diff options
| author | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
|---|---|---|
| committer | Anton Luka Šijanec <anton@sijanec.eu> | 2022-01-11 12:35:47 +0100 |
| commit | 19985dbb8c0aa66dc4bf7905abc1148de909097d (patch) | |
| tree | 2cd5a5d20d7e80fc2a51adf60d838d8a2c40999e /vendor/web-token | |
| download | 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.gz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.bz2 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.lz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.xz 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.zst 1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.zip | |
Diffstat (limited to '')
92 files changed, 7565 insertions, 0 deletions
diff --git a/vendor/web-token/jwt-core/Algorithm.php b/vendor/web-token/jwt-core/Algorithm.php new file mode 100644 index 0000000..7ae0f15 --- /dev/null +++ b/vendor/web-token/jwt-core/Algorithm.php @@ -0,0 +1,29 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +interface Algorithm +{ + /** + * Returns the name of the algorithm. + */ + public function name(): string; + + /** + * Returns the key types suitable for this algorithm (e.g. "oct", "RSA"...). + * + * @return string[] + */ + public function allowedKeyTypes(): array; +} diff --git a/vendor/web-token/jwt-core/AlgorithmManager.php b/vendor/web-token/jwt-core/AlgorithmManager.php new file mode 100644 index 0000000..88beee4 --- /dev/null +++ b/vendor/web-token/jwt-core/AlgorithmManager.php @@ -0,0 +1,95 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +class AlgorithmManager +{ + /** + * @var array + */ + private $algorithms = []; + + /** + * AlgorithmManager constructor. + * + * @param Algorithm[] $algorithms + */ + public function __construct(array $algorithms) + { + foreach ($algorithms as $algorithm) { + $this->add($algorithm); + } + } + + /** + * This method creates an alogithm manager using the given algorithms. + * + * @deprecated Will be removed in v2.0. Please use constructor instead + * + * @param Algorithm[] $algorithms + * + * @return AlgorithmManager + */ + public static function create(array $algorithms): self + { + return new self($algorithms); + } + + /** + * Returns true if the algorithm is supported. + * + * @param string $algorithm The algorithm + */ + public function has(string $algorithm): bool + { + return \array_key_exists($algorithm, $this->algorithms); + } + + /** + * Returns the list of names of supported algorithms. + * + * @return string[] + */ + public function list(): array + { + return \array_keys($this->algorithms); + } + + /** + * Returns the algorithm if supported, otherwise throw an exception. + * + * @param string $algorithm The algorithm + */ + public function get(string $algorithm): Algorithm + { + if (!$this->has($algorithm)) { + throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported.', $algorithm)); + } + + return $this->algorithms[$algorithm]; + } + + /** + * Adds an algorithm to the manager. + * + * @return AlgorithmManager + */ + private function add(Algorithm $algorithm): self + { + $name = $algorithm->name(); + $this->algorithms[$name] = $algorithm; + + return $this; + } +} diff --git a/vendor/web-token/jwt-core/AlgorithmManagerFactory.php b/vendor/web-token/jwt-core/AlgorithmManagerFactory.php new file mode 100644 index 0000000..0526374 --- /dev/null +++ b/vendor/web-token/jwt-core/AlgorithmManagerFactory.php @@ -0,0 +1,77 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +class AlgorithmManagerFactory +{ + /** + * @var array + */ + private $algorithms = []; + + /** + * Adds an algorithm. + * + * Each algorithm is identified by an alias hence it is allowed to have the same algorithm twice (or more). + * This can be helpful when an algorithm have several configuration options. + * + * @return AlgorithmManagerFactory + */ + public function add(string $alias, Algorithm $algorithm): self + { + $this->algorithms[$alias] = $algorithm; + + return $this; + } + + /** + * Returns the list of aliases. + * + * @return string[] + */ + public function aliases(): array + { + return \array_keys($this->algorithms); + } + + /** + * Returns all algorithms supported by this factory. + * This is an associative array. Keys are the aliases of the algorithms. + * + * @return Algorithm[] + */ + public function all(): array + { + return $this->algorithms; + } + + /** + * Create an algorithm manager using the given aliases. + * + * @param string[] $aliases + */ + public function create(array $aliases): AlgorithmManager + { + $algorithms = []; + foreach ($aliases as $alias) { + if (\array_key_exists($alias, $this->algorithms)) { + $algorithms[] = $this->algorithms[$alias]; + } else { + throw new \InvalidArgumentException(\sprintf('The algorithm with the alias "%s" is not supported.', $alias)); + } + } + + return AlgorithmManager::create($algorithms); + } +} diff --git a/vendor/web-token/jwt-core/Converter/JsonConverter.php b/vendor/web-token/jwt-core/Converter/JsonConverter.php new file mode 100644 index 0000000..97fe176 --- /dev/null +++ b/vendor/web-token/jwt-core/Converter/JsonConverter.php @@ -0,0 +1,30 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Converter; + +/** + * @deprecated This interface is deprecated in v1.3 and will be removed in v2.0. + */ +interface JsonConverter +{ + /** + * Convert the payload into a string. + */ + public function encode($payload): string; + + /** + * Convert a string into payload. + */ + public function decode(string $payload, bool $associativeArray = true); +} diff --git a/vendor/web-token/jwt-core/Converter/StandardConverter.php b/vendor/web-token/jwt-core/Converter/StandardConverter.php new file mode 100644 index 0000000..87a45e1 --- /dev/null +++ b/vendor/web-token/jwt-core/Converter/StandardConverter.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Converter; + +/** + * @deprecated This class is deprecated in v1.3 and will be removed in v2.0 + */ +final class StandardConverter implements JsonConverter +{ + /** + * @var int + */ + private $options; + + /** + * @var int + */ + private $depth; + + /** + * StandardJsonEncoder constructor. + * See also json_encode and json_decode parameters. + */ + public function __construct(int $options = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE, int $depth = 512) + { + $this->options = $options; + $this->depth = $depth; + } + + public function encode($payload): string + { + return \json_encode($payload, $this->options, $this->depth); + } + + public function decode(string $payload, bool $associativeArray = true) + { + return \json_decode($payload, $associativeArray, $this->depth, $this->options); + } +} diff --git a/vendor/web-token/jwt-core/JWK.php b/vendor/web-token/jwt-core/JWK.php new file mode 100644 index 0000000..c1ff481 --- /dev/null +++ b/vendor/web-token/jwt-core/JWK.php @@ -0,0 +1,148 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +use Base64Url\Base64Url; + +class JWK implements \JsonSerializable +{ + /** + * @var array + */ + private $values = []; + + /** + * JWK constructor. + */ + public function __construct(array $values) + { + if (!\array_key_exists('kty', $values)) { + throw new \InvalidArgumentException('The parameter "kty" is mandatory.'); + } + + $this->values = $values; + } + + /** + * Creates a JWK object using the given values. + * The member "kty" is mandatory. Other members are NOT checked. + * + * @deprecated Will be removed in v2.0. Please use constructor instead + * + * @return JWK + */ + public static function create(array $values): self + { + return new self($values); + } + + /** + * Creates a JWK object using the given Json string. + * + * @return JWK + */ + public static function createFromJson(string $json): self + { + $data = \json_decode($json, true); + if (!\is_array($data)) { + throw new \InvalidArgumentException('Invalid argument.'); + } + + return self::create($data); + } + + /** + * Returns the values to be serialized. + */ + public function jsonSerialize() + { + return $this->values; + } + + /** + * Get the value with a specific key. + * + * @param string $key The key + * + * @throws \InvalidArgumentException + * + * @return mixed|null + */ + public function get(string $key) + { + if (!$this->has($key)) { + throw new \InvalidArgumentException(\sprintf('The value identified by "%s" does not exist.', $key)); + } + + return $this->values[$key]; + } + + /** + * Returns true if the JWK has the value identified by. + * + * @param string $key The key + */ + public function has(string $key): bool + { + return \array_key_exists($key, $this->values); + } + + /** + * Get all values stored in the JWK object. + * + * @return array Values of the JWK object + */ + public function all(): array + { + return $this->values; + } + + /** + * Returns the thumbprint of the key. + * + * @see https://tools.ietf.org/html/rfc7638 + * + * @throws \InvalidArgumentException + */ + public function thumbprint(string $hash_algorithm): string + { + if (!\in_array($hash_algorithm, \hash_algos(), true)) { + throw new \InvalidArgumentException(\sprintf('The hash algorithm "%s" is not supported.', $hash_algorithm)); + } + + $values = \array_intersect_key($this->values, \array_flip(['kty', 'n', 'e', 'crv', 'x', 'y', 'k'])); + \ksort($values); + $input = \json_encode($values, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); + + return Base64Url::encode(\hash($hash_algorithm, $input, true)); + } + + /** + * Returns the associated public key. + * This method has no effect for: + * - public keys + * - shared keys + * - unknown keys. + * + * Known keys are "oct", "RSA", "EC" and "OKP". + * + * @return JWK + */ + public function toPublic(): self + { + $values = \array_diff_key($this->values, \array_flip(['p', 'd', 'q', 'dp', 'dq', 'qi'])); + + return new self($values); + } +} diff --git a/vendor/web-token/jwt-core/JWKSet.php b/vendor/web-token/jwt-core/JWKSet.php new file mode 100644 index 0000000..efcd417 --- /dev/null +++ b/vendor/web-token/jwt-core/JWKSet.php @@ -0,0 +1,321 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +use InvalidArgumentException; + +class JWKSet implements \Countable, \IteratorAggregate, \JsonSerializable +{ + /** + * @var array + */ + private $keys = []; + + /** + * JWKSet constructor. + * + * @param JWK[] $keys + */ + public function __construct(array $keys) + { + foreach ($keys as $k => $key) { + if (!$key instanceof JWK) { + throw new InvalidArgumentException('Invalid list. Should only contains JWK objects'); + } + if ($key->has('kid')) { + unset($keys[$k]); + $this->keys[$key->get('kid')] = $key; + } else { + $this->keys[] = $key; + } + } + } + + /** + * Creates a JWKSet object using the given values. + * + * @return JWKSet + */ + public static function createFromKeyData(array $data): self + { + if (!isset($data['keys'])) { + throw new InvalidArgumentException('Invalid data.'); + } + if (!\is_array($data['keys'])) { + throw new InvalidArgumentException('Invalid data.'); + } + $jwkset = new self([]); + foreach ($data['keys'] as $key) { + $jwk = new JWK($key); + if ($jwk->has('kid')) { + $jwkset->keys[$jwk->get('kid')] = $jwk; + } else { + $jwkset->keys[] = $jwk; + } + } + + return $jwkset; + } + + /** + * Creates a JWKSet object using the given JWK objects. + * + * @deprecated Will be removed in v2.0. Please use constructor instead. + * + * @param JWK[] $keys + * + * @return JWKSet + */ + public static function createFromKeys(array $keys): self + { + return new self($keys); + } + + /** + * Creates a JWKSet object using the given Json string. + * + * @return JWKSet + */ + public static function createFromJson(string $json): self + { + $data = \json_decode($json, true); + if (!\is_array($data)) { + throw new InvalidArgumentException('Invalid argument.'); + } + + return self::createFromKeyData($data); + } + + /** + * Returns an array of keys stored in the key set. + * + * @return JWK[] + */ + public function all(): array + { + return $this->keys; + } + + /** + * Add key to store in the key set. + * This method is immutable and will return a new object. + * + * @return JWKSet + */ + public function with(JWK $jwk): self + { + $clone = clone $this; + + if ($jwk->has('kid')) { + $clone->keys[$jwk->get('kid')] = $jwk; + } else { + $clone->keys[] = $jwk; + } + + return $clone; + } + + /** + * Remove key from the key set. + * This method is immutable and will return a new object. + * + * @param int|string $key Key to remove from the key set + * + * @return JWKSet + */ + public function without($key): self + { + if (!$this->has($key)) { + return $this; + } + + $clone = clone $this; + unset($clone->keys[$key]); + + return $clone; + } + + /** + * Returns true if the key set contains a key with the given index. + * + * @param int|string $index + */ + public function has($index): bool + { + return \array_key_exists($index, $this->keys); + } + + /** + * Returns the key with the given index. Throws an exception if the index is not present in the key store. + * + * @param int|string $index + */ + public function get($index): JWK + { + if (!$this->has($index)) { + throw new InvalidArgumentException('Undefined index.'); + } + + return $this->keys[$index]; + } + + /** + * Returns the values to be serialized. + */ + public function jsonSerialize(): array + { + return ['keys' => \array_values($this->keys)]; + } + + /** + * Returns the number of keys in the key set. + * + * @param int $mode + */ + public function count($mode = COUNT_NORMAL): int + { + return \count($this->keys, $mode); + } + + /** + * Try to find a key that fits on the selected requirements. + * Returns null if not found. + * + * @param string $type Must be 'sig' (signature) or 'enc' (encryption) + * @param Algorithm|null $algorithm Specifies the algorithm to be used + * @param array $restrictions More restrictions such as 'kid' or 'kty' + */ + public function selectKey(string $type, ?Algorithm $algorithm = null, array $restrictions = []): ?JWK + { + if (!\in_array($type, ['enc', 'sig'], true)) { + throw new InvalidArgumentException('Allowed key types are "sig" or "enc".'); + } + + $result = []; + foreach ($this->keys as $key) { + $ind = 0; + + $can_use = $this->canKeyBeUsedFor($type, $key); + if (false === $can_use) { + continue; + } + $ind += $can_use; + + $alg = $this->canKeyBeUsedWithAlgorithm($algorithm, $key); + if (false === $alg) { + continue; + } + $ind += $alg; + + if (false === $this->doesKeySatisfyRestrictions($restrictions, $key)) { + continue; + } + + $result[] = ['key' => $key, 'ind' => $ind]; + } + + if (empty($result)) { + return null; + } + + \usort($result, [$this, 'sortKeys']); + + return $result[0]['key']; + } + + /** + * @return bool|int + */ + private function canKeyBeUsedFor(string $type, JWK $key) + { + if ($key->has('use')) { + return $type === $key->get('use') ? 1 : false; + } + if ($key->has('key_ops')) { + return $type === self::convertKeyOpsToKeyUse($key->get('use')) ? 1 : false; + } + + return 0; + } + + /** + * @return bool|int + */ + private function canKeyBeUsedWithAlgorithm(?Algorithm $algorithm, JWK $key) + { + if (null === $algorithm) { + return 0; + } + if (!\in_array($key->get('kty'), $algorithm->allowedKeyTypes(), true)) { + return false; + } + if ($key->has('alg')) { + return $algorithm->name() === $key->get('alg') ? 2 : false; + } + + return 1; + } + + private function doesKeySatisfyRestrictions(array $restrictions, JWK $key): bool + { + foreach ($restrictions as $k => $v) { + if (!$key->has($k) || $v !== $key->get($k)) { + return false; + } + } + + return true; + } + + private static function convertKeyOpsToKeyUse(string $key_ops): string + { + switch ($key_ops) { + case 'verify': + case 'sign': + return 'sig'; + case 'encrypt': + case 'decrypt': + case 'wrapKey': + case 'unwrapKey': + return 'enc'; + default: + throw new InvalidArgumentException(\sprintf('Unsupported key operation value "%s"', $key_ops)); + } + } + + /** + * Internal method only. Should not be used. + * + * @internal + * @internal + */ + public static function sortKeys(array $a, array $b): int + { + if ($a['ind'] === $b['ind']) { + return 0; + } + + return ($a['ind'] > $b['ind']) ? -1 : 1; + } + + /** + * Internal method only. Should not be used. + * + * @internal + */ + public function getIterator() + { + return new \ArrayIterator($this->keys); + } +} diff --git a/vendor/web-token/jwt-core/JWT.php b/vendor/web-token/jwt-core/JWT.php new file mode 100644 index 0000000..b2cecf1 --- /dev/null +++ b/vendor/web-token/jwt-core/JWT.php @@ -0,0 +1,23 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core; + +interface JWT +{ + /** + * Returns the payload of the JWT. + * null is a valid payload (e.g. JWS with detached payload). + */ + public function getPayload(): ?string; +} diff --git a/vendor/web-token/jwt-core/LICENSE b/vendor/web-token/jwt-core/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-core/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-core/Util/BigInteger.php b/vendor/web-token/jwt-core/Util/BigInteger.php new file mode 100644 index 0000000..2513670 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/BigInteger.php @@ -0,0 +1,232 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +/** + * @internal + */ +class BigInteger +{ + /** + * Holds the BigInteger's value. + * + * @var \GMP + */ + private $value; + + private function __construct(\GMP $value) + { + $this->value = $value; + } + + /** + * @return BigInteger + */ + public static function createFromGMPResource(\GMP $value): self + { + return new self($value); + } + + /** + * @return BigInteger + */ + public static function createFromBinaryString(string $value): self + { + $value = '0x'.\unpack('H*', $value)[1]; + $value = \gmp_init($value, 16); + + return new self($value); + } + + /** + * @return BigInteger + */ + public static function createFromDecimal(int $value): self + { + $value = \gmp_init($value, 10); + + return new self($value); + } + + /** + * Converts a BigInteger to a binary string. + */ + public function toBytes(): string + { + if (0 === \gmp_cmp($this->value, \gmp_init(0))) { + return ''; + } + + $temp = \gmp_strval(\gmp_abs($this->value), 16); + $temp = \mb_strlen($temp, '8bit') & 1 ? '0'.$temp : $temp; + $temp = \hex2bin($temp); + + return \ltrim($temp, \chr(0)); + } + + /** + * Adds two BigIntegers. + * + * @param BigInteger $y + * + * @return BigInteger + */ + public function add(self $y): self + { + $value = \gmp_add($this->value, $y->value); + + return self::createFromGMPResource($value); + } + + /** + * Subtracts two BigIntegers. + * + * @param BigInteger $y + * + * @return BigInteger + */ + public function subtract(self $y): self + { + $value = \gmp_sub($this->value, $y->value); + + return self::createFromGMPResource($value); + } + + /** + * Multiplies two BigIntegers. + * + * @param BigInteger $x + * + * @return BigInteger + */ + public function multiply(self $x): self + { + $value = \gmp_mul($this->value, $x->value); + + return self::createFromGMPResource($value); + } + + /** + * Divides two BigIntegers. + * + * @param BigInteger $x + * + * @return BigInteger + */ + public function divide(self $x): self + { + $value = \gmp_div($this->value, $x->value); + + return self::createFromGMPResource($value); + } + + /** + * Performs modular exponentiation. + * + * @param BigInteger $e + * @param BigInteger $n + * + * @return BigInteger + */ + public function modPow(self $e, self $n): self + { + $value = \gmp_powm($this->value, $e->value, $n->value); + + return self::createFromGMPResource($value); + } + + /** + * Performs modular exponentiation. + * + * @param BigInteger $d + * + * @return BigInteger + */ + public function mod(self $d): self + { + $value = \gmp_mod($this->value, $d->value); + + return self::createFromGMPResource($value); + } + + /** + * Calculates modular inverses. + * + * @param BigInteger $n + * + * @return BigInteger + */ + public function modInverse(self $n): self + { + $value = \gmp_invert($this->value, $n->value); + + return self::createFromGMPResource($value); + } + + /** + * Compares two numbers. + * + * @param BigInteger $y + */ + public function compare(self $y): int + { + return \gmp_cmp($this->value, $y->value); + } + + /** + * @param BigInteger $y + */ + public function equals(self $y): bool + { + return 0 === $this->compare($y); + } + + /** + * @param BigInteger $y + * + * @return BigInteger + */ + public static function random(self $y): self + { + $zero = self::createFromDecimal(0); + + return self::createFromGMPResource(\gmp_random_range($zero->value, $y->value)); + } + + /** + * @param BigInteger $y + * + * @return BigInteger + */ + public function gcd(self $y): self + { + return self::createFromGMPResource(\gmp_gcd($this->value, $y->value)); + } + + /** + * @param BigInteger $y + */ + public function lowerThan(self $y): bool + { + return 0 > $this->compare($y); + } + + public function isEven(): bool + { + $zero = self::createFromDecimal(0); + $two = self::createFromDecimal(2); + + return $this->mod($two)->equals($zero); + } +} diff --git a/vendor/web-token/jwt-core/Util/ECKey.php b/vendor/web-token/jwt-core/Util/ECKey.php new file mode 100644 index 0000000..da409ba --- /dev/null +++ b/vendor/web-token/jwt-core/Util/ECKey.php @@ -0,0 +1,306 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +use Base64Url\Base64Url; +use InvalidArgumentException; +use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\Ecc\Curve; +use Jose\Component\Core\Util\Ecc\NistCurve; +use RuntimeException; +use Throwable; + +/** + * @internal + */ +class ECKey +{ + public static function convertToPEM(JWK $jwk): string + { + if ($jwk->has('d')) { + return self::convertPrivateKeyToPEM($jwk); + } + + return self::convertPublicKeyToPEM($jwk); + } + + public static function convertPublicKeyToPEM(JWK $jwk): string + { + switch ($jwk->get('crv')) { + case 'P-256': + $der = self::p256PublicKey(); + + break; + case 'P-384': + $der = self::p384PublicKey(); + + break; + case 'P-521': + $der = self::p521PublicKey(); + + break; + default: + throw new InvalidArgumentException('Unsupported curve.'); + } + $der .