summaryrefslogtreecommitdiffstats
path: root/vendor/web-token/jwt-core
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/web-token/jwt-core')
-rw-r--r--vendor/web-token/jwt-core/Algorithm.php29
-rw-r--r--vendor/web-token/jwt-core/AlgorithmManager.php95
-rw-r--r--vendor/web-token/jwt-core/AlgorithmManagerFactory.php77
-rw-r--r--vendor/web-token/jwt-core/Converter/JsonConverter.php30
-rw-r--r--vendor/web-token/jwt-core/Converter/StandardConverter.php50
-rw-r--r--vendor/web-token/jwt-core/JWK.php148
-rw-r--r--vendor/web-token/jwt-core/JWKSet.php321
-rw-r--r--vendor/web-token/jwt-core/JWT.php23
-rw-r--r--vendor/web-token/jwt-core/LICENSE21
-rw-r--r--vendor/web-token/jwt-core/Util/BigInteger.php232
-rw-r--r--vendor/web-token/jwt-core/Util/ECKey.php306
-rw-r--r--vendor/web-token/jwt-core/Util/ECSignature.php93
-rw-r--r--vendor/web-token/jwt-core/Util/Hash.php90
-rw-r--r--vendor/web-token/jwt-core/Util/JsonConverter.php27
-rw-r--r--vendor/web-token/jwt-core/Util/KeyChecker.php107
-rw-r--r--vendor/web-token/jwt-core/Util/RSAKey.php322
-rw-r--r--vendor/web-token/jwt-core/composer.json44
17 files changed, 2015 insertions, 0 deletions
diff --git a/vendor/web-token/jwt-core/Algorithm.php b/vendor/web-token/jwt-core/Algorithm.php
new file mode 100644
index 0000000..7ae0f15
--- /dev/null
+++ b/vendor/web-token/jwt-core/Algorithm.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+interface Algorithm
+{
+ /**
+ * Returns the name of the algorithm.
+ */
+ public function name(): string;
+
+ /**
+ * Returns the key types suitable for this algorithm (e.g. "oct", "RSA"...).
+ *
+ * @return string[]
+ */
+ public function allowedKeyTypes(): array;
+}
diff --git a/vendor/web-token/jwt-core/AlgorithmManager.php b/vendor/web-token/jwt-core/AlgorithmManager.php
new file mode 100644
index 0000000..88beee4
--- /dev/null
+++ b/vendor/web-token/jwt-core/AlgorithmManager.php
@@ -0,0 +1,95 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+class AlgorithmManager
+{
+ /**
+ * @var array
+ */
+ private $algorithms = [];
+
+ /**
+ * AlgorithmManager constructor.
+ *
+ * @param Algorithm[] $algorithms
+ */
+ public function __construct(array $algorithms)
+ {
+ foreach ($algorithms as $algorithm) {
+ $this->add($algorithm);
+ }
+ }
+
+ /**
+ * This method creates an alogithm manager using the given algorithms.
+ *
+ * @deprecated Will be removed in v2.0. Please use constructor instead
+ *
+ * @param Algorithm[] $algorithms
+ *
+ * @return AlgorithmManager
+ */
+ public static function create(array $algorithms): self
+ {
+ return new self($algorithms);
+ }
+
+ /**
+ * Returns true if the algorithm is supported.
+ *
+ * @param string $algorithm The algorithm
+ */
+ public function has(string $algorithm): bool
+ {
+ return \array_key_exists($algorithm, $this->algorithms);
+ }
+
+ /**
+ * Returns the list of names of supported algorithms.
+ *
+ * @return string[]
+ */
+ public function list(): array
+ {
+ return \array_keys($this->algorithms);
+ }
+
+ /**
+ * Returns the algorithm if supported, otherwise throw an exception.
+ *
+ * @param string $algorithm The algorithm
+ */
+ public function get(string $algorithm): Algorithm
+ {
+ if (!$this->has($algorithm)) {
+ throw new \InvalidArgumentException(\sprintf('The algorithm "%s" is not supported.', $algorithm));
+ }
+
+ return $this->algorithms[$algorithm];
+ }
+
+ /**
+ * Adds an algorithm to the manager.
+ *
+ * @return AlgorithmManager
+ */
+ private function add(Algorithm $algorithm): self
+ {
+ $name = $algorithm->name();
+ $this->algorithms[$name] = $algorithm;
+
+ return $this;
+ }
+}
diff --git a/vendor/web-token/jwt-core/AlgorithmManagerFactory.php b/vendor/web-token/jwt-core/AlgorithmManagerFactory.php
new file mode 100644
index 0000000..0526374
--- /dev/null
+++ b/vendor/web-token/jwt-core/AlgorithmManagerFactory.php
@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+class AlgorithmManagerFactory
+{
+ /**
+ * @var array
+ */
+ private $algorithms = [];
+
+ /**
+ * Adds an algorithm.
+ *
+ * Each algorithm is identified by an alias hence it is allowed to have the same algorithm twice (or more).
+ * This can be helpful when an algorithm have several configuration options.
+ *
+ * @return AlgorithmManagerFactory
+ */
+ public function add(string $alias, Algorithm $algorithm): self
+ {
+ $this->algorithms[$alias] = $algorithm;
+
+ return $this;
+ }
+
+ /**
+ * Returns the list of aliases.
+ *
+ * @return string[]
+ */
+ public function aliases(): array
+ {
+ return \array_keys($this->algorithms);
+ }
+
+ /**
+ * Returns all algorithms supported by this factory.
+ * This is an associative array. Keys are the aliases of the algorithms.
+ *
+ * @return Algorithm[]
+ */
+ public function all(): array
+ {
+ return $this->algorithms;
+ }
+
+ /**
+ * Create an algorithm manager using the given aliases.
+ *
+ * @param string[] $aliases
+ */
+ public function create(array $aliases): AlgorithmManager
+ {
+ $algorithms = [];
+ foreach ($aliases as $alias) {
+ if (\array_key_exists($alias, $this->algorithms)) {
+ $algorithms[] = $this->algorithms[$alias];
+ } else {
+ throw new \InvalidArgumentException(\sprintf('The algorithm with the alias "%s" is not supported.', $alias));
+ }
+ }
+
+ return AlgorithmManager::create($algorithms);
+ }
+}
diff --git a/vendor/web-token/jwt-core/Converter/JsonConverter.php b/vendor/web-token/jwt-core/Converter/JsonConverter.php
new file mode 100644
index 0000000..97fe176
--- /dev/null
+++ b/vendor/web-token/jwt-core/Converter/JsonConverter.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Converter;
+
+/**
+ * @deprecated This interface is deprecated in v1.3 and will be removed in v2.0.
