Set default alg value when parsing a key with Firebase JWT client (#64)

celtic-project · Oct 20, 2023 · 949f388 · 949f388
1 parent d65a062
commit 949f388
Showing 1 changed file with 2 additions and 46 deletions.
diff --git a/src/Jwt/FirebaseClient.php b/src/Jwt/FirebaseClient.php
@@ -251,7 +251,7 @@ public function verify(?string $publicKey, ?string $jku = null): bool
                         $jwks = [
                             'keys' => [$json]
                         ];
-                        $publicKey = static::parseKeySet($jwks);
+                        $publicKey = JWK::parseKeySet($jwks, $this->getHeader('alg'));
                     } catch (\Exception $e) {
 
                     }
@@ -418,7 +418,7 @@ private function fetchPublicKey(string $jku): array
             $keys = Util::jsonDecode($http->response, true);
             if (is_array($keys)) {
                 try {
-                    $publicKey = static::parseKeySet($keys);
+                    $publicKey = JWK::parseKeySet($keys, $this->getHeader('alg'));
                 } catch (\Exception $e) {
 
                 }
@@ -428,48 +428,4 @@ private function fetchPublicKey(string $jku): array
         return $publicKey;
     }
 
-    /**
-     * Parse a set of JWK keys.
-     *
-     * This function is based on Firebase\JWT\JWK::parseKeySet but returns an array containing Key objects rather than an OpenSSL key
-     * resource so that the algorithm associated with each key can be identified.
-     *
-     * @param array $jwks  The JSON Web Key Set as an associative array
-     *
-     * @return array  An associative array of Key objects
-     *
-     * @throws InvalidArgumentException  Provided JWK Set is empty
-     * @throws UnexpectedValueException  Provided JWK Set was invalid
-     * @throws DomainException           OpenSSL failure
-     */
-    private static function parseKeySet(array $jwks): array
-    {
-        $keys = [];
-
-        if (!isset($jwks['keys'])) {
-            throw new \UnexpectedValueException('"keys" member must exist in the JWK Set');
-        }
-        if (empty($jwks['keys'])) {
-            throw new \InvalidArgumentException('JWK Set did not contain any keys');
-        }
-
-        foreach ($jwks['keys'] as $k => $v) {
-            if (!empty($v['alg'])) {
-                $kid = $v['kid'] ?? $k;
-                if ($key = JWK::parseKey($v)) {
-                    if (!$key instanceof Key) {
-                        $key = new Key($key, $v['alg']);
-                    }
-                    $keys[$kid] = $key;
-                }
-            }
-        }
-
-        if (empty($keys)) {
-            throw new \UnexpectedValueException('No supported algorithms found in JWK Set');
-        }
-
-        return $keys;
-    }
-
 }