= self::getKey($jwk); + $pem = '-----BEGIN PUBLIC KEY-----'.PHP_EOL; + $pem .= chunk_split(base64_encode($der), 64, PHP_EOL); + $pem .= '-----END PUBLIC KEY-----'.PHP_EOL; + + return $pem; + } + + public static function convertPrivateKeyToPEM(JWK $jwk): string + { + switch ($jwk->get('crv')) { + case 'P-256': + $der = self::p256PrivateKey($jwk); + + break; + case 'P-384': + $der = self::p384PrivateKey($jwk); + + break; + case 'P-521': + $der = self::p521PrivateKey($jwk); + + break; + default: + throw new InvalidArgumentException('Unsupported curve.'); + } + $der .= self::getKey($jwk); + $pem = '-----BEGIN EC PRIVATE KEY-----'.PHP_EOL; + $pem .= chunk_split(base64_encode($der), 64, PHP_EOL); + $pem .= '-----END EC PRIVATE KEY-----'.PHP_EOL; + + return $pem; + } + + /** + * Creates a EC key with the given curve and additional values. + * + * @param string $curve The curve + * @param array $values values to configure the key + */ + public static function createECKey(string $curve, array $values = []): JWK + { + try { + $jwk = self::createECKeyUsingOpenSSL($curve); + } catch (Throwable $e) { + $jwk = self::createECKeyUsingPurePhp($curve); + } + $values = array_merge($values, $jwk); + + return new JWK($values); + } + + private static function getNistCurve(string $curve): Curve + { + switch ($curve) { + case 'P-256': + return NistCurve::curve256(); + case 'P-384': + return NistCurve::curve384(); + case 'P-521': + return NistCurve::curve521(); + default: + throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve)); + } + } + + private static function getNistCurveSize(string $curve): int + { + switch ($curve) { + case 'P-256': + return 256; + case 'P-384': + return 384; + case 'P-521': + return 521; + default: + throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve)); + } + } + + private static function createECKeyUsingPurePhp(string $curve): array + { + $nistCurve = self::getNistCurve($curve); + $privateKey = $nistCurve->createPrivateKey(); + $publicKey = $nistCurve->createPublicKey($privateKey); + + return [ + 'kty' => 'EC', + 'crv' => $curve, + 'x' => Base64Url::encode(str_pad(gmp_export($publicKey->getPoint()->getX()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)), + 'y' => Base64Url::encode(str_pad(gmp_export($publicKey->getPoint()->getY()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)), + 'd' => Base64Url::encode(str_pad(gmp_export($privateKey->getSecret()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)), + ]; + } + + private static function createECKeyUsingOpenSSL(string $curve): array + { + $key = openssl_pkey_new([ + 'curve_name' => self::getOpensslCurveName($curve), + 'private_key_type' => OPENSSL_KEYTYPE_EC, + ]); + if (false === $key) { + throw new RuntimeException('Unable to create the key'); + } + $result = openssl_pkey_export($key, $out); + if (false === $result) { + throw new RuntimeException('Unable to create the key'); + } + $res = openssl_pkey_get_private($out); + if (false === $res) { + throw new RuntimeException('Unable to create the key'); + } + $details = openssl_pkey_get_details($res); + $nistCurveSize = self::getNistCurveSize($curve); + + return [ + 'kty' => 'EC', + 'crv' => $curve, + 'd' => Base64Url::encode(str_pad($details['ec']['d'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)), + 'x' => Base64Url::encode(str_pad($details['ec']['x'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)), + 'y' => Base64Url::encode(str_pad($details['ec']['y'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)), + ]; + } + + private static function getOpensslCurveName(string $curve): string + { + switch ($curve) { + case 'P-256': + return 'prime256v1'; + case 'P-384': + return 'secp384r1'; + case 'P-521': + return 'secp521r1'; + default: + throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve)); + } + } + + private static function p256PublicKey(): string + { + return pack( + 'H*', + '3059' // SEQUENCE, length 89 + .'3013' // SEQUENCE, length 19 + .'0607' // OID, length 7 + .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key + .'0608' // OID, length 8 + .'2a8648ce3d030107' // 1.2.840.10045.3.1.7 = P-256 Curve + .'0342' // BIT STRING, length 66 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function p384PublicKey(): string + { + return pack( + 'H*', + '3076' // SEQUENCE, length 118 + .'3010' // SEQUENCE, length 16 + .'0607' // OID, length 7 + .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key + .'0605' // OID, length 5 + .'2b81040022' // 1.3.132.0.34 = P-384 Curve + .'0362' // BIT STRING, length 98 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function p521PublicKey(): string + { + return pack( + 'H*', + '30819b' // SEQUENCE, length 154 + .'3010' // SEQUENCE, length 16 + .'0607' // OID, length 7 + .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key + .'0605' // OID, length 5 + .'2b81040023' // 1.3.132.0.35 = P-521 Curve + .'038186' // BIT STRING, length 134 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function p256PrivateKey(JWK $jwk): string + { + $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 32, "\0", STR_PAD_LEFT))[1]; + + return pack( + 'H*', + '3077' // SEQUENCE, length 87+length($d)=32 + .'020101' // INTEGER, 1 + .'0420' // OCTET STRING, length($d) = 32 + .$d + .'a00a' // TAGGED OBJECT #0, length 10 + .'0608' // OID, length 8 + .'2a8648ce3d030107' // 1.3.132.0.34 = P-384 Curve + .'a144' // TAGGED OBJECT #1, length 68 + .'0342' // BIT STRING, length 66 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function p384PrivateKey(JWK $jwk): string + { + $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 48, "\0", STR_PAD_LEFT))[1]; + + return pack( + 'H*', + '3081a4' // SEQUENCE, length 116 + length($d)=48 + .'020101' // INTEGER, 1 + .'0430' // OCTET STRING, length($d) = 30 + .$d + .'a007' // TAGGED OBJECT #0, length 7 + .'0605' // OID, length 5 + .'2b81040022' // 1.3.132.0.34 = P-384 Curve + .'a164' // TAGGED OBJECT #1, length 100 + .'0362' // BIT STRING, length 98 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function p521PrivateKey(JWK $jwk): string + { + $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 66, "\0", STR_PAD_LEFT))[1]; + + return pack( + 'H*', + '3081dc' // SEQUENCE, length 154 + length($d)=66 + .'020101' // INTEGER, 1 + .'0442' // OCTET STRING, length(d) = 66 + .$d + .'a007' // TAGGED OBJECT #0, length 7 + .'0605' // OID, length 5 + .'2b81040023' // 1.3.132.0.35 = P-521 Curve + .'a18189' // TAGGED OBJECT #1, length 137 + .'038186' // BIT STRING, length 134 + .'00' // prepend with NUL - pubkey will follow + ); + } + + private static function getKey(JWK $jwk): string + { + $nistCurveSize = self::getNistCurveSize($jwk->get('crv')); + $length = (int) ceil($nistCurveSize / 8); + + return + "\04" + .str_pad(Base64Url::decode($jwk->get('x')), $length, "\0", STR_PAD_LEFT) + .str_pad(Base64Url::decode($jwk->get('y')), $length, "\0", STR_PAD_LEFT); + } +} diff --git a/vendor/web-token/jwt-core/Util/ECSignature.php b/vendor/web-token/jwt-core/Util/ECSignature.php new file mode 100644 index 0000000..5bfa5b0 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/ECSignature.php @@ -0,0 +1,93 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +/** + * @internal + */ +class ECSignature +{ + public static function toDER(string $signature, int $partLength): string + { + $signature = \unpack('H*', $signature)[1]; + if (\mb_strlen($signature, '8bit') !== 2 * $partLength) { + throw new \InvalidArgumentException('Invalid length.'); + } + $R = \mb_substr($signature, 0, $partLength, '8bit'); + $S = \mb_substr($signature, $partLength, null, '8bit'); + + $R = self::preparePositiveInteger($R); + $Rl = \mb_strlen($R, '8bit') / 2; + $S = self::preparePositiveInteger($S); + $Sl = \mb_strlen($S, '8bit') / 2; + $der = \pack('H*', + '30'.($Rl + $Sl + 4 > 128 ? '81' : '').\dechex($Rl + $Sl + 4) + .'02'.\dechex($Rl).$R + .'02'.\dechex($Sl).$S + ); + + return $der; + } + + public static function fromDER(string $der, int $partLength): string + { + $hex = \unpack('H*', $der)[1]; + if ('30' !== \mb_substr($hex, 0, 2, '8bit')) { // SEQUENCE + throw new \RuntimeException(); + } + if ('81' === \mb_substr($hex, 2, 2, '8bit')) { // LENGTH > 128 + $hex = \mb_substr($hex, 6, null, '8bit'); + } else { + $hex = \mb_substr($hex, 4, null, '8bit'); + } + if ('02' !== \mb_substr($hex, 0, 2, '8bit')) { // INTEGER + throw new \RuntimeException(); + } + + $Rl = \hexdec(\mb_substr($hex, 2, 2, '8bit')); + $R = self::retrievePositiveInteger(\mb_substr($hex, 4, $Rl * 2, '8bit')); + $R = \str_pad($R, $partLength, '0', STR_PAD_LEFT); + + $hex = \mb_substr($hex, 4 + $Rl * 2, null, '8bit'); + if ('02' !== \mb_substr($hex, 0, 2, '8bit')) { // INTEGER + throw new \RuntimeException(); + } + $Sl = \hexdec(\mb_substr($hex, 2, 2, '8bit')); + $S = self::retrievePositiveInteger(\mb_substr($hex, 4, $Sl * 2, '8bit')); + $S = \str_pad($S, $partLength, '0', STR_PAD_LEFT); + + return \pack('H*', $R.$S); + } + + private static function preparePositiveInteger(string $data): string + { + if (\mb_substr($data, 0, 2, '8bit') > '7f') { + return '00'.$data; + } + while ('00' === \mb_substr($data, 0, 2, '8bit') && \mb_substr($data, 2, 2, '8bit') <= '7f') { + $data = \mb_substr($data, 2, null, '8bit'); + } + + return $data; + } + + private static function retrievePositiveInteger(string $data): string + { + while ('00' === \mb_substr($data, 0, 2, '8bit') && \mb_substr($data, 2, 2, '8bit') > '7f') { + $data = \mb_substr($data, 2, null, '8bit'); + } + + return $data; + } +} diff --git a/vendor/web-token/jwt-core/Util/Hash.php b/vendor/web-token/jwt-core/Util/Hash.php new file mode 100644 index 0000000..105c865 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/Hash.php @@ -0,0 +1,90 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +/** + * @internal + */ +class Hash +{ + /** + * Hash Parameter. + * + * @var string + */ + private $hash; + + /** + * Hash Length. + * + * @var int + */ + private $length; + + /** + * @return Hash + */ + public static function sha1(): self + { + return new self('sha1', 20); + } + + /** + * @return Hash + */ + public static function sha256(): self + { + return new self('sha256', 32); + } + + /** + * @return Hash + */ + public static function sha384(): self + { + return new self('sha384', 48); + } + + /** + * @return Hash + */ + public static function sha512(): self + { + return new self('sha512', 64); + } + + private function __construct(string $hash, int $length) + { + $this->hash = $hash; + $this->length = $length; + } + + public function getLength(): int + { + return $this->length; + } + + /** + * Compute the HMAC. + */ + public function hash(string $text): string + { + return \hash($this->hash, $text, true); + } + + public function name(): string + { + return $this->hash; + } +} diff --git a/vendor/web-token/jwt-core/Util/JsonConverter.php b/vendor/web-token/jwt-core/Util/JsonConverter.php new file mode 100644 index 0000000..ef95126 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/JsonConverter.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +final class JsonConverter +{ + public static function encode($payload): string + { + return \json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); + } + + public static function decode(string $payload) + { + return \json_decode($payload, true, 512, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); + } +} diff --git a/vendor/web-token/jwt-core/Util/KeyChecker.php b/vendor/web-token/jwt-core/Util/KeyChecker.php new file mode 100644 index 0000000..09385a4 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/KeyChecker.php @@ -0,0 +1,107 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +use Jose\Component\Core\JWK; + +/** + * @internal + */ +class KeyChecker +{ + /** + * @throws \InvalidArgumentException + */ + public static function checkKeyUsage(JWK $key, string $usage): bool + { + if ($key->has('use')) { + return self::checkUsage($key, $usage); + } + if ($key->has('key_ops')) { + return self::checkOperation($key, $usage); + } + + return true; + } + + private static function checkOperation(JWK $key, string $usage): bool + { + $ops = $key->get('key_ops'); + if (!\is_array($ops)) { + $ops = [$ops]; + } + switch ($usage) { + case 'verification': + if (!\in_array('verify', $ops, true)) { + throw new \InvalidArgumentException('Key cannot be used to verify a signature'); + } + + return true; + case 'signature': + if (!\in_array('sign', $ops, true)) { + throw new \InvalidArgumentException('Key cannot be used to sign'); + } + + return true; + case 'encryption': + if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) { + throw new \InvalidArgumentException('Key cannot be used to encrypt'); + } + + return true; + case 'decryption': + if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) { + throw new \InvalidArgumentException('Key cannot be used to decrypt'); + } + + return true; + default: + throw new \InvalidArgumentException('Unsupported key usage.'); + } + } + + private static function checkUsage(JWK $key, string $usage): bool + { + $use = $key->get('use'); + switch ($usage) { + case 'verification': + case 'signature': + if ('sig' !== $use) { + throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.'); + } + + return true; + case 'encryption': + case 'decryption': + if ('enc' !== $use) { + throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.'); + } + + return true; + default: + throw new \InvalidArgumentException('Unsupported key usage.'); + } + } + + public static function checkKeyAlgorithm(JWK $key, string $algorithm) + { + if (!$key->has('alg')) { + return; + } + + if ($key->get('alg') !== $algorithm) { + throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg'))); + } + } +} diff --git a/vendor/web-token/jwt-core/Util/RSAKey.php b/vendor/web-token/jwt-core/Util/RSAKey.php new file mode 100644 index 0000000..3670034 --- /dev/null +++ b/vendor/web-token/jwt-core/Util/RSAKey.php @@ -0,0 +1,322 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util; + +use Base64Url\Base64Url; +use FG\ASN1\Universal\BitString; +use FG\ASN1\Universal\Integer; +use FG\ASN1\Universal\NullObject; +use FG\ASN1\Universal\ObjectIdentifier; +use FG\ASN1\Universal\OctetString; +use FG\ASN1\Universal\Sequence; +use Jose\Component\Core\JWK; + +/** + * @internal + */ +class RSAKey +{ + /** + * @var Sequence + */ + private $sequence; + + /** + * @var bool + */ + private $private = false; + + /** + * @var array + */ + private $values = []; + + /** + * @var BigInteger + */ + private $modulus; + + /** + * @var int + */ + private $modulus_length; + + /** + * @var BigInteger + */ + private $public_exponent; + + /** + * @var BigInteger|null + */ + private $private_exponent = null; + + /** + * @var BigInteger[] + */ + private $primes = []; + + /** + * @var BigInteger[] + */ + private $exponents = []; + + /** + * @var BigInteger|null + */ + private $coefficient = null; + + private function __construct(JWK $data) + { + $this->loadJWK($data->all()); + $this->populateBigIntegers(); + $this->private = \array_key_exists('d', $this->values); + } + + /** + * @return RSAKey + */ + public static function createFromJWK(JWK $jwk): self + { + return new self($jwk); + } + + public function getModulus(): BigInteger + { + return $this->modulus; + } + + public function getModulusLength(): int + { + return $this->modulus_length; + } + + public function getExponent(): BigInteger + { + $d = $this->getPrivateExponent(); + if (null !== $d) { + return $d; + } + + return $this->getPublicExponent(); + } + + public function getPublicExponent(): BigInteger + { + return $this->public_exponent; + } + + public function getPrivateExponent(): ?BigInteger + { + return $this->private_exponent; + } + + /** + * @return BigInteger[] + */ + public function getPrimes(): array + { + return $this->primes; + } + + /** + * @return BigInteger[] + */ + public function getExponents(): array + { + return $this->exponents; + } + + public function getCoefficient(): ?BigInteger + { + return $this->coefficient; + } + + public function isPublic(): bool + { + return !\array_key_exists('d', $this->values); + } + + /** + * @param RSAKey $private + * + * @return RSAKey + */ + public static function toPublic(self $private): self + { + $data = $private->toArray(); + $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi']; + foreach ($keys as $key) { + if (\array_key_exists($key, $data)) { + unset($data[$key]); + } + } + + return new self(new JWK($data)); + } + + public function toArray(): array + { + return $this->values; + } + + private function loadJWK(array $jwk) + { + if (!\array_key_exists('kty', $jwk)) { + throw new \InvalidArgumentException('The key parameter "kty" is missing.'); + } + if ('RSA' !== $jwk['kty']) { + throw new \InvalidArgumentException('The JWK is not a RSA key.'); + } + + $this->values = $jwk; + } + + private function populateBigIntegers() + { + $this->modulus = $this->convertBase64StringToBigInteger($this->values['n']); + $this->modulus_length = \mb_strlen($this->getModulus()->toBytes(), '8bit'); + $this->public_exponent = $this->convertBase64StringToBigInteger($this->values['e']); + + if (!$this->isPublic()) { + $this->private_exponent = $this->convertBase64StringToBigInteger($this->values['d']); + + if (\array_key_exists('p', $this->values) && \array_key_exists('q', $this->values)) { + $this->primes = [ + $this->convertBase64StringToBigInteger($this->values['p']), + $this->convertBase64StringToBigInteger($this->values['q']), + ]; + if (\array_key_exists('dp', $this->values) && \array_key_exists('dq', $this->values) && \array_key_exists('qi', $this->values)) { + $this->exponents = [ + $this->convertBase64StringToBigInteger($this->values['dp']), + $this->convertBase64StringToBigInteger($this->values['dq']), + ]; + $this->coefficient = $this->convertBase64StringToBigInteger($this->values['qi']); + } + } + } + } + + private function convertBase64StringToBigInteger(string $value): BigInteger + { + return BigInteger::createFromBinaryString(Base64Url::decode($value)); + } + + /** + * @throws \Exception + */ + public function toPEM(): string + { + if (null === $this->sequence) { + $this->sequence = new Sequence(); + if (\array_key_exists('d', $this->values)) { + $this->initPrivateKey(); + } else { + $this->initPublicKey(); + } + } + $result = '-----BEGIN '.($this->private ? 'RSA PRIVATE' : 'PUBLIC').' KEY-----'.PHP_EOL; + $result .= \chunk_split(\base64_encode($this->sequence->getBinary()), 64, PHP_EOL); + $result .= '-----END '.($this->private ? 'RSA PRIVATE' : 'PUBLIC').' KEY-----'.PHP_EOL; + + return $result; + } + + /** + * @throws \Exception + */ + private function initPublicKey() + { + $oid_sequence = new Sequence(); + $oid_sequence->addChild(new ObjectIdentifier('1.2.840.113549.1.1.1')); + $oid_sequence->addChild(new NullObject()); + $this->sequence->addChild($oid_sequence); + $n = new Integer($this->fromBase64ToInteger($this->values['n'])); + $e = new Integer($this->fromBase64ToInteger($this->values['e'])); + $key_sequence = new Sequence(); + $key_sequence->addChild($n); + $key_sequence->addChild($e); + $key_bit_string = new BitString(\bin2hex($key_sequence->getBinary())); + $this->sequence->addChild($key_bit_string); + } + + private function initPrivateKey() + { + $this->sequence->addChild(new Integer(0)); + $oid_sequence = new Sequence(); + $oid_sequence->addChild(new ObjectIdentifier('1.2.840.113549.1.1.1')); + $oid_sequence->addChild(new NullObject()); + $this->sequence->addChild($oid_sequence); + $v = new Integer(0); + $n = new Integer($this->fromBase64ToInteger($this->values['n'])); + $e = new Integer($this->fromBase64ToInteger($this->values['e'])); + $d = new Integer($this->fromBase64ToInteger($this->values['d'])); + $p = new Integer($this->fromBase64ToInteger($this->values['p'])); + $q = new Integer($this->fromBase64ToInteger($this->values['q'])); + $dp = \array_key_exists('dp', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['dp'])) : new Integer(0); + $dq = \array_key_exists('dq', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['dq'])) : new Integer(0); + $qi = \array_key_exists('qi', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['qi'])) : new Integer(0); + $key_sequence = new Sequence(); + $key_sequence->addChild($v); + $key_sequence->addChild($n); + $key_sequence->addChild($e); + $key_sequence->addChild($d); + $key_sequence->addChild($p); + $key_sequence->addChild($q); + $key_sequence->addChild($dp); + $key_sequence->addChild($dq); + $key_sequence->addChild($qi); + $key_octet_string = new OctetString(\bin2hex($key_sequence->getBinary())); + $this->sequence->addChild($key_octet_string); + } + + /** + * @param string $value + * + * @return string + */ + private function fromBase64ToInteger($value) + { + return \gmp_strval(\gmp_init(\current(\unpack('H*', Base64Url::decode($value))), 16), 10); + } + + /** + * Exponentiate with or without Chinese Remainder Theorem. + * Operation with primes 'p' and 'q' is appox. 