sop / jwx

lib/JWX/JWK/Parameter/ExponentParameter.php

Indentation +11 added lines, -11 removed lines

@@ -11,16 +11,16 @@
  */
 class ExponentParameter extends JWKParameter
 {
-    use Base64UIntValue;
+	use Base64UIntValue;
     
-    /**
-     * Constructor.
-     *
-     * @param string $e Exponent in base64urlUInt encoding
-     */
-    public function __construct($e)
-    {
-        $this->_validateEncoding($e);
-        parent::__construct(self::PARAM_EXPONENT, $e);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $e Exponent in base64urlUInt encoding
+	 */
+	public function __construct($e)
+	{
+		$this->_validateEncoding($e);
+		parent::__construct(self::PARAM_EXPONENT, $e);
+	}
 }

lib/JWX/JWK/Parameter/OtherPrimesInfoParameter.php

Indentation +10 added lines, -10 removed lines

@@ -12,15 +12,15 @@
  */
 class OtherPrimesInfoParameter extends JWKParameter
 {
-    use ArrayParameterValue;
+	use ArrayParameterValue;
     
-    /**
-     * Constructor.
-     *
-     * @param array[] ...$primes
-     */
-    public function __construct(...$primes)
-    {
-        parent::__construct(self::PARAM_OTHER_PRIMES_INFO, $primes);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param array[] ...$primes
+	 */
+	public function __construct(...$primes)
+	{
+		parent::__construct(self::PARAM_OTHER_PRIMES_INFO, $primes);
+	}
 }

lib/JWX/JWK/Parameter/SecondFactorCRTExponentParameter.php

Indentation +11 added lines, -11 removed lines

@@ -11,16 +11,16 @@
  */
 class SecondFactorCRTExponentParameter extends JWKParameter
 {
-    use Base64UIntValue;
+	use Base64UIntValue;
     
-    /**
-     * Constructor.
-     *
-     * @param string $dq Second factor CRT exponent in base64urlUInt encoding
-     */
-    public function __construct($dq)
-    {
-        $this->_validateEncoding($dq);
-        parent::__construct(self::PARAM_SECOND_FACTOR_CRT_EXPONENT, $dq);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $dq Second factor CRT exponent in base64urlUInt encoding
+	 */
+	public function __construct($dq)
+	{
+		$this->_validateEncoding($dq);
+		parent::__construct(self::PARAM_SECOND_FACTOR_CRT_EXPONENT, $dq);
+	}
 }

lib/JWX/JWK/Parameter/JWKParameter.php

Indentation +118 added lines, -118 removed lines

@@ -12,127 +12,127 @@
  */
 class JWKParameter extends Parameter
 {
-    // registered parameter names
-    const PARAM_KEY_TYPE = "kty";
-    const PARAM_PUBLIC_KEY_USE = "use";
-    const PARAM_KEY_OPERATIONS = "key_ops";
-    const PARAM_ALGORITHM = "alg";
-    const PARAM_KEY_ID = "kid";
-    const PARAM_X509_URL = "x5u";
-    const PARAM_X509_CERTIFICATE_CHAIN = "x5c";
-    const PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT = "x5t";
-    const PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT = "x5t#S256";
-    const PARAM_CURVE = "crv";
-    const PARAM_X_COORDINATE = "x";
-    const PARAM_Y_COORDINATE = "y";
-    const PARAM_ECC_PRIVATE_KEY = "d";
-    const PARAM_MODULUS = "n";
-    const PARAM_EXPONENT = "e";
-    const PARAM_PRIVATE_EXPONENT = "d";
-    const PARAM_FIRST_PRIME_FACTOR = "p";
-    const PARAM_SECOND_PRIME_FACTOR = "q";
-    const PARAM_FIRST_FACTOR_CRT_EXPONENT = "dp";
-    const PARAM_SECOND_FACTOR_CRT_EXPONENT = "dq";
-    const PARAM_FIRST_CRT_COEFFICIENT = "qi";
-    const PARAM_OTHER_PRIMES_INFO = "oth";
-    const PARAM_KEY_VALUE = "k";
+	// registered parameter names
+	const PARAM_KEY_TYPE = "kty";
+	const PARAM_PUBLIC_KEY_USE = "use";
+	const PARAM_KEY_OPERATIONS = "key_ops";
+	const PARAM_ALGORITHM = "alg";
+	const PARAM_KEY_ID = "kid";
+	const PARAM_X509_URL = "x5u";
+	const PARAM_X509_CERTIFICATE_CHAIN = "x5c";
+	const PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT = "x5t";
+	const PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT = "x5t#S256";
+	const PARAM_CURVE = "crv";
+	const PARAM_X_COORDINATE = "x";
+	const PARAM_Y_COORDINATE = "y";
+	const PARAM_ECC_PRIVATE_KEY = "d";
+	const PARAM_MODULUS = "n";
+	const PARAM_EXPONENT = "e";
+	const PARAM_PRIVATE_EXPONENT = "d";
+	const PARAM_FIRST_PRIME_FACTOR = "p";
+	const PARAM_SECOND_PRIME_FACTOR = "q";
+	const PARAM_FIRST_FACTOR_CRT_EXPONENT = "dp";
+	const PARAM_SECOND_FACTOR_CRT_EXPONENT = "dq";
+	const PARAM_FIRST_CRT_COEFFICIENT = "qi";
+	const PARAM_OTHER_PRIMES_INFO = "oth";
+	const PARAM_KEY_VALUE = "k";
     
