Skip to content

Commit a99df6f

Browse files
committed
cs fix
1 parent 6edddd4 commit a99df6f

3 files changed

Lines changed: 30 additions & 26 deletions

File tree

src/CachedKeySet.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -180,7 +180,8 @@ private function keyIdExists(string $keyId): bool
180180
$jwksResponse = $this->httpClient->sendRequest($request);
181181
if ($jwksResponse->getStatusCode() !== 200) {
182182
throw new UnexpectedValueException(
183-
\sprintf('HTTP Error: %d %s for URI "%s"',
183+
\sprintf(
184+
'HTTP Error: %d %s for URI "%s"',
184185
$jwksResponse->getStatusCode(),
185186
$jwksResponse->getReasonPhrase(),
186187
$this->jwksUri,

src/JWT.php

Lines changed: 27 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ class JWT
3131
private const ASN1_SEQUENCE = 0x10;
3232
private const ASN1_BIT_STRING = 0x03;
3333

34-
private const RSA_KEY_MIN_LENGTH=2048;
34+
private const RSA_KEY_MIN_LENGTH = 2048;
3535

3636
/**
3737
* When checking nbf, iat or expiration times,
@@ -284,7 +284,11 @@ public static function sign(
284284
}
285285
return $signature;
286286
case 'sodium_crypto':
287-
return self::parseEdDSA($msg, $key);
287+
try {
288+
return sodium_crypto_sign_detached($msg, self::validateEdDSAKey($key));
289+
} catch (Exception $e) {
290+
throw new DomainException($e->getMessage(), 0, $e);
291+
}
288292
}
289293

290294
throw new DomainException('Algorithm not supported');
@@ -336,7 +340,15 @@ private static function verify(
336340
'OpenSSL error: ' . \openssl_error_string()
337341
);
338342
case 'sodium_crypto':
339-
return self::parseEdDSA($msg, $keyMaterial, $signature);
343+
try {
344+
$key = self::validateEdDSAKey($keyMaterial);
345+
if (\strlen($signature) === 0) {
346+
throw new DomainException('Signature cannot be empty string');
347+
}
348+
return sodium_crypto_sign_verify_detached($signature, $msg, $key);
349+
} catch (Exception $e) {
350+
throw new DomainException($e->getMessage(), 0, $e);
351+
}
340352
case 'hash_hmac':
341353
default:
342354
if (!\is_string($keyMaterial)) {
@@ -438,7 +450,6 @@ public static function urlsafeB64Encode(string $input): string
438450
return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_'));
439451
}
440452

441-
442453
/**
443454
* Determine if an algorithm has been provided for each Key
444455
*
@@ -711,32 +722,24 @@ private static function validateEcKeyLength(
711722
}
712723
}
713724

714-
private static function parseEdDSA(
715-
string $msg,
716-
#[\SensitiveParameter] $keyMaterial,
717-
?string $signature = null
718-
) {
725+
/**
726+
* @param string|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial
727+
* @return non-empty-string
728+
*/
729+
private static function validateEdDSAKey(#[\SensitiveParameter] $keyMaterial): string
730+
{
719731
if (!\function_exists('sodium_crypto_sign_verify_detached')) {
720732
throw new DomainException('libsodium is not available');
721733
}
722734
if (!\is_string($keyMaterial)) {
723735
throw new InvalidArgumentException('key must be a string when using EdDSA');
724736
}
725-
try {
726-
// The last non-empty line is used as the key.
727-
$lines = array_filter(explode("\n", $keyMaterial));
728-
$key = self::urlsafeB64Decode((string) end($lines));
729-
if (\strlen($key) === 0) {
730-
throw new DomainException('Key cannot be empty string');
731-
}
732-
if (!is_null($signature) && \strlen($signature) === 0) {
733-
throw new DomainException('Signature cannot be empty string');
734-
}
735-
return $signature
736-
? sodium_crypto_sign_verify_detached($signature, $msg, $key)
737-
: sodium_crypto_sign_detached($msg, $key);
738-
} catch (Exception $e) {
739-
throw new DomainException($e->getMessage(), 0, $e);
737+
// The last non-empty line is used as the key.
738+
$lines = array_filter(explode("\n", $keyMaterial));
739+
$key = self::urlsafeB64Decode((string) end($lines));
740+
if (\strlen($key) === 0) {
741+
throw new DomainException('Key cannot be empty string');
740742
}
743+
return $key;
741744
}
742745
}

tests/JWTTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -680,7 +680,7 @@ public function provideHmac()
680680

681681
public function testEdDsaHandlesBase64UrlKeys()
682682
{
683-
if (!extension_loaded('sodium')) {
683+
if (!\extension_loaded('sodium')) {
684684
$this->markTestSkipped('libsodium is not available');
685685
}
686686

0 commit comments

Comments
 (0)