2x faster. + * + * @param RSAKey $key + */ + public static function exponentiate(self $key, BigInteger $c): BigInteger + { + if ($c->compare(BigInteger::createFromDecimal(0)) < 0 || $c->compare($key->getModulus()) > 0) { + throw new \RuntimeException(); + } + if ($key->isPublic() || empty($key->getPrimes()) || empty($key->getExponents()) || null === $key->getCoefficient()) { + return $c->modPow($key->getExponent(), $key->getModulus()); + } + + $p = $key->getPrimes()[0]; + $q = $key->getPrimes()[1]; + $dP = $key->getExponents()[0]; + $dQ = $key->getExponents()[1]; + $qInv = $key->getCoefficient(); + + $m1 = $c->modPow($dP, $p); + $m2 = $c->modPow($dQ, $q); + $h = $qInv->multiply($m1->subtract($m2)->add($p))->mod($p); + $m = $m2->add($h->multiply($q)); + + return $m; + } +} diff --git a/vendor/web-token/jwt-core/composer.json b/vendor/web-token/jwt-core/composer.json new file mode 100644 index 0000000..37c4ce0 --- /dev/null +++ b/vendor/web-token/jwt-core/composer.json @@ -0,0 +1,44 @@ +{ + "name": "web-token/jwt-core", + "description": "Core component of the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Core\\": "" + } + }, + "require": { + "php": "^7.1", + "ext-gmp": "*", + "ext-mbstring": "*", + "fgrosse/phpasn1": "^2.0", + "spomky-labs/base64url": "^1.0|^2.0", + "web-token/jwt-util-ecc": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "conflict": { + "spomky-labs/jose": "*" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-key-mgmt/JKUFactory.php b/vendor/web-token/jwt-key-mgmt/JKUFactory.php new file mode 100644 index 0000000..16d24bc --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/JKUFactory.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement; + +use Http\Client\HttpClient; +use Http\Message\RequestFactory; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Core\JWKSet; + +class JKUFactory extends UrlKeySetFactory +{ + private $jsonConverter; + + /** + * JKUFactory constructor. + */ + public function __construct(?JsonConverter $jsonConverter, HttpClient $client, RequestFactory $requestFactory) + { + parent::__construct($client, $requestFactory); + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + } + + /** + * This method will try to fetch the url a retrieve the key set. + * Throws an exception in case of failure. + * + * @throws \InvalidArgumentException + */ + public function loadFromUrl(string $url, array $header = []): JWKSet + { + $content = $this->getContent($url, $header); + $data = $this->jsonConverter->decode($content); + if (!\is_array($data)) { + throw new \RuntimeException('Invalid content.'); + } + + return JWKSet::createFromKeyData($data); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/JWKFactory.php b/vendor/web-token/jwt-key-mgmt/JWKFactory.php new file mode 100644 index 0000000..3748938 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/JWKFactory.php @@ -0,0 +1,304 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement; + +use Base64Url\Base64Url; +use InvalidArgumentException; +use Jose\Component\Core\JWK; +use Jose\Component\Core\JWKSet; +use Jose\Component\Core\Util\Ecc\Curve; +use Jose\Component\Core\Util\ECKey; +use Jose\Component\KeyManagement\KeyConverter\KeyConverter; +use Jose\Component\KeyManagement\KeyConverter\RSAKey; +use function openssl_pkey_get_details; +use function openssl_pkey_new; +use RuntimeException; + +class JWKFactory +{ + /** + * Creates a RSA key with the given key size and additional values. + * + * @param int $size The key size in bits + * @param array $values values to configure the key + */ + public static function createRSAKey(int $size, array $values = []): JWK + { + if (0 !== $size % 8) { + throw new InvalidArgumentException('Invalid key size.'); + } + + if (512 > $size) { + throw new InvalidArgumentException('Key length is too short. It needs to be at least 512 bits.'); + } + + $key = openssl_pkey_new([ + 'private_key_bits' => $size, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + ]); + $details = openssl_pkey_get_details($key); + \openssl_free_key($key); + $rsa = RSAKey::createFromKeyDetails($details['rsa']); + $values = \array_merge( + $values, + $rsa->toArray() + ); + + return new JWK($values); + } + + /** + * Creates a EC key with the given curve and additional values. + * + * @param string $curve The curve + * @param array $values values to configure the key + */ + public static function createECKey(string $curve, array $values = []): JWK + { + return ECKey::createECKey($curve, $values); + } + + /** + * Creates a octet key with the given key size and additional values. + * + * @param int $size The key size in bits + * @param array $values values to configure the key + */ + public static function createOctKey(int $size, array $values = []): JWK + { + if (0 !== $size % 8) { + throw new InvalidArgumentException('Invalid key size.'); + } + $values = \array_merge( + $values, + [ + 'kty' => 'oct', + 'k' => Base64Url::encode(\random_bytes($size / 8)), + ] + ); + + return new JWK($values); + } + + /** + * Creates a OKP key with the given curve and additional values. + * + * @param string $curve The curve + * @param array $values values to configure the key + */ + public static function createOKPKey(string $curve, array $values = []): JWK + { + switch ($curve) { + case 'X25519': + $keyPair = \sodium_crypto_box_keypair(); + $secret = \sodium_crypto_box_secretkey($keyPair); + $x = \sodium_crypto_box_publickey($keyPair); + + break; + case 'Ed25519': + $keyPair = \sodium_crypto_sign_keypair(); + $secret = \sodium_crypto_sign_secretkey($keyPair); + $x = \sodium_crypto_sign_publickey($keyPair); + + break; + default: + throw new InvalidArgumentException(\sprintf('Unsupported "%s" curve', $curve)); + } + $secretLength = mb_strlen($secret, '8bit'); + $d = mb_substr($secret, 0, -$secretLength / 2, '8bit'); + + $values = \array_merge( + $values, + [ + 'kty' => 'OKP', + 'crv' => $curve, + 'd' => Base64Url::encode($d), + 'x' => Base64Url::encode($x), + ] + ); + + return new JWK($values); + } + + /** + * Creates a none key with the given additional values. + * Please note that this key type is not pat of any specification. + * It is used to prevent the use of the "none" algorithm with other key types. + * + * @param array $values values to configure the key + */ + public static function createNoneKey(array $values = []): JWK + { + $values = \array_merge( + $values, + [ + 'kty' => 'none', + 'alg' => 'none', + 'use' => 'sig', + ] + ); + + return new JWK($values); + } + + /** + * Creates a key from a Json string. + * + * @return JWK|JWKSet + */ + public static function createFromJsonObject(string $value) + { + $json = \json_decode($value, true); + if (!\is_array($json)) { + throw new InvalidArgumentException('Invalid key or key set.'); + } + + return self::createFromValues($json); + } + + /** + * Creates a key or key set from the given input. + * + * @return JWK|JWKSet + */ + public static function createFromValues(array $values) + { + if (\array_key_exists('keys', $values) && \is_array($values['keys'])) { + return JWKSet::createFromKeyData($values); + } + + return new JWK($values); + } + + /** + * This method create a JWK object using a shared secret. + */ + public static function createFromSecret(string $secret, array $additional_values = []): JWK + { + $values = \array_merge( + $additional_values, + [ + 'kty' => 'oct', + 'k' => Base64Url::encode($secret), + ] + ); + + return new JWK($values); + } + + /** + * This method will try to load a X.509 certificate and convert it into a public key. + */ + public static function createFromCertificateFile(string $file, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromCertificateFile($file); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * Extract a keyfrom a key set identified by the given index . + * + * @param int|string $index + */ + public static function createFromKeySet(JWKSet $jwkset, $index): JWK + { + return $jwkset->get($index); + } + + /** + * This method will try to load a PKCS#12 file and convert it into a public key. + * + * @throws \Exception + */ + public static function createFromPKCS12CertificateFile(string $file, ?string $secret = '', array $additional_values = []): JWK + { + $res = \openssl_pkcs12_read(\file_get_contents($file), $certs, $secret); + if (false === $res || !\is_array($certs) || !\array_key_exists('pkey', $certs)) { + throw new RuntimeException('Unable to load the certificates.'); + } + + return self::createFromKey($certs['pkey'], null, $additional_values); + } + + /** + * This method will try to convert a X.509 certificate into a public key. + */ + public static function createFromCertificate(string $certificate, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromCertificate($certificate); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to convert a X.509 certificate resource into a public key. + * + * @param resource $res + * + * @throws \Exception + */ + public static function createFromX509Resource($res, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromX509Resource($res); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a key file into a JWK object. + * If the key is encrypted, the password must be set. + * + * @throws \Exception + */ + public static function createFromKeyFile(string $file, ?string $password = null, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromKeyFile($file, $password); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a key into a JWK object. + * If the key is encrypted, the password must be set. + * + * @throws \Exception + */ + public static function createFromKey(string $key, ?string $password = null, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromKey($key, $password); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a X.509 certificate chain into a public key. + * + * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! + * It is mandatory to verify the root CA or intermediate CA are trusted. + * If not done, it may lead to potential security issues. + */ + public static function createFromX5C(array $x5c, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromX5C($x5c); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php new file mode 100644 index 0000000..a7ebcad --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/AlgorithmAnalyzer.php @@ -0,0 +1,26 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class AlgorithmAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('alg')) { + $bag->add(Message::medium('The parameter "alg" should be added.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php new file mode 100644 index 0000000..470b788 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzer.php @@ -0,0 +1,24 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +interface KeyAnalyzer +{ + /** + * This method will analyse the key and add messages to the message bag if needed. + */ + public function analyze(JWK $jwk, MessageBag $bag); +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php new file mode 100644 index 0000000..2b8b4a9 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyAnalyzerManager.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +class KeyAnalyzerManager +{ + /** + * @var KeyAnalyzer[] + */ + private $analyzers = []; + + /** + * Adds a Key Analyzer to the manager. + * + * @return KeyAnalyzerManager + */ + public function add(KeyAnalyzer $analyzer): self + { + $this->analyzers[] = $analyzer; + + return $this; + } + + /** + * This method will analyze the JWK object using all analyzers. + * It returns a message bag that may contains messages. + */ + public function analyze(JWK $jwk): MessageBag + { + $bag = new MessageBag(); + foreach ($this->analyzers as $analyzer) { + $analyzer->analyze($jwk, $bag); + } + + return $bag; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php new file mode 100644 index 0000000..71acb70 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/KeyIdentifierAnalyzer.php @@ -0,0 +1,26 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class KeyIdentifierAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('kid')) { + $bag->add(Message::medium('The parameter "kid" should be added.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php new file mode 100644 index 0000000..4baf868 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/Message.php @@ -0,0 +1,96 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +class Message implements \JsonSerializable +{ + /** + * @var string + */ + private $message; + + /** + * @var string + */ + private $severity; + + public const SEVERITY_LOW = 'low'; + + public const SEVERITY_MEDIUM = 'medium'; + + public const SEVERITY_HIGH = 'high'; + + /** + * Message constructor. + */ + private function __construct(string $message, string $severity) + { + $this->message = $message; + $this->severity = $severity; + } + + /** + * Creates a message with severity=low. + * + * @return Message + */ + public static function low(string $message): self + { + return new self($message, self::SEVERITY_LOW); + } + + /** + * Creates a message with severity=medium. + * + * @return Message + */ + public static function medium(string $message): self + { + return new self($message, self::SEVERITY_MEDIUM); + } + + /** + * Creates a message with severity=high. + * + * @return Message + */ + public static function high(string $message): self + { + return new self($message, self::SEVERITY_HIGH); + } + + /** + * Returns the message. + */ + public function getMessage(): string + { + return $this->message; + } + + /** + * Returns the severity of the message. + */ + public function getSeverity(): string + { + return $this->severity; + } + + public function jsonSerialize() + { + return [ + 'message' => $this->message, + 'severity' => $this->severity, + ]; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php new file mode 100644 index 0000000..b41795f --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/MessageBag.php @@ -0,0 +1,59 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +class MessageBag implements \JsonSerializable, \IteratorAggregate, \Countable +{ + /** + * @var Message[] + */ + private $messages = []; + + /** + * Adds a message to the message bag. + * + * @return MessageBag + */ + public function add(Message $message): self + { + $this->messages[] = $message; + + return $this; + } + + /** + * Returns all messages. + * + * @return Message[] + */ + public function all(): array + { + return $this->messages; + } + + public function jsonSerialize() + { + return \array_values($this->messages); + } + + public function count() + { + return \count($this->messages); + } + + public function getIterator() + { + return new \ArrayIterator($this->messages); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php new file mode 100644 index 0000000..a293efd --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/NoneAnalyzer.php @@ -0,0 +1,28 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class NoneAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('none' !== $jwk->get('kty')) { + return; + } + + $bag->add(Message::high('This key is a meant to be used with the algorithm "none". This algorithm is not secured and should be used with care.')); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php new file mode 100644 index 0000000..4c2d7c1 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/OctAnalyzer.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; +use ZxcvbnPhp\Zxcvbn; + +final class OctAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('oct' !== $jwk->get('kty')) { + return; + } + $k = Base64Url::decode($jwk->get('k')); + $kLength = 8 * \mb_strlen($k, '8bit'); + if ($kLength < 128) { + $bag->add(Message::high('The key length is less than 128 bits.')); + } + + if (\class_exists(Zxcvbn::class)) { + $zxcvbn = new Zxcvbn(); + $strength = $zxcvbn->passwordStrength($k); + switch (true) { + case $strength['score'] < 3: + $bag->add(Message::high('The octet string is weak and easily guessable. Please change your key as soon as possible.')); + + break; + case 3 === $strength['score']: + $bag->add(Message::medium('The octet string is safe, but a longer key is preferable.')); + + break; + default: + break; + } + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php new file mode 100644 index 0000000..6274aa0 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/RsaAnalyzer.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; + +final class RsaAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if ('RSA' !== $jwk->get('kty')) { + return; + } + $n = 8 * \mb_strlen(Base64Url::decode($jwk->get('n')), '8bit'); + if ($n < 2048) { + $bag->add(Message::high('The key length is less than 2048 bits.')); + } + if ($jwk->has('d') && (!$jwk->has('p') || !$jwk->has('q') || !$jwk->has('dp') || !$jwk->has('dq') || !$jwk->has('p') || !$jwk->has('qi'))) { + $bag->add(Message::medium('The key is a private RSA key, but Chinese Remainder Theorem primes are missing. These primes are not mandatory, but signatures and decryption processes are faster when available.')); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php new file mode 100644 index 0000000..8cdfaf6 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyAnalyzer/UsageAnalyzer.php @@ -0,0 +1,31 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyAnalyzer; + +use Jose\Component\Core\JWK; + +final class UsageAnalyzer implements KeyAnalyzer +{ + public function analyze(JWK $jwk, MessageBag $bag) + { + if (!$jwk->has('use')) { + $bag->add(Message::medium('The parameter "use" should be added.')); + } elseif (!\in_array($jwk->get('use'), ['sig', 'enc'], true)) { + $bag->add(Message::high(\sprintf('The parameter "use" has an unsupported value "%s". Please use "sig" (signature) or "enc" (encryption).', $jwk->get('use')))); + } + if ($jwk->has('key_ops') && !\in_array($jwk->get('key_ops'), ['sign', 'verify', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'], true)) { + $bag->add(Message::high(\sprintf('The parameter "key_ops" has an unsupported value "%s". Please use one of the following values: %s.', $jwk->get('use'), \implode(', ', ['verify', 'sign', 'encryp', 'decrypt', 'wrapKey', 'unwrapKey'])))); + } + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php new file mode 100644 index 0000000..4ab0090 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php @@ -0,0 +1,273 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyConverter; + +use Base64Url\Base64Url; +use FG\ASN1\ASNObject; +use FG\ASN1\ExplicitlyTaggedObject; +use FG\ASN1\Universal\BitString; +use FG\ASN1\Universal\Integer; +use FG\ASN1\Universal\ObjectIdentifier; +use FG\ASN1\Universal\OctetString; +use FG\ASN1\Universal\Sequence; + +/** + * @internal + */ +class ECKey +{ + /** + * @var array + */ + private $values = []; + + /** + * ECKey constructor. + */ + private function __construct(array $data) + { + $this->loadJWK($data); + } + + /** + * @return ECKey + */ + public static function createFromPEM(string $pem): self + { + $data = self::loadPEM($pem); + + return new self($data); + } + + /** + * @throws \Exception + */ + private static function loadPEM(string $data): array + { + $data = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $data), true); + $asnObject = ASNObject::fromBinary($data); + + if (!$asnObject instanceof Sequence) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + $children = $asnObject->getChildren(); + if (self::isPKCS8($children)) { + $children = self::loadPKCS8($children); + } + + if (4 === \count($children)) { + return self::loadPrivatePEM($children); + } + if (2 === \count($children)) { + return self::loadPublicPEM($children); + } + + throw new \Exception('Unable to load the key.'); + } + + /** + * @param ASNObject[] $children + */ + private static function loadPKCS8(array $children): array + { + $binary = \hex2bin($children[2]->getContent()); + $asnObject = ASNObject::fromBinary($binary); + if (!