RobDWaller / ReallySimpleJWT
1
<?php
2

3
declare(strict_types=1);
4

5
namespace ReallySimpleJWT;
6

7
use ReallySimpleJWT\Parse;
8
use ReallySimpleJWT\Interfaces\Validator;
9
use ReallySimpleJWT\Exception\ValidateException;
10
use ReallySimpleJWT\Interfaces\Encode;
11

12
/**
13
 * Core validation class for ensuring a token and its claims are valid.
14
 */
15
class Validate
16
{
17
    private Parse $parse;
18

19
    private Encode $encode;
20

21
    private Validator $validate;
22

23 16
    public function __construct(Parse $parse, Encode $encode, Validator $validate)
24
    {
25 16
        $this->parse = $parse;
26

27 16
        $this->encode = $encode;
28

29 16
        $this->validate = $validate;
30
    }
31

32
    /**
33
     * Validate the JWT has the correct structure.
34
     *
35
     * @throws ValidateException
36
     */
37 16
    public function structure(): Validate
38
    {
39 16
        if (!$this->validate->structure($this->parse->getToken())) {
40 16
            throw new ValidateException('Token is invalid.', 1);
41
        }
42

43 16
        return $this;
44
    }
45

46
    /**
47
     * Validate the JWT's expiration claim (exp). This claim defines how long a
48
     * token can be used for.
49
     *
50
     * @throws ValidateException
51
     */
52 16
    public function expiration(): Validate
53
    {
54 16
        if (!$this->validate->expiration($this->parse->getExpiration())) {
55 16
            throw new ValidateException('Expiration claim has expired.', 4);
56
        }
57

58 16
        return $this;
59
    }
60

61
    /**
62
     * Validate the JWT's not before claim (nbf). This claim defines when a
63
     * token can be used from.
64
     *
65
     * @throws ValidateException
66
     */
67 16
    public function notBefore(): Validate
68
    {
69 16
        if (!$this->validate->notBefore($this->parse->getNotBefore())) {
70 16
            throw new ValidateException('Not Before claim has not elapsed.', 5);
71
        }
72

73 16
        return $this;
74
    }
75

76
    /**
77
     * Validate the audience claim exists and is a string or an array
78
     * of strings.
79
     *
80
     * @throws ValidateException
81
     */
82 16
    public function audience(string $check): Validate
83
    {
84 16
        if (!$this->validate->audience($this->parse->getAudience(), $check)) {
85 16
            throw new ValidateException(
86 16
                'Audience claim does not contain provided StringOrURI.',
87 16
                2
88
            );
89
        }
90

91 16
        return $this;
92
    }
93

94
    /**
95
     * Validate the tokens alg claim is a valid digital signature or MAC
96
     * algorithm. Value can also be "none". See RFC 7518 for more details.
97
     *
98
     * @param string[] $algorithms
99
     * @throws ValidateException
100
     */
101 16
    public function algorithm(array $algorithms): Validate
102
    {
103 16
        if (!$this->validate->algorithm($this->parse->getAlgorithm(), $algorithms)) {
104 16
            throw new ValidateException(
105 16
                'Algorithm claim is not valid.',
106 16
                12
107
            );
108
        }
109

110 16
        return $this;
111
    }
112

113
    /**
114
     * Validate the token's alg claim is not none.
115
     *
116
     * @throws ValidateException
117
     */
118 16
    public function algorithmNotNone(): Validate
119
    {
120 16
        if ($this->validate->algorithm(strtolower($this->parse->getAlgorithm()), ['none'])) {
121 16
            throw new ValidateException(
122 16
                'Algorithm claim should not be none.',
123 16
                14
124
            );
125
        }
126

127 16
        return $this;
128
    }
129

130
    /**
131
     * Validate the JWT's signature. The signature taken from the JWT should
132
     * match a new one generated from the JWT header and payload, and secret.
133
     *
134
     * @throws ValidateException
135
     */
136 16
    public function signature(): Validate
137
    {
138 16
        $signature = $this->encode->signature(
139 16
            $this->parse->getDecodedHeader(),
140 16
            $this->parse->getDecodedPayload(),
141 16
            $this->parse->getSecret()
142
        );
143

144 16
        if (!$this->validate->signature($signature, $this->parse->getSignature())) {
145 16
            throw new ValidateException('Signature is invalid.', 3);
146
        }
147

148 16
        return $this;
149
    }
150
}

Read our documentation on viewing source code .

Loading