1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* The MIT License (MIT) |
7
|
|
|
* |
8
|
|
|
* Copyright (c) 2014-2019 Spomky-Labs |
9
|
|
|
* |
10
|
|
|
* This software may be modified and distributed under the terms |
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace Jose\Easy; |
15
|
|
|
|
16
|
|
|
use Jose\Component\Checker; |
17
|
|
|
use Jose\Component\Core\AlgorithmManager; |
18
|
|
|
use Jose\Component\Core\Util\JsonConverter; |
19
|
|
|
use Jose\Component\Signature\Algorithm; |
20
|
|
|
use Jose\Component\Signature\JWSTokenSupport; |
21
|
|
|
use Jose\Component\Signature\JWSVerifier; |
22
|
|
|
use Jose\Component\Signature\Serializer\CompactSerializer; |
23
|
|
|
|
24
|
|
|
class Validate extends AbstractLoader |
25
|
|
|
{ |
26
|
|
|
private function __construct(string $token) |
27
|
|
|
{ |
28
|
|
|
parent::__construct($token); |
29
|
|
|
$this->algorithms = [ |
30
|
|
|
new Algorithm\HS256(), |
31
|
|
|
new Algorithm\HS384(), |
32
|
|
|
new Algorithm\HS512(), |
33
|
|
|
new Algorithm\RS256(), |
34
|
|
|
new Algorithm\RS384(), |
35
|
|
|
new Algorithm\RS512(), |
36
|
|
|
new Algorithm\PS256(), |
37
|
|
|
new Algorithm\PS384(), |
38
|
|
|
new Algorithm\PS512(), |
39
|
|
|
new Algorithm\ES256(), |
40
|
|
|
new Algorithm\ES384(), |
41
|
|
|
new Algorithm\ES512(), |
42
|
|
|
new Algorithm\EdDSA(), |
43
|
|
|
]; |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
public static function token(string $token): self |
47
|
|
|
{ |
48
|
|
|
return new self($token); |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
public function run(): JWT |
52
|
|
|
{ |
53
|
|
|
if (0 !== \count($this->allowedAlgorithms)) { |
54
|
|
|
$this->headerCheckers[] = new Checker\AlgorithmChecker($this->allowedAlgorithms, true); |
55
|
|
|
} |
56
|
|
|
$jws = (new CompactSerializer())->unserialize($this->token); |
57
|
|
|
$headerChecker = new Checker\HeaderCheckerManager($this->headerCheckers, [new JWSTokenSupport()]); |
58
|
|
|
$headerChecker->check($jws, 0); |
59
|
|
|
|
60
|
|
|
$verifier = new JWSVerifier(new AlgorithmManager($this->algorithms)); |
61
|
|
|
$verifier->verifyWithKeySet($jws, $this->jwkset, 0); |
62
|
|
|
|
63
|
|
|
$jwt = new JWT(); |
64
|
|
|
$jwt->header->replace($jws->getSignature(0)->getProtectedHeader()); |
65
|
|
|
$jwt->claims->replace(JsonConverter::decode($jws->getPayload())); |
66
|
|
|
|
67
|
|
|
$claimChecker = new Checker\ClaimCheckerManager($this->claimCheckers); |
68
|
|
|
$claimChecker->check($jwt->claims->all()); |
69
|
|
|
|
70
|
|
|
return $jwt; |
71
|
|
|
} |
72
|
|
|
} |
73
|
|
|
|