-    // shorthand aliases for parameter names
-    const P_KTY = self::PARAM_KEY_TYPE;
-    const P_USE = self::PARAM_PUBLIC_KEY_USE;
-    const P_KEY_OPS = self::PARAM_KEY_OPERATIONS;
-    const P_ALG = self::PARAM_ALGORITHM;
-    const P_KID = self::PARAM_KEY_ID;
-    const P_X5U = self::PARAM_X509_URL;
-    const P_X5C = self::PARAM_X509_CERTIFICATE_CHAIN;
-    const P_X5T = self::PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT;
-    const P_X5TS256 = self::PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT;
-    const P_CRV = self::PARAM_CURVE;
-    const P_X = self::PARAM_X_COORDINATE;
-    const P_Y = self::PARAM_Y_COORDINATE;
-    const P_ECC_D = self::PARAM_ECC_PRIVATE_KEY;
-    const P_N = self::PARAM_MODULUS;
-    const P_E = self::PARAM_EXPONENT;
-    const P_RSA_D = self::PARAM_PRIVATE_EXPONENT;
-    const P_P = self::PARAM_FIRST_PRIME_FACTOR;
-    const P_Q = self::PARAM_SECOND_PRIME_FACTOR;
-    const P_DP = self::PARAM_FIRST_FACTOR_CRT_EXPONENT;
-    const P_DQ = self::PARAM_SECOND_FACTOR_CRT_EXPONENT;
-    const P_QI = self::PARAM_FIRST_CRT_COEFFICIENT;
-    const P_OTH = self::PARAM_OTHER_PRIMES_INFO;
-    const P_K = self::PARAM_KEY_VALUE;
+	// shorthand aliases for parameter names
+	const P_KTY = self::PARAM_KEY_TYPE;
+	const P_USE = self::PARAM_PUBLIC_KEY_USE;
+	const P_KEY_OPS = self::PARAM_KEY_OPERATIONS;
+	const P_ALG = self::PARAM_ALGORITHM;
+	const P_KID = self::PARAM_KEY_ID;
+	const P_X5U = self::PARAM_X509_URL;
+	const P_X5C = self::PARAM_X509_CERTIFICATE_CHAIN;
+	const P_X5T = self::PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT;
+	const P_X5TS256 = self::PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT;
+	const P_CRV = self::PARAM_CURVE;
+	const P_X = self::PARAM_X_COORDINATE;
+	const P_Y = self::PARAM_Y_COORDINATE;
+	const P_ECC_D = self::PARAM_ECC_PRIVATE_KEY;
+	const P_N = self::PARAM_MODULUS;
+	const P_E = self::PARAM_EXPONENT;
+	const P_RSA_D = self::PARAM_PRIVATE_EXPONENT;
+	const P_P = self::PARAM_FIRST_PRIME_FACTOR;
+	const P_Q = self::PARAM_SECOND_PRIME_FACTOR;
+	const P_DP = self::PARAM_FIRST_FACTOR_CRT_EXPONENT;
+	const P_DQ = self::PARAM_SECOND_FACTOR_CRT_EXPONENT;
+	const P_QI = self::PARAM_FIRST_CRT_COEFFICIENT;
+	const P_OTH = self::PARAM_OTHER_PRIMES_INFO;
+	const P_K = self::PARAM_KEY_VALUE;
     
-    /**
-     * Mapping from registered JWK parameter name to class name.
-     *
-     * Note that ECC private key and RSA private key cannot be mapped since
-     * they share the same parameter name 'd'.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_NAME_TO_CLASS = array(
-        /* @formatter:off */
-        self::P_KTY => KeyTypeParameter::class,
-        self::P_USE => PublicKeyUseParameter::class,
-        self::P_KEY_OPS => KeyOperationsParameter::class,
-        self::P_ALG => AlgorithmParameter::class,
-        self::P_KID => KeyIDParameter::class,
-        self::P_CRV => CurveParameter::class,
-        self::P_X => XCoordinateParameter::class,
-        self::P_Y => YCoordinateParameter::class,
-        self::P_N => ModulusParameter::class,
-        self::P_E => ExponentParameter::class,
-        self::P_P => FirstPrimeFactorParameter::class,
-        self::P_Q => SecondPrimeFactorParameter::class,
-        self::P_DP => FirstFactorCRTExponentParameter::class,
-        self::P_DQ => SecondFactorCRTExponentParameter::class,
-        self::P_QI => FirstCRTCoefficientParameter::class,
-        self::P_OTH => OtherPrimesInfoParameter::class,
-        self::P_K => KeyValueParameter::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from registered JWK parameter name to class name.
+	 *
+	 * Note that ECC private key and RSA private key cannot be mapped since
+	 * they share the same parameter name 'd'.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_NAME_TO_CLASS = array(
+		/* @formatter:off */
+		self::P_KTY => KeyTypeParameter::class,
+		self::P_USE => PublicKeyUseParameter::class,
+		self::P_KEY_OPS => KeyOperationsParameter::class,
+		self::P_ALG => AlgorithmParameter::class,
+		self::P_KID => KeyIDParameter::class,
+		self::P_CRV => CurveParameter::class,
+		self::P_X => XCoordinateParameter::class,
+		self::P_Y => YCoordinateParameter::class,
+		self::P_N => ModulusParameter::class,
+		self::P_E => ExponentParameter::class,
+		self::P_P => FirstPrimeFactorParameter::class,
+		self::P_Q => SecondPrimeFactorParameter::class,
+		self::P_DP => FirstFactorCRTExponentParameter::class,
+		self::P_DQ => SecondFactorCRTExponentParameter::class,
+		self::P_QI => FirstCRTCoefficientParameter::class,
+		self::P_OTH => OtherPrimesInfoParameter::class,
+		self::P_K => KeyValueParameter::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Constructor.
-     *
-     * @param string $name Parameter name
-     * @param mixed $value Parameter value
-     */
-    public function __construct($name, $value)
-    {
-        $this->_name = $name;
-        $this->_value = $value;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $name Parameter name
+	 * @param mixed $value Parameter value
+	 */
+	public function __construct($name, $value)
+	{
+		$this->_name = $name;
+		$this->_value = $value;
+	}
     
