summaryrefslogtreecommitdiffstats
path: root/vendor/web-token/jwt-core/Util/KeyChecker.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--vendor/web-token/jwt-core/Util/KeyChecker.php214
1 files changed, 107 insertions, 107 deletions
diff --git a/vendor/web-token/jwt-core/Util/KeyChecker.php b/vendor/web-token/jwt-core/Util/KeyChecker.php
index 09385a4..38cf581 100644
--- a/vendor/web-token/jwt-core/Util/KeyChecker.php
+++ b/vendor/web-token/jwt-core/Util/KeyChecker.php
@@ -1,107 +1,107 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * The MIT License (MIT)
- *
- * Copyright (c) 2014-2018 Spomky-Labs
- *
- * This software may be modified and distributed under the terms
- * of the MIT license. See the LICENSE file for details.
- */
-
-namespace Jose\Component\Core\Util;
-
-use Jose\Component\Core\JWK;
-
-/**
- * @internal
- */
-class KeyChecker
-{
- /**
- * @throws \InvalidArgumentException
- */
- public static function checkKeyUsage(JWK $key, string $usage): bool
- {
- if ($key->has('use')) {
- return self::checkUsage($key, $usage);
- }
- if ($key->has('key_ops')) {
- return self::checkOperation($key, $usage);
- }
-
- return true;
- }
-
- private static function checkOperation(JWK $key, string $usage): bool
- {
- $ops = $key->get('key_ops');
- if (!\is_array($ops)) {
- $ops = [$ops];
- }
- switch ($usage) {
- case 'verification':
- if (!\in_array('verify', $ops, true)) {
- throw new \InvalidArgumentException('Key cannot be used to verify a signature');
- }
-
- return true;
- case 'signature':
- if (!\in_array('sign', $ops, true)) {
- throw new \InvalidArgumentException('Key cannot be used to sign');
- }
-
- return true;
- case 'encryption':
- if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) {
- throw new \InvalidArgumentException('Key cannot be used to encrypt');
- }
-
- return true;
- case 'decryption':
- if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) {
- throw new \InvalidArgumentException('Key cannot be used to decrypt');
- }
-
- return true;
- default:
- throw new \InvalidArgumentException('Unsupported key usage.');
- }
- }
-
- private static function checkUsage(JWK $key, string $usage): bool
- {
- $use = $key->get('use');
- switch ($usage) {
- case 'verification':
- case 'signature':
- if ('sig' !== $use) {
- throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
- }
-
- return true;
- case 'encryption':
- case 'decryption':
- if ('enc' !== $use) {
- throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
- }
-
- return true;
- default:
- throw new \InvalidArgumentException('Unsupported key usage.');
- }
- }
-
- public static function checkKeyAlgorithm(JWK $key, string $algorithm)
- {
- if (!$key->has('alg')) {
- return;
- }
-
- if ($key->get('alg') !== $algorithm) {
- throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
- }
- }
-}
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+use Jose\Component\Core\JWK;
+
+/**
+ * @internal
+ */
+class KeyChecker
+{
+ /**
+ * @throws \InvalidArgumentException
+ */
+ public static function checkKeyUsage(JWK $key, string $usage): bool
+ {
+ if ($key->has('use')) {
+ return self::checkUsage($key, $usage);
+ }
+ if ($key->has('key_ops')) {
+ return self::checkOperation($key, $usage);
+ }
+
+ return true;
+ }
+
+ private static function checkOperation(JWK $key, string $usage): bool
+ {
+ $ops = $key->get('key_ops');
+ if (!\is_array($ops)) {
+ $ops = [$ops];
+ }
+ switch ($usage) {
+ case 'verification':
+ if (!\in_array('verify', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to verify a signature');
+ }
+
+ return true;
+ case 'signature':
+ if (!\in_array('sign', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to sign');
+ }
+
+ return true;
+ case 'encryption':
+ if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt');
+ }
+
+ return true;
+ case 'decryption':
+ if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to decrypt');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ private static function checkUsage(JWK $key, string $usage): bool
+ {
+ $use = $key->get('use');
+ switch ($usage) {
+ case 'verification':
+ case 'signature':
+ if ('sig' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
+ }
+
+ return true;
+ case 'encryption':
+ case 'decryption':
+ if ('enc' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ public static function checkKeyAlgorithm(JWK $key, string $algorithm)
+ {
+ if (!$key->has('alg')) {
+ return;
+ }
+
+ if ($key->get('alg') !== $algorithm) {
+ throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 00:11:26 +0200