sop / jwx

lib/JWX/JWS/Algorithm/RS512Algorithm.php

Indentation +16 added lines, -16 removed lines

@@ -13,21 +13,21 @@
  */
 class RS512Algorithm extends RSASSAPKCS1Algorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _mdMethod(): string
-    {
-        return "sha512WithRSAEncryption";
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _mdMethod(): string
+	{
+		return "sha512WithRSAEncryption";
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_RS512;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_RS512;
+	}
 }

lib/JWX/JWS/Algorithm/RS384Algorithm.php

Indentation +16 added lines, -16 removed lines

@@ -13,21 +13,21 @@
  */
 class RS384Algorithm extends RSASSAPKCS1Algorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _mdMethod(): string
-    {
-        return "sha384WithRSAEncryption";
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _mdMethod(): string
+	{
+		return "sha384WithRSAEncryption";
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_RS384;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_RS384;
+	}
 }

lib/JWX/JWS/Algorithm/RSASSAPKCS1Algorithm.php

Indentation +75 added lines, -75 removed lines

@@ -18,84 +18,84 @@
  */
 abstract class RSASSAPKCS1Algorithm extends OpenSSLSignatureAlgorithm
 {
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = array(
-        /* @formatter:off */
-        JWA::ALGO_RS256 => RS256Algorithm::class,
-        JWA::ALGO_RS384 => RS384Algorithm::class,
-        JWA::ALGO_RS512 => RS512Algorithm::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = array(
+		/* @formatter:off */
+		JWA::ALGO_RS256 => RS256Algorithm::class,
+		JWA::ALGO_RS384 => RS384Algorithm::class,
+		JWA::ALGO_RS512 => RS512Algorithm::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Constructor.
-     *
-     * @param RSAPublicKeyJWK $pub_key
-     * @param RSAPrivateKeyJWK $priv_key
-     */
-    protected function __construct(RSAPublicKeyJWK $pub_key,
-        RSAPrivateKeyJWK $priv_key = null)
-    {
-        $this->_publicKey = $pub_key;
-        $this->_privateKey = $priv_key;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param RSAPublicKeyJWK $pub_key
+	 * @param RSAPrivateKeyJWK $priv_key
+	 */
+	protected function __construct(RSAPublicKeyJWK $pub_key,
+		RSAPrivateKeyJWK $priv_key = null)
+	{
+		$this->_publicKey = $pub_key;
+		$this->_privateKey = $priv_key;
+	}
     
-    /**
-     * Initialize from a public key.
-     *
-     * @param RSAPublicKeyJWK $jwk
-     * @return self
-     */
-    public static function fromPublicKey(RSAPublicKeyJWK $jwk): self
-    {
-        return new static($jwk);
-    }
+	/**
+	 * Initialize from a public key.
+	 *
+	 * @param RSAPublicKeyJWK $jwk
+	 * @return self
+	 */
+	public static function fromPublicKey(RSAPublicKeyJWK $jwk): self
+	{
+		return new static($jwk);
+	}
     
-    /**
-     * Initialize from a private key.
-     *
-     * @param RSAPrivateKeyJWK $jwk
-     * @return self
-     */
-    public static function fromPrivateKey(RSAPrivateKeyJWK $jwk): self
-    {
-        return new static($jwk->publicKey(), $jwk);
-    }
+	/**
+	 * Initialize from a private key.
+	 *
+	 * @param RSAPrivateKeyJWK $jwk
+	 * @return self
+	 */
+	public static function fromPrivateKey(RSAPrivateKeyJWK $jwk): self
+	{
+		return new static($jwk->publicKey(), $jwk);
+	}
     
-    /**
-     *
-     * @param JWK $jwk
-     * @param Header $header
-     * @throws \UnexpectedValueException
-     * @return RSASSAPKCS1Algorithm
-     */
-    public static function fromJWK(JWK $jwk, Header $header): self
-    {
-        $alg = JWA::deriveAlgorithmName($header, $jwk);
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$alg];
-        if ($jwk->has(...RSAPrivateKeyJWK::MANAGED_PARAMS)) {
-            return $cls::fromPrivateKey(RSAPrivateKeyJWK::fromJWK($jwk));
-        }
-        return $cls::fromPublicKey(RSAPublicKeyJWK::fromJWK($jwk));
-    }
+	/**
+	 *
+	 * @param JWK $jwk
+	 * @param Header $header
+	 * @throws \UnexpectedValueException
+	 * @return RSASSAPKCS1Algorithm
+	 */
+	public static function fromJWK(JWK $jwk, Header $header): self
+	{
+		$alg = JWA::deriveAlgorithmName($header, $jwk);
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$alg];
+		if ($jwk->has(...RSAPrivateKeyJWK::MANAGED_PARAMS)) {
+			return $cls::fromPrivateKey(RSAPrivateKeyJWK::fromJWK($jwk));
+		}
+		return $cls::fromPublicKey(RSAPublicKeyJWK::fromJWK($jwk));
+	}
     