-    /**
-     * Initialize from a name and a value.
-     *
-     * Returns a parameter specific object if one is implemented.
-     *
-     * @param string $name Parameter name
-     * @param mixed $value Parameter value
-     * @return self
-     */
-    public static function fromNameAndValue($name, $value)
-    {
-        if (array_key_exists($name, self::MAP_NAME_TO_CLASS)) {
-            $cls = self::MAP_NAME_TO_CLASS[$name];
-            return $cls::fromJSONValue($value);
-        }
-        return new self($name, $value);
-    }
+	/**
+	 * Initialize from a name and a value.
+	 *
+	 * Returns a parameter specific object if one is implemented.
+	 *
+	 * @param string $name Parameter name
+	 * @param mixed $value Parameter value
+	 * @return self
+	 */
+	public static function fromNameAndValue($name, $value)
+	{
+		if (array_key_exists($name, self::MAP_NAME_TO_CLASS)) {
+			$cls = self::MAP_NAME_TO_CLASS[$name];
+			return $cls::fromJSONValue($value);
+		}
+		return new self($name, $value);
+	}
     
-    /**
-     * Initialize from a JSON value.
-     *
-     * @param mixed $value
-     * @return self
-     */
-    public static function fromJSONValue($value)
-    {
-        throw new \BadMethodCallException(
-            __FUNCTION__ . " must be implemented in a derived class.");
-    }
+	/**
+	 * Initialize from a JSON value.
+	 *
+	 * @param mixed $value
+	 * @return self
+	 */
+	public static function fromJSONValue($value)
+	{
+		throw new \BadMethodCallException(
+			__FUNCTION__ . " must be implemented in a derived class.");
+	}
 }

lib/JWX/JWK/Parameter/KeyTypeParameter.php

Indentation +22 added lines, -22 removed lines

@@ -11,30 +11,30 @@
  */
 class KeyTypeParameter extends JWKParameter
 {
-    use StringParameterValue;
+	use StringParameterValue;
     
-    /**
-     * Octet sequence key type.
-     */
-    const TYPE_OCT = "oct";
+	/**
+	 * Octet sequence key type.
+	 */
+	const TYPE_OCT = "oct";
     
-    /**
-     * RSA key type.
-     */
-    const TYPE_RSA = "RSA";
+	/**
+	 * RSA key type.
+	 */
+	const TYPE_RSA = "RSA";
     
-    /**
-     * Elliptic curve key type.
-     */
-    const TYPE_EC = "EC";
+	/**
+	 * Elliptic curve key type.
+	 */
+	const TYPE_EC = "EC";
     
-    /**
-     * Constructor.
-     *
-     * @param string $type Key type
-     */
-    public function __construct($type)
-    {
-        parent::__construct(self::PARAM_KEY_TYPE, $type);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $type Key type
+	 */
+	public function __construct($type)
+	{
+		parent::__construct(self::PARAM_KEY_TYPE, $type);
+	}
 }

lib/JWX/JWK/Parameter/PrivateExponentParameter.php

Indentation +11 added lines, -11 removed lines

@@ -11,16 +11,16 @@
  */
 class PrivateExponentParameter extends JWKParameter
 {
-    use Base64UIntValue;
+	use Base64UIntValue;
     
-    /**
-     * Constructor.
-     *
-     * @param string $d Private exponent in base64urlUInt encoding
-     */
-    public function __construct($d)
-    {
-        $this->_validateEncoding($d);
-        parent::__construct(self::PARAM_PRIVATE_EXPONENT, $d);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $d Private exponent in base64urlUInt encoding
+	 */
+	public function __construct($d)
+	{
+		$this->_validateEncoding($d);
+		parent::__construct(self::PARAM_PRIVATE_EXPONENT, $d);
+	}
 }

lib/JWX/JWK/Asymmetric/PublicKeyJWK.php

Indentation +33 added lines, -33 removed lines

@@ -15,39 +15,39 @@
  */
 abstract class PublicKeyJWK extends JWK
 {
-    /**
-     * Convert public key to PEM.
-     *
-     * @return \Sop\CryptoEncoding\PEM
-     */
-    abstract public function toPEM();
+	/**
+	 * Convert public key to PEM.
+	 *
+	 * @return \Sop\CryptoEncoding\PEM
+	 */
+	abstract public function toPEM();
     
-    /**
-     * Initialize from a PublicKey object.
-     *
-     * @param PublicKey $pub_key Public key
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPublicKey(PublicKey $pub_key)
-    {
-        if ($pub_key instanceof RSAPublicKey) {
-            return RSAPublicKeyJWK::fromRSAPublicKey($pub_key);
-        }
-        if ($pub_key instanceof ECPublicKey) {
-            return ECPublicKeyJWK::fromECPublicKey($pub_key);
-        }
-        throw new \UnexpectedValueException("Unsupported public key.");
-    }
+	/**
+	 * Initialize from a PublicKey object.
+	 *
+	 * @param PublicKey $pub_key Public key
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPublicKey(PublicKey $pub_key)
+	{
+		if ($pub_key instanceof RSAPublicKey) {
+			return RSAPublicKeyJWK::fromRSAPublicKey($pub_key);
+		}
+		if ($pub_key instanceof ECPublicKey) {
+			return ECPublicKeyJWK::fromECPublicKey($pub_key);
+		}
+		throw new \UnexpectedValueException("Unsupported public key.");
+	}
     
