df/d25/CachedKeySet_8php_source.html

<?php


namespace Firebase\JWT;


use ArrayAccess;

use InvalidArgumentException;

use LogicException;

use OutOfBoundsException;

use Psr\Cache\CacheItemInterface;

use Psr\Cache\CacheItemPoolInterface;

use Psr\Http\Client\ClientInterface;

use Psr\Http\Message\RequestFactoryInterface;

use RuntimeException;

use UnexpectedValueException;


class CachedKeySet implements ArrayAccess

{

    private string $jwksUri;

    private ClientInterface $httpClient;

    private RequestFactoryInterface $httpFactory;

    private CacheItemPoolInterface $cache;

    private ?int $expiresAfter;

    private ?CacheItemInterface $cacheItem;

    private array $keySet;

    private string $cacheKey;

    private string $cacheKeyPrefix = 'jwks';

    private int $maxKeyLength = 64;

    private bool $rateLimit;

    private string $rateLimitCacheKey;

    private int $maxCallsPerMinute = 10;

    private ?string $defaultAlg;


    public function __construct(

        string $jwksUri,

        ClientInterface $httpClient,

        RequestFactoryInterface $httpFactory,

        CacheItemPoolInterface $cache,

        int $expiresAfter = null,

        bool $rateLimit = false,

        string $defaultAlg = null

    ) {

        $this->jwksUri = $jwksUri;

        $this->httpClient = $httpClient;

        $this->httpFactory = $httpFactory;

        $this->cache = $cache;

        $this->expiresAfter = $expiresAfter;

        $this->rateLimit = $rateLimit;

        $this->defaultAlg = $defaultAlg;

        $this->setCacheKeys();

    }


    public function offsetGet($keyId): Key

    {

        if (!$this->keyIdExists($keyId)) {

            throw new OutOfBoundsException('Key ID not found');

        }

        return JWK::parseKey($this->keySet[$keyId], $this->defaultAlg);

    }


    public function offsetExists($keyId): bool

    {

        return $this->keyIdExists($keyId);

    }


    public function offsetSet($offset, $value): void

    {

        throw new LogicException('Method not implemented');

    }


    public function offsetUnset($offset): void

    {

        throw new LogicException('Method not implemented');

    }


    private function formatJwksForCache(string $jwks): array

    {

        $jwks = json_decode($jwks, true);


        if (!isset($jwks['keys'])) {

            throw new UnexpectedValueException('"keys" member must exist in the JWK Set');

        }


        if (empty($jwks['keys'])) {

            throw new InvalidArgumentException('JWK Set did not contain any keys');

        }


        $keys = [];

        foreach ($jwks['keys'] as $k => $v) {

            $kid = isset($v['kid']) ? $v['kid'] : $k;

            $keys[(string) $kid] = $v;

        }


        return $keys;

    }


    private function keyIdExists(string $keyId): bool

    {

        if (null === $this->keySet) {

            $item = $this->getCacheItem();

            // Try to load keys from cache

            if ($item->isHit()) {

                // item found! retrieve it

                $this->keySet = $item->get();

                // If the cached item is a string, the JWKS response was cached (previous behavior).

                // Parse this into expected format array<kid, jwk> instead.

                if (\is_string($this->keySet)) {

                    $this->keySet = $this->formatJwksForCache($this->keySet);

                }

            }

        }


        if (!isset($this->keySet[$keyId])) {

            if ($this->rateLimitExceeded()) {

                return false;

            }

            $request = $this->httpFactory->createRequest('GET', $this->jwksUri);

            $jwksResponse = $this->httpClient->sendRequest($request);

            if ($jwksResponse->getStatusCode() !== 200) {

                throw new UnexpectedValueException(

                    sprintf(

                        'HTTP Error: %d %s for URI "%s"',

                        $jwksResponse->getStatusCode(),

                        $jwksResponse->getReasonPhrase(),

                        $this->jwksUri,

                    ),

                    $jwksResponse->getStatusCode()

                );

            }

            $this->keySet = $this->formatJwksForCache((string) $jwksResponse->getBody());


            if (!isset($this->keySet[$keyId])) {

                return false;

            }


            $item = $this->getCacheItem();

            $item->set($this->keySet);

            if ($this->expiresAfter) {

                $item->expiresAfter($this->expiresAfter);

            }

            $this->cache->save($item);

        }


        return true;

    }


    private function rateLimitExceeded(): bool

    {

        if (!$this->rateLimit) {

            return false;

        }


        $cacheItem = $this->cache->getItem($this->rateLimitCacheKey);

        if (!$cacheItem->isHit()) {

            $cacheItem->expiresAfter(1); // # of calls are cached each minute

        }


        $callsPerMinute = (int) $cacheItem->get();

        if (++$callsPerMinute > $this->maxCallsPerMinute) {

            return true;

        }

        $cacheItem->set($callsPerMinute);

        $this->cache->save($cacheItem);

        return false;

    }


    private function getCacheItem(): CacheItemInterface

    {

        if (\is_null($this->cacheItem)) {

            $this->cacheItem = $this->cache->getItem($this->cacheKey);