-    /**
-     *
-     * @see \JWX\JWS\SignatureAlgorithm::headerParameters()
-     * @return \JWX\JWT\Parameter\JWTParameter[]
-     */
-    public function headerParameters(): array
-    {
-        return array_merge(parent::headerParameters(),
-            array(AlgorithmParameter::fromAlgorithm($this)));
-    }
+	/**
+	 *
+	 * @see \JWX\JWS\SignatureAlgorithm::headerParameters()
+	 * @return \JWX\JWT\Parameter\JWTParameter[]
+	 */
+	public function headerParameters(): array
+	{
+		return array_merge(parent::headerParameters(),
+			array(AlgorithmParameter::fromAlgorithm($this)));
+	}
 }

lib/JWX/JWS/Algorithm/ES512Algorithm.php

Indentation +24 added lines, -24 removed lines

@@ -14,30 +14,30 @@
  */
 class ES512Algorithm extends ECDSAAlgorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _curveName(): string
-    {
-        return CurveParameter::CURVE_P521;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _curveName(): string
+	{
+		return CurveParameter::CURVE_P521;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _mdMethod(): string
-    {
-        return "sha512";
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _mdMethod(): string
+	{
+		return "sha512";
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_ES512;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_ES512;
+	}
 }

lib/JWX/JWS/JWS.php

Indentation +254 added lines, -254 removed lines

@@ -21,278 +21,278 @@
  */
 class JWS
 {
-    /**
-     * Protected header.
-     *
-     * @var Header $_protectedHeader
-     */
-    protected $_protectedHeader;
+	/**
+	 * Protected header.
+	 *
+	 * @var Header $_protectedHeader
+	 */
+	protected $_protectedHeader;
     
-    /**
-     * Payload.
-     *
-     * @var string $_payload
-     */
-    protected $_payload;
+	/**
+	 * Payload.
+	 *
+	 * @var string $_payload
+	 */
+	protected $_payload;
     
-    /**
-     * Input value for the signature computation.
-     *
-     * @var string $_signatureInput
-     */
-    protected $_signatureInput;
+	/**
+	 * Input value for the signature computation.
+	 *
+	 * @var string $_signatureInput
+	 */
+	protected $_signatureInput;
     
-    /**
-     * Signature.
-     *
-     * @var string $_signature
-     */
-    protected $_signature;
+	/**
+	 * Signature.
+	 *
+	 * @var string $_signature
+	 */
+	protected $_signature;
     
-    /**
-     * Constructor.
-     *
-     * @param Header $protected_header JWS Protected Header
-     * @param string $payload JWS Payload
-     * @param string $signature_input Input value for the signature computation
-     * @param string $signature JWS Signature
-     */
-    protected function __construct(Header $protected_header, string $payload,
-        string $signature_input, string $signature)
-    {
-        $this->_protectedHeader = $protected_header;
-        $this->_payload = $payload;
-        $this->_signatureInput = $signature_input;
-        $this->_signature = $signature;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Header $protected_header JWS Protected Header
+	 * @param string $payload JWS Payload
+	 * @param string $signature_input Input value for the signature computation
+	 * @param string $signature JWS Signature
+	 */
+	protected function __construct(Header $protected_header, string $payload,
+		string $signature_input, string $signature)
+	{
+		$this->_protectedHeader = $protected_header;
+		$this->_payload = $payload;
+		$this->_signatureInput = $signature_input;
+		$this->_signature = $signature;
+	}
     
-    /**
-     * Initialize from a compact serialization.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromCompact(string $data): self
-    {
-        return self::fromParts(explode(".", $data));
-    }
+	/**
+	 * Initialize from a compact serialization.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromCompact(string $data): self
+	{
+		return self::fromParts(explode(".", $data));
+	}
     
-    /**
-     * Initialize from the parts of a compact serialization.
-     *
-     * @param array $parts
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromParts(array $parts): self
-    {
-        if (count($parts) != 3) {
-            throw new \UnexpectedValueException(
-                "Invalid JWS compact serialization.");
-        }
-        $header = Header::fromJSON(Base64::urlDecode($parts[0]));
-        $b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
-        $payload = $b64 ? Base64::urlDecode($parts[1]) : $parts[1];
-        $signature_input = $parts[0] . "." . $parts[1];
-        $signature = Base64::urlDecode($parts[2]);
-        return new self($header, $payload, $signature_input, $signature);
-    }
+	/**
+	 * Initialize from the parts of a compact serialization.
+	 *
+	 * @param array $parts
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromParts(array $parts): self
+	{
+		if (count($parts) != 3) {
+			throw new \UnexpectedValueException(
+				"Invalid JWS compact serialization.");
+		}
+		$header = Header::fromJSON(Base64::urlDecode($parts[0]));
+		$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
+		$payload = $b64 ? Base64::urlDecode($parts[1]) : $parts[1];
+		$signature_input = $parts[0] . "." . $parts[1];
+		$signature = Base64::urlDecode($parts[2]);
+		return new self($header, $payload, $signature_input, $signature);
+	}
     
-    /**
-     * Initialize by signing the payload with given algorithm.
-     *
-     * @param string $payload JWS Payload
-     * @param SignatureAlgorithm $algo Signature algorithm
-     * @param Header|null $header Desired header. Algorithm specific
-     *        parameters are added automatically.
-     * @throws \RuntimeException If signature computation fails
-     * @return self
-     */
-    public static function sign(string $payload, SignatureAlgorithm $algo,
-        Header $header = null): self
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        $header = $header->withParameters(...$algo->headerParameters());
-        // ensure that if b64 parameter is used, it's marked critical
-        if ($header->hasB64Payload()) {
-            if (!$header->hasCritical()) {
-                $crit = new CriticalParameter(JWTParameter::P_B64);
-            } else {
-                $crit = $header->critical()->withParamName(JWTParameter::P_B64);
-            }
-            $header = $header->withParameters($crit);
-        }
-        $signature_input = self::_generateSignatureInput($payload, $header);
-        $signature = $algo->computeSignature($signature_input);
-        return new self($header, $payload, $signature_input, $signature);
-    }
+	/**
+	 * Initialize by signing the payload with given algorithm.
+	 *
+	 * @param string $payload JWS Payload
+	 * @param SignatureAlgorithm $algo Signature algorithm
+	 * @param Header|null $header Desired header. Algorithm specific
+	 *        parameters are added automatically.
+	 * @throws \RuntimeException If signature computation fails
+	 * @return self
+	 */
+	public static function sign(string $payload, SignatureAlgorithm $algo,
+		Header $header = null): self
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		$header = $header->withParameters(...$algo->headerParameters());
+		// ensure that if b64 parameter is used, it's marked critical
+		if ($header->hasB64Payload()) {
+			if (!$header->hasCritical()) {
+				$crit = new CriticalParameter(JWTParameter::P_B64);
+			} else {
+				$crit = $header->critical()->withParamName(JWTParameter::P_B64);
+			}
+			$header = $header->withParameters($crit);
+		}
+		$signature_input = self::_generateSignatureInput($payload, $header);
+		$signature = $algo->computeSignature($signature_input);
+		return new self($header, $payload, $signature_input, $signature);
+	}
     
-    /**
-     * Get JOSE header.
-     *
-     * @return JOSE
-     */
-    public function header(): JOSE
-    {
-        return new JOSE($this->_protectedHeader);
-    }
+	/**
+	 * Get JOSE header.
+	 *
+	 * @return JOSE
+	 */
+	public function header(): JOSE
+	{
+		return new JOSE($this->_protectedHeader);
+	}
     
-    /**
-     * Get the signature algorithm name.
-     *
-     * @return string
-     */
-    public function algorithmName(): string
-    {
-        return $this->header()
-            ->algorithm()
-            ->value();
-    }
+	/**
+	 * Get the signature algorithm name.
+	 *
+	 * @return string
+	 */
+	public function algorithmName(): string
+	{
+		return $this->header()
+			->algorithm()
+			->value();
+	}
     
-    /**
-     * Check whether JWS is unsecured, that is, contains no signature.
-     *
-     * @return bool
-     */
-    public function isUnsecured(): bool
-    {
-        return $this->algorithmName() == JWA::ALGO_NONE;
-    }
+	/**
+	 * Check whether JWS is unsecured, that is, contains no signature.
+	 *
+	 * @return bool
+	 */
+	public function isUnsecured(): bool
+	{
+		return $this->algorithmName() == JWA::ALGO_NONE;
+	}
     
-    /**
-     * Get the payload.
-     *
-     * @return string
-     */
-    public function payload(): string
-    {
-        return $this->_payload;
-    }
+	/**
+	 * Get the payload.
+	 *
+	 * @return string
+	 */
+	public function payload(): string
+	{
+		return $this->_payload;
+	}
     
-    /**
-     * Get the signature.
-     *
-     * @return string
-     */
-    public function signature(): string
-    {
-        return $this->_signature;
-    }
+	/**
+	 * Get the signature.
+	 *
+	 * @return string
+	 */
+	public function signature(): string
+	{
+		return $this->_signature;
+	}
     
-    /**
-     * Get the payload encoded for serialization.
-     *
-     * @return string
-     */
-    protected function _encodedPayload(): string
-    {
-        $b64 = true;
-        if ($this->_protectedHeader->hasB64Payload()) {
-            $b64 = $this->_protectedHeader->B64Payload()->value();
-        }
-        return $b64 ? Base64::urlEncode($this->_payload) : $this->_payload;
-    }
+	/**
+	 * Get the payload encoded for serialization.
+	 *
+	 * @return string
+	 */
+	protected function _encodedPayload(): string
+	{
+		$b64 = true;
+		if ($this->_protectedHeader->hasB64Payload()) {
+			$b64 = $this->_protectedHeader->B64Payload()->value();
+		}
+		return $b64 ? Base64::urlEncode($this->_payload) : $this->_payload;
+	}
     
-    /**
-     * Validate the signature using explicit algorithm.
-     *
-     * @param SignatureAlgorithm $algo
-     * @throws \UnexpectedValueException If using different signature algorithm
-     *         then specified by the header
-     * @throws \RuntimeException If signature computation fails
-     * @return bool True if signature is valid
-     */
-    public function validate(SignatureAlgorithm $algo): bool
-    {
-        if ($algo->algorithmParamValue() != $this->algorithmName()) {
-            throw new \UnexpectedValueException("Invalid signature algorithm.");
-        }
-        return $algo->validateSignature($this->_signatureInput,
-            $this->_signature);
-    }
+	/**
+	 * Validate the signature using explicit algorithm.
+	 *
+	 * @param SignatureAlgorithm $algo
+	 * @throws \UnexpectedValueException If using different signature algorithm
+	 *         then specified by the header
+	 * @throws \RuntimeException If signature computation fails
+	 * @return bool True if signature is valid
+	 */
+	public function validate(SignatureAlgorithm $algo): bool
+	{
+		if ($algo->algorithmParamValue() != $this->algorithmName()) {
+			throw new \UnexpectedValueException("Invalid signature algorithm.");
+		}
+		return $algo->validateSignature($this->_signatureInput,
+			$this->_signature);
+	}
     