+ */
+interface JsonConverter
+{
+ /**
+ * Convert the payload into a string.
+ */
+ public function encode($payload): string;
+
+ /**
+ * Convert a string into payload.
+ */
+ public function decode(string $payload, bool $associativeArray = true);
+}
diff --git a/vendor/web-token/jwt-core/Converter/StandardConverter.php b/vendor/web-token/jwt-core/Converter/StandardConverter.php
new file mode 100644
index 0000000..87a45e1
--- /dev/null
+++ b/vendor/web-token/jwt-core/Converter/StandardConverter.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Converter;
+
+/**
+ * @deprecated This class is deprecated in v1.3 and will be removed in v2.0
+ */
+final class StandardConverter implements JsonConverter
+{
+ /**
+ * @var int
+ */
+ private $options;
+
+ /**
+ * @var int
+ */
+ private $depth;
+
+ /**
+ * StandardJsonEncoder constructor.
+ * See also json_encode and json_decode parameters.
+ */
+ public function __construct(int $options = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE, int $depth = 512)
+ {
+ $this->options = $options;
+ $this->depth = $depth;
+ }
+
+ public function encode($payload): string
+ {
+ return \json_encode($payload, $this->options, $this->depth);
+ }
+
+ public function decode(string $payload, bool $associativeArray = true)
+ {
+ return \json_decode($payload, $associativeArray, $this->depth, $this->options);
+ }
+}
diff --git a/vendor/web-token/jwt-core/JWK.php b/vendor/web-token/jwt-core/JWK.php
new file mode 100644
index 0000000..c1ff481
--- /dev/null
+++ b/vendor/web-token/jwt-core/JWK.php
@@ -0,0 +1,148 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+use Base64Url\Base64Url;
+
+class JWK implements \JsonSerializable
+{
+ /**
+ * @var array
+ */
+ private $values = [];
+
+ /**
+ * JWK constructor.
+ */
+ public function __construct(array $values)
+ {
+ if (!\array_key_exists('kty', $values)) {
+ throw new \InvalidArgumentException('The parameter "kty" is mandatory.');
+ }
+
+ $this->values = $values;
+ }
+
+ /**
+ * Creates a JWK object using the given values.
+ * The member "kty" is mandatory. Other members are NOT checked.
+ *
+ * @deprecated Will be removed in v2.0. Please use constructor instead
+ *
+ * @return JWK
+ */
+ public static function create(array $values): self
+ {
+ return new self($values);
+ }
+
+ /**
+ * Creates a JWK object using the given Json string.
+ *
+ * @return JWK
+ */
+ public static function createFromJson(string $json): self
+ {
+ $data = \json_decode($json, true);
+ if (!\is_array($data)) {
+ throw new \InvalidArgumentException('Invalid argument.');
+ }
+
+ return self::create($data);
+ }
+
+ /**
+ * Returns the values to be serialized.
+ */
+ public function jsonSerialize()
+ {
+ return $this->values;
+ }
+
+ /**
+ * Get the value with a specific key.
+ *
+ * @param string $key The key
+ *
+ * @throws \InvalidArgumentException
+ *
+ * @return mixed|null
+ */
+ public function get(string $key)
+ {
+ if (!$this->has($key)) {
+ throw new \InvalidArgumentException(\sprintf('The value identified by "%s" does not exist.', $key));
+ }
+
+ return $this->values[$key];
+ }
+
+ /**
+ * Returns true if the JWK has the value identified by.
+ *
+ * @param string $key The key
+ */
+ public function has(string $key): bool
+ {
+ return \array_key_exists($key, $this->values);
+ }
+
+ /**
+ * Get all values stored in the JWK object.
+ *
+ * @return array Values of the JWK object
+ */
+ public function all(): array
+ {
+ return $this->values;
+ }
+
+ /**
+ * Returns the thumbprint of the key.
+ *
+ * @see https://tools.ietf.org/html/rfc7638
+ *
+ * @throws \InvalidArgumentException
+ */
+ public function thumbprint(string $hash_algorithm): string
+ {
+ if (!\in_array($hash_algorithm, \hash_algos(), true)) {
+ throw new \InvalidArgumentException(\sprintf('The hash algorithm "%s" is not supported.', $hash_algorithm));
+ }
+
+ $values = \array_intersect_key($this->values, \array_flip(['kty', 'n', 'e', 'crv', 'x', 'y', 'k']));
+ \ksort($values);
+ $input = \json_encode($values, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+
+ return Base64Url::encode(\hash($hash_algorithm, $input, true));
+ }
+
+ /**
+ * Returns the associated public key.
+ * This method has no effect for:
+ * - public keys
+ * - shared keys
+ * - unknown keys.
+ *
+ * Known keys are "oct", "RSA", "EC" and "OKP".
+ *
+ * @return JWK
+ */
+ public function toPublic(): self
+ {
+ $values = \array_diff_key($this->values, \array_flip(['p', 'd', 'q', 'dp', 'dq', 'qi']));
+
+ return new self($values);
+ }
+}
diff --git a/vendor/web-token/jwt-core/JWKSet.php b/vendor/web-token/jwt-core/JWKSet.php
new file mode 100644
index 0000000..efcd417
--- /dev/null
+++ b/vendor/web-token/jwt-core/JWKSet.php
@@ -0,0 +1,321 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+use InvalidArgumentException;
+
+class JWKSet implements \Countable, \IteratorAggregate, \JsonSerializable
+{
+ /**
+ * @var array
+ */
+ private $keys = [];
+
+ /**
+ * JWKSet constructor.
+ *
+ * @param JWK[] $keys
+ */
+ public function __construct(array $keys)
+ {
+ foreach ($keys as $k => $key) {
+ if (!$key instanceof JWK) {
+ throw new InvalidArgumentException('Invalid list. Should only contains JWK objects');
+ }
+ if ($key->has('kid')) {
+ unset($keys[$k]);
+ $this->keys[$key->get('kid')] = $key;
+ } else {
+ $this->keys[] = $key;
+ }
+ }
+ }
+
+ /**
+ * Creates a JWKSet object using the given values.
+ *
+ * @return JWKSet
+ */
+ public static function createFromKeyData(array $data): self
+ {
+ if (!isset($data['keys'])) {
+ throw new InvalidArgumentException('Invalid data.');
+ }
+ if (!\is_array($data['keys'])) {
+ throw new InvalidArgumentException('Invalid data.');
+ }
+ $jwkset = new self([]);
+ foreach ($data['keys'] as $key) {
+ $jwk = new JWK($key);
+ if ($jwk->has('kid')) {
+ $jwkset->keys[$jwk->get('kid')] = $jwk;
+ } else {
+ $jwkset->keys[] = $jwk;
+ }
+ }
+
+ return $jwkset;
+ }
+
+ /**
+ * Creates a JWKSet object using the given JWK objects.
