/**
* @param Token $token
* @throws InvalidSignatureException
*/
public function verify(Token $token)
{
/** @var HeaderParameter\Algorithm $algorithmParameter */
$algorithmParameter = $token->getHeader()->findParameterByName(HeaderParameter\Algorithm::NAME);
if (null === $algorithmParameter) {
throw new \RuntimeException('Algorithm parameter not found in token header.');
}
if ($algorithmParameter->getValue() !== $this->encryption->getAlgorithmName()) {
throw new \RuntimeException(sprintf('Cannot use "%s" algorithm to decrypt token encrypted with algorithm "%s".', $this->encryption->getAlgorithmName(), $algorithmParameter->getValue()));
}
if (!$this->encryption->verify($this->signer->getUnsignedValue($token), $token->getSignature())) {
throw new InvalidSignatureException();
}
}