-    /**
-     * Validate the signature using the given JWK.
-     *
-     * Signature algorithm is determined from the header.
-     *
-     * @param JWK $jwk JSON Web Key
-     * @throws \RuntimeException If algorithm initialization fails
-     * @return bool True if signature is valid
-     */
-    public function validateWithJWK(JWK $jwk): bool
-    {
-        $algo = SignatureAlgorithm::fromJWK($jwk, $this->header());
-        return $this->validate($algo);
-    }
+	/**
+	 * Validate the signature using the given JWK.
+	 *
+	 * Signature algorithm is determined from the header.
+	 *
+	 * @param JWK $jwk JSON Web Key
+	 * @throws \RuntimeException If algorithm initialization fails
+	 * @return bool True if signature is valid
+	 */
+	public function validateWithJWK(JWK $jwk): bool
+	{
+		$algo = SignatureAlgorithm::fromJWK($jwk, $this->header());
+		return $this->validate($algo);
+	}
     
-    /**
-     * Validate the signature using a key from the given JWK set.
-     *
-     * Correct key shall be sought by the key ID indicated by the header.
-     *
-     * @param JWKSet $set Set of JSON Web Keys
-     * @throws \RuntimeException If algorithm initialization fails
-     * @return bool True if signature is valid
-     */
-    public function validateWithJWKSet(JWKSet $set): bool
-    {
-        if (!count($set)) {
-            throw new \RuntimeException("No keys.");
-        }
-        $factory = new SignatureAlgorithmFactory($this->header());
-        $algo = $factory->algoByKeys($set);
-        return $this->validate($algo);
-    }
+	/**
+	 * Validate the signature using a key from the given JWK set.
+	 *
+	 * Correct key shall be sought by the key ID indicated by the header.
+	 *
+	 * @param JWKSet $set Set of JSON Web Keys
+	 * @throws \RuntimeException If algorithm initialization fails
+	 * @return bool True if signature is valid
+	 */
+	public function validateWithJWKSet(JWKSet $set): bool
+	{
+		if (!count($set)) {
+			throw new \RuntimeException("No keys.");
+		}
+		$factory = new SignatureAlgorithmFactory($this->header());
+		$algo = $factory->algoByKeys($set);
+		return $this->validate($algo);
+	}
     
-    /**
-     * Convert to compact serialization.
-     *
-     * @return string
-     */
-    public function toCompact(): string
-    {
-        return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
-             $this->_encodedPayload() . "." .
-             Base64::urlEncode($this->_signature);
-    }
+	/**
+	 * Convert to compact serialization.
+	 *
+	 * @return string
+	 */
+	public function toCompact(): string
+	{
+		return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
+			 $this->_encodedPayload() . "." .
+			 Base64::urlEncode($this->_signature);
+	}
     
-    /**
-     * Convert to compact serialization with payload detached.
-     *
-     * @return string
-     */
-    public function toCompactDetached(): string
-    {
-        return Base64::urlEncode($this->_protectedHeader->toJSON()) . ".." .
-             Base64::urlEncode($this->_signature);
-    }
+	/**
+	 * Convert to compact serialization with payload detached.
+	 *
+	 * @return string
+	 */
+	public function toCompactDetached(): string
+	{
+		return Base64::urlEncode($this->_protectedHeader->toJSON()) . ".." .
+			 Base64::urlEncode($this->_signature);
+	}
     
-    /**
-     * Generate input for the signature computation.
-     *
-     * @param string $payload Payload
-     * @param Header $header Protected header
-     * @return string
-     */
-    protected static function _generateSignatureInput(string $payload,
-        Header $header): string
-    {
-        $b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
-        $data = Base64::urlEncode($header->toJSON()) . ".";
-        $data .= $b64 ? Base64::urlEncode($payload) : $payload;
-        return $data;
-    }
+	/**
+	 * Generate input for the signature computation.
+	 *
+	 * @param string $payload Payload
+	 * @param Header $header Protected header
+	 * @return string
+	 */
+	protected static function _generateSignatureInput(string $payload,
+		Header $header): string
+	{
+		$b64 = $header->hasB64Payload() ? $header->B64Payload()->value() : true;
+		$data = Base64::urlEncode($header->toJSON()) . ".";
+		$data .= $b64 ? Base64::urlEncode($payload) : $payload;
+		return $data;
+	}
     
-    /**
-     * Convert JWS to string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toCompact();
-    }
+	/**
+	 * Convert JWS to string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toCompact();
+	}
 }

lib/JWX/JWS/SignatureAlgorithm.php

Indentation +63 added lines, -63 removed lines

@@ -15,73 +15,73 @@
  * Base class for algorithms usable for signing and validating JWS's.
  */
 abstract class SignatureAlgorithm implements 
-    AlgorithmParameterValue,
-    HeaderParameters
+	AlgorithmParameterValue,
+	HeaderParameters
 {
-    /**
-     * ID of the key used by the algorithm.
-     *
-     * If set, KeyID parameter shall be automatically inserted into JWS's
-     * header.
-     *
-     * @var string|null $_keyID
-     */
-    protected $_keyID;
+	/**
+	 * ID of the key used by the algorithm.
+	 *
+	 * If set, KeyID parameter shall be automatically inserted into JWS's
+	 * header.
+	 *
+	 * @var string|null $_keyID
+	 */
+	protected $_keyID;
     
-    /**
-     * Compute signature.
-     *
-     * @param string $data Data for which the signature is computed
-     * @return string
-     */
-    abstract public function computeSignature(string $data): string;
+	/**
+	 * Compute signature.
+	 *
+	 * @param string $data Data for which the signature is computed
+	 * @return string
+	 */
+	abstract public function computeSignature(string $data): string;
     
-    /**
-     * Validate signature.
-     *
-     * @param string $data Data to validate
-     * @param string $signature Signature to compare
-     * @return bool
-     */
-    abstract public function validateSignature(string $data, string $signature): bool;
+	/**
+	 * Validate signature.
+	 *
+	 * @param string $data Data to validate
+	 * @param string $signature Signature to compare
+	 * @return bool
+	 */
+	abstract public function validateSignature(string $data, string $signature): bool;
     
-    /**
-     * Initialize signature algorithm from a JWK and a header.
-     *
-     * @param JWK $jwk JSON Web Key
-     * @param Header $header Header
-     * @return SignatureAlgorithm
-     */
-    public static function fromJWK(JWK $jwk, Header $header)
-    {
-        $factory = new SignatureAlgorithmFactory($header);
-        return $factory->algoByKey($jwk);
-    }
+	/**
+	 * Initialize signature algorithm from a JWK and a header.
+	 *
+	 * @param JWK $jwk JSON Web Key
+	 * @param Header $header Header
+	 * @return SignatureAlgorithm
+	 */
+	public static function fromJWK(JWK $jwk, Header $header)
+	{
+		$factory = new SignatureAlgorithmFactory($header);
+		return $factory->algoByKey($jwk);
+	}
     
-    /**
-     * Get self with key ID.
-     *
-     * @param string|null $id Key ID or null to remove
-     * @return self
-     */
-    public function withKeyID($id): self
-    {
-        $obj = clone $this;
-        $obj->_keyID = $id;
-        return $obj;
-    }
+	/**
+	 * Get self with key ID.
+	 *
+	 * @param string|null $id Key ID or null to remove
+	 * @return self
+	 */
+	public function withKeyID($id): self
+	{
+		$obj = clone $this;
+		$obj->_keyID = $id;
+		return $obj;
+	}
     
-    /**
-     *
-     * @see \JWX\JWT\Header\HeaderParameters::headerParameters()
-     * @return \JWX\JWT\Parameter\JWTParameter[]
-     */
-    public function headerParameters(): array
-    {
-        $params = array();
-        if (isset($this->_keyID)) {
-            $params[] = new KeyIDParameter($this->_keyID);
-        }
-        return $params;
-    }
+	/**
+	 *
+	 * @see \JWX\JWT\Header\HeaderParameters::headerParameters()
+	 * @return \JWX\JWT\Parameter\JWTParameter[]
+	 */
+	public function headerParameters(): array
+	{
+		$params = array();
+		if (isset($this->_keyID)) {
+			$params[] = new KeyIDParameter($this->_keyID);
+		}
+		return $params;
+	}
 }

