sop / jwx

lib/JWX/JWT/Parameter/B64PayloadParameter.php

Indentation +20 added lines, -20 removed lines

@@ -13,25 +13,25 @@
  */
 class B64PayloadParameter extends JWTParameter
 {
-    /**
-     * Constructor.
-     *
-     * @param bool $flag
-     */
-    public function __construct(bool $flag)
-    {
-        parent::__construct(self::PARAM_BASE64URL_ENCODE_PAYLOAD, $flag);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $flag
+	 */
+	public function __construct(bool $flag)
+	{
+		parent::__construct(self::PARAM_BASE64URL_ENCODE_PAYLOAD, $flag);
+	}
 
-    /**
-     * Initialize from a JSON value.
-     *
-     * @param bool $value
-     *
-     * @return self
-     */
-    public static function fromJSONValue($value): Parameter
-    {
-        return new self(boolval($value));
-    }
+	/**
+	 * Initialize from a JSON value.
+	 *
+	 * @param bool $value
+	 *
+	 * @return self
+	 */
+	public static function fromJSONValue($value): Parameter
+	{
+		return new self(boolval($value));
+	}
 }

lib/JWX/JWT/Parameter/JWTParameter.php

Indentation +112 added lines, -112 removed lines

@@ -14,121 +14,121 @@
  */
 class JWTParameter extends Parameter
 {
-    // registered parameter names
-    const PARAM_ALGORITHM = 'alg';
-    const PARAM_JWK_SET_URL = 'jku';
-    const PARAM_JSON_WEB_KEY = 'jwk';
-    const PARAM_KEY_ID = 'kid';
-    const PARAM_X509_URL = 'x5u';
-    const PARAM_X509_CERTIFICATE_CHAIN = 'x5c';
-    const PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT = 'x5t';
-    const PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT = 'x5t#S256';
-    const PARAM_TYPE = 'typ';
-    const PARAM_CONTENT_TYPE = 'cty';
-    const PARAM_CRITICAL = 'crit';
-    const PARAM_ENCRYPTION_ALGORITHM = 'enc';
-    const PARAM_COMPRESSION_ALGORITHM = 'zip';
-    const PARAM_EPHEMERAL_PUBLIC_KEY = 'epk';
-    const PARAM_AGREEMENT_PARTYUINFO = 'apu';
-    const PARAM_AGREEMENT_PARTYVINFO = 'apv';
-    const PARAM_INITIALIZATION_VECTOR = 'iv';
-    const PARAM_AUTHENTICATION_TAG = 'tag';
-    const PARAM_PBES2_SALT_INPUT = 'p2s';
-    const PARAM_PBES2_COUNT = 'p2c';
-    const PARAM_BASE64URL_ENCODE_PAYLOAD = 'b64';
+	// registered parameter names
+	const PARAM_ALGORITHM = 'alg';
+	const PARAM_JWK_SET_URL = 'jku';
+	const PARAM_JSON_WEB_KEY = 'jwk';
+	const PARAM_KEY_ID = 'kid';
+	const PARAM_X509_URL = 'x5u';
+	const PARAM_X509_CERTIFICATE_CHAIN = 'x5c';
+	const PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT = 'x5t';
+	const PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT = 'x5t#S256';
+	const PARAM_TYPE = 'typ';
+	const PARAM_CONTENT_TYPE = 'cty';
+	const PARAM_CRITICAL = 'crit';
+	const PARAM_ENCRYPTION_ALGORITHM = 'enc';
+	const PARAM_COMPRESSION_ALGORITHM = 'zip';
+	const PARAM_EPHEMERAL_PUBLIC_KEY = 'epk';
+	const PARAM_AGREEMENT_PARTYUINFO = 'apu';
+	const PARAM_AGREEMENT_PARTYVINFO = 'apv';
+	const PARAM_INITIALIZATION_VECTOR = 'iv';
+	const PARAM_AUTHENTICATION_TAG = 'tag';
+	const PARAM_PBES2_SALT_INPUT = 'p2s';
+	const PARAM_PBES2_COUNT = 'p2c';
+	const PARAM_BASE64URL_ENCODE_PAYLOAD = 'b64';
 
