/**
* {@inheritdoc}
*
* @throws \InvalidArgumentException
*/
public function verify(JWSInterface $jws, JWKSetInterface $jwk_set, $detached_payload = null)
{
if (null !== $detached_payload && !empty($jws->getEncodedPayload())) {
throw new \InvalidArgumentException('A detached payload is set, but the JWS already has a payload');
}
$input = $jws->getEncodedProtectedHeader() . '.' . (null === $detached_payload ? $jws->getEncodedPayload() : $detached_payload);
if (0 === count($jwk_set)) {
return false;
}
$verified = false;
foreach ($jwk_set->getKeys() as $jwk) {
$algorithm = $this->getAlgorithm($jws);
if (!$this->checkKeyUsage($jwk, 'verification')) {
continue;
}
if (!$this->checkKeyAlgorithm($jwk, $algorithm->getAlgorithmName())) {
continue;
}
try {
$verified = $algorithm->verify($jwk, $input, $jws->getSignature());
} catch (\Exception $e) {
//We do nothing, we continue with other keys
continue;
}
if (true === $verified) {
$this->getCheckerManager()->checkJWT($jws);
return true;
}
}
return false;
}