1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* The MIT License (MIT) |
7
|
|
|
* |
8
|
|
|
* Copyright (c) 2014-2019 Spomky-Labs |
9
|
|
|
* |
10
|
|
|
* This software may be modified and distributed under the terms |
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace Jose\Component\Signature\Serializer; |
15
|
|
|
|
16
|
|
|
use Base64Url\Base64Url; |
17
|
|
|
use InvalidArgumentException; |
18
|
|
|
use Jose\Component\Core\Util\JsonConverter; |
19
|
|
|
use Jose\Component\Signature\JWS; |
20
|
|
|
|
21
|
|
|
final class JSONFlattenedSerializer extends Serializer |
22
|
|
|
{ |
23
|
|
|
public const NAME = 'jws_json_flattened'; |
24
|
|
|
|
25
|
|
|
public function displayName(): string |
26
|
|
|
{ |
27
|
|
|
return 'JWS JSON Flattened'; |
28
|
|
|
} |
29
|
|
|
|
30
|
|
|
public function name(): string |
31
|
|
|
{ |
32
|
|
|
return self::NAME; |
33
|
|
|
} |
34
|
|
|
|
35
|
|
|
public function serialize(JWS $jws, ?int $signatureIndex = null): string |
36
|
|
|
{ |
37
|
|
|
if (null === $signatureIndex) { |
38
|
|
|
$signatureIndex = 0; |
39
|
|
|
} |
40
|
|
|
$signature = $jws->getSignature($signatureIndex); |
41
|
|
|
|
42
|
|
|
$data = []; |
43
|
|
|
$values = [ |
|
|
|
|
44
|
|
|
'payload' => $jws->getEncodedPayload(), |
45
|
|
|
'protected' => $signature->getEncodedProtectedHeader(), |
46
|
|
|
'header' => $signature->getHeader(), |
47
|
|
|
]; |
48
|
|
|
$encodedPayload = $jws->getEncodedPayload(); |
49
|
|
|
if (null !== $encodedPayload && '' !== $encodedPayload) { |
50
|
|
|
$data['payload'] = $encodedPayload; |
51
|
|
|
} |
52
|
|
|
$encodedProtectedHeader = $signature->getEncodedProtectedHeader(); |
53
|
|
|
if (null !== $encodedProtectedHeader && '' !== $encodedProtectedHeader) { |
54
|
|
|
$data['protected'] = $encodedProtectedHeader; |
55
|
|
|
} |
56
|
|
|
$header = $signature->getHeader(); |
57
|
|
|
if (0 !== \count($header)) { |
58
|
|
|
$data['header'] = $header; |
59
|
|
|
} |
60
|
|
|
$data['signature'] = Base64Url::encode($signature->getSignature()); |
61
|
|
|
|
62
|
|
|
return JsonConverter::encode($data); |
63
|
|
|
} |
64
|
|
|
|
65
|
|
|
/** |
66
|
|
|
* @throws InvalidArgumentException if the input is not supported |
67
|
|
|
* @throws InvalidArgumentException if the JWS header is invalid |
68
|
|
|
*/ |
69
|
|
|
public function unserialize(string $input): JWS |
70
|
|
|
{ |
71
|
|
|
$data = JsonConverter::decode($input); |
72
|
|
|
if (!\is_array($data)) { |
73
|
|
|
throw new InvalidArgumentException('Unsupported input.'); |
74
|
|
|
} |
75
|
|
|
if (!isset($data['signature'])) { |
76
|
|
|
throw new InvalidArgumentException('Unsupported input.'); |
77
|
|
|
} |
78
|
|
|
$signature = Base64Url::decode($data['signature']); |
79
|
|
|
|
80
|
|
|
if (isset($data['protected'])) { |
81
|
|
|
$encodedProtectedHeader = $data['protected']; |
82
|
|
|
$protectedHeader = JsonConverter::decode(Base64Url::decode($data['protected'])); |
83
|
|
|
} else { |
84
|
|
|
$encodedProtectedHeader = null; |
85
|
|
|
$protectedHeader = []; |
86
|
|
|
} |
87
|
|
|
if (isset($data['header'])) { |
88
|
|
|
if (!\is_array($data['header'])) { |
89
|
|
|
throw new InvalidArgumentException('Bad header.'); |
90
|
|
|
} |
91
|
|
|
$header = $data['header']; |
92
|
|
|
} else { |
93
|
|
|
$header = []; |
94
|
|
|
} |
95
|
|
|
|
96
|
|
|
if (isset($data['payload'])) { |
97
|
|
|
$encodedPayload = $data['payload']; |
98
|
|
|
$payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload; |
99
|
|
|
} else { |
100
|
|
|
$payload = null; |
101
|
|
|
$encodedPayload = null; |
102
|
|
|
} |
103
|
|
|
|
104
|
|
|
$jws = new JWS($payload, $encodedPayload, null === $encodedPayload); |
105
|
|
|
|
106
|
|
|
return $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader, $header); |
107
|
|
|
} |
108
|
|
|
} |
109
|
|
|
|
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVar
assignment in line 1 and the$higher
assignment in line 2 are dead. The first because$myVar
is never used and the second because$higher
is always overwritten for every possible time line.