Rev 1265 | Rev 1281 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1265 | Rev 1277 | ||
---|---|---|---|
Line 97... | Line 97... | ||
97 | } |
97 | } |
98 | 98 | ||
99 | /** |
99 | /** |
100 | * Do various checks if the token is allowed and not blacklisted |
100 | * Do various checks if the token is allowed and not blacklisted |
101 | * @param OIDplusAuthContentStore $contentProvider |
101 | * @param OIDplusAuthContentStore $contentProvider |
102 | * @param int $validGenerators Bitmask which generators to allow (-1 = allow all) |
102 | * @param int|null $validGenerators Bitmask which generators to allow (null = allow all) |
103 | * @return void |
103 | * @return void |
104 | * @throws OIDplusException |
104 | * @throws OIDplusException |
105 | */ |
105 | */ |
106 | private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=-1) { |
106 | private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=null) { |
107 | // Check if the token is intended for us |
107 | // Check if the token is intended for us |
108 | if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
108 | if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
109 | throw new OIDplusException(_L('Token has wrong audience')); |
109 | throw new OIDplusException(_L('Token has wrong audience')); |
110 | } |
110 | } |
111 | $gen = $contentProvider->getValue('oidplus_generator', -1); |
111 | $gen = $contentProvider->getValue('oidplus_generator', -1); |
Line 180... | Line 180... | ||
180 | throw new OIDplusException(_L('Your IP address is not allowed to use this token')); |
180 | throw new OIDplusException(_L('Your IP address is not allowed to use this token')); |
181 | } |
181 | } |
182 | } |
182 | } |
183 | 183 | ||
184 | // Checks if JWT are dependent on the generator |
184 | // Checks if JWT are dependent on the generator |
185 | if ($validGenerators !== -1) { |
185 | if (!is_null($validGenerators)) { |
186 | if (($gen & $validGenerators) === 0) { |
186 | if (($gen & $validGenerators) === 0) { |
187 | throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen))); |
187 | throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen))); |
188 | } |
188 | } |
189 | } |
189 | } |
190 | } |
190 | } |