Introduce IdTokenFactory

cicnavi · cicnavi · commit 3c590d45cf24 · 2025-12-02T17:48:27.000+01:00
diff --git a/src/Core.php b/src/Core.php
@@ -10,6 +10,7 @@
 use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmBag;
 use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
 use SimpleSAML\OpenID\Core\Factories\ClientAssertionFactory;
+use SimpleSAML\OpenID\Core\Factories\IdTokenFactory;
 use SimpleSAML\OpenID\Core\Factories\RequestObjectFactory;
 use SimpleSAML\OpenID\Decorators\DateIntervalDecorator;
 use SimpleSAML\OpenID\Factories\AlgorithmManagerDecoratorFactory;
@@ -37,6 +38,8 @@ class Core
 
     protected ?ClientAssertionFactory $clientAssertionFactory = null;
 
+    protected ?IdTokenFactory $idTokenFactory = null;
+
     protected ?Helpers $helpers = null;
 
     protected ?AlgorithmManagerDecoratorFactory $algorithmManagerDecoratorFactory = null;
@@ -100,6 +103,20 @@ public function clientAssertionFactory(): ClientAssertionFactory
     }
 
 
+    public function idTokenFactory(): IdTokenFactory
+    {
+        return $this->idTokenFactory ??= new IdTokenFactory(
+            $this->jwsDecoratorBuilder(),
+            $this->jwsVerifierDecorator(),
+            $this->jwksDecoratorFactory(),
+            $this->jwsSerializerManagerDecorator(),
+            $this->timestampValidationLeewayDecorator,
+            $this->helpers(),
+            $this->claimFactory(),
+        );
+    }
+
+
     public function helpers(): Helpers
     {
         return $this->helpers ??= new Helpers();
diff --git a/src/Core/Factories/IdTokenFactory.php b/src/Core/Factories/IdTokenFactory.php
@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Core\Factories;
+
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+use SimpleSAML\OpenID\Core\IdToken;
+use SimpleSAML\OpenID\Jwk\JwkDecorator;
+use SimpleSAML\OpenID\Jws\Factories\ParsedJwsFactory;
+
+class IdTokenFactory extends ParsedJwsFactory
+{
+    public function fromToken(string $token): IdToken
+    {
+        return new IdToken(
+            $this->jwsDecoratorBuilder->fromToken($token),
+            $this->jwsVerifierDecorator,
+            $this->jwksDecoratorFactory,
+            $this->jwsSerializerManagerDecorator,
+            $this->timestampValidationLeeway,
+            $this->helpers,
+            $this->claimFactory,
+        );
+    }
+
+
+    /**
+     * @param array<non-empty-string,mixed> $payload
+     * @param array<non-empty-string,mixed> $header
+     * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     */
+    public function fromData(
+        JwkDecorator $signingKey,
+        SignatureAlgorithmEnum $signatureAlgorithm,
+        array $payload,
+        array $header,
+    ): IdToken {
+        return new IdToken(
+            $this->jwsDecoratorBuilder->fromData(
+                $signingKey,
+                $signatureAlgorithm,
+                $payload,
+                $header,
+            ),
+            $this->jwsVerifierDecorator,
+            $this->jwksDecoratorFactory,
+            $this->jwsSerializerManagerDecorator,
+            $this->timestampValidationLeeway,
+            $this->helpers,
+            $this->claimFactory,
+        );
+    }
+}
diff --git a/tests/src/Core/Factories/IdTokenFactoryTest.php b/tests/src/Core/Factories/IdTokenFactoryTest.php
@@ -0,0 +1,166 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\OpenID\Core\Factories;
+
+use Jose\Component\Signature\JWS;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesClass;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+use SimpleSAML\OpenID\Core\Factories\IdTokenFactory;
+use SimpleSAML\OpenID\Core\IdToken;
+use SimpleSAML\OpenID\Decorators\DateIntervalDecorator;
+use SimpleSAML\OpenID\Factories\ClaimFactory;
+use SimpleSAML\OpenID\Helpers;
+use SimpleSAML\OpenID\Jwk\JwkDecorator;
+use SimpleSAML\OpenID\Jwks\Factories\JwksDecoratorFactory;
+use SimpleSAML\OpenID\Jws\Factories\ParsedJwsFactory;
+use SimpleSAML\OpenID\Jws\JwsDecorator;
+use SimpleSAML\OpenID\Jws\JwsDecoratorBuilder;
+use SimpleSAML\OpenID\Jws\JwsVerifierDecorator;
+use SimpleSAML\OpenID\Jws\ParsedJws;
+use SimpleSAML\OpenID\Serializers\JwsSerializerManagerDecorator;
+
+#[CoversClass(IdTokenFactory::class)]
+#[UsesClass(ParsedJwsFactory::class)]
+#[UsesClass(ParsedJws::class)]
+#[UsesClass(IdToken::class)]
+final class IdTokenFactoryTest extends TestCase
+{
+    protected MockObject $jwsDecoratorBuilderMock;
+
+    protected MockObject $jwsVerifierDecoratorMock;
+
+    protected MockObject $jwksDecoratorFactoryMock;
+
+    protected MockObject $jwsSerializerManagerDecoratorMock;
+
+    protected MockObject $dateIntervalDecoratorMock;
+
+    protected MockObject $helpersMock;
+