$asnObject instanceof Sequence) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return $asnObject->getChildren(); + } + + /** + * @param ASNObject[] $children + */ + private static function loadPublicPEM(array $children): array + { + if (!$children[0] instanceof Sequence) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + + $sub = $children[0]->getChildren(); + if (!$sub[0] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if ('1.2.840.10045.2.1' !== $sub[0]->getContent()) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if (!$sub[1] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if (!$children[1] instanceof BitString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $bits = $children[1]->getContent(); + $bits_length = \mb_strlen($bits, '8bit'); + if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { + throw new \InvalidArgumentException('Unsupported key type'); + } + + $values = ['kty' => 'EC']; + $values['crv'] = self::getCurve($sub[1]->getContent()); + $values['x'] = Base64Url::encode(\hex2bin(\mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'))); + $values['y'] = Base64Url::encode(\hex2bin(\mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'))); + + return $values; + } + + private static function getCurve(string $oid): string + { + $curves = self::getSupportedCurves(); + $curve = \array_search($oid, $curves, true); + if (!\is_string($curve)) { + throw new \InvalidArgumentException('Unsupported OID.'); + } + + return $curve; + } + + private static function getSupportedCurves(): array + { + return [ + 'P-256' => '1.2.840.10045.3.1.7', + 'P-384' => '1.3.132.0.34', + 'P-521' => '1.3.132.0.35', + ]; + } + + private static function verifyVersion(ASNObject $children) + { + if (!$children instanceof Integer || '1' !== $children->getContent()) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + } + + private static function getXAndY(ASNObject $children, ?string &$x, ?string &$y) + { + if (!$children instanceof ExplicitlyTaggedObject || !\is_array($children->getContent())) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + if (!$children->getContent()[0] instanceof BitString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $bits = $children->getContent()[0]->getContent(); + $bits_length = \mb_strlen($bits, '8bit'); + + if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { + throw new \InvalidArgumentException('Unsupported key type'); + } + + $x = \mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'); + $y = \mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'); + } + + private static function getD(ASNObject $children): string + { + if (!$children instanceof OctetString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return $children->getContent(); + } + + private static function loadPrivatePEM(array $children): array + { + self::verifyVersion($children[0]); + $x = null; + $y = null; + $d = self::getD($children[1]); + self::getXAndY($children[3], $x, $y); + + if (!$children[2] instanceof ExplicitlyTaggedObject || !\is_array($children[2]->getContent())) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + if (!$children[2]->getContent()[0] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $curve = $children[2]->getContent()[0]->getContent(); + + $values = ['kty' => 'EC']; + $values['crv'] = self::getCurve($curve); + $values['d'] = Base64Url::encode(\hex2bin($d)); + $values['x'] = Base64Url::encode(\hex2bin($x)); + $values['y'] = Base64Url::encode(\hex2bin($y)); + + return $values; + } + + /** + * @param ASNObject[] $children + */ + private static function isPKCS8(array $children): bool + { + if (3 !== \count($children)) { + return false; + } + + $classes = [0 => Integer::class, 1 => Sequence::class, 2 => OctetString::class]; + foreach ($classes as $k => $class) { + if (!$children[$k] instanceof $class) { + return false; + } + } + + return true; + } + + /** + * @param ECKey $private + * + * @return ECKey + */ + public static function toPublic(self $private): self + { + $data = $private->toArray(); + if (\array_key_exists('d', $data)) { + unset($data['d']); + } + + return new self($data); + } + + /** + * @return array + */ + public function toArray() + { + return $this->values; + } + + private function loadJWK(array $jwk) + { + $keys = [ + 'kty' => 'The key parameter "kty" is missing.', + 'crv' => 'Curve parameter is missing', + 'x' => 'Point parameters are missing.', + 'y' => 'Point parameters are missing.', + ]; + foreach ($keys as $k => $v) { + if (!\array_key_exists($k, $jwk)) { + throw new \InvalidArgumentException($v); + } + } + + if ('EC' !== $jwk['kty']) { + throw new \InvalidArgumentException('JWK is not an Elliptic Curve key.'); + } + $this->values = $jwk; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php new file mode 100644 index 0000000..17a5428 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php @@ -0,0 +1,256 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyConverter; + +use Base64Url\Base64Url; + +/** + * @internal + */ +class KeyConverter +{ + /** + * @throws \InvalidArgumentException + */ + public static function loadKeyFromCertificateFile(string $file): array + { + if (!\file_exists($file)) { + throw new \InvalidArgumentException(\sprintf('File "%s" does not exist.', $file)); + } + $content = \file_get_contents($file); + + return self::loadKeyFromCertificate($content); + } + + /** + * @throws \InvalidArgumentException + */ + public static function loadKeyFromCertificate(string $certificate): array + { + try { + $res = \openssl_x509_read($certificate); + } catch (\Exception $e) { + $certificate = self::convertDerToPem($certificate); + $res = \openssl_x509_read($certificate); + } + if (false === $res) { + throw new \InvalidArgumentException('Unable to load the certificate.'); + } + + $values = self::loadKeyFromX509Resource($res); + \openssl_x509_free($res); + + return $values; + } + + /** + * @param resource $res + * + * @throws \Exception + */ + public static function loadKeyFromX509Resource($res): array + { + $key = \openssl_get_publickey($res); + + $details = \openssl_pkey_get_details($key); + if (isset($details['key'])) { + $values = self::loadKeyFromPEM($details['key']); + \openssl_x509_export($res, $out); + $x5c = \preg_replace('#-.*-#', '', $out); + $x5c = \preg_replace('~\R~', PHP_EOL, $x5c); + $x5c = \trim($x5c); + $values['x5c'] = [$x5c]; + + $values['x5t'] = Base64Url::encode(\openssl_x509_fingerprint($res, 'sha1', true)); + $values['x5t#256'] = Base64Url::encode(\openssl_x509_fingerprint($res, 'sha256', true)); + + return $values; + } + + throw new \InvalidArgumentException('Unable to load the certificate'); + } + + /** + * @throws \Exception + */ + public static function loadFromKeyFile(string $file, ?string $password = null): array + { + $content = \file_get_contents($file); + + return self::loadFromKey($content, $password); + } + + /** + * @throws \Exception + */ + public static function loadFromKey(string $key, ?string $password = null): array + { + try { + return self::loadKeyFromDER($key, $password); + } catch (\Exception $e) { + return self::loadKeyFromPEM($key, $password); + } + } + + /** + * @throws \Exception + */ + private static function loadKeyFromDER(string $der, ?string $password = null): array + { + $pem = self::convertDerToPem($der); + + return self::loadKeyFromPEM($pem, $password); + } + + /** + * @throws \Exception + */ + private static function loadKeyFromPEM(string $pem, ?string $password = null): array + { + if (\preg_match('#DEK-Info: (.+),(.+)#', $pem, $matches)) { + $pem = self::decodePem($pem, $matches, $password); + } + + self::sanitizePEM($pem); + + $res = \openssl_pkey_get_private($pem); + if (false === $res) { + $res = \openssl_pkey_get_public($pem); + } + if (false === $res) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $details = \openssl_pkey_get_details($res); + if (!\is_array($details) || !\array_key_exists('type', $details)) { + throw new \InvalidArgumentException('Unable to get details of the key'); + } + + switch ($details['type']) { + case OPENSSL_KEYTYPE_EC: + $ec_key = ECKey::createFromPEM($pem); + + return $ec_key->toArray(); + case OPENSSL_KEYTYPE_RSA: + $rsa_key = RSAKey::createFromPEM($pem); + $rsa_key->optimize(); + + return $rsa_key->toArray(); + default: + throw new \InvalidArgumentException('Unsupported key type'); + } + } + + /** + * This method modifies the PEM to get 64 char lines and fix bug with old OpenSSL versions. + */ + private static function sanitizePEM(string &$pem) + { + \preg_match_all('#(-.*-)#', $pem, $matches, PREG_PATTERN_ORDER); + $ciphertext = \preg_replace('#-.*-|\r|\n| #', '', $pem); + + $pem = $matches[0][0].PHP_EOL; + $pem .= \chunk_split($ciphertext, 64, PHP_EOL); + $pem .= $matches[0][1].PHP_EOL; + } + + /** + * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! + * It is mandatory to verify the root CA or intermediate CA are trusted. + * If not done, it may lead to potential security issues. + */ + public static function loadFromX5C(array $x5c): array + { + $certificate = null; + $last_issuer = null; + $last_subject = null; + foreach ($x5c as $cert) { + $current_cert = '-----BEGIN CERTIFICATE-----'.PHP_EOL.\chunk_split($cert,64,PHP_EOL).'-----END CERTIFICATE-----'; + $x509 = \openssl_x509_read($current_cert); + if (false === $x509) { + $last_issuer = null; + $last_subject = null; + + break; + } + $parsed = \openssl_x509_parse($x509); + + \openssl_x509_free($x509); + if (false === $parsed) { + $last_issuer = null; + $last_subject = null; + + break; + } + if (null === $last_subject) { + $last_subject = $parsed['subject']; + $last_issuer = $parsed['issuer']; + $certificate = $current_cert; + } else { + if (\json_encode($last_issuer) === \json_encode($parsed['subject'])) { + $last_subject = $parsed['subject']; + $last_issuer = $parsed['issuer']; + } else { + $last_issuer = null; + $last_subject = null; + + break; + } + } + } + + return self::loadKeyFromCertificate($certificate); + } + + /** + * @param string[] $matches + */ + private static function decodePem(string $pem, array $matches, ?string $password = null): string + { + if (null === $password) { + throw new \InvalidArgumentException('Password required for encrypted keys.'); + } + + $iv = \pack('H*', \trim($matches[2])); + $iv_sub = \mb_substr($iv, 0, 8, '8bit'); + $symkey = \pack('H*', \md5($password.$iv_sub)); + $symkey .= \pack('H*', \md5($symkey.$password.$iv_sub)); + $key = \preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $pem); + $ciphertext = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $key), true); + + $decoded = \openssl_decrypt($ciphertext, \mb_strtolower($matches[1]), $symkey, OPENSSL_RAW_DATA, $iv); + if (!\is_string($decoded)) { + throw new \InvalidArgumentException('Incorrect password. Key decryption failed.'); + } + + $number = \preg_match_all('#-{5}.*-{5}#', $pem, $result); + if (2 !== $number) { + throw new \InvalidArgumentException('Unable to load the key'); + } + + $pem = $result[0][0].PHP_EOL; + $pem .= \chunk_split(\base64_encode($decoded), 64); + $pem .= $result[0][1].PHP_EOL; + + return $pem; + } + + private static function convertDerToPem(string $der_data): string + { + $pem = \chunk_split(\base64_encode($der_data), 64, PHP_EOL); + $pem = '-----BEGIN CERTIFICATE-----'.PHP_EOL.$pem.'-----END CERTIFICATE-----'.PHP_EOL; + + return $pem; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php new file mode 100644 index 0000000..f76b5d4 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php @@ -0,0 +1,244 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement\KeyConverter; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\BigInteger; + +/** + * @internal + */ +class RSAKey +{ + /** + * @var array + */ + private $values = []; + + /** + * RSAKey constructor. + */ + private function __construct(array $data) + { + $this->loadJWK($data); + } + + /** + * @return RSAKey + */ + public static function createFromKeyDetails(array $details): self + { + $values = ['kty' => 'RSA']; + $keys = [ + 'n' => 'n', + 'e' => 'e', + 'd' => 'd', + 'p' => 'p', + 'q' => 'q', + 'dp' => 'dmp1', + 'dq' => 'dmq1', + 'qi' => 'iqmp', + ]; + foreach ($details as $key => $value) { + if (\in_array($key, $keys, true)) { + $value = Base64Url::encode($value); + $values[\array_search($key, $keys, true)] = $value; + } + } + + return new self($values); + } + + /** + * @return RSAKey + */ + public static function createFromPEM(string $pem): self + { + $res = \openssl_pkey_get_private($pem); + if (false === $res) { + $res = \openssl_pkey_get_public($pem); + } + if (false === $res) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $details = \openssl_pkey_get_details($res); + \openssl_free_key($res); + if (!\array_key_exists('rsa', $details)) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return self::createFromKeyDetails($details['rsa']); + } + + /** + * @return RSAKey + */ + public static function createFromJWK(JWK $jwk): self + { + return new self($jwk->all()); + } + + public function isPublic(): bool + { + return !\array_key_exists('d', $this->values); + } + + /** + * @param RSAKey $private + * + * @return RSAKey + */ + public static function toPublic(self $private): self + { + $data = $private->toArray(); + $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi']; + foreach ($keys as $key) { + if (\array_key_exists($key, $data)) { + unset($data[$key]); + } + } + + return new self($data); + } + + public function toArray(): array + { + return $this->values; + } + + private function loadJWK(array $jwk) + { + if (!\array_key_exists('kty', $jwk)) { + throw new \InvalidArgumentException('The key parameter "kty" is missing.'); + } + if ('RSA' !== $jwk['kty']) { + throw new \InvalidArgumentException('The JWK is not a RSA key.'); + } + + $this->values = $jwk; + } + + public function toJwk(): JWK + { + return new JWK($this->values); + } + + /** + * This method will try to add Chinese Remainder Theorem (CRT) parameters. + * With those primes, the decryption process is really fast. + */ + public function optimize() + { + if (\array_key_exists('d', $this->values)) { + $this->populateCRT(); + } + } + + /** + * This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available. + */ + private function populateCRT() + { + if (!\array_key_exists('p', $this->values) && !\array_key_exists('q', $this->values)) { + $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); + $e = BigInteger::createFromBinaryString(Base64Url::decode($this->values['e'])); + $n = BigInteger::createFromBinaryString(Base64Url::decode($this->values['n'])); + + list($p, $q) = $this->findPrimeFactors($d, $e, $n); + $this->values['p'] = Base64Url::encode($p->toBytes()); + $this->values['q'] = Base64Url::encode($q->toBytes()); + } + + if (\array_key_exists('dp', $this->values) && \array_key_exists('dq', $this->values) && \array_key_exists('qi', $this->values)) { + return; + } + + $one = BigInteger::createFromDecimal(1); + $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); + $p = BigInteger::createFromBinaryString(Base64Url::decode($this->values['p'])); + $q = BigInteger::createFromBinaryString(Base64Url::decode($this->values['q'])); + + $this->values['dp'] = Base64Url::encode($d->mod($p->subtract($one))->toBytes()); + $this->values['dq'] = Base64Url::encode($d->mod($q->subtract($one))->toBytes()); + $this->values['qi'] = Base64Url::encode($q->modInverse($p)->toBytes()); + } + + /** + * @return BigInteger[] + */ + private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array + { + $zero = BigInteger::createFromDecimal(0); + $one = BigInteger::createFromDecimal(1); + $two = BigInteger::createFromDecimal(2); + + $k = $d->multiply($e)->subtract($one); + + if ($k->isEven()) { + $r = $k; + $t = $zero; + + do { + $r = $r->divide($two); + $t = $t->add($one); + } while ($r->isEven()); + + $found = false; + $y = null; + + for ($i = 1; $i <= 100; ++$i) { + $g = BigInteger::random($n->subtract($one)); + $y = $g->modPow($r, $n); + + if ($y->equals($one) || $y->equals($n->subtract($one))) { + continue; + } + + for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) { + $x = $y->modPow($two, $n); + + if ($x->equals($one)) { + $found = true; + + break; + } + + if ($x->equals($n->subtract($one))) { + continue; + } + + $y = $x; + } + + $x = $y->modPow($two, $n); + if ($x->equals($one)) { + $found = true; + + break; + } + } + + if (true === $found) { + $p = $y->subtract($one)->gcd($n); + $q = $n->divide($p); + + return [$p, $q]; + } + } + + throw new \InvalidArgumentException('Unable to find prime factors.'); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/LICENSE b/vendor/web-token/jwt-key-mgmt/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-key-mgmt/UrlKeySetFactory.php b/vendor/web-token/jwt-key-mgmt/UrlKeySetFactory.php new file mode 100644 index 0000000..329a204 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/UrlKeySetFactory.php @@ -0,0 +1,54 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement; + +use Http\Client\HttpClient; +use Http\Message\RequestFactory; + +abstract class UrlKeySetFactory +{ + /** + * @var HttpClient + */ + private $client; + + /** + * @var RequestFactory + */ + private $requestFactory; + + /** + * UrlKeySetFactory constructor. + */ + public function __construct(HttpClient $client, RequestFactory $requestFactory) + { + $this->client = $client; + $this->requestFactory = $requestFactory; + } + + /** + * @throws \RuntimeException + */ + protected function getContent(string $url, array $header = []): string + { + $request = $this->requestFactory->createRequest('GET', $url, $header); + $response = $this->client->sendRequest($request); + + if ($response->getStatusCode() >= 400) { + throw new \RuntimeException('Unable to get the key set.', $response->getStatusCode()); + } + + return $response->getBody()->getContents(); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/X5UFactory.php b/vendor/web-token/jwt-key-mgmt/X5UFactory.php new file mode 100644 index 0000000..1163b59 --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/X5UFactory.php @@ -0,0 +1,66 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\KeyManagement; + +use Http\Client\HttpClient; +use Http\Message\RequestFactory; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Core\JWK; +use Jose\Component\Core\JWKSet; +use Jose\Component\KeyManagement\KeyConverter\KeyConverter; + +class X5UFactory extends UrlKeySetFactory +{ + private $jsonConverter; + + /** + * X5UFactory constructor. + */ + public function __construct(?JsonConverter $jsonConverter, HttpClient $client, RequestFactory $requestFactory) + { + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + parent::__construct($client, $requestFactory); + } + + /** + * This method will try to fetch the url a retrieve the key set. + * Throws an exception in case of failure. + * + * @throws \InvalidArgumentException + */ + public function loadFromUrl(string $url, array $header = []): JWKSet + { + $content = $this->getContent($url, $header); + $data = $this->jsonConverter->decode($content); + if (!\is_array($data)) { + throw new \RuntimeException('Invalid content.'); + } + + $keys = []; + foreach ($data as $kid => $cert) { + if (false === \mb_strpos($cert, '-----BEGIN CERTIFICATE-----')) { + $cert = '-----BEGIN CERTIFICATE-----'.PHP_EOL.$cert.PHP_EOL.'-----END CERTIFICATE-----'; + } + $jwk = KeyConverter::loadKeyFromCertificate($cert); + if (\is_string($kid)) { + $jwk['kid'] = $kid; + $keys[$kid] = new JWK($jwk); + } else { + $keys[] = new JWK($jwk); + } + } + + return new JWKSet($keys); + } +} diff --git a/vendor/web-token/jwt-key-mgmt/composer.json b/vendor/web-token/jwt-key-mgmt/composer.json new file mode 100644 index 0000000..d3999ad --- /dev/null +++ b/vendor/web-token/jwt-key-mgmt/composer.json @@ -0,0 +1,46 @@ +{ + "name": "web-token/jwt-key-mgmt", + "description": "Key Management component of the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-key-mgmt/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\KeyManagement\\": "" + } + }, + "require": { + "lib-openssl": "*", + "paragonie/sodium_compat": "^1.2", + "web-token/jwt-core": "^1.3", + "web-token/jwt-util-ecc": "^1.3" + }, + "require-dev": { + "php-http/message-factory": "^1.0", + "php-http/httplug": "^1.1", + "php-http/mock-client": "^1.0", + "phpunit/phpunit": "^6.0|^7.0" + }, + "suggest": { + "php-http/message-factory": "To enable JKU/X5U support.", + "php-http/httplug": "To enable JKU/X5U support." + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/ECDSA.php b/vendor/web-token/jwt-signature-algorithm-ecdsa/ECDSA.php new file mode 100644 index 0000000..f3e2790 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/ECDSA.php @@ -0,0 +1,79 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\ECKey; +use Jose\Component\Core\Util\ECSignature; + +abstract class ECDSA implements SignatureAlgorithm +{ + public function __construct() + { + if (!