[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  declare(strict_types=1);
   4  
   5  /*
   6   * The MIT License (MIT)
   7   *
   8   * Copyright (c) 2014-2020 Spomky-Labs
   9   *
  10   * This software may be modified and distributed under the terms
  11   * of the MIT license.  See the LICENSE file for details.
  12   */
  13  
  14  namespace Jose\Component\Signature\Serializer;
  15  
  16  use Base64Url\Base64Url;
  17  use function count;
  18  use InvalidArgumentException;
  19  use Jose\Component\Core\Util\JsonConverter;
  20  use Jose\Component\Signature\JWS;
  21  use LogicException;
  22  use Throwable;
  23  
  24  final class CompactSerializer extends Serializer
  25  {
  26      public const NAME = 'jws_compact';
  27  
  28      public function displayName(): string
  29      {
  30          return 'JWS Compact';
  31      }
  32  
  33      public function name(): string
  34      {
  35          return self::NAME;
  36      }
  37  
  38      /**
  39       * @throws LogicException if the JWS has unprotected header (invalid for compact JSON)
  40       * @throws LogicException if the payload is not encoded but contains unauthorized characters
  41       */
  42      public function serialize(JWS $jws, ?int $signatureIndex = null): string
  43      {
  44          if (null === $signatureIndex) {
  45              $signatureIndex = 0;
  46          }
  47          $signature = $jws->getSignature($signatureIndex);
  48          if (0 !== count($signature->getHeader())) {
  49              throw new LogicException('The signature contains unprotected header parameters and cannot be converted into compact JSON.');
  50          }
  51          $isEmptyPayload = null === $jws->getEncodedPayload() || '' === $jws->getEncodedPayload();
  52          if (!$this->isPayloadEncoded($signature->getProtectedHeader()) && !$isEmptyPayload) {
  53              if (1 !== preg_match('/^[\x{20}-\x{2d}|\x{2f}-\x{7e}]*$/u', $jws->getPayload())) {
  54                  throw new LogicException('Unable to convert the JWS with non-encoded payload.');
  55              }
  56          }
  57  
  58          return sprintf(
  59              '%s.%s.%s',
  60              $signature->getEncodedProtectedHeader(),
  61              $jws->getEncodedPayload(),
  62              Base64Url::encode($signature->getSignature())
  63          );
  64      }
  65  
  66      /**
  67       * @throws InvalidArgumentException if the input is invalid
  68       */
  69      public function unserialize(string $input): JWS
  70      {
  71          $parts = explode('.', $input);
  72          if (3 !== count($parts)) {
  73              throw new InvalidArgumentException('Unsupported input');
  74          }
  75  
  76          try {
  77              $encodedProtectedHeader = $parts[0];
  78              $protectedHeader = JsonConverter::decode(Base64Url::decode($parts[0]));
  79              $hasPayload = '' !== $parts[1];
  80              if (!$hasPayload) {
  81                  $payload = null;
  82                  $encodedPayload = null;
  83              } else {
  84                  $encodedPayload = $parts[1];
  85                  $payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload;
  86              }
  87              $signature = Base64Url::decode($parts[2]);
  88  
  89              $jws = new JWS($payload, $encodedPayload, !$hasPayload);
  90  
  91              return $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader);
  92          } catch (Throwable $throwable) {
  93              throw new InvalidArgumentException('Unsupported input', $throwable->getCode(), $throwable);
  94          }
  95      }
  96  }