+    protected MockObject $jsonHelperMock;
+
+    protected MockObject $claimFactoryMock;
+
+    protected array $expiredPayload = [
+        'iss' => 'https://server.example.com',
+        'sub' => '24400320',
+        'aud' => 's6BhdRkqt3',
+        'nonce' => 'n-0S6_WzA2Mj',
+        'exp' => 1311281970,
+        'iat' => 1311280970,
+        'auth_time' => 1311280969,
+        'acr' => 'urn:mace:incommon:iap:silver',
+        'amr' => ['otp'],
+    ];
+
+    protected array $validPayload;
+
+    protected MockObject $jwkDecoratorMock;
+
+
+    protected function setUp(): void
+    {
+        $jwsMock = $this->createMock(JWS::class);
+        $jwsMock->method('getPayload')
+            ->willReturn('json-payload-string'); // Just so we have non-empty value.
+
+        $jwsDecoratorMock = $this->createMock(JwsDecorator::class);
+        $jwsDecoratorMock->method('jws')->willReturn($jwsMock);
+
+        $this->jwsDecoratorBuilderMock = $this->createMock(JwsDecoratorBuilder::class);
+        $this->jwsDecoratorBuilderMock->method('fromToken')->willReturn($jwsDecoratorMock);
+        $this->jwsDecoratorBuilderMock->method('fromData')->willReturn($jwsDecoratorMock);
+
+        $this->jwsVerifierDecoratorMock = $this->createMock(JwsVerifierDecorator::class);
+        $this->jwksDecoratorFactoryMock = $this->createMock(JwksDecoratorFactory::class);
+        $this->jwsSerializerManagerDecoratorMock = $this->createMock(JwsSerializerManagerDecorator::class);
+        $this->dateIntervalDecoratorMock = $this->createMock(DateIntervalDecorator::class);
+
+        $this->helpersMock = $this->createMock(Helpers::class);
+        $this->jsonHelperMock = $this->createMock(Helpers\Json::class);
+        $this->helpersMock->method('json')->willReturn($this->jsonHelperMock);
+        $typeHelperMock = $this->createMock(Helpers\Type::class);
+        $this->helpersMock->method('type')->willReturn($typeHelperMock);
+
+        $typeHelperMock->method('ensureNonEmptyString')->willReturnArgument(0);
+        $typeHelperMock->method('ensureInt')->willReturnArgument(0);
+        $typeHelperMock->method('ensureArrayWithValuesAsNonEmptyStrings')->willReturnArgument(0);
+        $typeHelperMock->method('enforceUri')->willReturnArgument(0);
+        $typeHelperMock->method('ensureArrayWithKeysAndValuesAsNonEmptyStrings')
+            ->willReturnArgument(0);
+
+        $this->claimFactoryMock = $this->createMock(ClaimFactory::class);
+
+        $this->validPayload = $this->expiredPayload;
+        $this->validPayload['exp'] = time() + 3600;
+
+        $this->jwkDecoratorMock = $this->createMock(JwkDecorator::class);
+    }
+
+
+    protected function sut(
+        ?JwsDecoratorBuilder $jwsDecoratorBuilder = null,
+        ?JwsVerifierDecorator $jwsVerifierDecorator = null,
+        ?JwksDecoratorFactory $jwksDecoratorFactory = null,
+        ?JwsSerializerManagerDecorator $jwsSerializerManagerDecorator = null,
+        ?DateIntervalDecorator $dateIntervalDecorator = null,
+        ?Helpers $helpers = null,
+        ?ClaimFactory $claimFactory = null,
+    ): IdTokenFactory {
+        $jwsDecoratorBuilder ??= $this->jwsDecoratorBuilderMock;
+        $jwsVerifierDecorator ??= $this->jwsVerifierDecoratorMock;
+        $jwksDecoratorFactory ??= $this->jwksDecoratorFactoryMock;
+        $jwsSerializerManagerDecorator ??= $this->jwsSerializerManagerDecoratorMock;
+        $dateIntervalDecorator ??= $this->dateIntervalDecoratorMock;
+        $helpers ??= $this->helpersMock;
+        $claimFactory ??= $this->claimFactoryMock;
+
+        return new IdTokenFactory(
+            $jwsDecoratorBuilder,
+            $jwsVerifierDecorator,
+            $jwksDecoratorFactory,
+            $jwsSerializerManagerDecorator,
+            $dateIntervalDecorator,
+            $helpers,
+            $claimFactory,
+        );
+    }
+
+
+    public function testCanCreateInstance(): void
+    {
+        $this->assertInstanceOf(IdTokenFactory::class, $this->sut());
+    }
+
+
+    public function testCanBuildFromToken(): void
+    {
+        $this->jsonHelperMock->method('decode')->willReturn($this->validPayload);
+
+        $this->assertInstanceOf(
+            IdToken::class,
+            $this->sut()->fromToken('token'),
+        );
+    }
+
+
+    public function testCanBuildFromData(): void
+    {
+        $this->jsonHelperMock->method('decode')->willReturn($this->validPayload);
+
+        $this->assertInstanceOf(
+            IdToken::class,
+            $this->sut()->fromData(
+                $this->jwkDecoratorMock,
+                SignatureAlgorithmEnum::ES256,
+                $this->validPayload,
+                [],
+            ),
+        );
+    }
+}