-    // shorthand aliases for parameter names
-    const P_ALG = self::PARAM_ALGORITHM;
-    const P_JKU = self::PARAM_JWK_SET_URL;
-    const P_JWK = self::PARAM_JSON_WEB_KEY;
-    const P_KID = self::PARAM_KEY_ID;
-    const P_X5U = self::PARAM_X509_URL;
-    const P_X5C = self::PARAM_X509_CERTIFICATE_CHAIN;
-    const P_X5T = self::PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT;
-    const P_X5TS256 = self::PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT;
-    const P_TYP = self::PARAM_TYPE;
-    const P_CTY = self::PARAM_CONTENT_TYPE;
-    const P_CRIT = self::PARAM_CRITICAL;
-    const P_ENC = self::PARAM_ENCRYPTION_ALGORITHM;
-    const P_ZIP = self::PARAM_COMPRESSION_ALGORITHM;
-    const P_EPK = self::PARAM_EPHEMERAL_PUBLIC_KEY;
-    const P_APU = self::PARAM_AGREEMENT_PARTYUINFO;
-    const P_APV = self::PARAM_AGREEMENT_PARTYVINFO;
-    const P_IV = self::PARAM_INITIALIZATION_VECTOR;
-    const P_TAG = self::PARAM_AUTHENTICATION_TAG;
-    const P_P2S = self::PARAM_PBES2_SALT_INPUT;
-    const P_P2C = self::PARAM_PBES2_COUNT;
-    const P_B64 = self::PARAM_BASE64URL_ENCODE_PAYLOAD;
+	// shorthand aliases for parameter names
+	const P_ALG = self::PARAM_ALGORITHM;
+	const P_JKU = self::PARAM_JWK_SET_URL;
+	const P_JWK = self::PARAM_JSON_WEB_KEY;
+	const P_KID = self::PARAM_KEY_ID;
+	const P_X5U = self::PARAM_X509_URL;
+	const P_X5C = self::PARAM_X509_CERTIFICATE_CHAIN;
+	const P_X5T = self::PARAM_X509_CERTIFICATE_SHA1_THUMBPRINT;
+	const P_X5TS256 = self::PARAM_X509_CERTIFICATE_SHA256_THUMBPRINT;
+	const P_TYP = self::PARAM_TYPE;
+	const P_CTY = self::PARAM_CONTENT_TYPE;
+	const P_CRIT = self::PARAM_CRITICAL;
+	const P_ENC = self::PARAM_ENCRYPTION_ALGORITHM;
+	const P_ZIP = self::PARAM_COMPRESSION_ALGORITHM;
+	const P_EPK = self::PARAM_EPHEMERAL_PUBLIC_KEY;
+	const P_APU = self::PARAM_AGREEMENT_PARTYUINFO;
+	const P_APV = self::PARAM_AGREEMENT_PARTYVINFO;
+	const P_IV = self::PARAM_INITIALIZATION_VECTOR;
+	const P_TAG = self::PARAM_AUTHENTICATION_TAG;
+	const P_P2S = self::PARAM_PBES2_SALT_INPUT;
+	const P_P2C = self::PARAM_PBES2_COUNT;
+	const P_B64 = self::PARAM_BASE64URL_ENCODE_PAYLOAD;
 
-    /**
-     * Mapping from registered JWT parameter name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_NAME_TO_CLASS = [
-        self::P_ALG => AlgorithmParameter::class,
-        self::P_JKU => JWKSetURLParameter::class,
-        self::P_JWK => JSONWebKeyParameter::class,
-        self::P_KID => KeyIDParameter::class,
-        self::P_X5U => X509URLParameter::class,
-        self::P_X5C => X509CertificateChainParameter::class,
-        self::P_X5T => X509CertificateSHA1ThumbprintParameter::class,
-        self::P_X5TS256 => X509CertificateSHA256ThumbprintParameter::class,
-        self::P_TYP => TypeParameter::class,
-        self::P_CTY => ContentTypeParameter::class,
-        self::P_CRIT => CriticalParameter::class,
-        self::P_ENC => EncryptionAlgorithmParameter::class,
-        self::P_ZIP => CompressionAlgorithmParameter::class,
-        self::P_IV => InitializationVectorParameter::class,
-        self::P_TAG => AuthenticationTagParameter::class,
-        self::P_P2S => PBES2SaltInputParameter::class,
-        self::P_P2C => PBES2CountParameter::class,
-        self::P_B64 => B64PayloadParameter::class,
-    ];
+	/**
+	 * Mapping from registered JWT parameter name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_NAME_TO_CLASS = [
+		self::P_ALG => AlgorithmParameter::class,
+		self::P_JKU => JWKSetURLParameter::class,
+		self::P_JWK => JSONWebKeyParameter::class,
+		self::P_KID => KeyIDParameter::class,
+		self::P_X5U => X509URLParameter::class,
+		self::P_X5C => X509CertificateChainParameter::class,
+		self::P_X5T => X509CertificateSHA1ThumbprintParameter::class,
+		self::P_X5TS256 => X509CertificateSHA256ThumbprintParameter::class,
+		self::P_TYP => TypeParameter::class,
+		self::P_CTY => ContentTypeParameter::class,
+		self::P_CRIT => CriticalParameter::class,
+		self::P_ENC => EncryptionAlgorithmParameter::class,
+		self::P_ZIP => CompressionAlgorithmParameter::class,
+		self::P_IV => InitializationVectorParameter::class,
+		self::P_TAG => AuthenticationTagParameter::class,
+		self::P_P2S => PBES2SaltInputParameter::class,
+		self::P_P2C => PBES2CountParameter::class,
+		self::P_B64 => B64PayloadParameter::class,
+	];
 
-    /**
-     * Constructor.
-     *
-     * @param string $name  Parameter name
-     * @param mixed  $value Parameter value
-     */
-    public function __construct(string $name, $value)
-    {
-        $this->_name = $name;
-        $this->_value = $value;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $name  Parameter name
+	 * @param mixed  $value Parameter value
+	 */
+	public function __construct(string $name, $value)
+	{
+		$this->_name = $name;
+		$this->_value = $value;
+	}
 
-    /**
-     * Initialize from a name and a value.
-     *
-     * Returns a parameter specific object if one is implemented.
-     *
-     * @param string $name  Parameter name
-     * @param mixed  $value Parameter value
-     *
-     * @return self
-     */
-    public static function fromNameAndValue(string $name, $value): self
-    {
-        if (array_key_exists($name, self::MAP_NAME_TO_CLASS)) {
-            $cls = self::MAP_NAME_TO_CLASS[$name];
-            return $cls::fromJSONValue($value);
-        }
-        return new self($name, $value);
-    }
+	/**
+	 * Initialize from a name and a value.
+	 *
+	 * Returns a parameter specific object if one is implemented.
+	 *
+	 * @param string $name  Parameter name
+	 * @param mixed  $value Parameter value
+	 *
+	 * @return self
+	 */
+	public static function fromNameAndValue(string $name, $value): self
+	{
+		if (array_key_exists($name, self::MAP_NAME_TO_CLASS)) {
+			$cls = self::MAP_NAME_TO_CLASS[$name];
+			return $cls::fromJSONValue($value);
+		}
+		return new self($name, $value);
+	}
 
