openstackid/app/libs/OAuth2/Strategies/ClientSharedSecretAssertionAuthContextValidator.php
Sebastian Marcet 6b0d6c36af IDP Upgrade from Laravel 4.X to 5.X
In order to migrate IDP from LV 4.x to
latest LV version, following task were performed:

* Updated namespace to be complain with PSR-4
* General Refactoring: moved all DB access code
  from services to repositories.
* Migration to LV 5.X: these migration guides
  were applied
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.1.0
  - https://laravel.com/docs/5.3/upgrade#upgrade-5.2.0
* Improved caching: added repositories decorators
  in order to add REDIS cache to queries, entities

Change-Id: I8edf9f5fce6585129701c88bb88332f242307534
2016-11-17 18:37:40 -03:00

67 lines
2.4 KiB
PHP

<?php namespace OAuth2\Strategies;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use jwk\IJWK;
use jwk\impl\OctetSequenceJWKFactory;
use jwk\impl\OctetSequenceJWKSpecification;
use jwk\exceptions\InvalidJWKAlgorithm;
use jwk\exceptions\JWKInvalidSpecException;
use utils\json_types\JsonValue;
use OAuth2\Exceptions\InvalidClientAuthenticationContextException;
use OAuth2\Models\ClientAssertionAuthenticationContext;
use OAuth2\Models\ClientAuthenticationContext;
/**
* Class ClientSharedSecretAssertionAuthContextValidator
* @package OAuth2\Strategies
*/
final class ClientSharedSecretAssertionAuthContextValidator extends ClientAssertionAuthContextValidator
{
/**
* client_secret_jwt
* Clients that have received a client_secret value from the Authorization Server create a JWT using an HMAC SHA
* algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets
* of the UTF-8 representation of the client_secret as the shared key.
*
* @param ClientAuthenticationContext $context
* @param JsonValue|null $kid
* @return IJWK
* @throws InvalidClientAuthenticationContextException
* @throws InvalidJWKAlgorithm
* @throws JWKInvalidSpecException
*/
protected function getKey(ClientAuthenticationContext $context, JsonValue $kid = null)
{
if(!($context instanceof ClientAssertionAuthenticationContext))
throw new InvalidClientAuthenticationContextException;
$client = $context->getClient();
$jws = $context->getAssertion();
$key = OctetSequenceJWKFactory::build
(
new OctetSequenceJWKSpecification
(
$client->getClientSecret(),
$jws->getJOSEHeader()->getAlgorithm()->getString()
)
);
return $key;
}
}