diff options
Diffstat (limited to '')
-rw-r--r-- | vendor/web-token/jwt-core/Util/KeyChecker.php | 214 |
1 files changed, 107 insertions, 107 deletions
diff --git a/vendor/web-token/jwt-core/Util/KeyChecker.php b/vendor/web-token/jwt-core/Util/KeyChecker.php index 09385a4..38cf581 100644 --- a/vendor/web-token/jwt-core/Util/KeyChecker.php +++ b/vendor/web-token/jwt-core/Util/KeyChecker.php @@ -1,107 +1,107 @@ -<?php - -declare(strict_types=1); - -/* - * The MIT License (MIT) - * - * Copyright (c) 2014-2018 Spomky-Labs - * - * This software may be modified and distributed under the terms - * of the MIT license. See the LICENSE file for details. - */ - -namespace Jose\Component\Core\Util; - -use Jose\Component\Core\JWK; - -/** - * @internal - */ -class KeyChecker -{ - /** - * @throws \InvalidArgumentException - */ - public static function checkKeyUsage(JWK $key, string $usage): bool - { - if ($key->has('use')) { - return self::checkUsage($key, $usage); - } - if ($key->has('key_ops')) { - return self::checkOperation($key, $usage); - } - - return true; - } - - private static function checkOperation(JWK $key, string $usage): bool - { - $ops = $key->get('key_ops'); - if (!\is_array($ops)) { - $ops = [$ops]; - } - switch ($usage) { - case 'verification': - if (!\in_array('verify', $ops, true)) { - throw new \InvalidArgumentException('Key cannot be used to verify a signature'); - } - - return true; - case 'signature': - if (!\in_array('sign', $ops, true)) { - throw new \InvalidArgumentException('Key cannot be used to sign'); - } - - return true; - case 'encryption': - if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) { - throw new \InvalidArgumentException('Key cannot be used to encrypt'); - } - - return true; - case 'decryption': - if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) { - throw new \InvalidArgumentException('Key cannot be used to decrypt'); - } - - return true; - default: - throw new \InvalidArgumentException('Unsupported key usage.'); - } - } - - private static function checkUsage(JWK $key, string $usage): bool - { - $use = $key->get('use'); - switch ($usage) { - case 'verification': - case 'signature': - if ('sig' !== $use) { - throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.'); - } - - return true; - case 'encryption': - case 'decryption': - if ('enc' !== $use) { - throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.'); - } - - return true; - default: - throw new \InvalidArgumentException('Unsupported key usage.'); - } - } - - public static function checkKeyAlgorithm(JWK $key, string $algorithm) - { - if (!$key->has('alg')) { - return; - } - - if ($key->get('alg') !== $algorithm) { - throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg'))); - } - } -} +<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+use Jose\Component\Core\JWK;
+
+/**
+ * @internal
+ */
+class KeyChecker
+{
+ /**
+ * @throws \InvalidArgumentException
+ */
+ public static function checkKeyUsage(JWK $key, string $usage): bool
+ {
+ if ($key->has('use')) {
+ return self::checkUsage($key, $usage);
+ }
+ if ($key->has('key_ops')) {
+ return self::checkOperation($key, $usage);
+ }
+
+ return true;
+ }
+
+ private static function checkOperation(JWK $key, string $usage): bool
+ {
+ $ops = $key->get('key_ops');
+ if (!\is_array($ops)) {
+ $ops = [$ops];
+ }
+ switch ($usage) {
+ case 'verification':
+ if (!\in_array('verify', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to verify a signature');
+ }
+
+ return true;
+ case 'signature':
+ if (!\in_array('sign', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to sign');
+ }
+
+ return true;
+ case 'encryption':
+ if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt');
+ }
+
+ return true;
+ case 'decryption':
+ if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to decrypt');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ private static function checkUsage(JWK $key, string $usage): bool
+ {
+ $use = $key->get('use');
+ switch ($usage) {
+ case 'verification':
+ case 'signature':
+ if ('sig' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
+ }
+
+ return true;
+ case 'encryption':
+ case 'decryption':
+ if ('enc' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ public static function checkKeyAlgorithm(JWK $key, string $algorithm)
+ {
+ if (!$key->has('alg')) {
+ return;
+ }
+
+ if ($key->get('alg') !== $algorithm) {
+ throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
+ }
+ }
+}
|