WIP federation client

Author: cicnavi

build/.phpunit.cache/test-results

@@ -1 +1 @@
-{"version":2,"defects":{"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testPut":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testDelete":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testExists":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testConstruct":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testGet":5,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testIsRequestHttpSecure":5,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testNormalizeSessionCookieParams":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandom":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrows":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrowsForInvalidCallback":5,"Cicnavi\\Tests\\Oidc\\Http\\RequestFactoryTest::testCreateRequest":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testRemoveCodeVerifierParameter":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidValueThrows":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerify":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testNewCodeVerifier":5},"times":{"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testConstruct":0.006,"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testConstructWithCustomCacheNameAndPath":0.001,"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testSetHasGet":0.004,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testValidatePkceCodeChallengeMethod":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGenerateCodeChallengeFromCodeVerifierValidation":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGenerateCodeChallengeFromCodeVerifier":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testRemoveCodeVerifierParameter":0.003,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGetExistingCodeVerifier":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testNewCodeVerifier":0.006,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testConstructWithoutArguments":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testConstructWithArguments":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testSetStore":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidValueThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyNonExistantKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerify":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetInvalidKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetExistingValue":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetNewValue":0,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testPut":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testDelete":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testExists":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testConstruct":0,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testGet":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testIsRequestHttpSecure":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testNormalizeSessionCookieParams":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandom":0,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrows":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrowsForInvalidCallback":0,"Cicnavi\\Tests\\Oidc\\Http\\RequestFactoryTest::testCreateRequest":0.004,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstruct":0.002,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnRequestException":0.002,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnWrongResposeCode":0.009,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnCacheSetException":0.004,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testMetadataValidationNotArray":0.001,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testMetadataValidationMissingProperties":0.003,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testGetUsingInvalidKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testAllGetMethods":0}}
+{"version":2,"defects":{"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testPut":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testDelete":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testExists":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testConstruct":5,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testGet":5,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testIsRequestHttpSecure":5,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testNormalizeSessionCookieParams":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandom":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrows":5,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrowsForInvalidCallback":5,"Cicnavi\\Tests\\Oidc\\Http\\RequestFactoryTest::testCreateRequest":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testRemoveCodeVerifierParameter":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidValueThrows":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerify":5,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testNewCodeVerifier":5},"times":{"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testConstruct":0.003,"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testConstructWithCustomCacheNameAndPath":0.003,"Cicnavi\\Tests\\Oidc\\Cache\\FileCacheTest::testSetHasGet":0.004,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testValidatePkceCodeChallengeMethod":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGenerateCodeChallengeFromCodeVerifierValidation":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGenerateCodeChallengeFromCodeVerifier":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testRemoveCodeVerifierParameter":0.004,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testGetExistingCodeVerifier":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testNewCodeVerifier":0.01,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testConstructWithoutArguments":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testConstructWithArguments":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\PkceTest::testSetStore":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyInvalidValueThrows":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerifyNonExistantKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testVerify":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetInvalidKeyThrows":0,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetExistingValue":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\DataHandlers\\StateNonceTest::testGetNewValue":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testPut":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testDelete":0.001,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testExists":0.002,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testConstruct":0,"Cicnavi\\Tests\\Oidc\\DataStore\\PhpSessionDataStoreTest::testGet":0,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testIsRequestHttpSecure":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\HttpHelperTest::testNormalizeSessionCookieParams":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandom":0.001,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrows":0.002,"Cicnavi\\Tests\\Oidc\\Helpers\\StringHelperTest::testRandomThrowsForInvalidCallback":0.001,"Cicnavi\\Tests\\Oidc\\Http\\RequestFactoryTest::testCreateRequest":0.004,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstruct":0.004,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnRequestException":0.003,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnWrongResposeCode":0.003,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testConstructThrowsOnCacheSetException":0.003,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testMetadataValidationNotArray":0.012,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testMetadataValidationMissingProperties":0.002,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testGetUsingInvalidKeyThrows":0.001,"Cicnavi\\Tests\\Oidc\\OpMetadataTest::testAllGetMethods":0}}

