- /**
- * Fetch a specific claim from this token.
- * Returns null if it is null or does not exist.
- *
- * @return mixed|null
- */
- public function getClaim(string $claim)
- {
- return $this->payload[$claim] ?? null;
- }
-
- /**
- * Get all returned claims within the token.
- */
- public function getAllClaims(): array
- {
- return $this->payload;
- }
-
- /**
- * Replace the existing claim data of this token with that provided.
- */
- public function replaceClaims(array $claims): void
- {
- $this->payload = $claims;
- }
-
- /**
- * Validate the structure of the given token and ensure we have the required pieces.
- * As per https://datatracker.ietf.org/doc/html/rfc7519#section-7.2.
- *
- * @throws OidcInvalidTokenException
- */
- protected function validateTokenStructure(): void
- {
- foreach (['header', 'payload'] as $prop) {
- if (empty($this->$prop) || !is_array($this->$prop)) {
- throw new OidcInvalidTokenException("Could not parse out a valid {$prop} within the provided token");
- }
- }
-
- if (empty($this->signature) || !is_string($this->signature)) {
- throw new OidcInvalidTokenException('Could not parse out a valid signature within the provided token');
- }
- }
-
- /**
- * Validate the signature of the given token and ensure it validates against the provided key.
- *
- * @throws OidcInvalidTokenException
- */
- protected function validateTokenSignature(): void
- {
- if ($this->header['alg'] !== 'RS256') {
- throw new OidcInvalidTokenException("Only RS256 signature validation is supported. Token reports using {$this->header['alg']}");
- }
-
- $parsedKeys = array_map(function ($key) {
- try {
- return new OidcJwtSigningKey($key);
- } catch (OidcInvalidKeyException $e) {
- throw new OidcInvalidTokenException('Failed to read signing key with error: ' . $e->getMessage());
- }
- }, $this->keys);
-
- $parsedKeys = array_filter($parsedKeys);
-
- $contentToSign = $this->tokenParts[0] . '.' . $this->tokenParts[1];
- /** @var OidcJwtSigningKey $parsedKey */
- foreach ($parsedKeys as $parsedKey) {
- if ($parsedKey->verify($contentToSign, $this->signature)) {
- return;
- }
- }
-
- throw new OidcInvalidTokenException('Token signature could not be validated using the provided keys');
- }
-