\defined('OPENSSL_KEYTYPE_EC')) { + throw new \RuntimeException('Elliptic Curve key type not supported by your environment.'); + } + } + + public function allowedKeyTypes(): array + { + return ['EC']; + } + + public function sign(JWK $key, string $input): string + { + $this->checkKey($key); + if (!$key->has('d')) { + throw new \InvalidArgumentException('The EC key is not private'); + } + + $pem = ECKey::convertPrivateKeyToPEM($key); + $result = \openssl_sign($input, $signature, $pem, $this->getHashAlgorithm()); + if (false === $result) { + throw new \RuntimeException('Signature failed.'); + } + + return ECSignature::fromDER($signature, $this->getSignaturePartLength()); + } + + public function verify(JWK $key, string $input, string $signature): bool + { + $this->checkKey($key); + + try { + $der = ECSignature::toDER($signature, $this->getSignaturePartLength()); + $pem = ECKey::convertPublicKeyToPEM($key); + + return 1 === \openssl_verify($input, $der, $pem, $this->getHashAlgorithm()); + } catch (\Exception $e) { + return false; + } + } + + abstract protected function getHashAlgorithm(): string; + + abstract protected function getSignaturePartLength(): int; + + private function checkKey(JWK $key) + { + if (!\in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + foreach (['x', 'y', 'crv'] as $k) { + if (!$key->has($k)) { + throw new \InvalidArgumentException(\sprintf('The key parameter "%s" is missing.', $k)); + } + } + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/ES256.php b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES256.php new file mode 100644 index 0000000..d4166b4 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES256.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class ES256 extends ECDSA +{ + protected function getHashAlgorithm(): string + { + return 'sha256'; + } + + protected function getSignaturePartLength(): int + { + return 64; + } + + public function name(): string + { + return 'ES256'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/ES384.php b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES384.php new file mode 100644 index 0000000..c8422bd --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES384.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class ES384 extends ECDSA +{ + protected function getHashAlgorithm(): string + { + return 'sha384'; + } + + protected function getSignaturePartLength(): int + { + return 96; + } + + public function name(): string + { + return 'ES384'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/ES512.php b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES512.php new file mode 100644 index 0000000..b0ff651 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/ES512.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class ES512 extends ECDSA +{ + protected function getHashAlgorithm(): string + { + return 'sha512'; + } + + protected function getSignaturePartLength(): int + { + return 132; + } + + public function name(): string + { + return 'ES512'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/LICENSE b/vendor/web-token/jwt-signature-algorithm-ecdsa/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature-algorithm-ecdsa/composer.json b/vendor/web-token/jwt-signature-algorithm-ecdsa/composer.json new file mode 100644 index 0000000..cd41da4 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-ecdsa/composer.json @@ -0,0 +1,36 @@ +{ + "name": "web-token/jwt-signature-algorithm-ecdsa", + "description": "ECDSA Based Signature Algorithms the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\Algorithm\\": "" + } + }, + "require": { + "web-token/jwt-signature": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-eddsa/EdDSA.php b/vendor/web-token/jwt-signature-algorithm-eddsa/EdDSA.php new file mode 100644 index 0000000..8475c6a --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-eddsa/EdDSA.php @@ -0,0 +1,76 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; + +final class EdDSA implements SignatureAlgorithm +{ + public function allowedKeyTypes(): array + { + return ['OKP']; + } + + public function sign(JWK $key, string $input): string + { + $this->checkKey($key); + if (!$key->has('d')) { + throw new \InvalidArgumentException('The key is not private.'); + } + $x = Base64Url::decode($key->get('x')); + $d = Base64Url::decode($key->get('d')); + $secret = $d.$x; + + switch ($key->get('crv')) { + case 'Ed25519': + return \sodium_crypto_sign_detached($input, $secret); + default: + throw new \InvalidArgumentException('Unsupported curve'); + } + } + + public function verify(JWK $key, string $input, string $signature): bool + { + $this->checkKey($key); + + $public = Base64Url::decode($key->get('x')); + switch ($key->get('crv')) { + case 'Ed25519': + return \sodium_crypto_sign_verify_detached($signature, $input, $public); + default: + throw new \InvalidArgumentException('Unsupported curve'); + } + } + + private function checkKey(JWK $key) + { + if (!\in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + foreach (['x', 'crv'] as $k) { + if (!$key->has($k)) { + throw new \InvalidArgumentException(\sprintf('The key parameter "%s" is missing.', $k)); + } + } + if (!\in_array($key->get('crv'), ['Ed25519'], true)) { + throw new \InvalidArgumentException('Unsupported curve.'); + } + } + + public function name(): string + { + return 'EdDSA'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-eddsa/LICENSE b/vendor/web-token/jwt-signature-algorithm-eddsa/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-eddsa/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature-algorithm-eddsa/composer.json b/vendor/web-token/jwt-signature-algorithm-eddsa/composer.json new file mode 100644 index 0000000..ba7d6d0 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-eddsa/composer.json @@ -0,0 +1,36 @@ +{ + "name": "web-token/jwt-signature-algorithm-eddsa", + "description": "EdDSA Signature Algorithm the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\Algorithm\\": "" + } + }, + "require": { + "web-token/jwt-signature": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/HMAC.php b/vendor/web-token/jwt-signature-algorithm-hmac/HMAC.php new file mode 100644 index 0000000..e676bed --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/HMAC.php @@ -0,0 +1,49 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Base64Url\Base64Url; +use Jose\Component\Core\JWK; + +abstract class HMAC implements SignatureAlgorithm +{ + public function allowedKeyTypes(): array + { + return ['oct']; + } + + public function verify(JWK $key, string $input, string $signature): bool + { + return \hash_equals($this->sign($key, $input), $signature); + } + + public function sign(JWK $key, string $input): string + { + $this->checkKey($key); + + return \hash_hmac($this->getHashAlgorithm(), $input, Base64Url::decode($key->get('k')), true); + } + + protected function checkKey(JWK $key) + { + if (!\in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + if (!$key->has('k')) { + throw new \InvalidArgumentException('The key parameter "k" is missing.'); + } + } + + abstract protected function getHashAlgorithm(): string; +} diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/HS256.php b/vendor/web-token/jwt-signature-algorithm-hmac/HS256.php new file mode 100644 index 0000000..328a008 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/HS256.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class HS256 extends HMAC +{ + protected function getHashAlgorithm(): string + { + return 'sha256'; + } + + public function name(): string + { + return 'HS256'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/HS384.php b/vendor/web-token/jwt-signature-algorithm-hmac/HS384.php new file mode 100644 index 0000000..b1ca650 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/HS384.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class HS384 extends HMAC +{ + protected function getHashAlgorithm(): string + { + return 'sha384'; + } + + public function name(): string + { + return 'HS384'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/HS512.php b/vendor/web-token/jwt-signature-algorithm-hmac/HS512.php new file mode 100644 index 0000000..22bf170 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/HS512.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +final class HS512 extends HMAC +{ + protected function getHashAlgorithm(): string + { + return 'sha512'; + } + + public function name(): string + { + return 'HS512'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/LICENSE b/vendor/web-token/jwt-signature-algorithm-hmac/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature-algorithm-hmac/composer.json b/vendor/web-token/jwt-signature-algorithm-hmac/composer.json new file mode 100644 index 0000000..f59e02c --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-hmac/composer.json @@ -0,0 +1,36 @@ +{ + "name": "web-token/jwt-signature-algorithm-hmac", + "description": "HMAC Based Signature Algorithms the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\Algorithm\\": "" + } + }, + "require": { + "web-token/jwt-signature": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-none/LICENSE b/vendor/web-token/jwt-signature-algorithm-none/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-none/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature-algorithm-none/None.php b/vendor/web-token/jwt-signature-algorithm-none/None.php new file mode 100644 index 0000000..5504b2a --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-none/None.php @@ -0,0 +1,48 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Core\JWK; + +final class None implements SignatureAlgorithm +{ + public function allowedKeyTypes(): array + { + return ['none']; + } + + public function sign(JWK $key, string $input): string + { + $this->checkKey($key); + + return ''; + } + + public function verify(JWK $key, string $input, string $signature): bool + { + return '' === $signature; + } + + private function checkKey(JWK $key) + { + if (!\in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + } + + public function name(): string + { + return 'none'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-none/composer.json b/vendor/web-token/jwt-signature-algorithm-none/composer.json new file mode 100644 index 0000000..a10f28a --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-none/composer.json @@ -0,0 +1,36 @@ +{ + "name": "web-token/jwt-signature-algorithm-none", + "description": "None Signature Algorithm the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\Algorithm\\": "" + } + }, + "require": { + "web-token/jwt-signature": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/LICENSE b/vendor/web-token/jwt-signature-algorithm-rsa/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/PS256.php b/vendor/web-token/jwt-signature-algorithm-rsa/PS256.php new file mode 100644 index 0000000..366f4a6 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/PS256.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class PS256 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha256'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PSS; + } + + public function name(): string + { + return 'PS256'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/PS384.php b/vendor/web-token/jwt-signature-algorithm-rsa/PS384.php new file mode 100644 index 0000000..0f87ca8 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/PS384.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class PS384 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha384'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PSS; + } + + public function name(): string + { + return 'PS384'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/PS512.php b/vendor/web-token/jwt-signature-algorithm-rsa/PS512.php new file mode 100644 index 0000000..08a58a1 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/PS512.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class PS512 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha512'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PSS; + } + + public function name(): string + { + return 'PS512'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/RS256.php b/vendor/web-token/jwt-signature-algorithm-rsa/RS256.php new file mode 100644 index 0000000..0bedfa2 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/RS256.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class RS256 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha256'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PKCS1; + } + + public function name(): string + { + return 'RS256'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/RS384.php b/vendor/web-token/jwt-signature-algorithm-rsa/RS384.php new file mode 100644 index 0000000..1b009ba --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/RS384.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class RS384 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha384'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PKCS1; + } + + public function name(): string + { + return 'RS384'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/RS512.php b/vendor/web-token/jwt-signature-algorithm-rsa/RS512.php new file mode 100644 index 0000000..800573c --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/RS512.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Signature\Util\RSA as JoseRSA; + +final class RS512 extends RSA +{ + protected function getAlgorithm(): string + { + return 'sha512'; + } + + protected function getSignatureMethod(): int + { + return JoseRSA::SIGNATURE_PKCS1; + } + + public function name(): string + { + return 'RS512'; + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/RSA.php b/vendor/web-token/jwt-signature-algorithm-rsa/RSA.php new file mode 100644 index 0000000..12a4445 --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/RSA.php @@ -0,0 +1,62 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\RSAKey; +use Jose\Component\Signature\Util\RSA as JoseRSA; + +abstract class RSA implements SignatureAlgorithm +{ + abstract protected function getAlgorithm(): string; + + abstract protected function getSignatureMethod(): int; + + public function allowedKeyTypes(): array + { + return ['RSA']; + } + + public function verify(JWK $key, string $input, string $signature): bool + { + $this->checkKey($key); + $pub = RSAKey::createFromJWK($key->toPublic()); + + return JoseRSA::verify($pub, $input, $signature, $this->getAlgorithm(), $this->getSignatureMethod()); + } + + public function sign(JWK $key, string $input): string + { + $this->checkKey($key); + if (!$key->has('d')) { + throw new \InvalidArgumentException('The key is not a private key.'); + } + + $priv = RSAKey::createFromJWK($key); + + return JoseRSA::sign($priv, $input, $this->getAlgorithm(), $this->getSignatureMethod()); + } + + private function checkKey(JWK $key) + { + if (!\in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + foreach (['n', 'e'] as $k) { + if (!$key->has($k)) { + throw new \InvalidArgumentException(\sprintf('The key parameter "%s" is missing.', $k)); + } + } + } +} diff --git a/vendor/web-token/jwt-signature-algorithm-rsa/composer.json b/vendor/web-token/jwt-signature-algorithm-rsa/composer.json new file mode 100644 index 0000000..7dee44a --- /dev/null +++ b/vendor/web-token/jwt-signature-algorithm-rsa/composer.json @@ -0,0 +1,36 @@ +{ + "name": "web-token/jwt-signature-algorithm-rsa", + "description": "RSA Based Signature Algorithms the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\Algorithm\\": "" + } + }, + "require": { + "web-token/jwt-signature": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php b/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php new file mode 100644 index 0000000..4f982e7 --- /dev/null +++ b/vendor/web-token/jwt-signature/Algorithm/SignatureAlgorithm.php @@ -0,0 +1,41 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Algorithm; + +use Jose\Component\Core\Algorithm; +use Jose\Component\Core\JWK; + +interface SignatureAlgorithm extends Algorithm +{ + /** + * Sign the input. + * + * @param JWK $key The private key used to sign the data + * @param string $input The input + * + * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation + */ + public function sign(JWK $key, string $input): string; + + /** + * Verify the signature of data. + * + * @param JWK $key The private key used to sign the data + * @param string $input The input + * @param string $signature The signature to verify + * + * @throws \Exception If key does not support the algorithm or if the key usage does not authorize the operation + */ + public function verify(JWK $key, string $input, string $signature): bool; +} diff --git a/vendor/web-token/jwt-signature/JWS.php b/vendor/web-token/jwt-signature/JWS.php new file mode 100644 index 0000000..fe94f33 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWS.php @@ -0,0 +1,159 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Core\JWT; + +class JWS implements JWT +{ + /** + * @var bool + */ + private $isPayloadDetached = false; + + /** + * @var string|null + */ + private $encodedPayload = null; + + /** + * @var Signature[] + */ + private $signatures = []; + + /** + * @var string|null + */ + private $payload = null; + + /** + * JWS constructor. + */ + private function __construct(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false) + { + $this->payload = $payload; + $this->encodedPayload = $encodedPayload; + $this->isPayloadDetached = $isPayloadDetached; + } + + /** + * Creates a JWS object. + * + * @return JWS + */ + public static function create(?string $payload, ?string $encodedPayload = null, bool $isPayloadDetached = false): self + { + return new self($payload, $encodedPayload, $isPayloadDetached); + } + + public function getPayload(): ?string + { + return $this->payload; + } + + /** + * Returns true if the payload is detached. + */ + public function isPayloadDetached(): bool + { + return $this->isPayloadDetached; + } + + /** + * Returns the Base64Url encoded payload. + * If the payload is detached, this method returns null. + */ + public function getEncodedPayload(): ?string + { + if (true === $this->isPayloadDetached()) { + return null; + } + + return $this->encodedPayload; + } + + /** + * Returns the signatures associated with the JWS. + * + * @return Signature[] + */ + public function getSignatures(): array + { + return $this->signatures; + } + + /** + * Returns the signature at the given index. + */ + public function getSignature(int $id): Signature + { + if (isset($this->signatures[$id])) { + return $this->signatures[$id]; + } + + throw new \InvalidArgumentException('The signature does not exist.'); + } + + /** + * This method adds a signature to the JWS object. + * Its returns a new JWS object. + * + * @internal + * + * @return JWS + */ + public function addSignature(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self + { + $jws = clone $this; + $jws->signatures[] = Signature::create($signature, $protectedHeader, $encodedProtectedHeader, $header); + + return $jws; + } + + /** + * Returns the number of signature associated with the JWS. + */ + public function countSignatures(): int + { + return \count($this->signatures); + } + + /** + * This method splits the JWS into a list of JWSs. + * It is only useful when the JWS contains more than one signature (JSON General Serialization). + * + * @return JWS[] + */ + public function split(): array + { + $result = []; + foreach ($this->signatures as $signature) { + $jws = self::create( + $this->payload, + $this->encodedPayload, + $this->isPayloadDetached + ); + $jws = $jws->addSignature( + $signature->getSignature(), + $signature->getProtectedHeader(), + $signature->getEncodedProtectedHeader(), + $signature->getHeader() + ); + + $result[] = $jws; + } + + return $result; + } +} diff --git a/vendor/web-token/jwt-signature/JWSBuilder.php b/vendor/web-token/jwt-signature/JWSBuilder.php new file mode 100644 index 0000000..7d8bf43 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSBuilder.php @@ -0,0 +1,213 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Base64Url\Base64Url; +use Jose\Component\Core\AlgorithmManager; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\KeyChecker; +use Jose\Component\Signature\Algorithm\SignatureAlgorithm; + +class JWSBuilder +{ + /** + * @var JsonConverter + */ + private $jsonConverter; + + /** + * @var string|null + */ + private $payload; + + /** + * @var bool + */ + private $isPayloadDetached; + + /** + * @var array + */ + private $signatures = []; + + /** + * @var AlgorithmManager + */ + private $signatureAlgorithmManager; + + /** + * @var bool|null + */ + private $isPayloadEncoded = null; + + /** + * JWSBuilder constructor. + */ + public function __construct(?JsonConverter $jsonConverter, AlgorithmManager $signatureAlgorithmManager) + { + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + $this->signatureAlgorithmManager = $signatureAlgorithmManager; + } + + /** + * Returns the algorithm manager associated to the builder. + */ + public function getSignatureAlgorithmManager(): AlgorithmManager + { + return $this->signatureAlgorithmManager; + } + + /** + * Reset the current data. + * + * @return JWSBuilder + */ + public function create(): self + { + $this->payload = null; + $this->isPayloadDetached = false; + $this->signatures = []; + $this->isPayloadEncoded = null; + + return $this; + } + + /** + * Set the payload. + * This method will return a new JWSBuilder object. + * + * @return JWSBuilder + */ + public function withPayload(string $payload, bool $isPayloadDetached = false): self + { + if (false === \mb_detect_encoding($payload, 'UTF-8', true)) { + throw new \InvalidArgumentException('The payload must be encoded in UTF-8'); + } + $clone = clone $this; + $clone->payload = $payload; + $clone->isPayloadDetached = $isPayloadDetached; + + return $clone; + } + + /** + * Adds the information needed to compute the signature. + * This method will return a new JWSBuilder object. + * + * @return JWSBuilder + */ + public function addSignature(JWK $signatureKey, array $protectedHeader, array $header = []): self + { + $this->checkB64AndCriticalHeader($protectedHeader); + $isPayloadEncoded = $this->checkIfPayloadIsEncoded($protectedHeader); + if (null === $this->isPayloadEncoded) { + $this->isPayloadEncoded = $isPayloadEncoded; + } elseif ($this->isPayloadEncoded !