private function checkOperation(JWKInterface $key, $usage)
{
$ops = $key->get('key_ops');
if (!is_array($ops)) {
$ops = [$ops];
}
switch ($usage) {
case 'verification':
Assertion::inArray('verify', $ops, 'Key cannot be used to verify a signature');
return true;
case 'signature':
Assertion::inArray('sign', $ops, 'Key cannot be used to sign');
return true;
case 'encryption':
Assertion::true(in_array('encrypt', $ops) || in_array('wrapKey', $ops), 'Key cannot be used to encrypt');
return true;
case 'decryption':
Assertion::true(in_array('decrypt', $ops) || in_array('unwrapKey', $ops), 'Key cannot be used to decrypt');
return true;
default:
throw new \InvalidArgumentException('Unsupported key usage.');
}
}