+ *
+ * @deprecated Will be removed in v2.0. Please use constructor instead.
+ *
+ * @param JWK[] $keys
+ *
+ * @return JWKSet
+ */
+ public static function createFromKeys(array $keys): self
+ {
+ return new self($keys);
+ }
+
+ /**
+ * Creates a JWKSet object using the given Json string.
+ *
+ * @return JWKSet
+ */
+ public static function createFromJson(string $json): self
+ {
+ $data = \json_decode($json, true);
+ if (!\is_array($data)) {
+ throw new InvalidArgumentException('Invalid argument.');
+ }
+
+ return self::createFromKeyData($data);
+ }
+
+ /**
+ * Returns an array of keys stored in the key set.
+ *
+ * @return JWK[]
+ */
+ public function all(): array
+ {
+ return $this->keys;
+ }
+
+ /**
+ * Add key to store in the key set.
+ * This method is immutable and will return a new object.
+ *
+ * @return JWKSet
+ */
+ public function with(JWK $jwk): self
+ {
+ $clone = clone $this;
+
+ if ($jwk->has('kid')) {
+ $clone->keys[$jwk->get('kid')] = $jwk;
+ } else {
+ $clone->keys[] = $jwk;
+ }
+
+ return $clone;
+ }
+
+ /**
+ * Remove key from the key set.
+ * This method is immutable and will return a new object.
+ *
+ * @param int|string $key Key to remove from the key set
+ *
+ * @return JWKSet
+ */
+ public function without($key): self
+ {
+ if (!$this->has($key)) {
+ return $this;
+ }
+
+ $clone = clone $this;
+ unset($clone->keys[$key]);
+
+ return $clone;
+ }
+
+ /**
+ * Returns true if the key set contains a key with the given index.
+ *
+ * @param int|string $index
+ */
+ public function has($index): bool
+ {
+ return \array_key_exists($index, $this->keys);
+ }
+
+ /**
+ * Returns the key with the given index. Throws an exception if the index is not present in the key store.
+ *
+ * @param int|string $index
+ */
+ public function get($index): JWK
+ {
+ if (!$this->has($index)) {
+ throw new InvalidArgumentException('Undefined index.');
+ }
+
+ return $this->keys[$index];
+ }
+
+ /**
+ * Returns the values to be serialized.
+ */
+ public function jsonSerialize(): array
+ {
+ return ['keys' => \array_values($this->keys)];
+ }
+
+ /**
+ * Returns the number of keys in the key set.
+ *
+ * @param int $mode
+ */
+ public function count($mode = COUNT_NORMAL): int
+ {
+ return \count($this->keys, $mode);
+ }
+
+ /**
+ * Try to find a key that fits on the selected requirements.
+ * Returns null if not found.
+ *
+ * @param string $type Must be 'sig' (signature) or 'enc' (encryption)
+ * @param Algorithm|null $algorithm Specifies the algorithm to be used
+ * @param array $restrictions More restrictions such as 'kid' or 'kty'
+ */
+ public function selectKey(string $type, ?Algorithm $algorithm = null, array $restrictions = []): ?JWK
+ {
+ if (!\in_array($type, ['enc', 'sig'], true)) {
+ throw new InvalidArgumentException('Allowed key types are "sig" or "enc".');
+ }
+
+ $result = [];
+ foreach ($this->keys as $key) {
+ $ind = 0;
+
+ $can_use = $this->canKeyBeUsedFor($type, $key);
+ if (false === $can_use) {
+ continue;
+ }
+ $ind += $can_use;
+
+ $alg = $this->canKeyBeUsedWithAlgorithm($algorithm, $key);
+ if (false === $alg) {
+ continue;
+ }
+ $ind += $alg;
+
+ if (false === $this->doesKeySatisfyRestrictions($restrictions, $key)) {
+ continue;
+ }
+
+ $result[] = ['key' => $key, 'ind' => $ind];
+ }
+
+ if (empty($result)) {
+ return null;
+ }
+
+ \usort($result, [$this, 'sortKeys']);
+
+ return $result[0]['key'];
+ }
+
+ /**
+ * @return bool|int
+ */
+ private function canKeyBeUsedFor(string $type, JWK $key)
+ {
+ if ($key->has('use')) {
+ return $type === $key->get('use') ? 1 : false;
+ }
+ if ($key->has('key_ops')) {
+ return $type === self::convertKeyOpsToKeyUse($key->get('use')) ? 1 : false;
+ }
+
+ return 0;
+ }
+
+ /**
+ * @return bool|int
+ */
+ private function canKeyBeUsedWithAlgorithm(?Algorithm $algorithm, JWK $key)
+ {
+ if (null === $algorithm) {
+ return 0;
+ }
+ if (!\in_array($key->get('kty'), $algorithm->allowedKeyTypes(), true)) {
+ return false;
+ }
+ if ($key->has('alg')) {
+ return $algorithm->name() === $key->get('alg') ? 2 : false;
+ }
+
+ return 1;
+ }
+
+ private function doesKeySatisfyRestrictions(array $restrictions, JWK $key): bool
+ {
+ foreach ($restrictions as $k => $v) {
+ if (!$key->has($k) || $v !== $key->get($k)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private static function convertKeyOpsToKeyUse(string $key_ops): string
+ {
+ switch ($key_ops) {
+ case 'verify':
+ case 'sign':
+ return 'sig';
+ case 'encrypt':
+ case 'decrypt':
+ case 'wrapKey':
+ case 'unwrapKey':
+ return 'enc';
+ default:
+ throw new InvalidArgumentException(\sprintf('Unsupported key operation value "%s"', $key_ops));
+ }
+ }
+
+ /**
+ * Internal method only. Should not be used.
+ *
+ * @internal
+ * @internal
+ */
+ public static function sortKeys(array $a, array $b): int
+ {
+ if ($a['ind'] === $b['ind']) {
+ return 0;
+ }
+
+ return ($a['ind'] > $b['ind']) ? -1 : 1;
+ }
+
+ /**
+ * Internal method only. Should not be used.
+ *
+ * @internal
+ */
+ public function getIterator()
+ {
+ return new \ArrayIterator($this->keys);
+ }
+}
diff --git a/vendor/web-token/jwt-core/JWT.php b/vendor/web-token/jwt-core/JWT.php
new file mode 100644
index 0000000..b2cecf1
--- /dev/null
+++ b/vendor/web-token/jwt-core/JWT.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core;
+
+interface JWT
+{
+ /**
+ * Returns the payload of the JWT.
+ * null is a valid payload (e.g. JWS with detached payload).
