1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
namespace Facile\JoseVerifier\JWK; |
6
|
|
|
|
7
|
|
|
use function array_key_exists; |
8
|
|
|
use Facile\JoseVerifier\Exception\RuntimeException; |
9
|
|
|
use function is_array; |
10
|
|
|
use function json_decode; |
11
|
|
|
use Psr\Http\Client\ClientInterface; |
12
|
|
|
use Psr\Http\Message\RequestFactoryInterface; |
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* @psalm-import-type JWKSetObject from \Facile\JoseVerifier\Psalm\PsalmTypes |
16
|
|
|
*/ |
17
|
|
|
class RemoteJwksProvider implements JwksProviderInterface |
18
|
|
|
{ |
19
|
|
|
/** @var ClientInterface */ |
20
|
|
|
private $client; |
21
|
|
|
|
22
|
|
|
/** @var RequestFactoryInterface */ |
23
|
|
|
private $requestFactory; |
24
|
|
|
|
25
|
|
|
/** @var string */ |
26
|
|
|
private $uri; |
27
|
|
|
|
28
|
|
|
/** @var array<string, string|string[]> */ |
29
|
|
|
private $headers; |
30
|
|
|
|
31
|
|
|
/** |
32
|
|
|
* @param ClientInterface $client |
33
|
|
|
* @param RequestFactoryInterface $requestFactory |
34
|
17 |
|
* @param string $uri |
35
|
|
|
* @param array<string, string|string[]> $headers |
36
|
|
|
*/ |
37
|
|
|
public function __construct( |
38
|
|
|
ClientInterface $client, |
39
|
|
|
RequestFactoryInterface $requestFactory, |
40
|
17 |
|
string $uri, |
41
|
17 |
|
array $headers = [] |
42
|
17 |
|
) { |
43
|
17 |
|
$this->client = $client; |
44
|
17 |
|
$this->requestFactory = $requestFactory; |
45
|
|
|
$this->uri = $uri; |
46
|
|
|
$this->headers = $headers; |
47
|
|
|
} |
48
|
|
|
|
49
|
|
|
/** |
50
|
|
|
* @param array<string, string|string[]> $headers |
51
|
1 |
|
* |
52
|
|
|
* @return RemoteJwksProvider |
53
|
1 |
|
*/ |
54
|
1 |
|
public function withHeaders(array $headers): self |
55
|
|
|
{ |
56
|
1 |
|
$new = clone $this; |
57
|
|
|
$new->headers = $headers; |
58
|
|
|
|
59
|
|
|
return $new; |
60
|
|
|
} |
61
|
|
|
|
62
|
5 |
|
/** |
63
|
|
|
* @inheritDoc |
64
|
5 |
|
* |
65
|
|
|
* @psalm-return JWKSetObject |
66
|
5 |
|
*/ |
67
|
2 |
|
public function getJwks(): array |
68
|
|
|
{ |
69
|
|
|
$request = $this->requestFactory->createRequest('GET', $this->uri); |
70
|
5 |
|
|
71
|
|
|
foreach ($this->headers as $k => $v) { |
72
|
5 |
|
$request = $request->withHeader($k, $v); |
73
|
1 |
|
} |
74
|
|
|
|
75
|
|
|
$response = $this->client->sendRequest($request); |
76
|
4 |
|
|
77
|
|
|
if ($response->getStatusCode() >= 400) { |
78
|
4 |
|
throw new RuntimeException('Unable to get the key set.', $response->getStatusCode()); |
79
|
1 |
|
} |
80
|
|
|
|
81
|
|
|
/** @var mixed $data */ |
82
|
3 |
|
$data = json_decode((string) $response->getBody(), true); |
83
|
|
|
|
84
|
|
|
if ($this->isJWKSet($data)) { |
85
|
|
|
/** @var JWKSetObject $data */ |
86
|
|
|
return $data; |
87
|
|
|
} |
88
|
1 |
|
|
89
|
|
|
throw new RuntimeException('Invalid key set content'); |
90
|
1 |
|
} |
91
|
|
|
|
92
|
|
|
/** |
93
|
|
|
* @param mixed $data |
94
|
|
|
* @psalm-assert-if-true JWKSetObject $data |
95
|
|
|
*/ |
96
|
|
|
private function isJWKSet($data): bool |
97
|
|
|
{ |
98
|
|
|
return is_array($data) && array_key_exists('keys', $data) && is_array($data['keys']); |
99
|
|
|
} |
100
|
|
|
|
101
|
|
|
/** |
102
|
|
|
* @inheritDoc |
103
|
|
|
*/ |
104
|
|
|
public function reload(): JwksProviderInterface |
105
|
|
|
{ |
106
|
|
|
return $this; |
|
|
|
|
107
|
|
|
} |
108
|
|
|
} |
109
|
|
|
|
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.
Let’s take a look at an example:
Our function
my_function
expects aPost
object, and outputs the author of the post. The base classPost
returns a simple string and outputting a simple string will work just fine. However, the child classBlogPost
which is a sub-type ofPost
instead decided to return anobject
, and is therefore violating the SOLID principles. If aBlogPost
were passed tomy_function
, PHP would not complain, but ultimately fail when executing thestrtoupper
call in its body.