-    /**
-     * Initialize from a JSON value.
-     *
-     * @param mixed $value
-     *
-     * @return JWTParameter
-     */
-    public static function fromJSONValue($value): Parameter
-    {
-        throw new \BadMethodCallException(
-            __FUNCTION__ . ' must be implemented in a derived class.');
-    }
+	/**
+	 * Initialize from a JSON value.
+	 *
+	 * @param mixed $value
+	 *
+	 * @return JWTParameter
+	 */
+	public static function fromJSONValue($value): Parameter
+	{
+		throw new \BadMethodCallException(
+			__FUNCTION__ . ' must be implemented in a derived class.');
+	}
 }

lib/JWX/JWT/Parameter/PBES2SaltInputParameter.php

Indentation +31 added lines, -31 removed lines

@@ -13,38 +13,38 @@
  */
 class PBES2SaltInputParameter extends JWTParameter
 {
-    use Base64URLValue;
+	use Base64URLValue;
 
-    /**
-     * Constructor.
-     *
-     * @param string $salt Base64url encoded salt input value
-     */
-    public function __construct(string $salt)
-    {
-        $this->_validateEncoding($salt);
-        parent::__construct(self::PARAM_PBES2_SALT_INPUT, $salt);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $salt Base64url encoded salt input value
+	 */
+	public function __construct(string $salt)
+	{
+		$this->_validateEncoding($salt);
+		parent::__construct(self::PARAM_PBES2_SALT_INPUT, $salt);
+	}
 
-    /**
-     * Get salt input value.
-     *
-     * @return string
-     */
-    public function saltInput(): string
-    {
-        return $this->string();
-    }
+	/**
+	 * Get salt input value.
+	 *
+	 * @return string
+	 */
+	public function saltInput(): string
+	{
+		return $this->string();
+	}
 
-    /**
-     * Get computed salt value.
-     *
-     * @param AlgorithmParameter $algo
-     *
-     * @return string
-     */
-    public function salt(AlgorithmParameter $algo): string
-    {
-        return $algo->value() . "\0" . $this->saltInput();
-    }
+	/**
+	 * Get computed salt value.
+	 *
+	 * @param AlgorithmParameter $algo
+	 *
+	 * @return string
+	 */
+	public function salt(AlgorithmParameter $algo): string
+	{
+		return $algo->value() . "\0" . $this->saltInput();
+	}
 }

lib/JWX/JWT/Parameter/EncryptionAlgorithmParameter.php

Indentation +22 added lines, -22 removed lines

@@ -13,28 +13,28 @@
  */
 class EncryptionAlgorithmParameter extends JWTParameter
 {
-    use StringParameterValue;
+	use StringParameterValue;
 
-    /**
-     * Constructor.
-     *
-     * @param string $algo Algorithm name
-     */
-    public function __construct(string $algo)
-    {
-        parent::__construct(self::PARAM_ENCRYPTION_ALGORITHM, $algo);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $algo Algorithm name
+	 */
+	public function __construct(string $algo)
+	{
+		parent::__construct(self::PARAM_ENCRYPTION_ALGORITHM, $algo);
+	}
 
-    /**
-     * Initialize from EncryptionAlgorithmParameterValue.
-     *
-     * @param EncryptionAlgorithmParameterValue $value
-     *
-     * @return self
-     */
-    public static function fromAlgorithm(
-        EncryptionAlgorithmParameterValue $value): JWTParameter
-    {
-        return new self($value->encryptionAlgorithmParamValue());
-    }
+	/**
+	 * Initialize from EncryptionAlgorithmParameterValue.
+	 *
+	 * @param EncryptionAlgorithmParameterValue $value
+	 *
+	 * @return self
+	 */
+	public static function fromAlgorithm(
+		EncryptionAlgorithmParameterValue $value): JWTParameter
+	{
+		return new self($value->encryptionAlgorithmParamValue());
+	}
 }

lib/JWX/JWT/Parameter/CompressionAlgorithmParameter.php

Indentation +22 added lines, -22 removed lines

@@ -13,28 +13,28 @@
  */
 class CompressionAlgorithmParameter extends JWTParameter
 {
-    use StringParameterValue;
+	use StringParameterValue;
 
-    /**
-     * Constructor.
-     *
-     * @param string $algo
-     */
-    public function __construct(string $algo)
-    {
-        parent::__construct(self::PARAM_COMPRESSION_ALGORITHM, $algo);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $algo
+	 */
+	public function __construct(string $algo)
+	{
+		parent::__construct(self::PARAM_COMPRESSION_ALGORITHM, $algo);
+	}
 
-    /**
-     * Initialize from CompressionAlgorithmParameterValue.
-     *
-     * @param CompressionAlgorithmParameterValue $value
-     *
-     * @return self
-     */
-    public static function fromAlgorithm(
-        CompressionAlgorithmParameterValue $value): JWTParameter
-    {
-        return new self($value->compressionParamValue());
-    }
+	/**
+	 * Initialize from CompressionAlgorithmParameterValue.
+	 *
+	 * @param CompressionAlgorithmParameterValue $value
+	 *
+	 * @return self
+	 */
+	public static function fromAlgorithm(
+		CompressionAlgorithmParameterValue $value): JWTParameter
+	{
+		return new self($value->compressionParamValue());
+	}
 }

lib/JWX/JWT/Parameter/ContentTypeParameter.php

Indentation +16 added lines, -16 removed lines

@@ -13,22 +13,22 @@
  */
 class ContentTypeParameter extends JWTParameter
 {
-    use StringParameterValue;
+	use StringParameterValue;
 