+ */
+ public function getPayload(): ?string;
+}
diff --git a/vendor/web-token/jwt-core/LICENSE b/vendor/web-token/jwt-core/LICENSE
new file mode 100644
index 0000000..a098645
--- /dev/null
+++ b/vendor/web-token/jwt-core/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014-2018 Spomky-Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/web-token/jwt-core/Util/BigInteger.php b/vendor/web-token/jwt-core/Util/BigInteger.php
new file mode 100644
index 0000000..2513670
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/BigInteger.php
@@ -0,0 +1,232 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+/**
+ * @internal
+ */
+class BigInteger
+{
+ /**
+ * Holds the BigInteger's value.
+ *
+ * @var \GMP
+ */
+ private $value;
+
+ private function __construct(\GMP $value)
+ {
+ $this->value = $value;
+ }
+
+ /**
+ * @return BigInteger
+ */
+ public static function createFromGMPResource(\GMP $value): self
+ {
+ return new self($value);
+ }
+
+ /**
+ * @return BigInteger
+ */
+ public static function createFromBinaryString(string $value): self
+ {
+ $value = '0x'.\unpack('H*', $value)[1];
+ $value = \gmp_init($value, 16);
+
+ return new self($value);
+ }
+
+ /**
+ * @return BigInteger
+ */
+ public static function createFromDecimal(int $value): self
+ {
+ $value = \gmp_init($value, 10);
+
+ return new self($value);
+ }
+
+ /**
+ * Converts a BigInteger to a binary string.
+ */
+ public function toBytes(): string
+ {
+ if (0 === \gmp_cmp($this->value, \gmp_init(0))) {
+ return '';
+ }
+
+ $temp = \gmp_strval(\gmp_abs($this->value), 16);
+ $temp = \mb_strlen($temp, '8bit') & 1 ? '0'.$temp : $temp;
+ $temp = \hex2bin($temp);
+
+ return \ltrim($temp, \chr(0));
+ }
+
+ /**
+ * Adds two BigIntegers.
+ *
+ * @param BigInteger $y
+ *
+ * @return BigInteger
+ */
+ public function add(self $y): self
+ {
+ $value = \gmp_add($this->value, $y->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Subtracts two BigIntegers.
+ *
+ * @param BigInteger $y
+ *
+ * @return BigInteger
+ */
+ public function subtract(self $y): self
+ {
+ $value = \gmp_sub($this->value, $y->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Multiplies two BigIntegers.
+ *
+ * @param BigInteger $x
+ *
+ * @return BigInteger
+ */
+ public function multiply(self $x): self
+ {
+ $value = \gmp_mul($this->value, $x->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Divides two BigIntegers.
+ *
+ * @param BigInteger $x
+ *
+ * @return BigInteger
+ */
+ public function divide(self $x): self
+ {
+ $value = \gmp_div($this->value, $x->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Performs modular exponentiation.
+ *
+ * @param BigInteger $e
+ * @param BigInteger $n
+ *
+ * @return BigInteger
+ */
+ public function modPow(self $e, self $n): self
+ {
+ $value = \gmp_powm($this->value, $e->value, $n->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Performs modular exponentiation.
+ *
+ * @param BigInteger $d
+ *
+ * @return BigInteger
+ */
+ public function mod(self $d): self
+ {
+ $value = \gmp_mod($this->value, $d->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Calculates modular inverses.
+ *
+ * @param BigInteger $n
+ *
+ * @return BigInteger
+ */
+ public function modInverse(self $n): self
+ {
+ $value = \gmp_invert($this->value, $n->value);
+
+ return self::createFromGMPResource($value);
+ }
+
+ /**
+ * Compares two numbers.
+ *
+ * @param BigInteger $y
+ */
+ public function compare(self $y): int
+ {
+ return \gmp_cmp($this->value, $y->value);
+ }
+
+ /**
+ * @param BigInteger $y
+ */
+ public function equals(self $y): bool
+ {
+ return 0 === $this->compare($y);
+ }
+
+ /**
+ * @param BigInteger $y
+ *
+ * @return BigInteger
+ */
+ public static function random(self $y): self
+ {
+ $zero = self::createFromDecimal(0);
+
+ return self::createFromGMPResource(\gmp_random_range($zero->value, $y->value));
+ }
+
+ /**
+ * @param BigInteger $y
+ *
+ * @return BigInteger
+ */
+ public function gcd(self $y): self
+ {
+ return self::createFromGMPResource(\gmp_gcd($this->value, $y->value));
+ }
+
+ /**
+ * @param BigInteger $y
+ */
+ public function lowerThan(self $y): bool
+ {
+ return 0 > $this->compare($y);
+ }
+
+ public function isEven(): bool
+ {
+ $zero = self::createFromDecimal(0);
+ $two = self::createFromDecimal(2);
+
+ return $this->mod($two)->equals($zero);
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/ECKey.php b/vendor/web-token/jwt-core/Util/ECKey.php
new file mode 100644
index 0000000..da409ba
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/ECKey.php
@@ -0,0 +1,306 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+use Base64Url\Base64Url;
+use InvalidArgumentException;
+use Jose\Component\Core\JWK;
+use Jose\Component\Core\Util\Ecc\Curve;
+use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
+use Throwable;
+
+/**
+ * @internal
+ */
+class ECKey
+{
+ public static function convertToPEM(JWK $jwk): string
+ {
+ if ($jwk->has('d')) {
+ return self::convertPrivateKeyToPEM($jwk);
+ }
+
+ return self::convertPublicKeyToPEM($jwk);
+ }
+
+ public static function convertPublicKeyToPEM(JWK $jwk): string
+ {
+ switch ($jwk->get('crv')) {
+ case 'P-256':
+ $der = self::p256PublicKey();
+
+ break;
+ case 'P-384':
+ $der = self::p384PublicKey();
+
+ break;
+ case 'P-521':
+ $der = self::p521PublicKey();
+
+ break;
+ default:
+ throw new InvalidArgumentException('Unsupported curve.');
+ }
+ $der .= self::getKey($jwk);
+ $pem = '-----BEGIN PUBLIC KEY-----'.PHP_EOL;
+ $pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
+ $pem .= '-----END PUBLIC KEY-----'.PHP_EOL;
+
+ return $pem;
+ }
+
+ public static function convertPrivateKeyToPEM(JWK $jwk): string
+ {
+ switch ($jwk->get('crv')) {
+ case 'P-256':
+ $der = self::p256PrivateKey($jwk);
+
+ break;
+ case 'P-384':
+ $der = self::p384PrivateKey($jwk);
+
+ break;
+ case 'P-521':
+ $der = self::p521PrivateKey($jwk);
+
+ break;
+ default:
+ throw new InvalidArgumentException('Unsupported curve.');
+ }
+ $der .= self::getKey($jwk);
+ $pem = '-----BEGIN EC PRIVATE KEY-----'.PHP_EOL;
+ $pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
+ $pem .= '-----END EC PRIVATE KEY-----'.PHP_EOL;
+
+ return $pem;
+ }
+
+ /**
+ * Creates a EC key with the given curve and additional values.
