jwt-auth/src/Decoder/FirebaseDecoder.php at main · JimTools/jwt-auth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php

declare(strict_types=1);

namespace JimTools\JwtAuth\Decoder;

use DomainException as BaseDomainException;
use Firebase\JWT\BeforeValidException as JwtBeforeValidException;
use Firebase\JWT\ExpiredException as JwtExpiredException;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Firebase\JWT\SignatureInvalidException as JwtSignatureInvalidException;
use InvalidArgumentException as BaseInvalidArgumentException;
use JimTools\JwtAuth\Exceptions\BeforeValidException;
use JimTools\JwtAuth\Exceptions\DomainException;
use JimTools\JwtAuth\Exceptions\ExpiredException;
use JimTools\JwtAuth\Exceptions\InvalidArgumentException;
use JimTools\JwtAuth\Exceptions\SignatureInvalidException;
use JimTools\JwtAuth\Exceptions\UnexpectedValueException;
use JimTools\JwtAuth\Secret;
use UnexpectedValueException as BaseUnexpectedValueException;

use function count;

final class FirebaseDecoder implements DecoderInterface
{
    /**
     * @var array<string, Key>|Key[]
     */
    private array $keys = [];

    public function __construct(Secret ...$secrets)
    {
        foreach ($secrets as $secret) {
            $key = new Key($secret->secret, $secret->algorithm);
            if ($secret->kid === null) {
                $this->keys[] = $key;
            } else {
                $this->keys[$secret->kid] = $key;
            }
        }
    }

    public function decode(string $jwt): array
    {
        try {
            $keys = $this->keys;
            if (count($this->keys) === 1) {
                $keys = current($this->keys);
            }

            return (array) JWT::decode($jwt, $keys);
        } catch (BaseInvalidArgumentException $e) {
            throw new InvalidArgumentException($e->getMessage(), 0, $e);
        } catch (BaseDomainException $e) {
            throw new DomainException($e->getMessage(), 0, $e);
        } catch (JwtSignatureInvalidException $e) {
            throw new SignatureInvalidException($e->getMessage(), 0, $e);
        } catch (JwtBeforeValidException $e) {
            throw new BeforeValidException($e->getMessage(), 0, $e);
        } catch (JwtExpiredException $e) {
            throw new ExpiredException($e->getMessage(), 0, $e);
        } catch (BaseUnexpectedValueException $e) {
            throw new UnexpectedValueException($e->getMessage(), 0, $e);
        }
    }
}