-    /**
-     * Content type for the nested JWT.
-     *
-     * @var string
-     */
-    const TYPE_JWT = 'JWT';
+	/**
+	 * Content type for the nested JWT.
+	 *
+	 * @var string
+	 */
+	const TYPE_JWT = 'JWT';
 
-    /**
-     * Constructor.
-     *
-     * @param string $type
-     */
-    public function __construct(string $type)
-    {
-        parent::__construct(self::PARAM_CONTENT_TYPE, $type);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $type
+	 */
+	public function __construct(string $type)
+	{
+		parent::__construct(self::PARAM_CONTENT_TYPE, $type);
+	}
 }

lib/JWX/JWT/Parameter/JSONWebKeyParameter.php

Indentation +28 added lines, -28 removed lines

@@ -14,34 +14,34 @@
  */
 class JSONWebKeyParameter extends JWTParameter
 {
-    /**
-     * Constructor.
-     *
-     * @param JWK $jwk
-     */
-    public function __construct(JWK $jwk)
-    {
-        parent::__construct(self::PARAM_JSON_WEB_KEY, $jwk->toArray());
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param JWK $jwk
+	 */
+	public function __construct(JWK $jwk)
+	{
+		parent::__construct(self::PARAM_JSON_WEB_KEY, $jwk->toArray());
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public static function fromJSONValue($value): Parameter
-    {
-        if (!is_array($value)) {
-            throw new \UnexpectedValueException('jwk must be an array.');
-        }
-        return new static(JWK::fromArray($value));
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public static function fromJSONValue($value): Parameter
+	{
+		if (!is_array($value)) {
+			throw new \UnexpectedValueException('jwk must be an array.');
+		}
+		return new static(JWK::fromArray($value));
+	}
 
-    /**
-     * Get value as a JWK.
-     *
-     * @return JWK
-     */
-    public function jwk(): JWK
-    {
-        return JWK::fromArray($this->_value);
-    }
+	/**
+	 * Get value as a JWK.
+	 *
+	 * @return JWK
+	 */
+	public function jwk(): JWK
+	{
+		return JWK::fromArray($this->_value);
+	}
 }

lib/JWX/JWT/Parameter/CriticalParameter.php

Indentation +44 added lines, -44 removed lines

@@ -13,52 +13,52 @@
  */
 class CriticalParameter extends JWTParameter
 {
-    use ArrayParameterValue;
+	use ArrayParameterValue;
 
-    /**
-     * Constructor.
-     *
-     * @param string ...$names
-     */
-    public function __construct(string ...$names)
-    {
-        parent::__construct(self::PARAM_CRITICAL, $names);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string ...$names
+	 */
+	public function __construct(string ...$names)
+	{
+		parent::__construct(self::PARAM_CRITICAL, $names);
+	}
 
-    /**
-     * Get self with parameter name added.
-     *
-     * @param string $name
-     *
-     * @return self
-     */
-    public function withParamName(string $name): self
-    {
-        $obj = clone $this;
-        $obj->_value[] = $name;
-        $obj->_value = array_values(array_unique($obj->_value));
-        return $obj;
-    }
+	/**
+	 * Get self with parameter name added.
+	 *
+	 * @param string $name
+	 *
+	 * @return self
+	 */
+	public function withParamName(string $name): self
+	{
+		$obj = clone $this;
+		$obj->_value[] = $name;
+		$obj->_value = array_values(array_unique($obj->_value));
+		return $obj;
+	}
 
-    /**
-     * Check whether given parameter name is critical.
-     *
-     * @param string $name
-     *
-     * @return bool
-     */
-    public function has(string $name): bool
-    {
-        return false !== array_search($name, $this->_value);
-    }
+	/**
+	 * Check whether given parameter name is critical.
+	 *
+	 * @param string $name
+	 *
+	 * @return bool
+	 */
+	public function has(string $name): bool
+	{
+		return false !== array_search($name, $this->_value);
+	}
 
-    /**
-     * Get critical header parameter names.
-     *
-     * @return string[]
-     */
-    public function names(): array
-    {
-        return $this->_value;
-    }
+	/**
+	 * Get critical header parameter names.
+	 *
+	 * @return string[]
+	 */
+	public function names(): array
+	{
+		return $this->_value;
+	}
 }

lib/JWX/JWT/JWT.php

Indentation +417 added lines, -417 removed lines

@@ -26,445 +26,445 @@
  */
 class JWT
 {
-    /**
-     * Type identifier for the signed JWT.
-     *
-     * @internal
-     *
-     * @var int
-     */
-    const TYPE_JWS = 0;
+	/**
+	 * Type identifier for the signed JWT.
+	 *
+	 * @internal
+	 *
+	 * @var int
+	 */
+	const TYPE_JWS = 0;
 
-    /**
-     * Type identifier for the encrypted JWT.
-     *
-     * @internal
-     *
-     * @var int
-     */
-    const TYPE_JWE = 1;
+	/**
+	 * Type identifier for the encrypted JWT.
+	 *
+	 * @internal
+	 *
+	 * @var int
+	 */
+	const TYPE_JWE = 1;
 
-    /**
-     * JWT parts.
-     *
-     * @var string[]
-     */
-    protected $_parts;
+	/**
+	 * JWT parts.
+	 *
+	 * @var string[]
+	 */
+	protected $_parts;
 
