1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* The MIT License (MIT) |
7
|
|
|
* |
8
|
|
|
* Copyright (c) 2014-2019 Spomky-Labs |
9
|
|
|
* |
10
|
|
|
* This software may be modified and distributed under the terms |
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace Jose\Component\Checker; |
15
|
|
|
|
16
|
|
|
/** |
17
|
|
|
* This class is a claim checker. |
18
|
|
|
* When the "iat" is present, it will compare the value with the current timestamp. |
19
|
|
|
*/ |
20
|
|
|
final class IssuedAtChecker implements ClaimChecker, HeaderChecker |
21
|
|
|
{ |
22
|
|
|
private const NAME = 'iat'; |
23
|
|
|
|
24
|
|
|
/** |
25
|
|
|
* @var int |
26
|
|
|
*/ |
27
|
|
|
private $allowedTimeDrift; |
28
|
|
|
/** |
29
|
|
|
* @var bool |
30
|
|
|
*/ |
31
|
|
|
private $protectedHeaderOnly; |
32
|
|
|
|
33
|
|
|
public function __construct(int $allowedTimeDrift = 0, bool $protectedHeaderOnly = false) |
34
|
|
|
{ |
35
|
|
|
$this->allowedTimeDrift = $allowedTimeDrift; |
36
|
|
|
$this->protectedHeaderOnly = $protectedHeaderOnly; |
37
|
|
|
} |
38
|
|
|
|
39
|
|
|
/** |
40
|
|
|
* {@inheritdoc} |
41
|
|
|
*/ |
42
|
|
|
public function checkClaim($value): void |
43
|
|
|
{ |
44
|
|
|
if (!\is_int($value)) { |
45
|
|
|
throw new InvalidClaimException('"iat" must be an integer.', self::NAME, $value); |
46
|
|
|
} |
47
|
|
|
if (time() < $value - $this->allowedTimeDrift) { |
48
|
|
|
throw new InvalidClaimException('The JWT is issued in the future.', self::NAME, $value); |
49
|
|
|
} |
50
|
|
|
} |
51
|
|
|
|
52
|
|
|
public function supportedClaim(): string |
53
|
|
|
{ |
54
|
|
|
return self::NAME; |
55
|
|
|
} |
56
|
|
|
|
57
|
|
|
public function checkHeader($value): void |
58
|
|
|
{ |
59
|
|
|
if (!\is_int($value)) { |
60
|
|
|
throw new InvalidHeaderException('The header "iat" must be an integer.', self::NAME, $value); |
61
|
|
|
} |
62
|
|
|
if (time() < $value - $this->allowedTimeDrift) { |
63
|
|
|
throw new InvalidHeaderException('The JWT is issued in the future.', self::NAME, $value); |
64
|
|
|
} |
65
|
|
|
} |
66
|
|
|
|
67
|
|
|
public function supportedHeader(): string |
68
|
|
|
{ |
69
|
|
|
return self::NAME; |
70
|
|
|
} |
71
|
|
|
|
72
|
|
|
public function protectedHeaderOnly(): bool |
73
|
|
|
{ |
74
|
|
|
return $this->protectedHeaderOnly; |
75
|
|
|
} |
76
|
|
|
} |
77
|
|
|
|