+ *
+ * @param string $curve The curve
+ * @param array $values values to configure the key
+ */
+ public static function createECKey(string $curve, array $values = []): JWK
+ {
+ try {
+ $jwk = self::createECKeyUsingOpenSSL($curve);
+ } catch (Throwable $e) {
+ $jwk = self::createECKeyUsingPurePhp($curve);
+ }
+ $values = array_merge($values, $jwk);
+
+ return new JWK($values);
+ }
+
+ private static function getNistCurve(string $curve): Curve
+ {
+ switch ($curve) {
+ case 'P-256':
+ return NistCurve::curve256();
+ case 'P-384':
+ return NistCurve::curve384();
+ case 'P-521':
+ return NistCurve::curve521();
+ default:
+ throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve));
+ }
+ }
+
+ private static function getNistCurveSize(string $curve): int
+ {
+ switch ($curve) {
+ case 'P-256':
+ return 256;
+ case 'P-384':
+ return 384;
+ case 'P-521':
+ return 521;
+ default:
+ throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve));
+ }
+ }
+
+ private static function createECKeyUsingPurePhp(string $curve): array
+ {
+ $nistCurve = self::getNistCurve($curve);
+ $privateKey = $nistCurve->createPrivateKey();
+ $publicKey = $nistCurve->createPublicKey($privateKey);
+
+ return [
+ 'kty' => 'EC',
+ 'crv' => $curve,
+ 'x' => Base64Url::encode(str_pad(gmp_export($publicKey->getPoint()->getX()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)),
+ 'y' => Base64Url::encode(str_pad(gmp_export($publicKey->getPoint()->getY()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)),
+ 'd' => Base64Url::encode(str_pad(gmp_export($privateKey->getSecret()), (int) ceil($nistCurve->getSize() / 8), "\0", STR_PAD_LEFT)),
+ ];
+ }
+
+ private static function createECKeyUsingOpenSSL(string $curve): array
+ {
+ $key = openssl_pkey_new([
+ 'curve_name' => self::getOpensslCurveName($curve),
+ 'private_key_type' => OPENSSL_KEYTYPE_EC,
+ ]);
+ if (false === $key) {
+ throw new RuntimeException('Unable to create the key');
+ }
+ $result = openssl_pkey_export($key, $out);
+ if (false === $result) {
+ throw new RuntimeException('Unable to create the key');
+ }
+ $res = openssl_pkey_get_private($out);
+ if (false === $res) {
+ throw new RuntimeException('Unable to create the key');
+ }
+ $details = openssl_pkey_get_details($res);
+ $nistCurveSize = self::getNistCurveSize($curve);
+
+ return [
+ 'kty' => 'EC',
+ 'crv' => $curve,
+ 'd' => Base64Url::encode(str_pad($details['ec']['d'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)),
+ 'x' => Base64Url::encode(str_pad($details['ec']['x'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)),
+ 'y' => Base64Url::encode(str_pad($details['ec']['y'], (int) ceil($nistCurveSize / 8), "\0", STR_PAD_LEFT)),
+ ];
+ }
+
+ private static function getOpensslCurveName(string $curve): string
+ {
+ switch ($curve) {
+ case 'P-256':
+ return 'prime256v1';
+ case 'P-384':
+ return 'secp384r1';
+ case 'P-521':
+ return 'secp521r1';
+ default:
+ throw new InvalidArgumentException(sprintf('The curve "%s" is not supported.', $curve));
+ }
+ }
+
+ private static function p256PublicKey(): string
+ {
+ return pack(
+ 'H*',
+ '3059' // SEQUENCE, length 89
+ .'3013' // SEQUENCE, length 19
+ .'0607' // OID, length 7
+ .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
+ .'0608' // OID, length 8
+ .'2a8648ce3d030107' // 1.2.840.10045.3.1.7 = P-256 Curve
+ .'0342' // BIT STRING, length 66
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function p384PublicKey(): string
+ {
+ return pack(
+ 'H*',
+ '3076' // SEQUENCE, length 118
+ .'3010' // SEQUENCE, length 16
+ .'0607' // OID, length 7
+ .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
+ .'0605' // OID, length 5
+ .'2b81040022' // 1.3.132.0.34 = P-384 Curve
+ .'0362' // BIT STRING, length 98
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function p521PublicKey(): string
+ {
+ return pack(
+ 'H*',
+ '30819b' // SEQUENCE, length 154
+ .'3010' // SEQUENCE, length 16
+ .'0607' // OID, length 7
+ .'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
+ .'0605' // OID, length 5
+ .'2b81040023' // 1.3.132.0.35 = P-521 Curve
+ .'038186' // BIT STRING, length 134
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function p256PrivateKey(JWK $jwk): string
+ {
+ $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 32, "\0", STR_PAD_LEFT))[1];
+
+ return pack(
+ 'H*',
+ '3077' // SEQUENCE, length 87+length($d)=32
+ .'020101' // INTEGER, 1
+ .'0420' // OCTET STRING, length($d) = 32
+ .$d
+ .'a00a' // TAGGED OBJECT #0, length 10
+ .'0608' // OID, length 8
+ .'2a8648ce3d030107' // 1.3.132.0.34 = P-384 Curve
+ .'a144' // TAGGED OBJECT #1, length 68
+ .'0342' // BIT STRING, length 66
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function p384PrivateKey(JWK $jwk): string
+ {
+ $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 48, "\0", STR_PAD_LEFT))[1];
+
+ return pack(
+ 'H*',
+ '3081a4' // SEQUENCE, length 116 + length($d)=48