lib/JWX/JWA/JWA.php

Indentation +215 added lines, -215 removed lines

@@ -17,219 +17,219 @@
  */
 abstract class JWA
 {
-    /**
-     * HMAC using SHA-256.
-     */
-    const ALGO_HS256 = "HS256";
-    
-    /**
-     * HMAC using SHA-384.
-     */
-    const ALGO_HS384 = "HS384";
-    
-    /**
-     * HMAC using SHA-512.
-     */
-    const ALGO_HS512 = "HS512";
-    
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-256.
-     */
-    const ALGO_RS256 = "RS256";
-    
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-384.
-     */
-    const ALGO_RS384 = "RS384";
-    
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-512.
-     */
-    const ALGO_RS512 = "RS512";
-    
-    /**
-     * ECDSA using P-256 and SHA-256.
-     */
-    const ALGO_ES256 = "ES256";
-    
-    /**
-     * ECDSA using P-384 and SHA-384.
-     */
-    const ALGO_ES384 = "ES384";
-    
-    /**
-     * ECDSA using P-521 and SHA-512.
-     */
-    const ALGO_ES512 = "ES512";
-    
-    /**
-     * RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
-     */
-    const ALGO_PS256 = "PS256";
-    
-    /**
-     * RSASSA-PSS using SHA-384 and MGF1 with SHA-384.
-     */
-    const ALGO_PS384 = "PS384";
-    
-    /**
-     * RSASSA-PSS using SHA-512 and MGF1 with SHA-512.
-     */
-    const ALGO_PS512 = "PS512";
-    
-    /**
-     * No digital signature or MAC performed.
-     */
-    const ALGO_NONE = "none";
-    
-    /**
-     * RSAES-PKCS1-v1_5.
-     */
-    const ALGO_RSA1_5 = "RSA1_5";
-    
-    /**
-     * RSAES OAEP using default parameters.
-     */
-    const ALGO_RSA_OAEP = "RSA-OAEP";
-    
-    /**
-     * RSAES OAEP using SHA-256 and MGF1 with SHA-256.
-     */
-    const ALGO_RSA_OAEP256 = "RSA-OAEP-256";
-    
-    /**
-     * AES Key Wrap using 128-bit key.
-     */
-    const ALGO_A128KW = "A128KW";
-    
-    /**
-     * AES Key Wrap using 192-bit key.
-     */
-    const ALGO_A192KW = "A192KW";
-    
-    /**
-     * AES Key Wrap using 256-bit key.
-     */
-    const ALGO_A256KW = "A256KW";
-    
-    /**
-     * Direct use of a shared symmetric key.
-     */
-    const ALGO_DIR = "dir";
-    
-    /**
-     * ECDH-ES using Concat KDF.
-     */
-    const ALGO_ECDH_ES = "ECDH-ES";
-    
-    /**
-     * ECDH-ES using Concat KDF and "A128KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A128KW = "ECDH-ES+A128KW";
-    
-    /**
-     * ECDH-ES using Concat KDF and "A192KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A192KW = "ECDH-ES+A192KW";
-    
-    /**
-     * ECDH-ES using Concat KDF and "A256KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A256KW = "ECDH-ES+A256KW";
-    
-    /**
-     * Key wrapping with AES GCM using 128-bit key.
-     */
-    const ALGO_A128GCMKW = "A128GCMKW";
-    
-    /**
-     * Key wrapping with AES GCM using 192-bit key.
-     */
-    const ALGO_A192GCMKW = "A192GCMKW";
-    
-    /**
-     * Key wrapping with AES GCM using 256-bit key.
-     */
-    const ALGO_A256GCMKW = "A256GCMKW";
-    
-    /**
-     * PBES2 with HMAC SHA-256 and "A128KW" wrapping.
-     */
-    const ALGO_PBES2_HS256_A128KW = "PBES2-HS256+A128KW";
-    
-    /**
-     * PBES2 with HMAC SHA-384 and "A192KW" wrapping.
-     */
-    const ALGO_PBES2_HS384_A192KW = "PBES2-HS384+A192KW";
-    
-    /**
-     * PBES2 with HMAC SHA-512 and "A256KW" wrapping.
-     */
-    const ALGO_PBES2_HS512_A256KW = "PBES2-HS512+A256KW";
-    
-    /**
-     * AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm.
-     */
-    const ALGO_A128CBC_HS256 = "A128CBC-HS256";
-    
-    /**
-     * AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm.
-     */
-    const ALGO_A192CBC_HS384 = "A192CBC-HS384";
-    
-    /**
-     * AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm.
-     */
-    const ALGO_A256CBC_HS512 = "A256CBC-HS512";
-    
-    /**
-     * AES GCM using 128-bit key.
-     */
-    const ALGO_A128GCM = "A128GCM";
-    
-    /**
-     * AES GCM using 192-bit key.
-     */
-    const ALGO_A192GCM = "A192GCM";
-    
-    /**
-     * AES GCM using 256-bit key.
-     */
-    const ALGO_A256GCM = "A256GCM";
-    
-    /**
-     * DEFLATE compression.
-     */
-    const ALGO_DEFLATE = "DEF";
-    
-    /**
-     * Derive algorithm name from the header and optionally from the given JWK.
-     *
-     * @param Header $header Header
-     * @param JWK $jwk Optional JWK
-     * @throws \UnexpectedValueException If algorithm parameter is not present
-     *         or header and JWK algorithms differ.
-     * @return string Algorithm name
-     */
-    public static function deriveAlgorithmName(Header $header, JWK $jwk = null): string
-    {
-        if ($header->hasAlgorithm()) {
-            $alg = $header->algorithm()->value();
-        }
-        // if JWK is set, and has an algorithm parameter
-        if (isset($jwk) && $jwk->hasAlgorithmParameter()) {
-            $jwk_alg = $jwk->algorithmParameter()->value();
-            // check that algorithms match
-            if (isset($alg) && $alg != $jwk_alg) {