== $isPayloadEncoded) { + throw new \InvalidArgumentException('Foreign payload encoding detected.'); + } + $this->checkDuplicatedHeaderParameters($protectedHeader, $header); + KeyChecker::checkKeyUsage($signatureKey, 'signature'); + $signatureAlgorithm = $this->findSignatureAlgorithm($signatureKey, $protectedHeader, $header); + KeyChecker::checkKeyAlgorithm($signatureKey, $signatureAlgorithm->name()); + $clone = clone $this; + $clone->signatures[] = [ + 'signature_algorithm' => $signatureAlgorithm, + 'signature_key' => $signatureKey, + 'protected_header' => $protectedHeader, + 'header' => $header, + ]; + + return $clone; + } + + /** + * Computes all signatures and return the expected JWS object. + */ + public function build(): JWS + { + if (null === $this->payload) { + throw new \RuntimeException('The payload is not set.'); + } + if (0 === \count($this->signatures)) { + throw new \RuntimeException('At least one signature must be set.'); + } + + $encodedPayload = false === $this->isPayloadEncoded ? $this->payload : Base64Url::encode($this->payload); + $jws = JWS::create($this->payload, $encodedPayload, $this->isPayloadDetached); + foreach ($this->signatures as $signature) { + /** @var SignatureAlgorithm $signatureAlgorithm */ + $signatureAlgorithm = $signature['signature_algorithm']; + /** @var JWK $signatureKey */ + $signatureKey = $signature['signature_key']; + /** @var array $protectedHeader */ + $protectedHeader = $signature['protected_header']; + /** @var array $header */ + $header = $signature['header']; + $encodedProtectedHeader = empty($protectedHeader) ? null : Base64Url::encode($this->jsonConverter->encode($protectedHeader)); + $input = \sprintf('%s.%s', $encodedProtectedHeader, $encodedPayload); + $s = $signatureAlgorithm->sign($signatureKey, $input); + $jws = $jws->addSignature($s, $protectedHeader, $encodedProtectedHeader, $header); + } + + return $jws; + } + + private function checkIfPayloadIsEncoded(array $protectedHeader): bool + { + return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64']; + } + + private function checkB64AndCriticalHeader(array $protectedHeader) + { + if (!\array_key_exists('b64', $protectedHeader)) { + return; + } + if (!\array_key_exists('crit', $protectedHeader)) { + throw new \LogicException('The protected header parameter "crit" is mandatory when protected header parameter "b64" is set.'); + } + if (!\is_array($protectedHeader['crit'])) { + throw new \LogicException('The protected header parameter "crit" must be an array.'); + } + if (!\in_array('b64', $protectedHeader['crit'], true)) { + throw new \LogicException('The protected header parameter "crit" must contain "b64" when protected header parameter "b64" is set.'); + } + } + + private function findSignatureAlgorithm(JWK $key, array $protectedHeader, array $header): SignatureAlgorithm + { + $completeHeader = \array_merge($header, $protectedHeader); + if (!\array_key_exists('alg', $completeHeader)) { + throw new \InvalidArgumentException('No "alg" parameter set in the header.'); + } + if ($key->has('alg') && $key->get('alg') !== $completeHeader['alg']) { + throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not allowed with this key.', $completeHeader['alg'])); + } + + $signatureAlgorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']); + if (!$signatureAlgorithm instanceof SignatureAlgorithm) { + throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported.', $completeHeader['alg'])); + } + + return $signatureAlgorithm; + } + + private function checkDuplicatedHeaderParameters(array $header1, array $header2) + { + $inter = \array_intersect_key($header1, $header2); + if (!empty($inter)) { + throw new \InvalidArgumentException(\sprintf('The header contains duplicated entries: %s.', \implode(', ', \array_keys($inter)))); + } + } +} diff --git a/vendor/web-token/jwt-signature/JWSBuilderFactory.php b/vendor/web-token/jwt-signature/JWSBuilderFactory.php new file mode 100644 index 0000000..1c0e6c9 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSBuilderFactory.php @@ -0,0 +1,51 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Core\AlgorithmManagerFactory; +use Jose\Component\Core\Converter\JsonConverter; + +class JWSBuilderFactory +{ + /** + * @var JsonConverter|null + */ + private $jsonConverter; + + /** + * @var AlgorithmManagerFactory + */ + private $signatureAlgorithmManagerFactory; + + /** + * JWSBuilderFactory constructor. + */ + public function __construct(?JsonConverter $jsonConverter, AlgorithmManagerFactory $signatureAlgorithmManagerFactory) + { + $this->jsonConverter = $jsonConverter; + $this->signatureAlgorithmManagerFactory = $signatureAlgorithmManagerFactory; + } + + /** + * This method creates a JWSBuilder using the given algorithm aliases. + * + * @param string[] $algorithms + */ + public function create(array $algorithms): JWSBuilder + { + $algorithmManager = $this->signatureAlgorithmManagerFactory->create($algorithms); + + return new JWSBuilder($this->jsonConverter, $algorithmManager); + } +} diff --git a/vendor/web-token/jwt-signature/JWSLoader.php b/vendor/web-token/jwt-signature/JWSLoader.php new file mode 100644 index 0000000..b7eb8dd --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSLoader.php @@ -0,0 +1,122 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Checker\HeaderCheckerManager; +use Jose\Component\Core\JWK; +use Jose\Component\Core\JWKSet; +use Jose\Component\Signature\Serializer\JWSSerializerManager; + +class JWSLoader +{ + /** + * @var JWSVerifier + */ + private $jwsVerifier; + + /** + * @var HeaderCheckerManager|null + */ + private $headerCheckerManager; + + /** + * @var JWSSerializerManager + */ + private $serializerManager; + + /** + * JWSLoader constructor. + */ + public function __construct(JWSSerializerManager $serializerManager, JWSVerifier $jwsVerifier, ?HeaderCheckerManager $headerCheckerManager) + { + $this->serializerManager = $serializerManager; + $this->jwsVerifier = $jwsVerifier; + $this->headerCheckerManager = $headerCheckerManager; + } + + /** + * Returns the JWSVerifier associated to the JWSLoader. + */ + public function getJwsVerifier(): JWSVerifier + { + return $this->jwsVerifier; + } + + /** + * Returns the Header Checker Manager associated to the JWSLoader. + */ + public function getHeaderCheckerManager(): ?HeaderCheckerManager + { + return $this->headerCheckerManager; + } + + /** + * Returns the JWSSerializer associated to the JWSLoader. + */ + public function getSerializerManager(): JWSSerializerManager + { + return $this->serializerManager; + } + + /** + * This method will try to load and verify the token using the given key. + * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown. + * + * @throws \Exception + */ + public function loadAndVerifyWithKey(string $token, JWK $key, ?int &$signature, ?string $payload = null): JWS + { + $keyset = new JWKSet([$key]); + + return $this->loadAndVerifyWithKeySet($token, $keyset, $signature, $payload); + } + + /** + * This method will try to load and verify the token using the given key set. + * It returns a JWS and will populate the $signature variable in case of success, otherwise an exception is thrown. + * + * @throws \Exception + */ + public function loadAndVerifyWithKeySet(string $token, JWKSet $keyset, ?int &$signature, ?string $payload = null): JWS + { + try { + $jws = $this->serializerManager->unserialize($token); + $nbSignatures = $jws->countSignatures(); + for ($i = 0; $i < $nbSignatures; ++$i) { + if ($this->processSignature($jws, $keyset, $i, $payload)) { + $signature = $i; + + return $jws; + } + } + } catch (\Exception $e) { + // Nothing to do. Exception thrown just after + } + + throw new \Exception('Unable to load and verify the token.'); + } + + private function processSignature(JWS $jws, JWKSet $keyset, int $signature, ?string $payload): bool + { + try { + if (null !== $this->headerCheckerManager) { + $this->headerCheckerManager->check($jws, $signature); + } + + return $this->jwsVerifier->verifyWithKeySet($jws, $keyset, $signature, $payload); + } catch (\Exception $e) { + return false; + } + } +} diff --git a/vendor/web-token/jwt-signature/JWSLoaderFactory.php b/vendor/web-token/jwt-signature/JWSLoaderFactory.php new file mode 100644 index 0000000..3517cd5 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSLoaderFactory.php @@ -0,0 +1,62 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Checker\HeaderCheckerManagerFactory; +use Jose\Component\Signature\Serializer\JWSSerializerManagerFactory; + +class JWSLoaderFactory +{ + /** + * @var JWSVerifierFactory + */ + private $jwsVerifierFactory; + + /** + * @var JWSSerializerManagerFactory + */ + private $jwsSerializerManagerFactory; + + /** + * @var HeaderCheckerManagerFactory|null + */ + private $headerCheckerManagerFactory = null; + + /** + * JWSLoaderFactory constructor. + */ + public function __construct(JWSSerializerManagerFactory $jwsSerializerManagerFactory, JWSVerifierFactory $jwsVerifierFactory, ?HeaderCheckerManagerFactory $headerCheckerManagerFactory) + { + $this->jwsSerializerManagerFactory = $jwsSerializerManagerFactory; + $this->jwsVerifierFactory = $jwsVerifierFactory; + $this->headerCheckerManagerFactory = $headerCheckerManagerFactory; + } + + /** + * Creates a JWSLoader using the given serializer aliases, signature algorithm aliases and (optionally) + * the header checker aliases. + */ + public function create(array $serializers, array $algorithms, array $headerCheckers = []): JWSLoader + { + $serializerManager = $this->jwsSerializerManagerFactory->create($serializers); + $jwsVerifier = $this->jwsVerifierFactory->create($algorithms); + if (null !== $this->headerCheckerManagerFactory) { + $headerCheckerManager = $this->headerCheckerManagerFactory->create($headerCheckers); + } else { + $headerCheckerManager = null; + } + + return new JWSLoader($serializerManager, $jwsVerifier, $headerCheckerManager); + } +} diff --git a/vendor/web-token/jwt-signature/JWSTokenSupport.php b/vendor/web-token/jwt-signature/JWSTokenSupport.php new file mode 100644 index 0000000..667f3fc --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSTokenSupport.php @@ -0,0 +1,38 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Checker\TokenTypeSupport; +use Jose\Component\Core\JWT; + +final class JWSTokenSupport implements TokenTypeSupport +{ + public function supports(JWT $jwt): bool + { + return $jwt instanceof JWS; + } + + public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void + { + if (!$jwt instanceof JWS) { + return; + } + + if ($index > $jwt->countSignatures()) { + throw new \InvalidArgumentException('Unknown signature index.'); + } + $protectedHeader = $jwt->getSignature($index)->getProtectedHeader(); + $unprotectedHeader = $jwt->getSignature($index)->getHeader(); + } +} diff --git a/vendor/web-token/jwt-signature/JWSVerifier.php b/vendor/web-token/jwt-signature/JWSVerifier.php new file mode 100644 index 0000000..bf49150 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSVerifier.php @@ -0,0 +1,160 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Base64Url\Base64Url; +use Jose\Component\Core\AlgorithmManager; +use Jose\Component\Core\JWK; +use Jose\Component\Core\JWKSet; +use Jose\Component\Core\Util\KeyChecker; +use Jose\Component\Signature\Algorithm\SignatureAlgorithm; + +class JWSVerifier +{ + /** + * @var AlgorithmManager + */ + private $signatureAlgorithmManager; + + /** + * JWSVerifier constructor. + */ + public function __construct(AlgorithmManager $signatureAlgorithmManager) + { + $this->signatureAlgorithmManager = $signatureAlgorithmManager; + } + + /** + * Returns the algorithm manager associated to the JWSVerifier. + */ + public function getSignatureAlgorithmManager(): AlgorithmManager + { + return $this->signatureAlgorithmManager; + } + + /** + * This method will try to verify the JWS object using the given key and for the given signature. + * It returns true if the signature is verified, otherwise false. + * + * @return bool true if the verification of the signature succeeded, else false + */ + public function verifyWithKey(JWS $jws, JWK $jwk, int $signature, ?string $detachedPayload = null): bool + { + $jwkset = new JWKSet([$jwk]); + + return $this->verifyWithKeySet($jws, $jwkset, $signature, $detachedPayload); + } + + /** + * This method will try to verify the JWS object using the given key set and for the given signature. + * It returns true if the signature is verified, otherwise false. + * + * @param JWS $jws A JWS object + * @param JWKSet $jwkset The signature will be verified using keys in the key set + * @param string|null $detachedPayload If not null, the value must be the detached payload encoded in Base64 URL safe. If the input contains a payload, throws an exception. + * + * @return bool true if the verification of the signature succeeded, else false + */ + public function verifyWithKeySet(JWS $jws, JWKSet $jwkset, int $signature, ?string $detachedPayload = null): bool + { + $this->checkJWKSet($jwkset); + $this->checkSignatures($jws); + $this->checkPayload($jws, $detachedPayload); + + $signature = $jws->getSignature($signature); + + return $this->verifySignature($jws, $jwkset, $signature, $detachedPayload); + } + + private function verifySignature(JWS $jws, JWKSet $jwkset, Signature $signature, ?string $detachedPayload = null): bool + { + $input = $this->getInputToVerify($jws, $signature, $detachedPayload); + foreach ($jwkset->all() as $jwk) { + $algorithm = $this->getAlgorithm($signature); + + try { + KeyChecker::checkKeyUsage($jwk, 'verification'); + KeyChecker::checkKeyAlgorithm($jwk, $algorithm->name()); + if (!\in_array($jwk->get('kty'), $algorithm->allowedKeyTypes(), true)) { + throw new \InvalidArgumentException('Wrong key type.'); + } + if (true === $algorithm->verify($jwk, $input, $signature->getSignature())) { + return true; + } + } catch (\Exception $e) { + //We do nothing, we continue with other keys + continue; + } + } + + return false; + } + + private function getInputToVerify(JWS $jws, Signature $signature, ?string $detachedPayload): string + { + $encodedProtectedHeader = $signature->getEncodedProtectedHeader(); + if (!$signature->hasProtectedHeaderParameter('b64') || true === $signature->getProtectedHeaderParameter('b64')) { + if (null !== $jws->getEncodedPayload()) { + return \sprintf('%s.%s', $encodedProtectedHeader, $jws->getEncodedPayload()); + } + + $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload(); + + return \sprintf('%s.%s', $encodedProtectedHeader, Base64Url::encode($payload)); + } + + $payload = empty($jws->getPayload()) ? $detachedPayload : $jws->getPayload(); + + return \sprintf('%s.%s', $encodedProtectedHeader, $payload); + } + + private function checkSignatures(JWS $jws) + { + if (0 === $jws->countSignatures()) { + throw new \InvalidArgumentException('The JWS does not contain any signature.'); + } + } + + private function checkJWKSet(JWKSet $jwkset) + { + if (0 === \count($jwkset)) { + throw new \InvalidArgumentException('There is no key in the key set.'); + } + } + + private function checkPayload(JWS $jws, ?string $detachedPayload = null) + { + if (null !== $detachedPayload && !empty($jws->getPayload())) { + throw new \InvalidArgumentException('A detached payload is set, but the JWS already has a payload.'); + } + if (empty($jws->getPayload()) && null === $detachedPayload) { + throw new \InvalidArgumentException('The JWS has a detached payload, but no payload is provided.'); + } + } + + private function getAlgorithm(Signature $signature): SignatureAlgorithm + { + $completeHeader = \array_merge($signature->getProtectedHeader(), $signature->getHeader()); + if (!\array_key_exists('alg', $completeHeader)) { + throw new \InvalidArgumentException('No "alg" parameter set in the header.'); + } + + $algorithm = $this->signatureAlgorithmManager->get($completeHeader['alg']); + if (!$algorithm instanceof SignatureAlgorithm) { + throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported or is not a signature algorithm.', $completeHeader['alg'])); + } + + return $algorithm; + } +} diff --git a/vendor/web-token/jwt-signature/JWSVerifierFactory.php b/vendor/web-token/jwt-signature/JWSVerifierFactory.php new file mode 100644 index 0000000..49bb868 --- /dev/null +++ b/vendor/web-token/jwt-signature/JWSVerifierFactory.php @@ -0,0 +1,44 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +use Jose\Component\Core\AlgorithmManagerFactory; + +class JWSVerifierFactory +{ + /** + * @var AlgorithmManagerFactory + */ + private $algorithmManagerFactory; + + /** + * JWSVerifierFactory constructor. + */ + public function __construct(AlgorithmManagerFactory $algorithmManagerFactory) + { + $this->algorithmManagerFactory = $algorithmManagerFactory; + } + + /** + * Creates a JWSVerifier using the given signature algorithm aliases. + * + * @param string[] $algorithms + */ + public function create(array $algorithms): JWSVerifier + { + $algorithmManager = $this->algorithmManagerFactory->create($algorithms); + + return new JWSVerifier($algorithmManager); + } +} diff --git a/vendor/web-token/jwt-signature/LICENSE b/vendor/web-token/jwt-signature/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-signature/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php b/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php new file mode 100644 index 0000000..7e26d79 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/CompactSerializer.php @@ -0,0 +1,97 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +use Base64Url\Base64Url; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Signature\JWS; + +final class CompactSerializer extends Serializer +{ + public const NAME = 'jws_compact'; + + /** + * @var JsonConverter + */ + private $jsonConverter; + + /** + * JSONFlattenedSerializer constructor. + */ + public function __construct(?JsonConverter $jsonConverter = null) + { + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + } + + public function displayName(): string + { + return 'JWS Compact'; + } + + public function name(): string + { + return self::NAME; + } + + public function serialize(JWS $jws, ?int $signatureIndex = null): string + { + if (null === $signatureIndex) { + $signatureIndex = 0; + } + $signature = $jws->getSignature($signatureIndex); + if (!empty($signature->getHeader())) { + throw new \LogicException('The signature contains unprotected header parameters and cannot be converted into compact JSON.'); + } + if (!$this->isPayloadEncoded($signature->getProtectedHeader()) && !empty($jws->getEncodedPayload())) { + if (1 !== \preg_match('/^[\x{20}-\x{2d}|\x{2f}-\x{7e}]*$/u', $jws->getPayload())) { + throw new \LogicException('Unable to convert the JWS with non-encoded payload.'); + } + } + + return \sprintf( + '%s.%s.%s', + $signature->getEncodedProtectedHeader(), + $jws->getEncodedPayload(), + Base64Url::encode($signature->getSignature()) + ); + } + + public function unserialize(string $input): JWS + { + $parts = \explode('.', $input); + if (3 !