-    /**
-     * Initialize from a PublicKeyInfo object.
-     *
-     * @param PublicKeyInfo $pki Public key info
-     * @return self
-     */
-    public static function fromPublicKeyInfo(PublicKeyInfo $pki)
-    {
-        return self::fromPublicKey($pki->publicKey());
-    }
+	/**
+	 * Initialize from a PublicKeyInfo object.
+	 *
+	 * @param PublicKeyInfo $pki Public key info
+	 * @return self
+	 */
+	public static function fromPublicKeyInfo(PublicKeyInfo $pki)
+	{
+		return self::fromPublicKey($pki->publicKey());
+	}
 }

lib/JWX/JWK/Asymmetric/PrivateKeyJWK.php

Indentation +39 added lines, -39 removed lines

@@ -15,46 +15,46 @@
  */
 abstract class PrivateKeyJWK extends JWK
 {
-    /**
-     * Get the public key component of the asymmetric key pair.
-     *
-     * @return PublicKeyJWK
-     */
-    abstract public function publicKey();
+	/**
+	 * Get the public key component of the asymmetric key pair.
+	 *
+	 * @return PublicKeyJWK
+	 */
+	abstract public function publicKey();
     
-    /**
-     * Convert private key to PEM.
-     *
-     * @return \Sop\CryptoEncoding\PEM
-     */
-    abstract public function toPEM();
+	/**
+	 * Convert private key to PEM.
+	 *
+	 * @return \Sop\CryptoEncoding\PEM
+	 */
+	abstract public function toPEM();
     
-    /**
-     * Initialize from a PrivateKey object.
-     *
-     * @param PrivateKey $priv_key Private key
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPrivateKey(PrivateKey $priv_key)
-    {
-        if ($priv_key instanceof RSAPrivateKey) {
-            return RSAPrivateKeyJWK::fromRSAPrivateKey($priv_key);
-        }
-        if ($priv_key instanceof ECPrivateKey) {
-            return ECPrivateKeyJWK::fromECPrivateKey($priv_key);
-        }
-        throw new \UnexpectedValueException("Unsupported private key.");
-    }
+	/**
+	 * Initialize from a PrivateKey object.
+	 *
+	 * @param PrivateKey $priv_key Private key
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPrivateKey(PrivateKey $priv_key)
+	{
+		if ($priv_key instanceof RSAPrivateKey) {
+			return RSAPrivateKeyJWK::fromRSAPrivateKey($priv_key);
+		}
+		if ($priv_key instanceof ECPrivateKey) {
+			return ECPrivateKeyJWK::fromECPrivateKey($priv_key);
+		}
+		throw new \UnexpectedValueException("Unsupported private key.");
+	}
     
-    /**
-     * Initialize from a PrivateKeyInfo object.
-     *
-     * @param PrivateKeyInfo $pki PrivateKeyInfo
-     * @return self
-     */
-    public static function fromPrivateKeyInfo(PrivateKeyInfo $pki)
-    {
-        return self::fromPrivateKey($pki->privateKey());
-    }
+	/**
+	 * Initialize from a PrivateKeyInfo object.
+	 *
+	 * @param PrivateKeyInfo $pki PrivateKeyInfo
+	 * @return self
+	 */
+	public static function fromPrivateKeyInfo(PrivateKeyInfo $pki)
+	{
+		return self::fromPrivateKey($pki->privateKey());
+	}
 }

lib/JWX/JWT/JWT.php

Indentation +389 added lines, -389 removed lines

@@ -24,417 +24,417 @@
  */
 class JWT
 {
-    /**
-     * Type identifier for the signed JWT.
-     *
-     * @internal
-     *
-     * @var int
-     */
-    const TYPE_JWS = 0;
+	/**
+	 * Type identifier for the signed JWT.
+	 *
+	 * @internal
+	 *
+	 * @var int
+	 */
+	const TYPE_JWS = 0;
     
-    /**
-     * Type identifier for the encrypted JWT.
-     *
-     * @internal
-     *
-     * @var int
-     */
-    const TYPE_JWE = 1;
+	/**
+	 * Type identifier for the encrypted JWT.
+	 *
+	 * @internal
+	 *
+	 * @var int
+	 */
+	const TYPE_JWE = 1;
     
-    /**
-     * JWT parts.
-     *
-     * @var string[] $_parts
-     */
-    protected $_parts;
+	/**
+	 * JWT parts.
+	 *
+	 * @var string[] $_parts
+	 */
+	protected $_parts;
     
-    /**
-     * JWT type.
-     *
-     * @var int $_type
-     */
-    protected $_type;
+	/**
+	 * JWT type.
+	 *
+	 * @var int $_type
+	 */
+	protected $_type;
     
-    /**
-     * Constructor.
-     *
-     * @param string $token JWT string
-     * @throws \UnexpectedValueException
-     */
-    public function __construct($token)
-    {
-        $this->_parts = explode(".", $token);
-        switch (count($this->_parts)) {
-            case 3:
-                $this->_type = self::TYPE_JWS;
-                break;
-            case 5:
-                $this->_type = self::TYPE_JWE;
-                break;
-            default:
-                throw new \UnexpectedValueException("Not a JWT token.");
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $token JWT string
+	 * @throws \UnexpectedValueException
+	 */
+	public function __construct($token)
+	{
+		$this->_parts = explode(".", $token);
+		switch (count($this->_parts)) {
+			case 3:
+				$this->_type = self::TYPE_JWS;
+				break;
+			case 5:
+				$this->_type = self::TYPE_JWE;
+				break;
+			default:
+				throw new \UnexpectedValueException("Not a JWT token.");
+		}
+	}
     
-    /**
-     * Convert claims set to an unsecured JWT.
-     *
-     * Unsecured JWT is not signed nor encrypted neither integrity protected,
-     * and should thus be handled with care!
-     *
-     * @link https://tools.ietf.org/html/rfc7519#section-6
-     * @param Claims $claims Claims set
-     * @param Header|null $header Optional header
-     * @throws \RuntimeException For generic errors
-     * @return self
-     */
-    public static function unsecuredFromClaims(Claims $claims,
-        Header $header = null)
-    {
-        return self::signedFromClaims($claims, new NoneAlgorithm(), $header);
-    }
+	/**
+	 * Convert claims set to an unsecured JWT.
+	 *
+	 * Unsecured JWT is not signed nor encrypted neither integrity protected,
+	 * and should thus be handled with care!
+	 *
+	 * @link https://tools.ietf.org/html/rfc7519#section-6
+	 * @param Claims $claims Claims set
+	 * @param Header|null $header Optional header
+	 * @throws \RuntimeException For generic errors
+	 * @return self
+	 */
+	public static function unsecuredFromClaims(Claims $claims,
+		Header $header = null)
+	{
+		return self::signedFromClaims($claims, new NoneAlgorithm(), $header);
+	}
     
-    /**
-     * Convert claims set to a signed JWS token.
-     *
-     * @param Claims $claims Claims set
-     * @param SignatureAlgorithm $algo Signature algorithm
-     * @param Header|null $header Optional header
-     * @throws \RuntimeException For generic errors
-     * @return self
-     */
-    public static function signedFromClaims(Claims $claims,
-        SignatureAlgorithm $algo, Header $header = null)
-    {
-        $payload = $claims->toJSON();
-        $jws = JWS::sign($payload, $algo, $header);
-        return new self($jws->toCompact());
-    }
+	/**
+	 * Convert claims set to a signed JWS token.
+	 *
+	 * @param Claims $claims Claims set
+	 * @param SignatureAlgorithm $algo Signature algorithm
+	 * @param Header|null $header Optional header
+	 * @throws \RuntimeException For generic errors
+	 * @return self
+	 */
+	public static function signedFromClaims(Claims $claims,
+		SignatureAlgorithm $algo, Header $header = null)
+	{
+		$payload = $claims->toJSON();
+		$jws = JWS::sign($payload, $algo, $header);
+		return new self($jws->toCompact());
+	}
     
-    /**
-     * Convert claims set to an encrypted JWE token.
-     *
-     * @param Claims $claims Claims set
-     * @param KeyManagementAlgorithm $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
-     * @param Header|null $header Optional header
-     * @throws \RuntimeException For generic errors
-     * @return self
-     */
-    public static function encryptedFromClaims(Claims $claims,
-        KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
-        CompressionAlgorithm $zip_algo = null, Header $header = null)
-    {
-        $payload = $claims->toJSON();
-        $jwe = JWE::encrypt($payload, $key_algo, $enc_algo, $zip_algo, $header);
-        return new self($jwe->toCompact());
-    }
+	/**
+	 * Convert claims set to an encrypted JWE token.
+	 *
+	 * @param Claims $claims Claims set
+	 * @param KeyManagementAlgorithm $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
+	 * @param Header|null $header Optional header
+	 * @throws \RuntimeException For generic errors
+	 * @return self
+	 */
+	public static function encryptedFromClaims(Claims $claims,
+		KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
+		CompressionAlgorithm $zip_algo = null, Header $header = null)
+	{
+		$payload = $claims->toJSON();
+		$jwe = JWE::encrypt($payload, $key_algo, $enc_algo, $zip_algo, $header);
+		return new self($jwe->toCompact());
+	}
     