src/Entities/ClaimBag.php

@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+class ClaimBag
+{
+    /**
+     * @param mixed[] $claims
+     */
+    public function __construct(
+        protected array $claims = [],
+    ) {
+    }
+
+    /**
+     * @return mixed[]
+     */
+    public function getAll(): array
+    {
+        return $this->claims;
+    }
+
+    public function get(string $name): mixed
+    {
+        return $this->claims[$name] ?? null;
+    }
+
+    public function has(string $name): bool
+    {
+        return isset($this->claims[$name]);
+    }
+
+    public function set(string $name, mixed $value): void
+    {
+        $this->claims[$name] = $value;
+    }
+
+    /**
+     * @param mixed[] $claims
+     */
+    public function merge(array $claims): void
+    {
+        $this->claims = array_merge($this->claims, $claims);
+    }
+
+    public function remove(string $name): void
+    {
+        unset($this->claims[$name]);
+    }
+
+    public function getAsString(string $name): ?string
+    {
+        $ret = $this->get($name);
+
+        if (is_string($ret)) {
+            return $ret;
+        }
+
+        return null;
+    }
+
+    /**
+     * @return mixed[]|null
+     */
+    public function getAsArray(string $name): ?array
+    {
+        $ret = $this->get($name);
+
+        if (is_array($ret)) {
+            return $ret;
+        }
+
+        return null;
+    }
+
+    public function getAsInt(string $name): ?int
+    {
+        $ret = $this->get($name);
+
+        if (is_int($ret)) {
+            return $ret;
+        }
+
+        return null;
+    }
+}

src/Entities/KeyPair.php

@@ -0,0 +1,39 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+use SimpleSAML\OpenID\Jwk\JwkDecorator;
+
+class KeyPair
+{
+    public function __construct(
+        protected JwkDecorator $privateKey,
+        protected JwkDecorator $publicKey,
+        protected readonly string $keyId,
+        protected readonly ?string $privateKeyPassword = null,
+    ) {
+    }
+
+    public function getPrivateKey(): JwkDecorator
+    {
+        return $this->privateKey;
+    }
+
+    public function getPublicKey(): JwkDecorator
+    {
+        return $this->publicKey;
+    }
+
+    public function getKeyId(): string
+    {
+        return $this->keyId;
+    }
+
+    public function getPrivateKeyPassword(): ?string
+    {
+        return $this->privateKeyPassword;
+    }
+}

src/Entities/KeyPairConfig.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+
+class KeyPairConfig
+{
+    /**
+     * @param non-empty-string $privateKeyFilename Path to the PEM file containing the
+     * private key used to sign the JWTs.
+     * @param non-empty-string $publicKeyFilename Path to the PEM file containing the
+     * public key used to verify the JWTs.
+     * @param non-empty-string|null $privateKeyPassword Password for the private key, if
+     * any.
+     * @param non-empty-string|null $keyId Key ID to use for the key pair. If not
+     * provided, a public key thumbprint will be used.
+     */
+    public function __construct(
+        protected readonly string $privateKeyFilename,
+        protected readonly string $publicKeyFilename,
+        protected readonly ?string $privateKeyPassword = null,
+        protected readonly ?string $keyId = null,
+    ) {
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getPrivateKeyFilename(): string
+    {
+        return $this->privateKeyFilename;
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getPublicKeyFilename(): string
+    {
+        return $this->publicKeyFilename;
+    }
+
+    /**
+     * @return non-empty-string|null
+     */
+    public function getPrivateKeyPassword(): ?string
+    {
+        return $this->privateKeyPassword;
+    }
+
+    /**
+     * @return non-empty-string|null
+     */
+    public function getKeyId(): ?string
+    {
+        return $this->keyId;
+    }
+}

