerGauge\Cognito; |
4
|
|
|
|
5
|
|
|
use Jose\Component\Checker\ClaimCheckerManager; |
6
|
|
|
use Jose\Component\Checker\ExpirationTimeChecker; |
7
|
|
|
use Jose\Component\Checker\IssuerChecker; |
8
|
|
|
use Jose\Component\Core\AlgorithmManager; |
9
|
|
|
use Jose\Component\Core\JWKSet; |
10
|
|
|
use Jose\Component\Signature\Algorithm\RS256; |
11
|
|
|
use Jose\Component\Signature\JWS; |
12
|
|
|
use Jose\Component\Signature\JWSLoader; |
13
|
|
|
use Jose\Component\Signature\JWSVerifier; |
14
|
|
|
use Jose\Component\Signature\Serializer\CompactSerializer; |
15
|
|
|
use Jose\Component\Signature\Serializer\JWSSerializerManager; |
16
|
|
|
|
17
|
|
|
final class TokenParser |
18
|
|
|
{ |
19
|
|
|
private $keyResolver; |
20
|
|
|
|
21
|
4 |
|
public function __construct(KeyResolver $keyResolver) |
22
|
|
|
{ |
23
|
4 |
|
$this->keyResolver = $keyResolver; |
24
|
|
|
} |
25
|
|
|
|
26
|
4 |
|
public function parse(string $token) |
27
|
|
|
{ |
28
|
4 |
|
$jws = $this->loadAndVerifyWithKeySet($token); |
29
|
|
|
|
30
|
3 |
|
$payload = json_decode($jws->getPayload(), true); |
|
|
|
|
31
|
|
|
|
32
|
3 |
|
$claimCheckerManager = new ClaimCheckerManager([ |
33
|
3 |
|
new IssuerChecker([$this->keyResolver->issuer()->toString()]), |
34
|
3 |
|
new ExpirationTimeChecker, |
35
|
3 |
|
]); |
36
|
|
|
|
37
|
3 |
|
$claimCheckerManager->check($payload); |
38
|
|
|
|
39
|
3 |
|
return $payload; |
40
|
|
|
} |
41
|
|
|
|
42
|
4 |
|
private function loadAndVerifyWithKeySet(string $token): JWS |
43
|
|
|
{ |
44
|
4 |
|
$jwsVerifier = new JWSVerifier(new AlgorithmManager([new RS256()])); |
45
|
|
|
|
46
|
4 |
|
$serializerManager = new JWSSerializerManager([new CompactSerializer()]); |
47
|
|
|
|
48
|
4 |
|
$jwsLoader = new JWSLoader($serializerManager, $jwsVerifier, null); |
49
|
|
|
|
50
|
4 |
|
$jwkset = JWKSet::createFromJson($this->keyResolver->jwkset()); |
51
|
|
|
|
52
|
4 |
|
return $jwsLoader->loadAndVerifyWithKeySet($token, $jwkset, $signature); |
53
|
|
|
} |
54
|
|
|
} |
55
|
|
|
|