-    /**
-     * Get claims from the JWT.
-     *
-     * Claims shall be validated according to given validation context.
-     * Validation context must contain all the necessary keys for the signature
-     * validation and/or content decryption.
-     *
-     * If validation context contains only one key, it shall be used explicitly.
-     * If multiple keys are provided, they must contain a JWK ID parameter for
-     * the key identification.
-     *
-     * @param ValidationContext $ctx
-     * @throws ValidationException If signature is invalid, or decryption fails,
-     *         or claims validation fails.
-     * @throws \RuntimeException For generic errors
-     * @return Claims
-     */
-    public function claims(ValidationContext $ctx)
-    {
-        // check signature or decrypt depending on the JWT type.
-        if ($this->isJWS()) {
-            $payload = self::_validatedPayloadFromJWS($this->JWS(), $ctx);
-        } else {
-            $payload = self::_validatedPayloadFromJWE($this->JWE(), $ctx);
-        }
-        // if JWT contains a nested token
-        if ($this->isNested()) {
-            return $this->_claimsFromNestedPayload($payload, $ctx);
-        }
-        // decode claims and validate
-        $claims = Claims::fromJSON($payload);
-        $ctx->validate($claims);
-        return $claims;
-    }
+	/**
+	 * Get claims from the JWT.
+	 *
+	 * Claims shall be validated according to given validation context.
+	 * Validation context must contain all the necessary keys for the signature
+	 * validation and/or content decryption.
+	 *
+	 * If validation context contains only one key, it shall be used explicitly.
+	 * If multiple keys are provided, they must contain a JWK ID parameter for
+	 * the key identification.
+	 *
+	 * @param ValidationContext $ctx
+	 * @throws ValidationException If signature is invalid, or decryption fails,
+	 *         or claims validation fails.
+	 * @throws \RuntimeException For generic errors
+	 * @return Claims
+	 */
+	public function claims(ValidationContext $ctx)
+	{
+		// check signature or decrypt depending on the JWT type.
+		if ($this->isJWS()) {
+			$payload = self::_validatedPayloadFromJWS($this->JWS(), $ctx);
+		} else {
+			$payload = self::_validatedPayloadFromJWE($this->JWE(), $ctx);
+		}
+		// if JWT contains a nested token
+		if ($this->isNested()) {
+			return $this->_claimsFromNestedPayload($payload, $ctx);
+		}
+		// decode claims and validate
+		$claims = Claims::fromJSON($payload);
+		$ctx->validate($claims);
+		return $claims;
+	}
     
-    /**
-     * Sign self producing a nested JWT.
-     *
-     * Note that if JWT is to be signed and encrypted, it should be done in
-     * sign-then-encrypt order. Please refer to links for security information.
-     *
-     * @link https://tools.ietf.org/html/rfc7519#section-11.2
-     * @param SignatureAlgorithm $algo Signature algorithm
-     * @param Header|null $header Optional header
-     * @throws \RuntimeException For generic errors
-     * @return self
-     */
-    public function signNested(SignatureAlgorithm $algo, Header $header = null)
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // add JWT content type parameter
-        $header = $header->withParameters(
-            new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
-        $jws = JWS::sign($this->token(), $algo, $header);
-        return new self($jws->toCompact());
-    }
+	/**
+	 * Sign self producing a nested JWT.
+	 *
+	 * Note that if JWT is to be signed and encrypted, it should be done in
+	 * sign-then-encrypt order. Please refer to links for security information.
+	 *
+	 * @link https://tools.ietf.org/html/rfc7519#section-11.2
+	 * @param SignatureAlgorithm $algo Signature algorithm
+	 * @param Header|null $header Optional header
+	 * @throws \RuntimeException For generic errors
+	 * @return self
+	 */
+	public function signNested(SignatureAlgorithm $algo, Header $header = null)
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// add JWT content type parameter
+		$header = $header->withParameters(
+			new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
+		$jws = JWS::sign($this->token(), $algo, $header);
+		return new self($jws->toCompact());
+	}
     
-    /**
-     * Encrypt self producing a nested JWT.
-     *
-     * This JWT should be a JWS, that is, the order of nesting should be
-     * sign-then-encrypt.
-     *
-     * @link https://tools.ietf.org/html/rfc7519#section-11.2
-     * @param KeyManagementAlgorithm $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
-     * @param Header|null $header Optional header
-     * @throws \RuntimeException For generic errors
-     * @return self
-     */
-    public function encryptNested(KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo,
-        CompressionAlgorithm $zip_algo = null, Header $header = null)
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // add JWT content type parameter
-        $header = $header->withParameters(
-            new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
-        $jwe = JWE::encrypt($this->token(), $key_algo, $enc_algo, $zip_algo,
-            $header);
-        return new self($jwe->toCompact());
-    }
+	/**
+	 * Encrypt self producing a nested JWT.
+	 *
+	 * This JWT should be a JWS, that is, the order of nesting should be
+	 * sign-then-encrypt.
+	 *
+	 * @link https://tools.ietf.org/html/rfc7519#section-11.2
+	 * @param KeyManagementAlgorithm $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
+	 * @param Header|null $header Optional header
+	 * @throws \RuntimeException For generic errors
+	 * @return self
+	 */
+	public function encryptNested(KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo,
+		CompressionAlgorithm $zip_algo = null, Header $header = null)
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// add JWT content type parameter
+		$header = $header->withParameters(
+			new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
+		$jwe = JWE::encrypt($this->token(), $key_algo, $enc_algo, $zip_algo,
+			$header);
+		return new self($jwe->toCompact());
+	}
     
-    /**
-     * Whether JWT is a JWS.
-     *
-     * @return bool
-     */
-    public function isJWS()
-    {
-        return $this->_type == self::TYPE_JWS;
-    }
+	/**
+	 * Whether JWT is a JWS.
+	 *
+	 * @return bool
+	 */
+	public function isJWS()
+	{
+		return $this->_type == self::TYPE_JWS;
+	}
     
-    /**
-     * Get JWT as a JWS.
-     *
-     * @throws \LogicException
-     * @return JWS
-     */
-    public function JWS()
-    {
-        if (!$this->isJWS()) {
-            throw new \LogicException("Not a JWS.");
-        }
-        return JWS::fromParts($this->_parts);
-    }
+	/**
+	 * Get JWT as a JWS.
+	 *
+	 * @throws \LogicException
+	 * @return JWS
+	 */
+	public function JWS()
+	{
+		if (!$this->isJWS()) {
+			throw new \LogicException("Not a JWS.");
+		}
+		return JWS::fromParts($this->_parts);
+	}
     