src/Entities/KeyedString.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+class KeyedString implements \JsonSerializable
+{
+    public function __construct(
+        protected string $key,
+        protected string $value,
+    ) {
+    }
+
+    public function getKey(): string
+    {
+        return $this->key;
+    }
+
+    public function getValue(): string
+    {
+        return $this->value;
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    public function jsonSerialize(): array
+    {
+        return [$this->key => $this->value];
+    }
+}

src/Entities/KeyedStringBag.php

@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+class KeyedStringBag implements \JsonSerializable
+{
+    /**
+     * @var array<string,KeyedString>
+     */
+    protected array $keyedStrings;
+
+    public function __construct(
+        KeyedString ...$keyedStrings
+    ) {
+        $this->add(...$keyedStrings);
+    }
+
+    public function add(KeyedString ...$keyedStrings): void
+    {
+        foreach ($keyedStrings as $keyedString) {
+            $this->keyedStrings[$keyedString->getKey()] = $keyedString;
+        }
+    }
+
+    public function has(string $key): bool
+    {
+        return isset($this->keyedStrings[$key]);
+    }
+
+    public function get(string $key): ?KeyedString
+    {
+        return $this->keyedStrings[$key] ?? null;
+    }
+
+    /**
+     * @return array<string,KeyedString>
+     */
+    public function getAll(): array
+    {
+        return $this->keyedStrings;
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    public function jsonSerialize(): array
+    {
+        $arr = [];
+        foreach ($this->keyedStrings as $keyedString) {
+            $arr[$keyedString->getKey()] = $keyedString->getValue();
+        }
+
+        return $arr;
+    }
+}

src/Entities/RedirectUriBag.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+class RedirectUriBag extends UniqueStringBag
+{
+    public function __construct(
+        protected readonly string $defaultRedirectUri,
+        string ...$additionalRedirectUris,
+    ) {
+        parent::__construct($this->defaultRedirectUri, ...$additionalRedirectUris);
+    }
+
+    public function getDefaultRedirectUri(): string
+    {
+        return $this->defaultRedirectUri;
+    }
+}

src/Entities/SignatureKeyPair.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+use SimpleSAML\OpenID\Jwk\JwkDecorator;
+
+class SignatureKeyPair
+{
+    public function __construct(
+        protected readonly SignatureAlgorithmEnum $signatureAlgorithm,
+        protected readonly KeyPair $keyPair,
+    ) {
+    }
+
+    public function getSignatureAlgorithm(): SignatureAlgorithmEnum
+    {
+        return $this->signatureAlgorithm;
+    }
+
+    public function getKeyPair(): KeyPair
+    {
+        return $this->keyPair;
+    }
+}

src/Entities/SignatureKeyPairBag.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Cicnavi\Oidc\Entities;
+
+class SignatureKeyPairBag
+{
+    /**
+     * @var array<string,SignatureKeyPair>
+     */
+    protected array $signatureKeyPairs;
+
+    public function __construct(
+        SignatureKeyPair ...$signatureKeyPairs
+    ) {
+        $this->add(...$signatureKeyPairs);
+    }
+
+    public function add(SignatureKeyPair ...$signatureKeyPairs): void
+    {
+        foreach ($signatureKeyPairs as $signatureKeyPair) {
+            $this->signatureKeyPairs[$signatureKeyPair->getKeyPair()->getKeyId()] = $signatureKeyPair;
+        }
+    }
+
+    public function getByKeyId(string $keyId): ?SignatureKeyPair
+    {
+        return $this->signatureKeyPairs[$keyId] ?? null;
+    }
+
+    /**
+     * @return array<string,SignatureKeyPair>
+     */
+    public function getAll(): array
+    {
+        return $this->signatureKeyPairs;
+    }
+
+    public function has(string $keyId): bool
+    {
+        return isset($this->signatureKeyPairs[$keyId]);
+    }
+}