+ .'020101' // INTEGER, 1
+ .'0430' // OCTET STRING, length($d) = 30
+ .$d
+ .'a007' // TAGGED OBJECT #0, length 7
+ .'0605' // OID, length 5
+ .'2b81040022' // 1.3.132.0.34 = P-384 Curve
+ .'a164' // TAGGED OBJECT #1, length 100
+ .'0362' // BIT STRING, length 98
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function p521PrivateKey(JWK $jwk): string
+ {
+ $d = unpack('H*', str_pad(Base64Url::decode($jwk->get('d')), 66, "\0", STR_PAD_LEFT))[1];
+
+ return pack(
+ 'H*',
+ '3081dc' // SEQUENCE, length 154 + length($d)=66
+ .'020101' // INTEGER, 1
+ .'0442' // OCTET STRING, length(d) = 66
+ .$d
+ .'a007' // TAGGED OBJECT #0, length 7
+ .'0605' // OID, length 5
+ .'2b81040023' // 1.3.132.0.35 = P-521 Curve
+ .'a18189' // TAGGED OBJECT #1, length 137
+ .'038186' // BIT STRING, length 134
+ .'00' // prepend with NUL - pubkey will follow
+ );
+ }
+
+ private static function getKey(JWK $jwk): string
+ {
+ $nistCurveSize = self::getNistCurveSize($jwk->get('crv'));
+ $length = (int) ceil($nistCurveSize / 8);
+
+ return
+ "\04"
+ .str_pad(Base64Url::decode($jwk->get('x')), $length, "\0", STR_PAD_LEFT)
+ .str_pad(Base64Url::decode($jwk->get('y')), $length, "\0", STR_PAD_LEFT);
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/ECSignature.php b/vendor/web-token/jwt-core/Util/ECSignature.php
new file mode 100644
index 0000000..5bfa5b0
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/ECSignature.php
@@ -0,0 +1,93 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+/**
+ * @internal
+ */
+class ECSignature
+{
+ public static function toDER(string $signature, int $partLength): string
+ {
+ $signature = \unpack('H*', $signature)[1];
+ if (\mb_strlen($signature, '8bit') !== 2 * $partLength) {
+ throw new \InvalidArgumentException('Invalid length.');
+ }
+ $R = \mb_substr($signature, 0, $partLength, '8bit');
+ $S = \mb_substr($signature, $partLength, null, '8bit');
+
+ $R = self::preparePositiveInteger($R);
+ $Rl = \mb_strlen($R, '8bit') / 2;
+ $S = self::preparePositiveInteger($S);
+ $Sl = \mb_strlen($S, '8bit') / 2;
+ $der = \pack('H*',
+ '30'.($Rl + $Sl + 4 > 128 ? '81' : '').\dechex($Rl + $Sl + 4)
+ .'02'.\dechex($Rl).$R
+ .'02'.\dechex($Sl).$S
+ );
+
+ return $der;
+ }
+
+ public static function fromDER(string $der, int $partLength): string
+ {
+ $hex = \unpack('H*', $der)[1];
+ if ('30' !== \mb_substr($hex, 0, 2, '8bit')) { // SEQUENCE
+ throw new \RuntimeException();
+ }
+ if ('81' === \mb_substr($hex, 2, 2, '8bit')) { // LENGTH > 128
+ $hex = \mb_substr($hex, 6, null, '8bit');
+ } else {
+ $hex = \mb_substr($hex, 4, null, '8bit');
+ }
+ if ('02' !== \mb_substr($hex, 0, 2, '8bit')) { // INTEGER
+ throw new \RuntimeException();
+ }
+
+ $Rl = \hexdec(\mb_substr($hex, 2, 2, '8bit'));
+ $R = self::retrievePositiveInteger(\mb_substr($hex, 4, $Rl * 2, '8bit'));
+ $R = \str_pad($R, $partLength, '0', STR_PAD_LEFT);
+
+ $hex = \mb_substr($hex, 4 + $Rl * 2, null, '8bit');
+ if ('02' !== \mb_substr($hex, 0, 2, '8bit')) { // INTEGER
+ throw new \RuntimeException();
+ }
+ $Sl = \hexdec(\mb_substr($hex, 2, 2, '8bit'));
+ $S = self::retrievePositiveInteger(\mb_substr($hex, 4, $Sl * 2, '8bit'));
+ $S = \str_pad($S, $partLength, '0', STR_PAD_LEFT);
+
+ return \pack('H*', $R.$S);
+ }
+
+ private static function preparePositiveInteger(string $data): string
+ {
+ if (\mb_substr($data, 0, 2, '8bit') > '7f') {
+ return '00'.$data;
+ }
+ while ('00' === \mb_substr($data, 0, 2, '8bit') && \mb_substr($data, 2, 2, '8bit') <= '7f') {
+ $data = \mb_substr($data, 2, null, '8bit');
+ }
+
+ return $data;
+ }
+
+ private static function retrievePositiveInteger(string $data): string
+ {
+ while ('00' === \mb_substr($data, 0, 2, '8bit') && \mb_substr($data, 2, 2, '8bit') > '7f') {
+ $data = \mb_substr($data, 2, null, '8bit');
+ }
+
+ return $data;
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/Hash.php b/vendor/web-token/jwt-core/Util/Hash.php
new file mode 100644
index 0000000..105c865
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/Hash.php
@@ -0,0 +1,90 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+/**
+ * @internal
+ */
+class Hash
+{
+ /**
+ * Hash Parameter.
+ *
+ * @var string
+ */
+ private $hash;
+
+ /**
+ * Hash Length.
+ *
+ * @var int
+ */
+ private $length;
+
+ /**
+ * @return Hash
+ */
+ public static function sha1(): self
+ {
+ return new self('sha1', 20);
+ }
+
+ /**
+ * @return Hash
+ */
+ public static function sha256(): self
+ {
+ return new self('sha256', 32);
+ }
+
+ /**
+ * @return Hash
+ */
+ public static function sha384(): self
+ {
+ return new self('sha384', 48);
+ }
+
+ /**
+ * @return Hash
+ */
+ public static function sha512(): self
+ {
+ return new self('sha512', 64);
+ }
+
+ private function __construct(string $hash, int $length)
+ {
+ $this->hash = $hash;
+ $this->length = $length;
+ }
+
+ public function getLength(): int
+ {
+ return $this->length;
+ }
+
+ /**
+ * Compute the HMAC.