-    /**
-     * Whether JWT is a JWE.
-     *
-     * @return bool
-     */
-    public function isJWE()
-    {
-        return $this->_type == self::TYPE_JWE;
-    }
+	/**
+	 * Whether JWT is a JWE.
+	 *
+	 * @return bool
+	 */
+	public function isJWE()
+	{
+		return $this->_type == self::TYPE_JWE;
+	}
     
-    /**
-     * Get JWT as a JWE.
-     *
-     * @throws \LogicException
-     * @return JWE
-     */
-    public function JWE()
-    {
-        if (!$this->isJWE()) {
-            throw new \LogicException("Not a JWE.");
-        }
-        return JWE::fromParts($this->_parts);
-    }
+	/**
+	 * Get JWT as a JWE.
+	 *
+	 * @throws \LogicException
+	 * @return JWE
+	 */
+	public function JWE()
+	{
+		if (!$this->isJWE()) {
+			throw new \LogicException("Not a JWE.");
+		}
+		return JWE::fromParts($this->_parts);
+	}
     
-    /**
-     * Check whether JWT contains another nested JWT.
-     *
-     * @return bool
-     */
-    public function isNested()
-    {
-        $header = $this->header();
-        if (!$header->hasContentType()) {
-            return false;
-        }
-        $cty = $header->contentType()->value();
-        if ($cty != ContentTypeParameter::TYPE_JWT) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether JWT contains another nested JWT.
+	 *
+	 * @return bool
+	 */
+	public function isNested()
+	{
+		$header = $this->header();
+		if (!$header->hasContentType()) {
+			return false;
+		}
+		$cty = $header->contentType()->value();
+		if ($cty != ContentTypeParameter::TYPE_JWT) {
+			return false;
+		}
+		return true;
+	}
     
-    /**
-     * Check whether JWT is unsecured, that is, it's neither integrity protected
-     * nor encrypted.
-     *
-     * @return bool
-     */
-    public function isUnsecured()
-    {
-        // encrypted JWT shall be considered secure
-        if ($this->isJWE()) {
-            return false;
-        }
-        // check whether JWS is unsecured
-        return $this->JWS()->isUnsecured();
-    }
+	/**
+	 * Check whether JWT is unsecured, that is, it's neither integrity protected
+	 * nor encrypted.
+	 *
+	 * @return bool
+	 */
+	public function isUnsecured()
+	{
+		// encrypted JWT shall be considered secure
+		if ($this->isJWE()) {
+			return false;
+		}
+		// check whether JWS is unsecured
+		return $this->JWS()->isUnsecured();
+	}
     
-    /**
-     * Get JWT header.
-     *
-     * @return JOSE
-     */
-    public function header()
-    {
-        $header = Header::fromJSON(Base64::urlDecode($this->_parts[0]));
-        return new JOSE($header);
-    }
+	/**
+	 * Get JWT header.
+	 *
+	 * @return JOSE
+	 */
+	public function header()
+	{
+		$header = Header::fromJSON(Base64::urlDecode($this->_parts[0]));
+		return new JOSE($header);
+	}
     
-    /**
-     * Get JWT as a string.
-     *
-     * @return string
-     */
-    public function token()
-    {
-        return implode(".", $this->_parts);
-    }
+	/**
+	 * Get JWT as a string.
+	 *
+	 * @return string
+	 */
+	public function token()
+	{
+		return implode(".", $this->_parts);
+	}
     
-    /**
-     * Get claims from a nested payload.
-     *
-     * @param string $payload JWT payload
-     * @param ValidationContext $ctx Validation context
-     * @return Claims
-     */
-    private function _claimsFromNestedPayload($payload, ValidationContext $ctx)
-    {
-        $jwt = new JWT($payload);
-        // if this token secured, allow nested tokens to be unsecured.
-        if (!$this->isUnsecured()) {
-            $ctx = $ctx->withUnsecuredAllowed(true);
-        }
-        return $jwt->claims($ctx);
-    }
+	/**
+	 * Get claims from a nested payload.
+	 *
+	 * @param string $payload JWT payload
+	 * @param ValidationContext $ctx Validation context
+	 * @return Claims
+	 */
+	private function _claimsFromNestedPayload($payload, ValidationContext $ctx)
+	{
+		$jwt = new JWT($payload);
+		// if this token secured, allow nested tokens to be unsecured.
+		if (!$this->isUnsecured()) {
+			$ctx = $ctx->withUnsecuredAllowed(true);
+		}
+		return $jwt->claims($ctx);
+	}
     
-    /**
-     * Get validated payload from JWS.
-     *
-     * @param JWS $jws JWS
-     * @param ValidationContext $ctx Validation context
-     * @throws ValidationException If signature validation fails
-     * @return string
-     */
-    private static function _validatedPayloadFromJWS(JWS $jws,
-        ValidationContext $ctx)
-    {
-        // if JWS is unsecured
-        if ($jws->isUnsecured()) {
-            return self::_validatedPayloadFromUnsecuredJWS($jws, $ctx);
-        }
-        return self::_validatedPayloadFromSignedJWS($jws, $ctx->keys());
-    }
+	/**
+	 * Get validated payload from JWS.
+	 *
+	 * @param JWS $jws JWS
+	 * @param ValidationContext $ctx Validation context
+	 * @throws ValidationException If signature validation fails
+	 * @return string
+	 */
+	private static function _validatedPayloadFromJWS(JWS $jws,
+		ValidationContext $ctx)
+	{
+		// if JWS is unsecured
+		if ($jws->isUnsecured()) {
+			return self::_validatedPayloadFromUnsecuredJWS($jws, $ctx);
+		}
+		return self::_validatedPayloadFromSignedJWS($jws, $ctx->keys());
+	}
     
