[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 declare(strict_types=1); 4 5 /* 6 * The MIT License (MIT) 7 * 8 * Copyright (c) 2014-2019 Spomky-Labs 9 * 10 * This software may be modified and distributed under the terms 11 * of the MIT license. See the LICENSE file for details. 12 */ 13 14 namespace Webauthn\MetadataService; 15 16 use Assert\Assertion; 17 use Base64Url\Base64Url; 18 use Jose\Component\KeyManagement\JWKFactory; 19 use Jose\Component\Signature\Algorithm\ES256; 20 use Jose\Component\Signature\Serializer\CompactSerializer; 21 use Psr\Http\Client\ClientInterface; 22 use Psr\Http\Message\RequestFactoryInterface; 23 24 class MetadataStatementFetcher 25 { 26 public static function fetchTableOfContent(string $uri, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = []): MetadataTOCPayload 27 { 28 $content = self::fetch($uri, $client, $requestFactory, $additionalHeaders); 29 $payload = self::getJwsPayload($content); 30 $data = json_decode($payload, true); 31 Assertion::eq(JSON_ERROR_NONE, json_last_error(), 'Unable to decode the data'); 32 33 return MetadataTOCPayload::createFromArray($data); 34 } 35 36 public static function fetchMetadataStatement(string $uri, bool $isBase64UrlEncoded, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = []): MetadataStatement 37 { 38 $payload = self::fetch($uri, $client, $requestFactory, $additionalHeaders); 39 $json = $isBase64UrlEncoded ? Base64Url::decode($payload) : $payload; 40 $data = json_decode($json, true); 41 Assertion::eq(JSON_ERROR_NONE, json_last_error(), 'Unable to decode the data'); 42 43 return MetadataStatement::createFromArray($data); 44 } 45 46 private static function fetch(string $uri, ClientInterface $client, RequestFactoryInterface $requestFactory, array $additionalHeaders = []): string 47 { 48 $request = $requestFactory->createRequest('GET', $uri); 49 foreach ($additionalHeaders as $k => $v) { 50 $request = $request->withHeader($k, $v); 51 } 52 $response = $client->sendRequest($request); 53 Assertion::eq(200, $response->getStatusCode(), sprintf('Unable to contact the server. Response code is %d', $response->getStatusCode())); 54 $content = $response->getBody()->getContents(); 55 Assertion::notEmpty($content, 'Unable to contact the server. The response has no content'); 56 57 return $content; 58 } 59 60 private static function getJwsPayload(string $token): string 61 { 62 $jws = (new CompactSerializer())->unserialize($token); 63 Assertion::eq(1, $jws->countSignatures(), 'Invalid response from the metadata service. Only one signature shall be present.'); 64 $signature = $jws->getSignature(0); 65 $payload = $jws->getPayload(); 66 Assertion::notEmpty($payload, 'Invalid response from the metadata service. The token payload is empty.'); 67 $header = $signature->getProtectedHeader(); 68 Assertion::keyExists($header, 'alg', 'The "alg" parameter is missing.'); 69 Assertion::eq($header['alg'], 'ES256', 'The expected "alg" parameter value should be "ES256".'); 70 Assertion::keyExists($header, 'x5c', 'The "x5c" parameter is missing.'); 71 Assertion::isArray($header['x5c'], 'The "x5c" parameter should be an array.'); 72 $key = JWKFactory::createFromX5C($header['x5c']); 73 $algorithm = new ES256(); 74 $isValid = $algorithm->verify($key, $signature->getEncodedProtectedHeader().'.'.$jws->getEncodedPayload(), $signature->getSignature()); 75 Assertion::true($isValid, 'Invalid response from the metadata service. The token signature is invalid.'); 76 77 return $jws->getPayload(); 78 } 79 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |