Added JWT Support:

- Using `lcobucci/jwt` for now.
- Allows multiple credential pairs.

Author: tjlytle

composer.json

@@ -18,7 +18,8 @@
     "php": ">=5.4",
     "php-http/client-implementation": "^1.0",
     "zendframework/zend-diactoros": "^1.3",
-    "php-http/guzzle6-adapter": "^1.0"
+    "php-http/guzzle6-adapter": "^1.0",
+    "lcobucci/jwt": "^3.2"
   },
   "require-dev": {
     "phpunit/phpunit": "^5.3",
@@ -29,4 +30,4 @@
       "Nexmo\\": "src/"
     }
   }
-}
+}

src/Client.php

@@ -9,7 +9,9 @@
 namespace Nexmo;
 use Http\Client\HttpClient;
 use Nexmo\Client\Credentials\Basic;
+use Nexmo\Client\Credentials\Container;
 use Nexmo\Client\Credentials\CredentialsInterface;
+use Nexmo\Client\Credentials\Keypair;
 use Nexmo\Client\Credentials\OAuth;
 use Nexmo\Client\Credentials\SharedSecret;
 use Nexmo\Client\Factory\FactoryInterface;
@@ -71,7 +73,7 @@ public function __construct(CredentialsInterface $credentials, $options = array(
         $this->setHttpClient($client);
 
         //make sure we know how to use the credentials
-        if(!($credentials instanceof Basic) && !($credentials instanceof SharedSecret) && !($credentials instanceof OAuth)){
+        if(!($credentials instanceof Container) && !($credentials instanceof Basic) && !($credentials instanceof SharedSecret) && !($credentials instanceof OAuth)){
             throw new \RuntimeException('unknown credentials type: ' . get_class($credentials));
         }
 
@@ -218,8 +220,15 @@ public static function authRequest(RequestInterface $request, Basic $credentials
      */
     public function send(\Psr\Http\Message\RequestInterface $request)
     {
-        //also an instance of Basic, so checked first
-        if($this->credentials instanceof SharedSecret){
+        if($this->credentials instanceof Container) {
+            if (strpos($request->getUri()->getPath(), '/v1/calls') === 0) {
+                $request = $request->withHeader('Authorization', 'Bearer ' . $this->credentials->get(Keypair::class)->getJwt());
+            } else {
+                $request = self::authRequest($request, $this->credentials->get(Basic::class));
+            }
+        } elseif($this->credentials instanceof Keypair){
+            $request = $request->withHeader('Authorization', 'Bearer ' . $this->credentials->get(Keypair::class)->getJwt());
+        } elseif($this->credentials instanceof SharedSecret){
             $request = self::signRequest($request, $this->credentials);
         } elseif($this->credentials instanceof Basic){
             $request = self::authRequest($request, $this->credentials);

src/Client/Credentials/Container.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * Nexmo Client Library for PHP
+ *
+ * @copyright Copyright (c) 2016 Nexmo, Inc. (http://nexmo.com)
+ * @license   https://github.com/Nexmo/nexmo-php/blob/master/LICENSE.txt MIT License
+ */
+
+namespace Nexmo\Client\Credentials;
+
+class Container extends AbstractCredentials implements CredentialsInterface
+{
+    protected $types = [
+        Basic::class,
+        SharedSecret::class,
+        Keypair::class
+    ];
+
+    protected $credentials;
+
+    public function __construct($credentials)
+    {
+        if(!is_array($credentials)){
+            $credentials = func_get_args();
+        }
+
+        foreach($credentials as $credential){
+            $this->addCredential($credential);
+        }
+    }
+
+    protected function addCredential(CredentialsInterface $credential)
+    {
+        $type = $this->getType($credential);
+        if(isset($this->credentials[$type])){
+            throw new \RuntimeException('can not use more than one of a single credential type');
+        }
+
+        $this->credentials[$type] = $credential;
+    }
+
+    protected function getType(CredentialsInterface $credential)
+    {
+        foreach ($this->types as $type) {
+            if($credential instanceof $type){
+                return $type;
+            }
+        }
+    }
+
+    public function get($type)
+    {
+        if(!isset($this->credentials[$type])){
+            throw new \RuntimeException('credental not set');
+        }
+
+        return $this->credentials[$type];
+    }
+
+    public function has($type)
+    {
+        return isset($this->credentials[$type]);
+    }
+
+}

src/Client/Credentials/Keypair.php

@@ -0,0 +1,75 @@
+<?php
+/**
+ * Nexmo Client Library for PHP
+ *
+ * @copyright Copyright (c) 2016 Nexmo, Inc. (http://nexmo.com)
+ * @license   https://github.com/Nexmo/nexmo-php/blob/master/LICENSE.txt MIT License
+ */
+
+namespace Nexmo\Client\Credentials;
+
+use Lcobucci\JWT\Builder;
+use Lcobucci\JWT\Signer\Key;
+use Lcobucci\JWT\Signer\Rsa\Sha256;
+use Nexmo\Application\Application;
+
+class Keypair extends AbstractCredentials  implements CredentialsInterface
+{
+
+    protected $key;
+
+    protected $signer;
+
+    public function __construct($privateKey, $application = null)
+    {
+        $this->credentials['key'] = $privateKey;
+        if($application){
+            if($application instanceof Application){
+                $application = $application->getId();
+            }
+
+            $this->credentials['application'] = $application;
+        }
+
+        $this->key = new Key($privateKey);
+        $this->signer = new Sha256();
+    }
+
+    public function getJwt($exp = null, $nfb = null, $jti = null, $iat = null)
+    {
+        if(is_null($exp)){
+            $exp = time() + 60;
+        }
+
+        if(is_null($iat)){
+            $iat = time();
+        }
+
+        if(is_null($jti)){
+            $jti = base64_encode(mt_rand());
+        }
+
+        $builder = new Builder();
+        $builder->setIssuedAt($iat)
+                ->setExpiration($exp);
+
+
+        if(isset($this->credentials['application'])){
+            $builder->set('application_id', $this->credentials['application']);
+        }
+
+        if(!is_null($nfb)){
+            $builder->setNotBefore($nfb);
+        }
+
+        if(!is_null($jti)){
+            $builder->setId($jti);
+        }
+
+        if(isset($this->credentials['application'])){
+            $builder->set('application_id', $this->credentials['application']);
+        }
+
+        return $builder->sign($this->signer, $this->key)->getToken();
+    }
+}

test/Client/Credentials/ContainerTest.php

@@ -0,0 +1,87 @@
+<?php
+/**
+ * Nexmo Client Library for PHP
+ *
+ * @copyright Copyright (c) 2016 Nexmo, Inc. (http://nexmo.com)
+ * @license   https://github.com/Nexmo/nexmo-php/blob/master/LICENSE.txt MIT License
+ */
+
+namespace NexmoTest\Client\Credentials;
+
+
+use Nexmo\Client\Credentials\Container;
+use Nexmo\Client\Credentials\Keypair;
+use Nexmo\Client\Credentials\Basic;
+use Nexmo\Client\Credentials\OAuth;
+use Nexmo\Client\Credentials\SharedSecret;
+use Webmozart\Expression\Selector\Key;
+
+class ContainerTest extends \PHPUnit_Framework_TestCase
+{
+    protected $types = [
+        Basic::class,
+        SharedSecret::class,
+        Keypair::class
+    ];
+
+    protected $basic;
+    protected $secret;
+    protected $keypair;
+
+    public function setUp()
+    {
+        $this->basic = new Basic('key', 'secret');
+        $this->secret = new SharedSecret('key', 'secret');
+        $this->keypair = new Keypair('key', 'app');
+    }
+
+    /**
+     * @dataProvider credentials
+     */
+    public function testBasic($credential, $type)
+    {
+        $container = new Container($credential);
+
+        $this->assertSame($credential, $container->get($type));
+        $this->assertSame($credential, $container[$type]);
+
+        foreach($this->types as $class){
+            if($type == $class){
+                $this->assertTrue($container->has($class));
+            } else {
+                $this->assertFalse($container->has($class));
+            }
+        }
+    }
+
+    /**
+     * @dataProvider credentials
+     */
+    public function testOnlyOneType($credential, $type)
+    {
+        $other = clone $credential;
+
+        $this->expectException('RuntimeException');
+
+        $container = new Container($credential, $other);
+    }
+
+    public function testMultiple()
+    {
+        $container = new Container($this->basic, $this->secret, $this->keypair);
+
+        foreach($this->types as $class){
+            $this->assertTrue($container->has($class));
+        }
+
+    }
+
+    public function credentials()
+    {
+        return [
+            [new Basic('key', 'secret'), Basic::class],
+            [new SharedSecret('key', 'secret'), SharedSecret::class],
+            [new Keypair('key', 'app'), Keypair::class]
+        ];
+    }
+}