-    /**
-     * Get validated payload from an unsecured JWS.
-     *
-     * @param JWS $jws JWS
-     * @param ValidationContext $ctx Validation context
-     * @throws ValidationException If unsecured JWT's are not allowed, or JWS
-     *         token is malformed
-     * @return string
-     */
-    private static function _validatedPayloadFromUnsecuredJWS(JWS $jws,
-        ValidationContext $ctx)
-    {
-        if (!$ctx->isUnsecuredAllowed()) {
-            throw new ValidationException("Unsecured JWS not allowed.");
-        }
-        if (!$jws->validate(new NoneAlgorithm())) {
-            throw new ValidationException("Malformed unsecured token.");
-        }
-        return $jws->payload();
-    }
+	/**
+	 * Get validated payload from an unsecured JWS.
+	 *
+	 * @param JWS $jws JWS
+	 * @param ValidationContext $ctx Validation context
+	 * @throws ValidationException If unsecured JWT's are not allowed, or JWS
+	 *         token is malformed
+	 * @return string
+	 */
+	private static function _validatedPayloadFromUnsecuredJWS(JWS $jws,
+		ValidationContext $ctx)
+	{
+		if (!$ctx->isUnsecuredAllowed()) {
+			throw new ValidationException("Unsecured JWS not allowed.");
+		}
+		if (!$jws->validate(new NoneAlgorithm())) {
+			throw new ValidationException("Malformed unsecured token.");
+		}
+		return $jws->payload();
+	}
     
-    /**
-     * Get validated payload from a signed JWS.
-     *
-     * @param JWS $jws JWS
-     * @param JWKSet $keys Set of allowed keys for the signature validation
-     * @throws ValidationException If validation fails
-     * @return string
-     */
-    private static function _validatedPayloadFromSignedJWS(JWS $jws, JWKSet $keys)
-    {
-        try {
-            // explicitly defined key
-            if (1 == count($keys)) {
-                $valid = $jws->validateWithJWK($keys->first());
-            } else {
-                $valid = $jws->validateWithJWKSet($keys);
-            }
-        } catch (\RuntimeException $e) {
-            throw new ValidationException("JWS validation failed.", null, $e);
-        }
-        if (!$valid) {
-            throw new ValidationException("JWS signature is invalid.");
-        }
-        return $jws->payload();
-    }
+	/**
+	 * Get validated payload from a signed JWS.
+	 *
+	 * @param JWS $jws JWS
+	 * @param JWKSet $keys Set of allowed keys for the signature validation
+	 * @throws ValidationException If validation fails
+	 * @return string
+	 */
+	private static function _validatedPayloadFromSignedJWS(JWS $jws, JWKSet $keys)
+	{
+		try {
+			// explicitly defined key
+			if (1 == count($keys)) {
+				$valid = $jws->validateWithJWK($keys->first());
+			} else {
+				$valid = $jws->validateWithJWKSet($keys);
+			}
+		} catch (\RuntimeException $e) {
+			throw new ValidationException("JWS validation failed.", null, $e);
+		}
+		if (!$valid) {
+			throw new ValidationException("JWS signature is invalid.");
+		}
+		return $jws->payload();
+	}
     
-    /**
-     * Get validated payload from an encrypted JWE.
-     *
-     * @param JWE $jwe JWE
-     * @param ValidationContext $ctx Validation context
-     * @throws ValidationException If decryption fails
-     * @return string
-     */
-    private static function _validatedPayloadFromJWE(JWE $jwe,
-        ValidationContext $ctx)
-    {
-        try {
-            $keys = $ctx->keys();
-            // explicitly defined key
-            if (1 == count($keys)) {
-                return $jwe->decryptWithJWK($keys->first());
-            }
-            return $jwe->decryptWithJWKSet($keys);
-        } catch (\RuntimeException $e) {
-            throw new ValidationException("JWE validation failed.", null, $e);
-        }
-    }
+	/**
+	 * Get validated payload from an encrypted JWE.
+	 *
+	 * @param JWE $jwe JWE
+	 * @param ValidationContext $ctx Validation context
+	 * @throws ValidationException If decryption fails
+	 * @return string
+	 */
+	private static function _validatedPayloadFromJWE(JWE $jwe,
+		ValidationContext $ctx)
+	{
+		try {
+			$keys = $ctx->keys();
+			// explicitly defined key
+			if (1 == count($keys)) {
+				return $jwe->decryptWithJWK($keys->first());
+			}
+			return $jwe->decryptWithJWKSet($keys);
+		} catch (\RuntimeException $e) {
+			throw new ValidationException("JWE validation failed.", null, $e);
+		}
+	}
     
-    /**
-     * Convert JWT to string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->token();
-    }
+	/**
+	 * Convert JWT to string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->token();
+	}
 }

Switch Indentation +8 added lines, -8 removed lines

@@ -66,14 +66,14 @@
     {
         $this->_parts = explode(".", $token);
         switch (count($this->_parts)) {
-            case 3:
-                $this->_type = self::TYPE_JWS;
-                break;
-            case 5:
-                $this->_type = self::TYPE_JWE;
-                break;
-            default:
-                throw new \UnexpectedValueException("Not a JWT token.");
+        case 3:
+            $this->_type = self::TYPE_JWS;
+            break;
+        case 5:
+            $this->_type = self::TYPE_JWE;
+            break;
+        default:
+            throw new \UnexpectedValueException("Not a JWT token.");
         }
     }