-    /**
-     * JWT type.
-     *
-     * @var int
-     */
-    protected $_type;
+	/**
+	 * JWT type.
+	 *
+	 * @var int
+	 */
+	protected $_type;
 
-    /**
-     * Constructor.
-     *
-     * @param string $token JWT string
-     *
-     * @throws \UnexpectedValueException
-     */
-    public function __construct(string $token)
-    {
-        $this->_parts = explode('.', $token);
-        switch (count($this->_parts)) {
-            case 3:
-                $this->_type = self::TYPE_JWS;
-                break;
-            case 5:
-                $this->_type = self::TYPE_JWE;
-                break;
-            default:
-                throw new \UnexpectedValueException('Not a JWT token.');
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $token JWT string
+	 *
+	 * @throws \UnexpectedValueException
+	 */
+	public function __construct(string $token)
+	{
+		$this->_parts = explode('.', $token);
+		switch (count($this->_parts)) {
+			case 3:
+				$this->_type = self::TYPE_JWS;
+				break;
+			case 5:
+				$this->_type = self::TYPE_JWE;
+				break;
+			default:
+				throw new \UnexpectedValueException('Not a JWT token.');
+		}
+	}
 
-    /**
-     * Convert JWT to string.
-     *
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->token();
-    }
+	/**
+	 * Convert JWT to string.
+	 *
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->token();
+	}
 
-    /**
-     * Convert claims set to an unsecured JWT.
-     *
-     * Unsecured JWT is not signed nor encrypted neither integrity protected,
-     * and should thus be handled with care!
-     *
-     * @see https://tools.ietf.org/html/rfc7519#section-6
-     *
-     * @param Claims      $claims Claims set
-     * @param null|Header $header Optional header
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return self
-     */
-    public static function unsecuredFromClaims(Claims $claims,
-        ?Header $header = null): self
-    {
-        return self::signedFromClaims($claims, new NoneAlgorithm(), $header);
-    }
+	/**
+	 * Convert claims set to an unsecured JWT.
+	 *
+	 * Unsecured JWT is not signed nor encrypted neither integrity protected,
+	 * and should thus be handled with care!
+	 *
+	 * @see https://tools.ietf.org/html/rfc7519#section-6
+	 *
+	 * @param Claims      $claims Claims set
+	 * @param null|Header $header Optional header
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return self
+	 */
+	public static function unsecuredFromClaims(Claims $claims,
+		?Header $header = null): self
+	{
+		return self::signedFromClaims($claims, new NoneAlgorithm(), $header);
+	}
 
-    /**
-     * Convert claims set to a signed JWS token.
-     *
-     * @param Claims             $claims Claims set
-     * @param SignatureAlgorithm $algo   Signature algorithm
-     * @param null|Header        $header Optional header
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return self
-     */
-    public static function signedFromClaims(Claims $claims,
-        SignatureAlgorithm $algo, ?Header $header = null): self
-    {
-        $payload = $claims->toJSON();
-        $jws = JWS::sign($payload, $algo, $header);
-        return new self($jws->toCompact());
-    }
+	/**
+	 * Convert claims set to a signed JWS token.
+	 *
+	 * @param Claims             $claims Claims set
+	 * @param SignatureAlgorithm $algo   Signature algorithm
+	 * @param null|Header        $header Optional header
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return self
+	 */
+	public static function signedFromClaims(Claims $claims,
+		SignatureAlgorithm $algo, ?Header $header = null): self
+	{
+		$payload = $claims->toJSON();
+		$jws = JWS::sign($payload, $algo, $header);
+		return new self($jws->toCompact());
+	}
 
-    /**
-     * Convert claims set to an encrypted JWE token.
-     *
-     * @param Claims                     $claims   Claims set
-     * @param KeyManagementAlgorithm     $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
-     * @param null|Header                $header   Optional header
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return self
-     */
-    public static function encryptedFromClaims(Claims $claims,
-        KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
-        ?CompressionAlgorithm $zip_algo = null, ?Header $header = null): self
-    {
-        $payload = $claims->toJSON();
-        $jwe = JWE::encrypt($payload, $key_algo, $enc_algo, $zip_algo, $header);
-        return new self($jwe->toCompact());
-    }
+	/**
+	 * Convert claims set to an encrypted JWE token.
+	 *
+	 * @param Claims                     $claims   Claims set
+	 * @param KeyManagementAlgorithm     $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
+	 * @param null|Header                $header   Optional header
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return self
+	 */
+	public static function encryptedFromClaims(Claims $claims,
+		KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
+		?CompressionAlgorithm $zip_algo = null, ?Header $header = null): self
+	{
+		$payload = $claims->toJSON();
+		$jwe = JWE::encrypt($payload, $key_algo, $enc_algo, $zip_algo, $header);
+		return new self($jwe->toCompact());
+	}
 