test/Client/Credentials/KeypairTest.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * Nexmo Client Library for PHP
+ *
+ * @copyright Copyright (c) 2016 Nexmo, Inc. (http://nexmo.com)
+ * @license   https://github.com/Nexmo/nexmo-php/blob/master/LICENSE.txt MIT License
+ */
+
+namespace NexmoTest\Client\Credentials;
+use Nexmo\Client\Credentials\Keypair;
+
+class KeypairTest extends \PHPUnit_Framework_TestCase
+{
+    protected $key;
+    protected $application = 'c90ddd99-9a5d-455f-8ade-dde4859e590e';
+
+    public function setUp()
+    {
+        $this->key = file_get_contents(__DIR__ . '/test.key');
+    }
+
+    public function testAsArray()
+    {
+        $credentials = new Keypair($this->key, $this->application);
+
+        $array = $credentials->asArray();
+        $this->assertEquals($this->key,    $array['key']);
+        $this->assertEquals($this->application, $array['application']);
+    }
+
+    public function testArrayAccess()
+    {
+        $credentials = new Keypair($this->key, $this->application);
+
+        $this->assertEquals($this->key,    $credentials['key']);
+        $this->assertEquals($this->application, $credentials['application']);
+    }
+
+    public function testProperties()
+    {
+        $credentials = new Keypair($this->key, $this->application);
+
+        $this->assertEquals($this->key,    $credentials->key);
+        $this->assertEquals($this->application, $credentials->application);
+    }
+
+    public function testGetJWT()
+    {
+        $credentials = new Keypair($this->key, $this->application);
+        $jwt = $credentials->getJwt();
+        $this->markTestIncomplete('generated JWT, but not tested as valid');
+    }
+}