-                throw new \UnexpectedValueException(
-                    "JWK algorithm '$jwk_alg' doesn't match" .
-                         " the header's algorithm '$alg'.");
-            }
-            $alg = $jwk_alg;
-        }
-        if (!isset($alg)) {
-            throw new \UnexpectedValueException("No algorithm parameter.");
-        }
-        return $alg;
-    }
+	/**
+	 * HMAC using SHA-256.
+	 */
+	const ALGO_HS256 = "HS256";
+    
+	/**
+	 * HMAC using SHA-384.
+	 */
+	const ALGO_HS384 = "HS384";
+    
+	/**
+	 * HMAC using SHA-512.
+	 */
+	const ALGO_HS512 = "HS512";
+    
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-256.
+	 */
+	const ALGO_RS256 = "RS256";
+    
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-384.
+	 */
+	const ALGO_RS384 = "RS384";
+    
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-512.
+	 */
+	const ALGO_RS512 = "RS512";
+    
+	/**
+	 * ECDSA using P-256 and SHA-256.
+	 */
+	const ALGO_ES256 = "ES256";
+    
+	/**
+	 * ECDSA using P-384 and SHA-384.
+	 */
+	const ALGO_ES384 = "ES384";
+    
+	/**
+	 * ECDSA using P-521 and SHA-512.
+	 */
+	const ALGO_ES512 = "ES512";
+    
+	/**
+	 * RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
+	 */
+	const ALGO_PS256 = "PS256";
+    
+	/**
+	 * RSASSA-PSS using SHA-384 and MGF1 with SHA-384.
+	 */
+	const ALGO_PS384 = "PS384";
+    
+	/**
+	 * RSASSA-PSS using SHA-512 and MGF1 with SHA-512.
+	 */
+	const ALGO_PS512 = "PS512";
+    
+	/**
+	 * No digital signature or MAC performed.
+	 */
+	const ALGO_NONE = "none";
+    
+	/**
+	 * RSAES-PKCS1-v1_5.
+	 */
+	const ALGO_RSA1_5 = "RSA1_5";
+    
+	/**
+	 * RSAES OAEP using default parameters.
+	 */
+	const ALGO_RSA_OAEP = "RSA-OAEP";
+    
+	/**
+	 * RSAES OAEP using SHA-256 and MGF1 with SHA-256.
+	 */
+	const ALGO_RSA_OAEP256 = "RSA-OAEP-256";
+    
+	/**
+	 * AES Key Wrap using 128-bit key.
+	 */
+	const ALGO_A128KW = "A128KW";
+    
+	/**
+	 * AES Key Wrap using 192-bit key.
+	 */
+	const ALGO_A192KW = "A192KW";
+    
+	/**
+	 * AES Key Wrap using 256-bit key.
+	 */
+	const ALGO_A256KW = "A256KW";
+    
+	/**
+	 * Direct use of a shared symmetric key.
+	 */
+	const ALGO_DIR = "dir";
+    
+	/**
+	 * ECDH-ES using Concat KDF.
+	 */
+	const ALGO_ECDH_ES = "ECDH-ES";
+    
+	/**
+	 * ECDH-ES using Concat KDF and "A128KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A128KW = "ECDH-ES+A128KW";
+    
+	/**
+	 * ECDH-ES using Concat KDF and "A192KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A192KW = "ECDH-ES+A192KW";
+    
+	/**
+	 * ECDH-ES using Concat KDF and "A256KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A256KW = "ECDH-ES+A256KW";
+    
+	/**
+	 * Key wrapping with AES GCM using 128-bit key.
+	 */
+	const ALGO_A128GCMKW = "A128GCMKW";
+    
+	/**
+	 * Key wrapping with AES GCM using 192-bit key.
+	 */
+	const ALGO_A192GCMKW = "A192GCMKW";
+    
+	/**
+	 * Key wrapping with AES GCM using 256-bit key.
+	 */
+	const ALGO_A256GCMKW = "A256GCMKW";
+    
+	/**
+	 * PBES2 with HMAC SHA-256 and "A128KW" wrapping.
+	 */
+	const ALGO_PBES2_HS256_A128KW = "PBES2-HS256+A128KW";
+    
+	/**
+	 * PBES2 with HMAC SHA-384 and "A192KW" wrapping.
+	 */
+	const ALGO_PBES2_HS384_A192KW = "PBES2-HS384+A192KW";
+    
+	/**
+	 * PBES2 with HMAC SHA-512 and "A256KW" wrapping.
+	 */
+	const ALGO_PBES2_HS512_A256KW = "PBES2-HS512+A256KW";
+    
+	/**
+	 * AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm.
+	 */
+	const ALGO_A128CBC_HS256 = "A128CBC-HS256";
+    
+	/**
+	 * AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm.
+	 */
+	const ALGO_A192CBC_HS384 = "A192CBC-HS384";
+    
+	/**
+	 * AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm.
+	 */
+	const ALGO_A256CBC_HS512 = "A256CBC-HS512";
+    
+	/**
+	 * AES GCM using 128-bit key.
+	 */
+	const ALGO_A128GCM = "A128GCM";
+    
+	/**
+	 * AES GCM using 192-bit key.
+	 */
+	const ALGO_A192GCM = "A192GCM";
+    
+	/**
+	 * AES GCM using 256-bit key.
+	 */
+	const ALGO_A256GCM = "A256GCM";
+    
+	/**
+	 * DEFLATE compression.
+	 */
+	const ALGO_DEFLATE = "DEF";
+    
+	/**
+	 * Derive algorithm name from the header and optionally from the given JWK.
+	 *
+	 * @param Header $header Header
+	 * @param JWK $jwk Optional JWK
+	 * @throws \UnexpectedValueException If algorithm parameter is not present
+	 *         or header and JWK algorithms differ.
+	 * @return string Algorithm name
+	 */
+	public static function deriveAlgorithmName(Header $header, JWK $jwk = null): string
+	{
+		if ($header->hasAlgorithm()) {
+			$alg = $header->algorithm()->value();
+		}
+		// if JWK is set, and has an algorithm parameter
+		if (isset($jwk) && $jwk->hasAlgorithmParameter()) {
+			$jwk_alg = $jwk->algorithmParameter()->value();
+			// check that algorithms match
+			if (isset($alg) && $alg != $jwk_alg) {
+				throw new \UnexpectedValueException(
+					"JWK algorithm '$jwk_alg' doesn't match" .
+						 " the header's algorithm '$alg'.");
+			}
+			$alg = $jwk_alg;
+		}
+		if (!isset($alg)) {
+			throw new \UnexpectedValueException("No algorithm parameter.");
+		}
+		return $alg;
+	}
 }