-    /**
-     * Get claims from the JWT.
-     *
-     * Claims shall be validated according to given validation context.
-     * Validation context must contain all the necessary keys for the signature
-     * validation and/or content decryption.
-     *
-     * If validation context contains only one key, it shall be used explicitly.
-     * If multiple keys are provided, they must contain a JWK ID parameter for
-     * the key identification.
-     *
-     * @param ValidationContext $ctx
-     *
-     * @throws ValidationException if signature is invalid, or decryption fails,
-     *                             or claims validation fails
-     * @throws \RuntimeException   For generic errors
-     *
-     * @return Claims
-     */
-    public function claims(ValidationContext $ctx): Claims
-    {
-        // check signature or decrypt depending on the JWT type.
-        if ($this->isJWS()) {
-            $payload = self::_validatedPayloadFromJWS($this->JWS(), $ctx);
-        } else {
-            $payload = self::_validatedPayloadFromJWE($this->JWE(), $ctx);
-        }
-        // if JWT contains a nested token
-        if ($this->isNested()) {
-            return $this->_claimsFromNestedPayload($payload, $ctx);
-        }
-        // decode claims and validate
-        $claims = Claims::fromJSON($payload);
-        $ctx->validate($claims);
-        return $claims;
-    }
+	/**
+	 * Get claims from the JWT.
+	 *
+	 * Claims shall be validated according to given validation context.
+	 * Validation context must contain all the necessary keys for the signature
+	 * validation and/or content decryption.
+	 *
+	 * If validation context contains only one key, it shall be used explicitly.
+	 * If multiple keys are provided, they must contain a JWK ID parameter for
+	 * the key identification.
+	 *
+	 * @param ValidationContext $ctx
+	 *
+	 * @throws ValidationException if signature is invalid, or decryption fails,
+	 *                             or claims validation fails
+	 * @throws \RuntimeException   For generic errors
+	 *
+	 * @return Claims
+	 */
+	public function claims(ValidationContext $ctx): Claims
+	{
+		// check signature or decrypt depending on the JWT type.
+		if ($this->isJWS()) {
+			$payload = self::_validatedPayloadFromJWS($this->JWS(), $ctx);
+		} else {
+			$payload = self::_validatedPayloadFromJWE($this->JWE(), $ctx);
+		}
+		// if JWT contains a nested token
+		if ($this->isNested()) {
+			return $this->_claimsFromNestedPayload($payload, $ctx);
+		}
+		// decode claims and validate
+		$claims = Claims::fromJSON($payload);
+		$ctx->validate($claims);
+		return $claims;
+	}
 
-    /**
-     * Sign self producing a nested JWT.
-     *
-     * Note that if JWT is to be signed and encrypted, it should be done in
-     * sign-then-encrypt order. Please refer to links for security information.
-     *
-     * @see https://tools.ietf.org/html/rfc7519#section-11.2
-     *
-     * @param SignatureAlgorithm $algo   Signature algorithm
-     * @param null|Header        $header Optional header
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return self
-     */
-    public function signNested(SignatureAlgorithm $algo, ?Header $header = null): self
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // add JWT content type parameter
-        $header = $header->withParameters(
-            new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
-        $jws = JWS::sign($this->token(), $algo, $header);
-        return new self($jws->toCompact());
-    }
+	/**
+	 * Sign self producing a nested JWT.
+	 *
+	 * Note that if JWT is to be signed and encrypted, it should be done in
+	 * sign-then-encrypt order. Please refer to links for security information.
+	 *
+	 * @see https://tools.ietf.org/html/rfc7519#section-11.2
+	 *
+	 * @param SignatureAlgorithm $algo   Signature algorithm
+	 * @param null|Header        $header Optional header
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return self
+	 */
+	public function signNested(SignatureAlgorithm $algo, ?Header $header = null): self
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// add JWT content type parameter
+		$header = $header->withParameters(
+			new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
+		$jws = JWS::sign($this->token(), $algo, $header);
+		return new self($jws->toCompact());
+	}
 
-    /**
-     * Encrypt self producing a nested JWT.
-     *
-     * This JWT should be a JWS, that is, the order of nesting should be
-     * sign-then-encrypt.
-     *
-     * @see https://tools.ietf.org/html/rfc7519#section-11.2
-     *
-     * @param KeyManagementAlgorithm     $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
-     * @param null|Header                $header   Optional header
-     *
-     * @throws \RuntimeException For generic errors
-     *
-     * @return self
-     */
-    public function encryptNested(KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo,
-        ?CompressionAlgorithm $zip_algo = null, ?Header $header = null): self
-    {
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // add JWT content type parameter
-        $header = $header->withParameters(
-            new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
-        $jwe = JWE::encrypt($this->token(), $key_algo, $enc_algo, $zip_algo,
-            $header);
-        return new self($jwe->toCompact());
-    }
+	/**
+	 * Encrypt self producing a nested JWT.
+	 *
+	 * This JWT should be a JWS, that is, the order of nesting should be
+	 * sign-then-encrypt.
+	 *
+	 * @see https://tools.ietf.org/html/rfc7519#section-11.2
+	 *
+	 * @param KeyManagementAlgorithm     $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
+	 * @param null|Header                $header   Optional header
+	 *
+	 * @throws \RuntimeException For generic errors
+	 *
+	 * @return self
+	 */
+	public function encryptNested(KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo,
+		?CompressionAlgorithm $zip_algo = null, ?Header $header = null): self
+	{
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// add JWT content type parameter
+		$header = $header->withParameters(
+			new ContentTypeParameter(ContentTypeParameter::TYPE_JWT));
+		$jwe = JWE::encrypt($this->token(), $key_algo, $enc_algo, $zip_algo,
+			$header);
+		return new self($jwe->toCompact());
+	}
 
-    /**
-     * Whether JWT is a JWS.
-     *
-     * @return bool
-     */
-    public function isJWS(): bool
-    {
-        return self::TYPE_JWS === $this->_type;
-    }
+	/**
+	 * Whether JWT is a JWS.
+	 *
+	 * @return bool
+	 */
+	public function isJWS(): bool
+	{
+		return self::TYPE_JWS === $this->_type;
+	}
 
