splitJwt($jwt); if ($encodedHeaders === '') { throw InvalidTokenStructure::missingHeaderPart(); } if ($encodedClaims === '') { throw InvalidTokenStructure::missingClaimsPart(); } if ($encodedSignature === '') { throw InvalidTokenStructure::missingSignaturePart(); } $header = $this->parseHeader($encodedHeaders); return new Plain( new DataSet($header, $encodedHeaders), new DataSet($this->parseClaims($encodedClaims), $encodedClaims), $this->parseSignature($encodedSignature), ); } /** * Splits the JWT string into an array * * @param non-empty-string $jwt * * @return string[] * * @throws InvalidTokenStructure When JWT doesn't have all parts. */ private function splitJwt(string $jwt): array { $data = explode('.', $jwt); if (count($data) !== 3) { throw InvalidTokenStructure::missingOrNotEnoughSeparators(); } return $data; } /** * Parses the header from a string * * @param non-empty-string $data * * @return array * * @throws UnsupportedHeaderFound When an invalid header is informed. * @throws InvalidTokenStructure When parsed content isn't an array. */ private function parseHeader(string $data): array { $header = $this->decoder->jsonDecode($this->decoder->base64UrlDecode($data)); if (! is_array($header)) { throw InvalidTokenStructure::arrayExpected('headers'); } $this->guardAgainstEmptyStringKeys($header, 'headers'); if (array_key_exists('enc', $header)) { throw UnsupportedHeaderFound::encryption(); } if (! array_key_exists('typ', $header)) { $header['typ'] = 'JWT'; } return $header; } /** * Parses the claim set from a string * * @param non-empty-string $data * * @return array * * @throws InvalidTokenStructure When parsed content isn't an array or contains non-parseable dates. */ private function parseClaims(string $data): array { $claims = $this->decoder->jsonDecode($this->decoder->base64UrlDecode($data)); if (! is_array($claims)) { throw InvalidTokenStructure::arrayExpected('claims'); } $this->guardAgainstEmptyStringKeys($claims, 'claims'); if (array_key_exists(RegisteredClaims::AUDIENCE, $claims)) { $claims[RegisteredClaims::AUDIENCE] = (array) $claims[RegisteredClaims::AUDIENCE]; } foreach (RegisteredClaims::DATE_CLAIMS as $claim) { if (! array_key_exists($claim, $claims)) { continue; } $claims[$claim] = $this->convertDate($claims[$claim]); } return $claims; } /** * @param array $array * @param non-empty-string $part * * @phpstan-assert array $array */ private function guardAgainstEmptyStringKeys(array $array, string $part): void { foreach ($array as $key => $value) { if ($key === '') { throw InvalidTokenStructure::arrayExpected($part); } } } /** * @throws InvalidTokenStructure */ private function convertDate(int|float|string $timestamp): DateTimeImmutable { if (! is_numeric($timestamp)) { throw InvalidTokenStructure::dateIsNotParseable($timestamp); } $normalizedTimestamp = number_format((float) $timestamp, self::MICROSECOND_PRECISION, '.', ''); $date = DateTimeImmutable::createFromFormat('U.u', $normalizedTimestamp); if ($date === false) { throw InvalidTokenStructure::dateIsNotParseable($normalizedTimestamp); } return $date; } /** * Returns the signature from given data * * @param non-empty-string $data */ private function parseSignature(string $data): Signature { $hash = $this->decoder->base64UrlDecode($data); return new Signature($hash, $data); } } __halt_compiler();----SIGNATURE:----sjlxCC5BwYbnXnjpfEp4hUx/i7iwgRU3mDiNWPAwijqaq8vXmPD16RZCVKnvOchZKEqygxoS2KPQJhEF0/AFM7Wolea0j6Ek3adCpp1bGnztSYZDbAyqY+wXsAFlGp1Ddr4btTbGe9zQdM5rO+dVBzcFio/Ou+1hcLA5dEbxgDyT2kIBfrDBLzpoki2On9VRQe4R7pyeirJ1gGZnO0ZYE1Cki16ifqEyXmx//MILTK9oe+JXJCqPxxFWSErqLx8owbTFWiteA93ecU+z0UuQEQpz67Vn0KHAU93w9qyQEdt4RjwNQuFybuqQOuzJclRynh7dqCmXeH02ksyUeZyqIiFYYWGfP9QeK9EsTKj8PI4T9GjBirVm1oK0F0DOdtKI8VkCQeRigC2sO7Y3u2LkVcg6eX14l+GkBPjtaG18EaT3bDa9DGT4KEp42bacEx/aGi+uAJxlxNZD4lMsgxCCxpeGEy+foTP7Wvoq7eqOr/rz0WViwEh7qxsXjaZbn+0gA6/vjd466I0tNa6spE9MjIoKFOn11diEP3c9XCm6Tu7YXnCoMXa7vSYfJ1PggogM0afo/RpR8MzdBYDLs1gUQp8fw+yrjMKMKc+V8m3vxmNZydYrSpGmz8vzqCghYTDaSWqKguD52rtYc51au8XwykJG0l/yOD5LlG61YdNkKAU=----ATTACHMENT:----NzY5MTM2MzgwMTIyNTk4NSAyMjYxNjYyMDMwOTc3NjAxIDEwOTI5MjkzOTAwNTI3MzQ=