From 970df8f34b78a54e9360e3d598752e1a9adc15eb Mon Sep 17 00:00:00 2001
From: sephster <andrew@noexceptions.io>
Date: Mon, 17 Sep 2018 12:48:32 +0100
Subject: [PATCH] Add code challenge verifiers

---
 .../CodeChallengeVerifierInterface.php        | 30 ++++++++++++++
 src/CodeChallengeVerifiers/PlainVerifier.php  | 36 +++++++++++++++++
 src/CodeChallengeVerifiers/S256Verifier.php   | 39 +++++++++++++++++++
 3 files changed, 105 insertions(+)
 create mode 100644 src/CodeChallengeVerifiers/CodeChallengeVerifierInterface.php
 create mode 100644 src/CodeChallengeVerifiers/PlainVerifier.php
 create mode 100644 src/CodeChallengeVerifiers/S256Verifier.php

diff --git a/src/CodeChallengeVerifiers/CodeChallengeVerifierInterface.php b/src/CodeChallengeVerifiers/CodeChallengeVerifierInterface.php
new file mode 100644
index 00000000..3d7ad59c
--- /dev/null
+++ b/src/CodeChallengeVerifiers/CodeChallengeVerifierInterface.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * @author      Lukáš Unger <lookymsc@gmail.com>
+ * @copyright   Copyright (c) Lukáš Unger
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\CodeChallengeVerifiers;
+
+interface CodeChallengeVerifierInterface
+{
+    /**
+     * Return code challenge method.
+     *
+     * @return string
+     */
+    public function getMethod();
+
+    /**
+     * Verify the code challenge.
+     *
+     * @param string $codeVerifier
+     * @param string $codeChallenge
+     *
+     * @return bool
+     */
+    public function verifyCodeChallenge($codeVerifier, $codeChallenge);
+}
diff --git a/src/CodeChallengeVerifiers/PlainVerifier.php b/src/CodeChallengeVerifiers/PlainVerifier.php
new file mode 100644
index 00000000..71749c97
--- /dev/null
+++ b/src/CodeChallengeVerifiers/PlainVerifier.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * @author      Lukáš Unger <lookymsc@gmail.com>
+ * @copyright   Copyright (c) Lukáš Unger
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\CodeChallengeVerifiers;
+
+class PlainVerifier implements CodeChallengeVerifierInterface
+{
+    /**
+     * Return code challenge method.
+     *
+     * @return string
+     */
+    public function getMethod()
+    {
+        return 'plain';
+    }
+
+    /**
+     * Verify the code challenge.
+     *
+     * @param string $codeVerifier
+     * @param string $codeChallenge
+     *
+     * @return bool
+     */
+    public function verifyCodeChallenge($codeVerifier, $codeChallenge)
+    {
+        return hash_equals($codeVerifier, $codeChallenge);
+    }
+}
diff --git a/src/CodeChallengeVerifiers/S256Verifier.php b/src/CodeChallengeVerifiers/S256Verifier.php
new file mode 100644
index 00000000..3b37af3a
--- /dev/null
+++ b/src/CodeChallengeVerifiers/S256Verifier.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * @author      Lukáš Unger <lookymsc@gmail.com>
+ * @copyright   Copyright (c) Lukáš Unger
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\CodeChallengeVerifiers;
+
+class S256Verifier implements CodeChallengeVerifierInterface
+{
+    /**
+     * Return code challenge method.
+     *
+     * @return string
+     */
+    public function getMethod()
+    {
+        return 'S256';
+    }
+
+    /**
+     * Verify the code challenge.
+     *
+     * @param string $codeVerifier
+     * @param string $codeChallenge
+     *
+     * @return bool
+     */
+    public function verifyCodeChallenge($codeVerifier, $codeChallenge)
+    {
+        return hash_equals(
+            strtr(rtrim(base64_encode(hash('sha256', $codeVerifier, true)), '='), '+/', '-_'),
+            $codeChallenge
+        );
+    }
+}