-    /**
-     * Get JWT as a JWS.
-     *
-     * @throws \LogicException
-     *
-     * @return JWS
-     */
-    public function JWS(): JWS
-    {
-        if (!$this->isJWS()) {
-            throw new \LogicException('Not a JWS.');
-        }
-        return JWS::fromParts($this->_parts);
-    }
+	/**
+	 * Get JWT as a JWS.
+	 *
+	 * @throws \LogicException
+	 *
+	 * @return JWS
+	 */
+	public function JWS(): JWS
+	{
+		if (!$this->isJWS()) {
+			throw new \LogicException('Not a JWS.');
+		}
+		return JWS::fromParts($this->_parts);
+	}
 
-    /**
-     * Whether JWT is a JWE.
-     *
-     * @return bool
-     */
-    public function isJWE(): bool
-    {
-        return self::TYPE_JWE === $this->_type;
-    }
+	/**
+	 * Whether JWT is a JWE.
+	 *
+	 * @return bool
+	 */
+	public function isJWE(): bool
+	{
+		return self::TYPE_JWE === $this->_type;
+	}
 
-    /**
-     * Get JWT as a JWE.
-     *
-     * @throws \LogicException
-     *
-     * @return JWE
-     */
-    public function JWE(): JWE
-    {
-        if (!$this->isJWE()) {
-            throw new \LogicException('Not a JWE.');
-        }
-        return JWE::fromParts($this->_parts);
-    }
+	/**
+	 * Get JWT as a JWE.
+	 *
+	 * @throws \LogicException
+	 *
+	 * @return JWE
+	 */
+	public function JWE(): JWE
+	{
+		if (!$this->isJWE()) {
+			throw new \LogicException('Not a JWE.');
+		}
+		return JWE::fromParts($this->_parts);
+	}
 
-    /**
-     * Check whether JWT contains another nested JWT.
-     *
-     * @return bool
-     */
-    public function isNested(): bool
-    {
-        $header = $this->header();
-        if (!$header->hasContentType()) {
-            return false;
-        }
-        $cty = $header->contentType()->value();
-        if (ContentTypeParameter::TYPE_JWT !== $cty) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether JWT contains another nested JWT.
+	 *
+	 * @return bool
+	 */
+	public function isNested(): bool
+	{
+		$header = $this->header();
+		if (!$header->hasContentType()) {
+			return false;
+		}
+		$cty = $header->contentType()->value();
+		if (ContentTypeParameter::TYPE_JWT !== $cty) {
+			return false;
+		}
+		return true;
+	}
 
-    /**
-     * Check whether JWT is unsecured, that is, it's neither integrity protected
-     * nor encrypted.
-     *
-     * @return bool
-     */
-    public function isUnsecured(): bool
-    {
-        // encrypted JWT shall be considered secure
-        if ($this->isJWE()) {
-            return false;
-        }
-        // check whether JWS is unsecured
-        return $this->JWS()->isUnsecured();
-    }
+	/**
+	 * Check whether JWT is unsecured, that is, it's neither integrity protected
+	 * nor encrypted.
+	 *
+	 * @return bool
+	 */
+	public function isUnsecured(): bool
+	{
+		// encrypted JWT shall be considered secure
+		if ($this->isJWE()) {
+			return false;
+		}
+		// check whether JWS is unsecured
+		return $this->JWS()->isUnsecured();
+	}
 
-    /**
-     * Get JWT header.
-     *
-     * @return JOSE
-     */
-    public function header(): JOSE
-    {
-        $header = Header::fromJSON(Base64::urlDecode($this->_parts[0]));
-        return new JOSE($header);
-    }
+	/**
+	 * Get JWT header.
+	 *
+	 * @return JOSE
+	 */
+	public function header(): JOSE
+	{
+		$header = Header::fromJSON(Base64::urlDecode($this->_parts[0]));
+		return new JOSE($header);
+	}
 
-    /**
-     * Get JWT as a string.
-     *
-     * @return string
-     */
-    public function token(): string
-    {
-        return implode('.', $this->_parts);
-    }
+	/**
+	 * Get JWT as a string.
+	 *
+	 * @return string
+	 */
+	public function token(): string
+	{
+		return implode('.', $this->_parts);
+	}
 
-    /**
-     * Get claims from a nested payload.
-     *
-     * @param string            $payload JWT payload
-     * @param ValidationContext $ctx     Validation context
-     *
-     * @return Claims
-     */
-    private function _claimsFromNestedPayload(string $payload,
-        ValidationContext $ctx): Claims
-    {
-        $jwt = new JWT($payload);
-        // if this token secured, allow nested tokens to be unsecured.
-        if (!$this->isUnsecured()) {
-            $ctx = $ctx->withUnsecuredAllowed(true);
-        }
-        return $jwt->claims($ctx);
-    }
+	/**
+	 * Get claims from a nested payload.
+	 *
+	 * @param string            $payload JWT payload
+	 * @param ValidationContext $ctx     Validation context
+	 *
+	 * @return Claims
+	 */
+	private function _claimsFromNestedPayload(string $payload,
+		ValidationContext $ctx): Claims
+	{
+		$jwt = new JWT($payload);
+		// if this token secured, allow nested tokens to be unsecured.
+		if (!$this->isUnsecured()) {
+			$ctx = $ctx->withUnsecuredAllowed(true);
+		}
+		return $jwt->claims($ctx);
+	}
 