        }


        return $this->cacheItem;

    }


    private function setCacheKeys(): void

    {

        if (empty($this->jwksUri)) {

            throw new RuntimeException('JWKS URI is empty');

        }


        // ensure we do not have illegal characters

        $key = preg_replace('|[^a-zA-Z0-9_\.!]|', '', $this->jwksUri);


        // add prefix

        $key = $this->cacheKeyPrefix . $key;


        // Hash keys if they exceed $maxKeyLength of 64

        if (\strlen($key) > $this->maxKeyLength) {

            $key = substr(hash('sha256', $key), 0, $this->maxKeyLength);

        }


        $this->cacheKey = $key;


        if ($this->rateLimit) {

            // add prefix

            $rateLimitKey = $this->cacheKeyPrefix . 'ratelimit' . $key;


            // Hash keys if they exceed $maxKeyLength of 64

            if (\strlen($rateLimitKey) > $this->maxKeyLength) {

                $rateLimitKey = substr(hash('sha256', $rateLimitKey), 0, $this->maxKeyLength);

            }


            $this->rateLimitCacheKey = $rateLimitKey;

        }

    }

}

Firebase\JWT\CachedKeySet
<string, Key>
Definition: CachedKeySet.php:20

Firebase\JWT\CachedKeySet\offsetExists
offsetExists($keyId)
Definition: CachedKeySet.php:113

Firebase\JWT\CachedKeySet\$maxKeyLength
int $maxKeyLength
Definition: CachedKeySet.php:60

Firebase\JWT\CachedKeySet\$httpClient
ClientInterface $httpClient
Definition: CachedKeySet.php:28

Firebase\JWT\CachedKeySet\keyIdExists
keyIdExists(string $keyId)
Definition: CachedKeySet.php:159

Firebase\JWT\CachedKeySet\$keySet
array $keySet
Definition: CachedKeySet.php:48

Firebase\JWT\CachedKeySet\offsetSet
offsetSet($offset, $value)
Definition: CachedKeySet.php:122

Firebase\JWT\CachedKeySet\$expiresAfter
int $expiresAfter
Definition: CachedKeySet.php:40

Firebase\JWT\CachedKeySet\offsetUnset
offsetUnset($offset)
Definition: CachedKeySet.php:130

Firebase\JWT\CachedKeySet\$rateLimit
bool $rateLimit
Definition: CachedKeySet.php:64

Firebase\JWT\CachedKeySet\$cacheItem
CacheItemInterface $cacheItem
Definition: CachedKeySet.php:44

Firebase\JWT\CachedKeySet\$jwksUri
string $jwksUri
Definition: CachedKeySet.php:24

Firebase\JWT\CachedKeySet\__construct
__construct(string $jwksUri, ClientInterface $httpClient, RequestFactoryInterface $httpFactory, CacheItemPoolInterface $cache, int $expiresAfter=null, bool $rateLimit=false, string $defaultAlg=null)
Definition: CachedKeySet.php:78

Firebase\JWT\CachedKeySet\$cacheKeyPrefix
string $cacheKeyPrefix
Definition: CachedKeySet.php:56

Firebase\JWT\CachedKeySet\rateLimitExceeded
rateLimitExceeded()
Definition: CachedKeySet.php:209

Firebase\JWT\CachedKeySet\$maxCallsPerMinute
int $maxCallsPerMinute
Definition: CachedKeySet.php:72

Firebase\JWT\CachedKeySet\$cache
CacheItemPoolInterface $cache
Definition: CachedKeySet.php:36

Firebase\JWT\CachedKeySet\$cacheKey
string $cacheKey
Definition: CachedKeySet.php:52

Firebase\JWT\CachedKeySet\$rateLimitCacheKey
string $rateLimitCacheKey
Definition: CachedKeySet.php:68

Firebase\JWT\CachedKeySet\$httpFactory
RequestFactoryInterface $httpFactory
Definition: CachedKeySet.php:32

Firebase\JWT\CachedKeySet\$defaultAlg
string $defaultAlg
Definition: CachedKeySet.php:76

Firebase\JWT\CachedKeySet\getCacheItem
getCacheItem()
Definition: CachedKeySet.php:229

Firebase\JWT\CachedKeySet\formatJwksForCache
formatJwksForCache(string $jwks)
Definition: CachedKeySet.php:138

Firebase\JWT\CachedKeySet\setCacheKeys
setCacheKeys()
Definition: CachedKeySet.php:238

Firebase\JWT\CachedKeySet\offsetGet
offsetGet($keyId)
Definition: CachedKeySet.php:101

Firebase\JWT\JWK\parseKey
static parseKey(array $jwk, string $defaultAlg=null)
Parse a JWK key.
Definition: JWK.php:96

Firebase\JWT\Key
Definition: Key.php:11

$keys
$keys
Definition: metadata.php:204

Firebase\JWT
Definition: BeforeValidException.php:3

ILIAS\LTI\ToolProvider\$kid
string $kid
Key ID.
Definition: System.php:88

ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193

ILIAS\Repository\int
int(string $key)
Definition: trait.BaseGUIRequest.php:61