+ */
+ public function hash(string $text): string
+ {
+ return \hash($this->hash, $text, true);
+ }
+
+ public function name(): string
+ {
+ return $this->hash;
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/JsonConverter.php b/vendor/web-token/jwt-core/Util/JsonConverter.php
new file mode 100644
index 0000000..ef95126
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/JsonConverter.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+final class JsonConverter
+{
+ public static function encode($payload): string
+ {
+ return \json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+ }
+
+ public static function decode(string $payload)
+ {
+ return \json_decode($payload, true, 512, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/KeyChecker.php b/vendor/web-token/jwt-core/Util/KeyChecker.php
new file mode 100644
index 0000000..09385a4
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/KeyChecker.php
@@ -0,0 +1,107 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+use Jose\Component\Core\JWK;
+
+/**
+ * @internal
+ */
+class KeyChecker
+{
+ /**
+ * @throws \InvalidArgumentException
+ */
+ public static function checkKeyUsage(JWK $key, string $usage): bool
+ {
+ if ($key->has('use')) {
+ return self::checkUsage($key, $usage);
+ }
+ if ($key->has('key_ops')) {
+ return self::checkOperation($key, $usage);
+ }
+
+ return true;
+ }
+
+ private static function checkOperation(JWK $key, string $usage): bool
+ {
+ $ops = $key->get('key_ops');
+ if (!\is_array($ops)) {
+ $ops = [$ops];
+ }
+ switch ($usage) {
+ case 'verification':
+ if (!\in_array('verify', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to verify a signature');
+ }
+
+ return true;
+ case 'signature':
+ if (!\in_array('sign', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to sign');
+ }
+
+ return true;
+ case 'encryption':
+ if (!\in_array('encrypt', $ops, true) && !\in_array('wrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt');
+ }
+
+ return true;
+ case 'decryption':
+ if (!\in_array('decrypt', $ops, true) && !\in_array('unwrapKey', $ops, true)) {
+ throw new \InvalidArgumentException('Key cannot be used to decrypt');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ private static function checkUsage(JWK $key, string $usage): bool
+ {
+ $use = $key->get('use');
+ switch ($usage) {
+ case 'verification':
+ case 'signature':
+ if ('sig' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to sign or verify a signature.');
+ }
+
+ return true;
+ case 'encryption':
+ case 'decryption':
+ if ('enc' !== $use) {
+ throw new \InvalidArgumentException('Key cannot be used to encrypt or decrypt.');
+ }
+
+ return true;
+ default:
+ throw new \InvalidArgumentException('Unsupported key usage.');
+ }
+ }
+
+ public static function checkKeyAlgorithm(JWK $key, string $algorithm)
+ {
+ if (!$key->has('alg')) {
+ return;
+ }
+
+ if ($key->get('alg') !== $algorithm) {
+ throw new \InvalidArgumentException(\sprintf('Key is only allowed for algorithm "%s".', $key->get('alg')));
+ }
+ }
+}
diff --git a/vendor/web-token/jwt-core/Util/RSAKey.php b/vendor/web-token/jwt-core/Util/RSAKey.php
new file mode 100644
index 0000000..3670034
--- /dev/null
+++ b/vendor/web-token/jwt-core/Util/RSAKey.php
@@ -0,0 +1,322 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Core\Util;
+
+use Base64Url\Base64Url;
+use FG\ASN1\Universal\BitString;
+use FG\ASN1\Universal\Integer;
+use FG\ASN1\Universal\NullObject;
+use FG\ASN1\Universal\ObjectIdentifier;
+use FG\ASN1\Universal\OctetString;
+use FG\ASN1\Universal\Sequence;
+use Jose\Component\Core\JWK;
+
+/**
+ * @internal
+ */
+class RSAKey
+{
+ /**
+ * @var Sequence
+ */
+ private $sequence;
+
+ /**
+ * @var bool
+ */
+ private $private = false;
+
+ /**
+ * @var array
+ */
+ private $values = [];
+
+ /**
+ * @var BigInteger
+ */
+ private $modulus;
+
+ /**
+ * @var int
+ */
+ private $modulus_length;
+
+ /**
+ * @var BigInteger
+ */
+ private $public_exponent;
+
+ /**
+ * @var BigInteger|null
+ */
+ private $private_exponent = null;
+
+ /**
+ * @var BigInteger[]
+ */
+ private $primes = [];
+
+ /**
+ * @var BigInteger[]
+ */
+ private $exponents = [];
+
+ /**
+ * @var BigInteger|null
+ */
+ private $coefficient = null;
+
+ private function __construct(JWK $data)
+ {
+ $this->loadJWK($data->all());
+ $this->populateBigIntegers();
+ $this->private = \array_key_exists('d', $this->values);
+ }
+
+ /**
+ * @return RSAKey
+ */
+ public static function createFromJWK(JWK $jwk): self
+ {
+ return new self($jwk);
+ }
+
+ public function getModulus(): BigInteger
+ {
+ return $this->modulus;
+ }
+
+ public function getModulusLength(): int
+ {
+ return $this->modulus_length;
+ }
+
+ public function getExponent(): BigInteger
+ {
+ $d = $this->getPrivateExponent();
+ if (null !== $d) {
+ return $d;
+ }
+
+ return $this->getPublicExponent();
+ }
+
+ public function getPublicExponent(): BigInteger
+ {
+ return $this->public_exponent;
+ }
+
+ public function getPrivateExponent(): ?BigInteger
+ {
+ return $this->private_exponent;
+ }
+
+ /**
+ * @return BigInteger[]
+ */
+ public function getPrimes(): array
+ {
+ return $this->primes;
+ }
+
+ /**
+ * @return BigInteger[]
+ */
+ public function getExponents(): array
+ {
+ return $this->exponents;
+ }
+
+ public function getCoefficient(): ?BigInteger
+ {
+ return $this->coefficient;
+ }
+
+ public function isPublic(): bool
+ {
+ return !\array_key_exists('d', $this->values);
+ }
+
+ /**
+ * @param RSAKey $private
+ *
+ * @return RSAKey
+ */
+ public static function toPublic(self $private): self
+ {
+ $data = $private->toArray();
+ $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi'];
+ foreach ($keys as $key) {
+ if (\array_key_exists($key, $data)) {
+ unset($data[$key]);
+ }
+ }
+
+ return new self(new JWK($data));
+ }
+
+ public function toArray(): array
+ {
+ return $this->values;
+ }
+
+ private function loadJWK(array $jwk)
+ {
+ if (!\array_key_exists('kty', $jwk)) {
+ throw new \InvalidArgumentException('The key parameter "kty" is missing.');
+ }
+ if ('RSA' !== $jwk['kty']) {
+ throw new \InvalidArgumentException('The JWK is not a RSA key.');