-    /**
-     * Get validated payload from JWS.
-     *
-     * @param JWS               $jws JWS
-     * @param ValidationContext $ctx Validation context
-     *
-     * @throws ValidationException If signature validation fails
-     *
-     * @return string
-     */
-    private static function _validatedPayloadFromJWS(JWS $jws,
-        ValidationContext $ctx): string
-    {
-        // if JWS is unsecured
-        if ($jws->isUnsecured()) {
-            return self::_validatedPayloadFromUnsecuredJWS($jws, $ctx);
-        }
-        return self::_validatedPayloadFromSignedJWS($jws, $ctx->keys());
-    }
+	/**
+	 * Get validated payload from JWS.
+	 *
+	 * @param JWS               $jws JWS
+	 * @param ValidationContext $ctx Validation context
+	 *
+	 * @throws ValidationException If signature validation fails
+	 *
+	 * @return string
+	 */
+	private static function _validatedPayloadFromJWS(JWS $jws,
+		ValidationContext $ctx): string
+	{
+		// if JWS is unsecured
+		if ($jws->isUnsecured()) {
+			return self::_validatedPayloadFromUnsecuredJWS($jws, $ctx);
+		}
+		return self::_validatedPayloadFromSignedJWS($jws, $ctx->keys());
+	}
 
-    /**
-     * Get validated payload from an unsecured JWS.
-     *
-     * @param JWS               $jws JWS
-     * @param ValidationContext $ctx Validation context
-     *
-     * @throws ValidationException If unsecured JWT's are not allowed, or JWS
-     *                             token is malformed
-     *
-     * @return string
-     */
-    private static function _validatedPayloadFromUnsecuredJWS(JWS $jws,
-        ValidationContext $ctx): string
-    {
-        if (!$ctx->isUnsecuredAllowed()) {
-            throw new ValidationException('Unsecured JWS not allowed.');
-        }
-        if (!$jws->validate(new NoneAlgorithm())) {
-            throw new ValidationException('Malformed unsecured token.');
-        }
-        return $jws->payload();
-    }
+	/**
+	 * Get validated payload from an unsecured JWS.
+	 *
+	 * @param JWS               $jws JWS
+	 * @param ValidationContext $ctx Validation context
+	 *
+	 * @throws ValidationException If unsecured JWT's are not allowed, or JWS
+	 *                             token is malformed
+	 *
+	 * @return string
+	 */
+	private static function _validatedPayloadFromUnsecuredJWS(JWS $jws,
+		ValidationContext $ctx): string
+	{
+		if (!$ctx->isUnsecuredAllowed()) {
+			throw new ValidationException('Unsecured JWS not allowed.');
+		}
+		if (!$jws->validate(new NoneAlgorithm())) {
+			throw new ValidationException('Malformed unsecured token.');
+		}
+		return $jws->payload();
+	}
 
-    /**
-     * Get validated payload from a signed JWS.
-     *
-     * @param JWS    $jws  JWS
-     * @param JWKSet $keys Set of allowed keys for the signature validation
-     *
-     * @throws ValidationException If validation fails
-     *
-     * @return string
-     */
-    private static function _validatedPayloadFromSignedJWS(JWS $jws, JWKSet $keys): string
-    {
-        try {
-            // explicitly defined key
-            if (1 === count($keys)) {
-                $valid = $jws->validateWithJWK($keys->first());
-            } else {
-                $valid = $jws->validateWithJWKSet($keys);
-            }
-        } catch (\RuntimeException $e) {
-            throw new ValidationException('JWS validation failed.', 0, $e);
-        }
-        if (!$valid) {
-            throw new ValidationException('JWS signature is invalid.');
-        }
-        return $jws->payload();
-    }
+	/**
+	 * Get validated payload from a signed JWS.
+	 *
+	 * @param JWS    $jws  JWS
+	 * @param JWKSet $keys Set of allowed keys for the signature validation
+	 *
+	 * @throws ValidationException If validation fails
+	 *
+	 * @return string
+	 */
+	private static function _validatedPayloadFromSignedJWS(JWS $jws, JWKSet $keys): string
+	{
+		try {
+			// explicitly defined key
+			if (1 === count($keys)) {
+				$valid = $jws->validateWithJWK($keys->first());
+			} else {
+				$valid = $jws->validateWithJWKSet($keys);
+			}
+		} catch (\RuntimeException $e) {
+			throw new ValidationException('JWS validation failed.', 0, $e);
+		}
+		if (!$valid) {
+			throw new ValidationException('JWS signature is invalid.');
+		}
+		return $jws->payload();
+	}
 
-    /**
-     * Get validated payload from an encrypted JWE.
-     *
-     * @param JWE               $jwe JWE
-     * @param ValidationContext $ctx Validation context
-     *
-     * @throws ValidationException If decryption fails
-     *
-     * @return string
-     */
-    private static function _validatedPayloadFromJWE(JWE $jwe,
-        ValidationContext $ctx): string
-    {
-        try {
-            $keys = $ctx->keys();
-            // explicitly defined key
-            if (1 === count($keys)) {
-                return $jwe->decryptWithJWK($keys->first());
-            }
-            return $jwe->decryptWithJWKSet($keys);
-        } catch (\RuntimeException $e) {
-            throw new ValidationException('JWE validation failed.', 0, $e);
-        }
-    }
+	/**
+	 * Get validated payload from an encrypted JWE.
+	 *
+	 * @param JWE               $jwe JWE
+	 * @param ValidationContext $ctx Validation context
+	 *
+	 * @throws ValidationException If decryption fails
+	 *
+	 * @return string
+	 */
+	private static function _validatedPayloadFromJWE(JWE $jwe,
+		ValidationContext $ctx): string
+	{
+		try {
+			$keys = $ctx->keys();
+			// explicitly defined key
+			if (1 === count($keys)) {
+				return $jwe->decryptWithJWK($keys->first());
+			}
+			return $jwe->decryptWithJWKSet($keys);
+		} catch (\RuntimeException $e) {
+			throw new ValidationException('JWE validation failed.', 0, $e);
+		}
+	}
 }