== \count($parts)) { + throw new \InvalidArgumentException('Unsupported input'); + } + + try { + $encodedProtectedHeader = $parts[0]; + $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($parts[0])); + if (empty($parts[1])) { + $payload = null; + $encodedPayload = null; + } else { + $encodedPayload = $parts[1]; + $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload; + } + $signature = Base64Url::decode($parts[2]); + + $jws = JWS::create($payload, $encodedPayload, empty($parts[1])); + $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader); + + return $jws; + } catch (\Error | \Exception $e) { + throw new \InvalidArgumentException('Unsupported input'); + } + } +} diff --git a/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php b/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php new file mode 100644 index 0000000..82b79ab --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/JSONFlattenedSerializer.php @@ -0,0 +1,109 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +use Base64Url\Base64Url; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Signature\JWS; + +final class JSONFlattenedSerializer extends Serializer +{ + public const NAME = 'jws_json_flattened'; + + /** + * @var JsonConverter|\Jose\Component\Core\Util\JsonConverter|null + */ + private $jsonConverter; + + /** + * JSONFlattenedSerializer constructor. + */ + public function __construct(?JsonConverter $jsonConverter = null) + { + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + } + + public function displayName(): string + { + return 'JWS JSON Flattened'; + } + + public function name(): string + { + return self::NAME; + } + + public function serialize(JWS $jws, ?int $signatureIndex = null): string + { + if (null === $signatureIndex) { + $signatureIndex = 0; + } + $signature = $jws->getSignature($signatureIndex); + + $data = []; + $values = [ + 'payload' => $jws->getEncodedPayload(), + 'protected' => $signature->getEncodedProtectedHeader(), + 'header' => $signature->getHeader(), + ]; + + foreach ($values as $key => $value) { + if (!empty($value)) { + $data[$key] = $value; + } + } + $data['signature'] = Base64Url::encode($signature->getSignature()); + + return $this->jsonConverter->encode($data); + } + + public function unserialize(string $input): JWS + { + $data = $this->jsonConverter->decode($input); + if (!\is_array($data) || !\array_key_exists('signature', $data)) { + throw new \InvalidArgumentException('Unsupported input.'); + } + + $signature = Base64Url::decode($data['signature']); + + if (\array_key_exists('protected', $data)) { + $encodedProtectedHeader = $data['protected']; + $protectedHeader = $this->jsonConverter->decode(Base64Url::decode($data['protected'])); + } else { + $encodedProtectedHeader = null; + $protectedHeader = []; + } + if (\array_key_exists('header', $data)) { + if (!\is_array($data['header'])) { + throw new \InvalidArgumentException('Bad header.'); + } + $header = $data['header']; + } else { + $header = []; + } + + if (\array_key_exists('payload', $data)) { + $encodedPayload = $data['payload']; + $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload; + } else { + $payload = null; + $encodedPayload = null; + } + + $jws = JWS::create($payload, $encodedPayload, null === $encodedPayload); + $jws = $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader, $header); + + return $jws; + } +} diff --git a/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php b/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php new file mode 100644 index 0000000..35958c6 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/JSONGeneralSerializer.php @@ -0,0 +1,174 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +use Base64Url\Base64Url; +use Jose\Component\Core\Converter\JsonConverter; +use Jose\Component\Signature\JWS; + +final class JSONGeneralSerializer extends Serializer +{ + public const NAME = 'jws_json_general'; + + /** + * @var \Jose\Component\Core\Util\JsonConverter + */ + private $jsonConverter; + + /** + * JSONFlattenedSerializer constructor. + */ + public function __construct(?JsonConverter $jsonConverter = null) + { + $this->jsonConverter = $jsonConverter ?? new \Jose\Component\Core\Util\JsonConverter(); + } + + public function displayName(): string + { + return 'JWS JSON General'; + } + + public function name(): string + { + return self::NAME; + } + + public function serialize(JWS $jws, ?int $signatureIndex = null): string + { + if (0 === $jws->countSignatures()) { + throw new \LogicException('No signature.'); + } + + $data = []; + $this->checkPayloadEncoding($jws); + + if (false === $jws->isPayloadDetached()) { + $data['payload'] = $jws->getEncodedPayload(); + } + + $data['signatures'] = []; + foreach ($jws->getSignatures() as $signature) { + $tmp = ['signature' => Base64Url::encode($signature->getSignature())]; + $values = [ + 'protected' => $signature->getEncodedProtectedHeader(), + 'header' => $signature->getHeader(), + ]; + + foreach ($values as $key => $value) { + if (!empty($value)) { + $tmp[$key] = $value; + } + } + $data['signatures'][] = $tmp; + } + + return $this->jsonConverter->encode($data); + } + + private function checkData($data) + { + if (!\is_array($data) || !\array_key_exists('signatures', $data)) { + throw new \InvalidArgumentException('Unsupported input.'); + } + } + + private function checkSignature($signature) + { + if (!\is_array($signature) || !\array_key_exists('signature', $signature)) { + throw new \InvalidArgumentException('Unsupported input.'); + } + } + + public function unserialize(string $input): JWS + { + $data = $this->jsonConverter->decode($input); + $this->checkData($data); + + $isPayloadEncoded = null; + $rawPayload = \array_key_exists('payload', $data) ? $data['payload'] : null; + $signatures = []; + foreach ($data['signatures'] as $signature) { + $this->checkSignature($signature); + list($encodedProtectedHeader, $protectedHeader, $header) = $this->processHeaders($signature); + $signatures[] = [ + 'signature' => Base64Url::decode($signature['signature']), + 'protected' => $protectedHeader, + 'encoded_protected' => $encodedProtectedHeader, + 'header' => $header, + ]; + $isPayloadEncoded = $this->processIsPayloadEncoded($isPayloadEncoded, $protectedHeader); + } + + $payload = $this->processPayload($rawPayload, $isPayloadEncoded); + $jws = JWS::create($payload, $rawPayload); + foreach ($signatures as $signature) { + $jws = $jws->addSignature( + $signature['signature'], + $signature['protected'], + $signature['encoded_protected'], + $signature['header'] + ); + } + + return $jws; + } + + private function processIsPayloadEncoded(?bool $isPayloadEncoded, array $protectedHeader): bool + { + if (null === $isPayloadEncoded) { + return self::isPayloadEncoded($protectedHeader); + } + if ($this->isPayloadEncoded($protectedHeader) !== $isPayloadEncoded) { + throw new \InvalidArgumentException('Foreign payload encoding detected.'); + } + + return $isPayloadEncoded; + } + + private function processHeaders(array $signature): array + { + $encodedProtectedHeader = \array_key_exists('protected', $signature) ? $signature['protected'] : null; + $protectedHeader = null !== $encodedProtectedHeader ? $this->jsonConverter->decode(Base64Url::decode($encodedProtectedHeader)) : []; + $header = \array_key_exists('header', $signature) ? $signature['header'] : []; + + return [$encodedProtectedHeader, $protectedHeader, $header]; + } + + private function processPayload(?string $rawPayload, ?bool $isPayloadEncoded): ?string + { + if (null === $rawPayload) { + return null; + } + + return false === $isPayloadEncoded ? $rawPayload : Base64Url::decode($rawPayload); + } + + private function checkPayloadEncoding(JWS $jws) + { + if ($jws->isPayloadDetached()) { + return; + } + $is_encoded = null; + foreach ($jws->getSignatures() as $signature) { + if (null === $is_encoded) { + $is_encoded = $this->isPayloadEncoded($signature->getProtectedHeader()); + } + if (false === $jws->isPayloadDetached()) { + if ($is_encoded !== $this->isPayloadEncoded($signature->getProtectedHeader())) { + throw new \LogicException('Foreign payload encoding detected.'); + } + } + } + } +} diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php new file mode 100644 index 0000000..285aef4 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializer.php @@ -0,0 +1,42 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +use Jose\Component\Signature\JWS; + +interface JWSSerializer +{ + /** + * The name of the serialization. + */ + public function name(): string; + + public function displayName(): string; + + /** + * Converts a JWS into a string. + * + * @throws \Exception + */ + public function serialize(JWS $jws, ?int $signatureIndex = null): string; + + /** + * Loads data and return a JWS object. + * + * @param string $input A string that represents a JWS + * + * @throws \Exception + */ + public function unserialize(string $input): JWS; +} diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php new file mode 100644 index 0000000..198dfd1 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManager.php @@ -0,0 +1,104 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +use Jose\Component\Signature\JWS; + +class JWSSerializerManager +{ + /** + * @var JWSSerializer[] + */ + private $serializers = []; + + /** + * JWSSerializerManager constructor. + * + * @param JWSSerializer[] $serializers + */ + public function __construct(array $serializers) + { + foreach ($serializers as $serializer) { + $this->add($serializer); + } + } + + /** + * @deprecated Will be removed in v2.0. Please use constructor instead + * + * @param JWSSerializer[] $serializers + * + * @return JWSSerializerManager + */ + public static function create(array $serializers): self + { + return new self($serializers); + } + + /** + * @return JWSSerializerManager + */ + private function add(JWSSerializer $serializer): self + { + $this->serializers[$serializer->name()] = $serializer; + + return $this; + } + + /** + * @return string[] + */ + public function list(): array + { + return \array_keys($this->serializers); + } + + /** + * Converts a JWS into a string. + * + * @throws \Exception + */ + public function serialize(string $name, JWS $jws, ?int $signatureIndex = null): string + { + if (!\array_key_exists($name, $this->serializers)) { + throw new \InvalidArgumentException(\sprintf('Unsupported serializer "%s".', $name)); + } + + return ($this->serializers[$name])->serialize($jws, $signatureIndex); + } + + /** + * Loads data and return a JWS object. + * + * @param string $input A string that represents a JWS + * @param string|null $name the name of the serializer if the input is unserialized + * + * @throws \Exception + */ + public function unserialize(string $input, ?string &$name = null): JWS + { + foreach ($this->serializers as $serializer) { + try { + $jws = $serializer->unserialize($input); + $name = $serializer->name(); + + return $jws; + } catch (\InvalidArgumentException $e) { + continue; + } + } + + throw new \InvalidArgumentException('Unsupported input.'); + } +} diff --git a/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php new file mode 100644 index 0000000..1b2c234 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/JWSSerializerManagerFactory.php @@ -0,0 +1,64 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +class JWSSerializerManagerFactory +{ + /** + * @var JWSSerializer[] + */ + private $serializers = []; + + /** + * @param string[] $names + */ + public function create(array $names): JWSSerializerManager + { + $serializers = []; + foreach ($names as $name) { + if (!\array_key_exists($name, $this->serializers)) { + throw new \InvalidArgumentException(\sprintf('Unsupported serialiser "%s".', $name)); + } + $serializers[] = $this->serializers[$name]; + } + + return JWSSerializerManager::create($serializers); + } + + /** + * @return string[] + */ + public function names(): array + { + return \array_keys($this->serializers); + } + + /** + * @return JWSSerializer[] + */ + public function all(): array + { + return $this->serializers; + } + + /** + * @return JWSSerializerManagerFactory + */ + public function add(JWSSerializer $serializer): self + { + $this->serializers[$serializer->name()] = $serializer; + + return $this; + } +} diff --git a/vendor/web-token/jwt-signature/Serializer/Serializer.php b/vendor/web-token/jwt-signature/Serializer/Serializer.php new file mode 100644 index 0000000..85636b6 --- /dev/null +++ b/vendor/web-token/jwt-signature/Serializer/Serializer.php @@ -0,0 +1,22 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Serializer; + +abstract class Serializer implements JWSSerializer +{ + protected function isPayloadEncoded(array $protectedHeader): bool + { + return !\array_key_exists('b64', $protectedHeader) || true === $protectedHeader['b64']; + } +} diff --git a/vendor/web-token/jwt-signature/Signature.php b/vendor/web-token/jwt-signature/Signature.php new file mode 100644 index 0000000..9b2ef20 --- /dev/null +++ b/vendor/web-token/jwt-signature/Signature.php @@ -0,0 +1,144 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature; + +class Signature +{ + /** + * @var string|null + */ + private $encodedProtectedHeader; + + /** + * @var array + */ + private $protectedHeader; + + /** + * @var array + */ + private $header; + + /** + * @var string + */ + private $signature; + + /** + * Signature constructor. + */ + private function __construct(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header) + { + $this->protectedHeader = null === $encodedProtectedHeader ? [] : $protectedHeader; + $this->encodedProtectedHeader = $encodedProtectedHeader; + $this->signature = $signature; + $this->header = $header; + } + + /** + * Creates a new signature. + * + * @internal + * + * @return Signature + */ + public static function create(string $signature, array $protectedHeader, ?string $encodedProtectedHeader, array $header = []): self + { + return new self($signature, $protectedHeader, $encodedProtectedHeader, $header); + } + + /** + * The protected header associated with the signature. + */ + public function getProtectedHeader(): array + { + return $this->protectedHeader; + } + + /** + * The unprotected header associated with the signature. + */ + public function getHeader(): array + { + return $this->header; + } + + /** + * The protected header associated with the signature. + */ + public function getEncodedProtectedHeader(): ?string + { + return $this->encodedProtectedHeader; + } + + /** + * Returns the value of the protected header of the specified key. + * + * @param string $key The key + * + * @return mixed|null Header value + */ + public function getProtectedHeaderParameter(string $key) + { + if ($this->hasProtectedHeaderParameter($key)) { + return $this->getProtectedHeader()[$key]; + } + + throw new \InvalidArgumentException(\sprintf('The protected header "%s" does not exist', $key)); + } + + /** + * Returns true if the protected header has the given parameter. + * + * @param string $key The key + */ + public function hasProtectedHeaderParameter(string $key): bool + { + return \array_key_exists($key, $this->getProtectedHeader()); + } + + /** + * Returns the value of the unprotected header of the specified key. + * + * @param string $key The key + * + * @return mixed|null Header value + */ + public function getHeaderParameter(string $key) + { + if ($this->hasHeaderParameter($key)) { + return $this->header[$key]; + } + + throw new \InvalidArgumentException(\sprintf('The header "%s" does not exist', $key)); + } + + /** + * Returns true if the unprotected header has the given parameter. + * + * @param string $key The key + */ + public function hasHeaderParameter(string $key): bool + { + return \array_key_exists($key, $this->header); + } + + /** + * Returns the value of the signature. + */ + public function getSignature(): string + { + return $this->signature; + } +} diff --git a/vendor/web-token/jwt-signature/Util/RSA.php b/vendor/web-token/jwt-signature/Util/RSA.php new file mode 100644 index 0000000..e71e6da --- /dev/null +++ b/vendor/web-token/jwt-signature/Util/RSA.php @@ -0,0 +1,229 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Signature\Util; + +use Jose\Component\Core\Util\BigInteger; +use Jose\Component\Core\Util\Hash; +use Jose\Component\Core\Util\RSAKey; + +/** + * @internal + */ +class RSA +{ + /** + * Probabilistic Signature Scheme. + */ + public const SIGNATURE_PSS = 1; + + /** + * Use the PKCS#1. + */ + public const SIGNATURE_PKCS1 = 2; + + private static function convertIntegerToOctetString(BigInteger $x, int $xLen): string + { + $x = $x->toBytes(); + if (\mb_strlen($x, '8bit') > $xLen) { + throw new \RuntimeException(); + } + + return \str_pad($x, $xLen, \chr(0), STR_PAD_LEFT); + } + + /** + * MGF1. + */ + private static function getMGF1(string $mgfSeed, int $maskLen, Hash $mgfHash): string + { + $t = ''; + $count = \ceil($maskLen / $mgfHash->getLength()); + for ($i = 0; $i < $count; ++$i) { + $c = \pack('N', $i); + $t .= $mgfHash->hash($mgfSeed.$c); + } + + return \mb_substr($t, 0, $maskLen, '8bit'); + } + + /** + * EMSA-PSS-ENCODE. + */ + private static function encodeEMSAPSS(string $message, int $modulusLength, Hash $hash): string + { + $emLen = ($modulusLength + 1) >> 3; + $sLen = $hash->getLength(); + $mHash = $hash->hash($message); + if ($emLen <= $hash->getLength() + $sLen + 2) { + throw new \RuntimeException(); + } + $salt = \random_bytes($sLen); + $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt; + $h = $hash->hash($m2); + $ps = \str_repeat(\chr(0), $emLen - $sLen - $hash->getLength() - 2); + $db = $ps.\chr(1).$salt; + $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash); + $maskedDB = $db ^ $dbMask; + $maskedDB[0] = ~\chr(0xFF << ($modulusLength & 7)) & $maskedDB[0]; + $em = $maskedDB.$h.\chr(0xBC); + + return $em; + } + + /** + * EMSA-PSS-VERIFY. + */ + private static function verifyEMSAPSS(string $m, string $em, int $emBits, Hash $hash): bool + { + $emLen = ($emBits + 1) >> 3; + $sLen = $hash->getLength(); + $mHash = $hash->hash($m); + if ($emLen < $hash->getLength() + $sLen + 2) { + throw new \InvalidArgumentException(); + } + if ($em[\mb_strlen($em, '8bit') - 1] !== \chr(0xBC)) { + throw new \InvalidArgumentException(); + } + $maskedDB = \mb_substr($em, 0, -$hash->getLength() - 1, '8bit'); + $h = \mb_substr($em, -$hash->getLength() - 1, $hash->getLength(), '8bit'); + $temp = \chr(0xFF << ($emBits & 7)); + if ((~$maskedDB[0] & $temp) !== $temp) { + throw new \InvalidArgumentException(); + } + $dbMask = self::getMGF1($h, $emLen - $hash->getLength() - 1, $hash/*MGF*/); + $db = $maskedDB ^ $dbMask; + $db[0] = ~\chr(0xFF << ($emBits & 7)) & $db[0]; + $temp = $emLen - $hash->getLength() - $sLen - 2; + if (\mb_substr($db, 0, $temp, '8bit') !== \str_repeat(\chr(0), $temp)) { + throw new \InvalidArgumentException(); + } + if (1 !== \ord($db[$temp])) { + throw new \InvalidArgumentException(); + } + $salt = \mb_substr($db, $temp + 1, null, '8bit'); // should be $sLen long + $m2 = "\0\0\0\0\0\0\0\0".$mHash.$salt; + $h2 = $hash->hash($m2); + + return \hash_equals($h, $h2); + } + + private static function encodeEMSA15(string $m, int $emBits, Hash $hash): string + { + $h = $hash->hash($m); + switch ($hash->name()) { + case 'sha256': + $t = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20"; + + break; + case 'sha384': + $t = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30"; + + break; + case 'sha512': + $t = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40"; + + break; + default: + throw new \InvalidArgumentException(); + } + $t .= $h; + $tLen = \mb_strlen($t, '8bit'); + if ($emBits < $tLen + 11) { + throw new \RuntimeException(); + } + $ps = \str_repeat(\chr(0xFF), $emBits - $tLen - 3); + $em2 = "\0\1$ps\0$t"; + + return $em2; + } + + public static function sign(RSAKey $key, string $message, string $hash, int $mode): string + { + switch ($mode) { + case self::SIGNATURE_PSS: + return self::signWithPSS($key, $message, $hash); + case self::SIGNATURE_PKCS1: + return self::signWithPKCS15($key, $message, $hash); + default: + throw new \InvalidArgumentException('Unsupported mode.'); + } + } + + /** + * Create a signature. + */ + public static function signWithPSS(RSAKey $key, string $message, string $hash): string + { + $em = self::encodeEMSAPSS($message, 8 * $key->getModulusLength() - 1, Hash::$hash()); + $message = BigInteger::createFromBinaryString($em); + $signature = RSAKey::exponentiate($key, $message); + + return self::convertIntegerToOctetString($signature, $key->getModulusLength()); + } + + /** + * Create a signature. + */ + public static function signWithPKCS15(RSAKey $key, string $message, string $hash): string + { + $em = self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash()); + $message = BigInteger::createFromBinaryString($em); + $signature = RSAKey::exponentiate($key, $message); + + return self::convertIntegerToOctetString($signature, $key->getModulusLength()); + } + + public static function verify(RSAKey $key, string $message, string $signature, string $hash, int $mode): bool + { + switch ($mode) { + case self::SIGNATURE_PSS: + return self::verifyWithPSS($key, $message, $signature, $hash); + case self::SIGNATURE_PKCS1: + return self::verifyWithPKCS15($key, $message, $signature, $hash); + default: + throw new \InvalidArgumentException('Unsupported mode.'); + } + } + + /** + * Verifies a signature. + */ + public static function verifyWithPSS(RSAKey $key, string $message, string $signature, string $hash): bool + { + if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) { + throw new \InvalidArgumentException(); + } + $s2 = BigInteger::createFromBinaryString($signature); + $m2 = RSAKey::exponentiate($key, $s2); + $em = self::convertIntegerToOctetString($m2, $key->getModulusLength()); + $modBits = 8 * $key->getModulusLength(); + + return self::verifyEMSAPSS($message, $em, $modBits - 1, Hash::$hash()); + } + + /** + * Verifies a signature. + */ + public static function verifyWithPKCS15(RSAKey $key, string $message, string $signature, string $hash): bool + { + if (\mb_strlen($signature, '8bit') !