vendor/lexik/jwt-authentication-bundle/Services/JWSProvider/DefaultJWSProvider.php line 5

Open in your IDE?
  1. <?php
  3. namespace Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider;
  5. @trigger_error(sprintf('The "%s" class is deprecated since version 2.5 and will be removed in 3.0. Use "%s" or create your own "%s" implementation instead.'DefaultJWSProvider::class, LcobucciJWSProvider::class, JWSProviderInterface::class), E_USER_DEPRECATED);
  7. use Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader\KeyLoaderInterface;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Signature\CreatedJWS;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Signature\LoadedJWS;
  10. use Namshi\JOSE\JWS;
  12. /**
  13.  * JWS Provider, Namshi\JOSE library integration.
  14.  * Supports OpenSSL and phpseclib crypto engines.
  15.  *
  16.  * @final
  17.  *
  18.  * @author Robin Chalas <robin.chalas@gmail.com>
  19.  *
  20.  * @deprecated since version 2.5, to be removed in 3.0
  21.  */
  22. class DefaultJWSProvider implements JWSProviderInterface
  23. {
  24.     /**
  25.      * @var KeyLoaderInterface
  26.      */
  27.     private $keyLoader;
  29.     /**
  30.      * @var string
  31.      */
  32.     private $cryptoEngine;
  34.     /**
  35.      * @var string
  36.      */
  37.     private $signatureAlgorithm;
  39.     /**
  40.      * @var int
  41.      */
  42.     private $ttl;
  44.     /**
  45.      * @var int
  46.      */
  47.     private $clockSkew;
  49.     /**
  50.      * @param string $cryptoEngine
  51.      * @param string $signatureAlgorithm
  52.      * @param int    $ttl
  53.      * @param int    $clockSkew
  54.      *
  55.      * @throws \InvalidArgumentException If the given algorithm is not supported
  56.      */
  57.     public function __construct(KeyLoaderInterface $keyLoader$cryptoEngine$signatureAlgorithm$ttl$clockSkew)
  58.     {
  59.         if (null !== $ttl && !is_numeric($ttl)) {
  60.             throw new \InvalidArgumentException(sprintf('The TTL should be a numeric value, got %s instead.'$ttl));
  61.         }
  63.         if (null !== $clockSkew && !is_numeric($clockSkew)) {
  64.             throw new \InvalidArgumentException(sprintf('The clock skew should be a numeric value, got %s instead.'$clockSkew));
  65.         }
  67.         $cryptoEngine 'openssl' == $cryptoEngine 'OpenSSL' 'SecLib';
  69.         if (!$this->isAlgorithmSupportedForEngine($cryptoEngine$signatureAlgorithm)) {
  70.             throw new \InvalidArgumentException(sprintf('The algorithm "%s" is not supported for %s'$signatureAlgorithm$cryptoEngine));
  71.         }
  73.         $this->keyLoader $keyLoader;
  74.         $this->cryptoEngine $cryptoEngine;
  75.         $this->signatureAlgorithm $signatureAlgorithm;
  76.         $this->ttl $ttl;
  77.         $this->clockSkew $clockSkew;
  78.     }
  80.     /**
  81.      * {@inheritdoc}
  82.      */
  83.     public function create(array $payload, array $header = [])
  84.     {
  85.         $header['alg'] = $this->signatureAlgorithm;
  87.         $jws = new JWS($header$this->cryptoEngine);
  88.         $claims = ['iat' => time()];
  90.         if (null !== $this->ttl && !isset($payload['exp'])) {
  91.             $claims['exp'] = time() + $this->ttl;
  92.         }
  94.         $jws->setPayload($payload $claims);
  95.         $jws->sign(
  96.             $this->keyLoader->loadKey('private'),
  97.             $this->keyLoader->getPassphrase()
  98.         );
  100.         return new CreatedJWS($jws->getTokenString(), $jws->isSigned());
  101.     }
  103.     /**
  104.      * {@inheritdoc}
  105.      */
  106.     public function load($token)
  107.     {
  108.         $jws JWS::load($tokenfalsenull$this->cryptoEngine);
  110.         return new LoadedJWS(
  111.             $jws->getPayload(),
  112.             $jws->verify($this->keyLoader->loadKey('public'), $this->signatureAlgorithm),
  113.             null !== $this->ttl,
  114.             $jws->getHeader(),
  115.             $this->clockSkew
  116.         );
  117.     }
  119.     /**
  120.      * @param string $cryptoEngine
  121.      * @param string $signatureAlgorithm
  122.      *
  123.      * @return bool
  124.      */
  125.     private function isAlgorithmSupportedForEngine($cryptoEngine$signatureAlgorithm)
  126.     {
  127.         $signerClass sprintf('Namshi\\JOSE\\Signer\\%s\\%s'$cryptoEngine$signatureAlgorithm);
  129.         return class_exists($signerClass);
  130.     }
  131. }