private static function verify()

in src/JWT.php [253:289]

• 34 lines of code
• 8 McCabe index (conditional complexity)

    private static function verify($msg, $signature, $key, $alg)
    {
        if (empty(static::$supported_algs[$alg])) {
            throw new DomainException('Algorithm not supported');
        }

        list($function, $algorithm) = static::$supported_algs[$alg];
        switch ($function) {
            case 'openssl':
                $success = \openssl_verify($msg, $signature, $key, $algorithm);
                if ($success === 1) {
                    return true;
                } elseif ($success === 0) {
                    return false;
                }
                // returns 1 on success, 0 on failure, -1 on error.
                throw new DomainException(
                    'OpenSSL error: ' . \openssl_error_string()
                );
            case 'sodium_crypto':
              if (!function_exists('sodium_crypto_sign_verify_detached')) {
                  throw new DomainException('libsodium is not available');
              }
              try {
                  // The last non-empty line is used as the key.
                  $lines = array_filter(explode("\n", $key));
                  $key = base64_decode(end($lines));
                  return sodium_crypto_sign_verify_detached($signature, $msg, $key);
              } catch (Exception $e) {
                  throw new DomainException($e->getMessage(), 0, $e);
              }
            case 'hash_hmac':
            default:
                $hash = \hash_hmac($algorithm, $msg, $key, true);
                return self::constantTimeEquals($signature, $hash);
        }
    }