lib/JWX/JWE/CompressionAlgorithm/CompressionFactory.php

Indentation +44 added lines, -44 removed lines

@@ -13,50 +13,50 @@
  */
 abstract class CompressionFactory
 {
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = array(
-        /* @formatter:off */
-        JWA::ALGO_DEFLATE => DeflateAlgorithm::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = array(
+		/* @formatter:off */
+		JWA::ALGO_DEFLATE => DeflateAlgorithm::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Get the compression algorithm by name.
-     *
-     * @param string $name
-     * @throws \UnexpectedValueException If algorithm is not supported
-     * @return CompressionAlgorithm
-     */
-    public static function algoByName(string $name): CompressionAlgorithm
-    {
-        if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException(
-                "No compression algorithm '$name'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$name];
-        return new $cls();
-    }
+	/**
+	 * Get the compression algorithm by name.
+	 *
+	 * @param string $name
+	 * @throws \UnexpectedValueException If algorithm is not supported
+	 * @return CompressionAlgorithm
+	 */
+	public static function algoByName(string $name): CompressionAlgorithm
+	{
+		if (!array_key_exists($name, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException(
+				"No compression algorithm '$name'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$name];
+		return new $cls();
+	}
     
-    /**
-     * Get the compression algorithm as specified in the given header.
-     *
-     * @param Header $header Header
-     * @throws \UnexpectedValueException If compression algorithm parameter is
-     *         not present or algorithm is not supported
-     * @return CompressionAlgorithm
-     */
-    public static function algoByHeader(Header $header): CompressionAlgorithm
-    {
-        if (!$header->hasCompressionAlgorithm()) {
-            throw new \UnexpectedValueException(
-                "No compression algorithm parameter.");
-        }
-        return self::algoByName($header->compressionAlgorithm()->value());
-    }
+	/**
+	 * Get the compression algorithm as specified in the given header.
+	 *
+	 * @param Header $header Header
+	 * @throws \UnexpectedValueException If compression algorithm parameter is
+	 *         not present or algorithm is not supported
+	 * @return CompressionAlgorithm
+	 */
+	public static function algoByHeader(Header $header): CompressionAlgorithm
+	{
+		if (!$header->hasCompressionAlgorithm()) {
+			throw new \UnexpectedValueException(
+				"No compression algorithm parameter.");
+		}
+		return self::algoByName($header->compressionAlgorithm()->value());
+	}
 }

lib/JWX/JWE/CompressionAlgorithm/DeflateAlgorithm.php

Indentation +64 added lines, -64 removed lines

@@ -16,73 +16,73 @@
  */
 class DeflateAlgorithm implements CompressionAlgorithm
 {
-    /**
-     * Compression level.
-     *
-     * @var int $_compressionLevel
-     */
-    protected $_compressionLevel;
+	/**
+	 * Compression level.
+	 *
+	 * @var int $_compressionLevel
+	 */
+	protected $_compressionLevel;
     
-    /**
-     * Constructor.
-     *
-     * @param int $level Compression level 0..9
-     */
-    public function __construct(int $level = -1)
-    {
-        if ($level < -1 || $level > 9) {
-            throw new \DomainException("Compression level must be -1..9.");
-        }
-        $this->_compressionLevel = (int) $level;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param int $level Compression level 0..9
+	 */
+	public function __construct(int $level = -1)
+	{
+		if ($level < -1 || $level > 9) {
+			throw new \DomainException("Compression level must be -1..9.");
+		}
+		$this->_compressionLevel = (int) $level;
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\CompressionAlgorithm::compress()
-     * @throws \RuntimeException
-     */
-    public function compress(string $data): string
-    {
-        $ret = @gzdeflate($data, $this->_compressionLevel);
-        if (false === $ret) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ == $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? "gzdeflate() failed.");
-        }
-        return $ret;
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\CompressionAlgorithm::compress()
+	 * @throws \RuntimeException
+	 */
+	public function compress(string $data): string
+	{
+		$ret = @gzdeflate($data, $this->_compressionLevel);
+		if (false === $ret) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ == $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? "gzdeflate() failed.");
+		}
+		return $ret;
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\CompressionAlgorithm::decompress()
-     * @throws \RuntimeException
-     */
-    public function decompress(string $data): string
-    {
-        $ret = @gzinflate($data);
-        if (false === $ret) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ == $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? "gzinflate() failed.");
-        }
-        return $ret;
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\CompressionAlgorithm::decompress()
+	 * @throws \RuntimeException
+	 */
+	public function decompress(string $data): string
+	{
+		$ret = @gzinflate($data);
+		if (false === $ret) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ == $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? "gzinflate() failed.");
+		}
+		return $ret;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function compressionParamValue(): string
-    {
-        return JWA::ALGO_DEFLATE;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function compressionParamValue(): string
+	{
+		return JWA::ALGO_DEFLATE;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        return array(CompressionAlgorithmParameter::fromAlgorithm($this));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		return array(CompressionAlgorithmParameter::fromAlgorithm($this));
+	}
 }