== $key->getModulusLength()) { + throw new \InvalidArgumentException(); + } + $signature = BigInteger::createFromBinaryString($signature); + $m2 = RSAKey::exponentiate($key, $signature); + $em = self::convertIntegerToOctetString($m2, $key->getModulusLength()); + + return \hash_equals($em, self::encodeEMSA15($message, $key->getModulusLength(), Hash::$hash())); + } +} diff --git a/vendor/web-token/jwt-signature/composer.json b/vendor/web-token/jwt-signature/composer.json new file mode 100644 index 0000000..e0ceab9 --- /dev/null +++ b/vendor/web-token/jwt-signature/composer.json @@ -0,0 +1,49 @@ +{ + "name": "web-token/jwt-signature", + "description": "Signature component of the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-signature/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Signature\\": "" + } + }, + "require": { + "web-token/jwt-core": "^1.3", + "web-token/jwt-signature-algorithm-ecdsa": "^1.3", + "web-token/jwt-signature-algorithm-eddsa": "^1.3", + "web-token/jwt-signature-algorithm-hmac": "^1.3", + "web-token/jwt-signature-algorithm-none": "^1.3", + "web-token/jwt-signature-algorithm-rsa": "^1.3" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "suggest": { + "web-token/jwt-signature-algorithm-ecdsa": "ECDSA Based Signature Algorithms", + "web-token/jwt-signature-algorithm-eddsa": "EdDSA Based Signature Algorithms", + "web-token/jwt-signature-algorithm-hmac": "HMAC Based Signature Algorithms", + "web-token/jwt-signature-algorithm-none": "None Signature Algorithm", + "web-token/jwt-signature-algorithm-rsa": "RSA Based Signature Algorithms", + "web-token/jwt-signature-algorithm-experimental": "Experimental Signature Algorithms" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} diff --git a/vendor/web-token/jwt-util-ecc/Curve.php b/vendor/web-token/jwt-util-ecc/Curve.php new file mode 100644 index 0000000..8c7d07d --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/Curve.php @@ -0,0 +1,315 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * @internal + */ +class Curve +{ + /** + * Elliptic curve over the field of integers modulo a prime. + * + * @var \GMP + */ + private $a; + + /** + * @var \GMP + */ + private $b; + + /** + * @var \GMP + */ + private $prime; + + /** + * Binary length of keys associated with these curve parameters. + * + * @var int + */ + private $size; + + /** + * @var Point + */ + private $generator; + + public function __construct(int $size, \GMP $prime, \GMP $a, \GMP $b, Point $generator) + { + $this->size = $size; + $this->prime = $prime; + $this->a = $a; + $this->b = $b; + $this->generator = $generator; + } + + public function getA(): \GMP + { + return $this->a; + } + + public function getB(): \GMP + { + return $this->b; + } + + public function getPrime(): \GMP + { + return $this->prime; + } + + public function getSize(): int + { + return $this->size; + } + + public function getPoint(\GMP $x, \GMP $y, ?\GMP $order = null): Point + { + if (!$this->contains($x, $y)) { + throw new \RuntimeException('Curve '.$this->__toString().' does not contain point ('.Math::toString($x).', '.Math::toString($y).')'); + } + $point = Point::create($x, $y, $order); + if (!\is_null($order)) { + $mul = $this->mul($point, $order); + if (!$mul->isInfinity()) { + throw new \RuntimeException('SELF * ORDER MUST EQUAL INFINITY. ('.(string) $mul.' found instead)'); + } + } + + return $point; + } + + public function getPublicKeyFrom(\GMP $x, \GMP $y): PublicKey + { + $zero = \gmp_init(0, 10); + if (Math::cmp($x, $zero) < 0 || Math::cmp($this->generator->getOrder(), $x) <= 0 || Math::cmp($y, $zero) < 0 || Math::cmp($this->generator->getOrder(), $y) <= 0) { + throw new \RuntimeException('Generator point has x and y out of range.'); + } + $point = $this->getPoint($x, $y); + + return PublicKey::create($point); + } + + public function contains(\GMP $x, \GMP $y): bool + { + $eq_zero = Math::equals( + ModularArithmetic::sub( + Math::pow($y, 2), + Math::add( + Math::add( + Math::pow($x, 3), + Math::mul($this->getA(), $x) + ), + $this->getB() + ), + $this->getPrime() + ), + \gmp_init(0, 10) + ); + + return $eq_zero; + } + + public function add(Point $one, Point $two): Point + { + if ($two->isInfinity()) { + return clone $one; + } + + if ($one->isInfinity()) { + return clone $two; + } + + if (Math::equals($two->getX(), $one->getX())) { + if (Math::equals($two->getY(), $one->getY())) { + return $this->getDouble($one); + } else { + return Point::infinity(); + } + } + + $slope = ModularArithmetic::div( + Math::sub($two->getY(), $one->getY()), + Math::sub($two->getX(), $one->getX()), + $this->getPrime() + ); + + $xR = ModularArithmetic::sub( + Math::sub(Math::pow($slope, 2), $one->getX()), + $two->getX(), + $this->getPrime() + ); + + $yR = ModularArithmetic::sub( + Math::mul($slope, Math::sub($one->getX(), $xR)), + $one->getY(), + $this->getPrime() + ); + + return $this->getPoint($xR, $yR, $one->getOrder()); + } + + public function mul(Point $one, \GMP $n): Point + { + if ($one->isInfinity()) { + return Point::infinity(); + } + + /** @var \GMP $zero */ + $zero = \gmp_init(0, 10); + if (Math::cmp($one->getOrder(), $zero) > 0) { + $n = Math::mod($n, $one->getOrder()); + } + + if (Math::equals($n, $zero)) { + return Point::infinity(); + } + + /** @var Point[] $r */ + $r = [ + Point::infinity(), + clone $one, + ]; + + $k = $this->getSize(); + $n = \str_pad(Math::baseConvert(Math::toString($n), 10, 2), $k, '0', STR_PAD_LEFT); + + for ($i = 0; $i < $k; ++$i) { + $j = $n[$i]; + Point::cswap($r[0], $r[1], $j ^ 1); + $r[0] = $this->add($r[0], $r[1]); + $r[1] = $this->getDouble($r[1]); + Point::cswap($r[0], $r[1], $j ^ 1); + } + + $this->validate($r[0]); + + return $r[0]; + } + + /** + * @param Curve $other + */ + public function cmp(self $other): int + { + $equal = Math::equals($this->getA(), $other->getA()); + $equal &= Math::equals($this->getB(), $other->getB()); + $equal &= Math::equals($this->getPrime(), $other->getPrime()); + + return $equal ? 0 : 1; + } + + /** + * @param Curve $other + */ + public function equals(self $other): bool + { + return 0 === $this->cmp($other); + } + + public function __toString(): string + { + return 'curve('.Math::toString($this->getA()).', '.Math::toString($this->getB()).', '.Math::toString($this->getPrime()).')'; + } + + private function validate(Point $point) + { + if (!$point->isInfinity() && !$this->contains($point->getX(), $point->getY())) { + throw new \RuntimeException('Invalid point'); + } + } + + public function getDouble(Point $point): Point + { + if ($point->isInfinity()) { + return Point::infinity(); + } + + $a = $this->getA(); + $threeX2 = Math::mul(\gmp_init(3, 10), Math::pow($point->getX(), 2)); + + $tangent = ModularArithmetic::div( + Math::add($threeX2, $a), + Math::mul(\gmp_init(2, 10), $point->getY()), + $this->getPrime() + ); + + $x3 = ModularArithmetic::sub( + Math::pow($tangent, 2), + Math::mul(\gmp_init(2, 10), $point->getX()), + $this->getPrime() + ); + + $y3 = ModularArithmetic::sub( + Math::mul($tangent, Math::sub($point->getX(), $x3)), + $point->getY(), + $this->getPrime() + ); + + return $this->getPoint($x3, $y3, $point->getOrder()); + } + + public function createPrivateKey(): PrivateKey + { + return PrivateKey::create($this->generate()); + } + + public function createPublicKey(PrivateKey $privateKey): PublicKey + { + $point = $this->mul($this->generator, $privateKey->getSecret()); + + return PublicKey::create($point); + } + + private function generate(): \GMP + { + $max = $this->generator->getOrder(); + $numBits = $this->bnNumBits($max); + $numBytes = (int) \ceil($numBits / 8); + // Generate an integer of size >= $numBits + $bytes = \random_bytes($numBytes); + $value = Math::stringToInt($bytes); + $mask = \gmp_sub(\gmp_pow(2, $numBits), 1); + $integer = \gmp_and($value, $mask); + + return $integer; + } + + /** + * Returns the number of bits used to store this number. Non-significant upper bits are not counted. + * + * @see https://www.openssl.org/docs/crypto/BN_num_bytes.html + */ + private function bnNumBits(\GMP $x): int + { + $zero = \gmp_init(0, 10); + if (Math::equals($x, $zero)) { + return 0; + } + $log2 = 0; + while (false === Math::equals($x, $zero)) { + $x = Math::rightShift($x, 1); + ++$log2; + } + + return $log2; + } + + public function getGenerator(): Point + { + return $this->generator; + } +} diff --git a/vendor/web-token/jwt-util-ecc/LICENSE b/vendor/web-token/jwt-util-ecc/LICENSE new file mode 100644 index 0000000..a098645 --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2018 Spomky-Labs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/web-token/jwt-util-ecc/Math.php b/vendor/web-token/jwt-util-ecc/Math.php new file mode 100644 index 0000000..e5732da --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/Math.php @@ -0,0 +1,97 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * @internal + */ +class Math +{ + public static function cmp(\GMP $first, \GMP $other): int + { + return \gmp_cmp($first, $other); + } + + public static function equals(\GMP $first, \GMP $other): bool + { + return 0 === \gmp_cmp($first, $other); + } + + public static function mod(\GMP $number, \GMP $modulus): \GMP + { + return \gmp_mod($number, $modulus); + } + + public static function add(\GMP $augend, \GMP $addend): \GMP + { + return \gmp_add($augend, $addend); + } + + public static function sub(\GMP $minuend, \GMP $subtrahend): \GMP + { + return \gmp_sub($minuend, $subtrahend); + } + + public static function mul(\GMP $multiplier, \GMP $multiplicand): \GMP + { + return \gmp_mul($multiplier, $multiplicand); + } + + public static function pow(\GMP $base, int $exponent): \GMP + { + return \gmp_pow($base, $exponent); + } + + public static function bitwiseAnd(\GMP $first, \GMP $other): \GMP + { + return \gmp_and($first, $other); + } + + public static function bitwiseXor(\GMP $first, \GMP $other): \GMP + { + return \gmp_xor($first, $other); + } + + public static function toString(\GMP $value): string + { + return \gmp_strval($value); + } + + public static function inverseMod(\GMP $a, \GMP $m): \GMP + { + return \gmp_invert($a, $m); + } + + public static function baseConvert(string $number, int $from, int $to): string + { + return \gmp_strval(\gmp_init($number, $from), $to); + } + + public static function rightShift(\GMP $number, int $positions): \GMP + { + return \gmp_div($number, \gmp_pow(\gmp_init(2, 10), $positions)); + } + + public static function stringToInt(string $s): \GMP + { + $result = \gmp_init(0, 10); + $sLen = \mb_strlen($s, '8bit'); + + for ($c = 0; $c < $sLen; ++$c) { + $result = \gmp_add(\gmp_mul(256, $result), \gmp_init(\ord($s[$c]), 10)); + } + + return $result; + } +} diff --git a/vendor/web-token/jwt-util-ecc/ModularArithmetic.php b/vendor/web-token/jwt-util-ecc/ModularArithmetic.php new file mode 100644 index 0000000..29be145 --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/ModularArithmetic.php @@ -0,0 +1,35 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * @internal + */ +class ModularArithmetic +{ + public static function sub(\GMP $minuend, \GMP $subtrahend, \GMP $modulus): \GMP + { + return Math::mod(Math::sub($minuend, $subtrahend), $modulus); + } + + public static function mul(\GMP $multiplier, \GMP $muliplicand, \GMP $modulus): \GMP + { + return Math::mod(Math::mul($multiplier, $muliplicand), $modulus); + } + + public static function div(\GMP $dividend, \GMP $divisor, \GMP $modulus): \GMP + { + return self::mul($dividend, Math::inverseMod($divisor, $modulus), $modulus); + } +} diff --git a/vendor/web-token/jwt-util-ecc/NistCurve.php b/vendor/web-token/jwt-util-ecc/NistCurve.php new file mode 100644 index 0000000..70d7070 --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/NistCurve.php @@ -0,0 +1,92 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * ********************************************************************* + * Copyright (C) 2012 Matyas Danter. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * *********************************************************************** + */ + +/** + * @internal + */ +class NistCurve +{ + /** + * Returns an NIST P-256 curve. + */ + public static function curve256(): Curve + { + $p = \gmp_init('ffffffff00000001000000000000000000000000ffffffffffffffffffffffff', 16); + $a = \gmp_init('ffffffff00000001000000000000000000000000fffffffffffffffffffffffc', 16); + $b = \gmp_init('5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b', 16); + $x = \gmp_init('6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296', 16); + $y = \gmp_init('4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5', 16); + $n = \gmp_init('ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551', 16); + $generator = Point::create($x, $y, $n); + + return new Curve(256, $p, $a, $b, $generator); + } + + /** + * Returns an NIST P-384 curve. + */ + public static function curve384(): Curve + { + $p = \gmp_init('fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff', 16); + $a = \gmp_init('fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc', 16); + $b = \gmp_init('b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef', 16); + $x = \gmp_init('aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7', 16); + $y = \gmp_init('3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f', 16); + $n = \gmp_init('ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973', 16); + $generator = Point::create($x, $y, $n); + + return new Curve(384, $p, $a, $b, $generator); + } + + /** + * Returns an NIST P-521 curve. + */ + public static function curve521(): Curve + { + $p = \gmp_init('000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', 16); + $a = \gmp_init('000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc', 16); + $b = \gmp_init('00000051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00', 16); + $x = \gmp_init('000000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66', 16); + $y = \gmp_init('0000011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650', 16); + $n = \gmp_init('000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409', 16); + $generator = Point::create($x, $y, $n); + + return new Curve(521, $p, $a, $b, $generator); + } +} diff --git a/vendor/web-token/jwt-util-ecc/Point.php b/vendor/web-token/jwt-util-ecc/Point.php new file mode 100644 index 0000000..bf73b2b --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/Point.php @@ -0,0 +1,152 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * ********************************************************************* + * Copyright (C) 2012 Matyas Danter. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * *********************************************************************** + */ + +/** + * @internal + */ +class Point +{ + /** + * @var \GMP + */ + private $x; + + /** + * @var \GMP + */ + private $y; + + /** + * @var \GMP + */ + private $order; + + /** + * @var bool + */ + private $infinity = false; + + /** + * Initialize a new instance. + * + * @throws \RuntimeException when either the curve does not contain the given coordinates or + * when order is not null and P(x, y) * order is not equal to infinity + */ + private function __construct(\GMP $x, \GMP $y, \GMP $order, bool $infinity = false) + { + $this->x = $x; + $this->y = $y; + $this->order = $order; + $this->infinity = $infinity; + } + + /** + * @return Point + */ + public static function create(\GMP $x, \GMP $y, ?\GMP $order = null): self + { + return new self($x, $y, null === $order ? \gmp_init(0, 10) : $order); + } + + /** + * @return Point + */ + public static function infinity(): self + { + $zero = \gmp_init(0, 10); + + return new self($zero, $zero, $zero, true); + } + + public function isInfinity(): bool + { + return $this->infinity; + } + + public function getOrder(): \GMP + { + return $this->order; + } + + public function getX(): \GMP + { + return $this->x; + } + + public function getY(): \GMP + { + return $this->y; + } + + /** + * @param Point $a + * @param Point $b + */ + public static function cswap(self $a, self $b, int $cond) + { + self::cswapGMP($a->x, $b->x, $cond); + self::cswapGMP($a->y, $b->y, $cond); + self::cswapGMP($a->order, $b->order, $cond); + self::cswapBoolean($a->infinity, $b->infinity, $cond); + } + + private static function cswapBoolean(bool &$a, bool &$b, int $cond) + { + $sa = \gmp_init((int) ($a), 10); + $sb = \gmp_init((int) ($b), 10); + + self::cswapGMP($sa, $sb, $cond); + + $a = (bool) \gmp_strval($sa, 10); + $b = (bool) \gmp_strval($sb, 10); + } + + private static function cswapGMP(\GMP &$sa, \GMP &$sb, int $cond) + { + $size = \max(\mb_strlen(\gmp_strval($sa, 2), '8bit'), \mb_strlen(\gmp_strval($sb, 2), '8bit')); + $mask = (string) (1 - (int) ($cond)); + $mask = \str_pad('', $size, $mask, STR_PAD_LEFT); + $mask = \gmp_init($mask, 2); + $taA = Math::bitwiseAnd($sa, $mask); + $taB = Math::bitwiseAnd($sb, $mask); + $sa = Math::bitwiseXor(Math::bitwiseXor($sa, $sb), $taB); + $sb = Math::bitwiseXor(Math::bitwiseXor($sa, $sb), $taA); + $sa = Math::bitwiseXor(Math::bitwiseXor($sa, $sb), $taB); + } +} diff --git a/vendor/web-token/jwt-util-ecc/PrivateKey.php b/vendor/web-token/jwt-util-ecc/PrivateKey.php new file mode 100644 index 0000000..d33fb5b --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/PrivateKey.php @@ -0,0 +1,67 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * ********************************************************************* + * Copyright (C) 2012 Matyas Danter. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * *********************************************************************** + */ + +/** + * @internal + */ +class PrivateKey +{ + /** + * @var \GMP + */ + private $secret; + + private function __construct(\GMP $secret) + { + $this->secret = $secret; + } + + /** + * @return PrivateKey + */ + public static function create(\GMP $secret): self + { + return new self($secret); + } + + public function getSecret(): \GMP + { + return $this->secret; + } +} diff --git a/vendor/web-token/jwt-util-ecc/PublicKey.php b/vendor/web-token/jwt-util-ecc/PublicKey.php new file mode 100644 index 0000000..a85c0e2 --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/PublicKey.php @@ -0,0 +1,70 @@ +<?php + +declare(strict_types=1); + +/* + * The MIT License (MIT) + * + * Copyright (c) 2014-2018 Spomky-Labs + * + * This software may be modified and distributed under the terms + * of the MIT license. See the LICENSE file for details. + */ + +namespace Jose\Component\Core\Util\Ecc; + +/** + * ********************************************************************* + * Copyright (C) 2012 Matyas Danter. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + * OTHER DEALINGS IN THE SOFTWARE. + * *********************************************************************** + */ + +/** + * @internal + */ +class PublicKey +{ + /** + * @var Point + */ + private $point; + + /** + * PublicKey constructor. + */ + private function __construct(Point $point) + { + $this->point = $point; + } + + /** + * @return PublicKey + */ + public static function create(Point $point): self + { + return new self($point); + } + + public function getPoint(): Point + { + return $this->point; + } +} diff --git a/vendor/web-token/jwt-util-ecc/composer.json b/vendor/web-token/jwt-util-ecc/composer.json new file mode 100644 index 0000000..0598e3e --- /dev/null +++ b/vendor/web-token/jwt-util-ecc/composer.json @@ -0,0 +1,38 @@ +{ + "name": "web-token/jwt-util-ecc", + "description": "ECC Tools for the JWT Framework.", + "type": "library", + "license": "MIT", + "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"], + "homepage": "https://github.com/web-token", + "authors": [ + { + "name": "Florent Morselli", + "homepage": "https://github.com/Spomky" + },{ + "name": "All contributors", + "homepage": "https://github.com/web-token/jwt-core/contributors" + } + ], + "autoload": { + "psr-4": { + "Jose\\Component\\Core\\Util\\Ecc\\": "" + } + }, + "require": { + "php": "^7.1", + "ext-gmp": "*", + "ext-mbstring": "*" + }, + "require-dev": { + "phpunit/phpunit": "^6.0|^7.0" + }, + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "config": { + "sort-packages": true + } +} |