test/Client/Credentials/test.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCPvPoIrW4gW0hv
+UOC0my5Jas6FCEejtngnGlFwaktOzgSjZgicpCWqNuRyLwe1h08sA3ahhUiCP118
+39on8x94JAVWZ2y3p/OEhdEpKyygUT9kS/nZlMByDG6t4vDcKgwGd1sBb4ogxVd1
+/pGDe3N132rZf3cOoGC9HENoaQjGG3+eZiqCxapvlTN/QZ0AiQMN+KQYfrbq3S4s
+KeSbv+BZAezrP/TWSrNUQZoeJeN4TD5z8MKdBZ90QlBtiGUZwhcdbRn4dLKMPfmq
+YOAssgn5+++zoYCzEGPdvduxKcFEZnkziNZsbwnr9A2H7+i8zIHm3qbaqWxRqvlI
+9gvKDhe3AgMBAAECggEABUlrnucWHl2NJ/7/DNWKWcvyZaU80VI0UCfhJ/PY6kCc
+ng/yMCS/d+fF9kcxjuU3rcRA2EcJODUxcJbhNMf199rHUXrDXmvwgobTfyKl5Q2n
++b3rpiuY+njnl0C6IDbxs0kvkTlziKoJgf8HhiEDyamaif5suB6BAGOqPQxj9Llf
+FJ4tCDxiGTnbdZypZtzCTC6Lo63voZ3XsBmY5rDAWRpr8yodCldUtL0gVE+wRVEd
+tyRLtO75yDWOr9V0UsA/BLUNoHJ7iwUq/3IX3tCM+n0WTszc7K7WlOQPT9d3Q/Lz
+4AWvC/CJYcrjtGiZhyERe1gjcE2lu2dA1ASw0loFSQKBgQDHZl8fv/FMYA4N/6T7
+grH0RCpW1N62oG0Doib6sZ033DFDa7Lwv3xo5VYqMkUwBXU6V+bn0Mhe65sahr7G
+BVXxgC8TC9XIbndggmByhO3l83gtF1yKBRv2/3q9hns4Yfsz3kTKjoxxMlrhKeDk
+K254NUqKZ11Z4OHo8Y3OeWwBzwKBgQC4ieHNYrnICedmIC0rmtDvJXmSUx9bg0JO
+wpY3QJFRC65oA/ph3sxElbODvBW9e+6kgBRif+np6AomFsahjcA69z2sR+PJnkIA
+zCCS8SkAY/crmmSI6jJQHcGHosRLdKLVSuekrakbbLt6E13F/ZO2EaAikCzKshnp
+fumOtt6NmQKBgGVKKGoNa7q7VIhh42Hryw/lDIjdS2ED7zyYQyq3zMBSdyfjbpuC
++eSjEvkOXjz9mMYRXvdFBHPLRRfdeM1Iapbp4X/QVEGjc7qvn+Ssh9h2rAZjxptJ
+6yG2N5hM1w0WILABaXpnnQnnZWjZiCb/tPcVQw85YJ9GcBuPkNRgs6/bAoGAO6zS
+6UD4xPh27O6QzN4GnJ8ovinFJSnAIooIW5u0olm9r4NBz65lrfQfFgWXnivakzWb
+4fJtaSeRSJnq58lYFXloZzLkNYnI3EsmaX40/RxWjLIjuqbJWGEW+U6oXaI9Ge5c
+FEPYQLcbtTFYDLOgtarjdunaoj2P5ZMV4gG+3FkCgYAXTQV8+jb/5xgsuG5KHhhZ
+3YQ/UHLBI36CqunXL6u12f3LzMCK2+gAFVsPBn5JOXZCxreEekKxm4imq8mMlnde
+LGX3+B96ZQkr3rTLEsBD9rz58ig24R/cAuTZT6vPAZSQE32XU1KgOMewsV/QyyGM
+rMIxeQ87Gd13CfrKD4l3gw==
+-----END PRIVATE KEY-----

test/Client/Credentials/test.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7z6CK1uIFtIb1DgtJsu
+SWrOhQhHo7Z4JxpRcGpLTs4Eo2YInKQlqjbkci8HtYdPLAN2oYVIgj9dfN/aJ/Mf
+eCQFVmdst6fzhIXRKSssoFE/ZEv52ZTAcgxureLw3CoMBndbAW+KIMVXdf6Rg3tz
+dd9q2X93DqBgvRxDaGkIxht/nmYqgsWqb5Uzf0GdAIkDDfikGH626t0uLCnkm7/g
+WQHs6z/01kqzVEGaHiXjeEw+c/DCnQWfdEJQbYhlGcIXHW0Z+HSyjD35qmDgLLIJ
++fvvs6GAsxBj3b3bsSnBRGZ5M4jWbG8J6/QNh+/ovMyB5t6m2qlsUar5SPYLyg4X
+twIDAQAB
+-----END PUBLIC KEY-----