+ }
+
+ $this->values = $jwk;
+ }
+
+ private function populateBigIntegers()
+ {
+ $this->modulus = $this->convertBase64StringToBigInteger($this->values['n']);
+ $this->modulus_length = \mb_strlen($this->getModulus()->toBytes(), '8bit');
+ $this->public_exponent = $this->convertBase64StringToBigInteger($this->values['e']);
+
+ if (!$this->isPublic()) {
+ $this->private_exponent = $this->convertBase64StringToBigInteger($this->values['d']);
+
+ if (\array_key_exists('p', $this->values) && \array_key_exists('q', $this->values)) {
+ $this->primes = [
+ $this->convertBase64StringToBigInteger($this->values['p']),
+ $this->convertBase64StringToBigInteger($this->values['q']),
+ ];
+ if (\array_key_exists('dp', $this->values) && \array_key_exists('dq', $this->values) && \array_key_exists('qi', $this->values)) {
+ $this->exponents = [
+ $this->convertBase64StringToBigInteger($this->values['dp']),
+ $this->convertBase64StringToBigInteger($this->values['dq']),
+ ];
+ $this->coefficient = $this->convertBase64StringToBigInteger($this->values['qi']);
+ }
+ }
+ }
+ }
+
+ private function convertBase64StringToBigInteger(string $value): BigInteger
+ {
+ return BigInteger::createFromBinaryString(Base64Url::decode($value));
+ }
+
+ /**
+ * @throws \Exception
+ */
+ public function toPEM(): string
+ {
+ if (null === $this->sequence) {
+ $this->sequence = new Sequence();
+ if (\array_key_exists('d', $this->values)) {
+ $this->initPrivateKey();
+ } else {
+ $this->initPublicKey();
+ }
+ }
+ $result = '-----BEGIN '.($this->private ? 'RSA PRIVATE' : 'PUBLIC').' KEY-----'.PHP_EOL;
+ $result .= \chunk_split(\base64_encode($this->sequence->getBinary()), 64, PHP_EOL);
+ $result .= '-----END '.($this->private ? 'RSA PRIVATE' : 'PUBLIC').' KEY-----'.PHP_EOL;
+
+ return $result;
+ }
+
+ /**
+ * @throws \Exception
+ */
+ private function initPublicKey()
+ {
+ $oid_sequence = new Sequence();
+ $oid_sequence->addChild(new ObjectIdentifier('1.2.840.113549.1.1.1'));
+ $oid_sequence->addChild(new NullObject());
+ $this->sequence->addChild($oid_sequence);
+ $n = new Integer($this->fromBase64ToInteger($this->values['n']));
+ $e = new Integer($this->fromBase64ToInteger($this->values['e']));
+ $key_sequence = new Sequence();
+ $key_sequence->addChild($n);
+ $key_sequence->addChild($e);
+ $key_bit_string = new BitString(\bin2hex($key_sequence->getBinary()));
+ $this->sequence->addChild($key_bit_string);
+ }
+
+ private function initPrivateKey()
+ {
+ $this->sequence->addChild(new Integer(0));
+ $oid_sequence = new Sequence();
+ $oid_sequence->addChild(new ObjectIdentifier('1.2.840.113549.1.1.1'));
+ $oid_sequence->addChild(new NullObject());
+ $this->sequence->addChild($oid_sequence);
+ $v = new Integer(0);
+ $n = new Integer($this->fromBase64ToInteger($this->values['n']));
+ $e = new Integer($this->fromBase64ToInteger($this->values['e']));
+ $d = new Integer($this->fromBase64ToInteger($this->values['d']));
+ $p = new Integer($this->fromBase64ToInteger($this->values['p']));
+ $q = new Integer($this->fromBase64ToInteger($this->values['q']));
+ $dp = \array_key_exists('dp', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['dp'])) : new Integer(0);
+ $dq = \array_key_exists('dq', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['dq'])) : new Integer(0);
+ $qi = \array_key_exists('qi', $this->values) ? new Integer($this->fromBase64ToInteger($this->values['qi'])) : new Integer(0);
+ $key_sequence = new Sequence();
+ $key_sequence->addChild($v);
+ $key_sequence->addChild($n);
+ $key_sequence->addChild($e);
+ $key_sequence->addChild($d);
+ $key_sequence->addChild($p);
+ $key_sequence->addChild($q);
+ $key_sequence->addChild($dp);
+ $key_sequence->addChild($dq);
+ $key_sequence->addChild($qi);
+ $key_octet_string = new OctetString(\bin2hex($key_sequence->getBinary()));
+ $this->sequence->addChild($key_octet_string);
+ }
+
+ /**
+ * @param string $value
+ *
+ * @return string
+ */
+ private function fromBase64ToInteger($value)
+ {
+ return \gmp_strval(\gmp_init(\current(\unpack('H*', Base64Url::decode($value))), 16), 10);
+ }
+
+ /**
+ * Exponentiate with or without Chinese Remainder Theorem.
+ * Operation with primes 'p' and 'q' is appox. 2x faster.
+ *
+ * @param RSAKey $key
+ */
+ public static function exponentiate(self $key, BigInteger $c): BigInteger
+ {
+ if ($c->compare(BigInteger::createFromDecimal(0)) < 0 || $c->compare($key->getModulus()) > 0) {
+ throw new \RuntimeException();
+ }
+ if ($key->isPublic() || empty($key->getPrimes()) || empty($key->getExponents()) || null === $key->getCoefficient()) {
+ return $c->modPow($key->getExponent(), $key->getModulus());
+ }
+
+ $p = $key->getPrimes()[0];
+ $q = $key->getPrimes()[1];
+ $dP = $key->getExponents()[0];
+ $dQ = $key->getExponents()[1];
+ $qInv = $key->getCoefficient();
+
+ $m1 = $c->modPow($dP, $p);
+ $m2 = $c->modPow($dQ, $q);
+ $h = $qInv->multiply($m1->subtract($m2)->add($p))->mod($p);
+ $m = $m2->add($h->multiply($q));
+
+ return $m;
+ }
+}
diff --git a/vendor/web-token/jwt-core/composer.json b/vendor/web-token/jwt-core/composer.json
new file mode 100644
index 0000000..37c4ce0
--- /dev/null
+++ b/vendor/web-token/jwt-core/composer.json
@@ -0,0 +1,44 @@
+{
+ "name": "web-token/jwt-core",
+ "description": "Core component of the JWT Framework.",
+ "type": "library",
+ "license": "MIT",
+ "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
+ "homepage": "https://github.com/web-token",
+ "authors": [
+ {
+ "name": "Florent Morselli",
+ "homepage": "https://github.com/Spomky"
+ },{
+ "name": "All contributors",
+ "homepage": "https://github.com/web-token/jwt-core/contributors"
+ }
+ ],
+ "autoload": {
+ "psr-4": {
+ "Jose\\Component\\Core\\": ""
+ }
+ },
+ "require": {
+ "php": "^7.1",
+ "ext-gmp": "*",
+ "ext-mbstring": "*",
+ "fgrosse/phpasn1": "^2.0",
+ "spomky-labs/base64url": "^1.0|^2.0",
+ "web-token/jwt-util-ecc": "^1.3"
+ },
+ "require-dev": {
+ "phpunit/phpunit": "^6.0|^7.0"
+ },
+ "conflict": {
+ "spomky-labs/jose": "*"
+ },
+ "extra": {
+ "branch-alias": {
+ "dev-master": "1.3.x-dev"
+ }
+ },
+ "config": {
+ "sort-packages": true
+ }
+}