From 217feab6d6ae8fe10f45994de8a20a7f9882fcc9 Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 08:21:32 +1100
Subject: [PATCH 1/6] Refactor encryption algorithms into own namespace

---
 src/SimpleJWT/Crypt/AlgorithmFactory.php                    | 6 +++---
 src/SimpleJWT/Crypt/ECDH.php                                | 2 +-
 src/SimpleJWT/Crypt/{ => Encryption}/AESCBC_HMACSHA2.php    | 4 +++-
 src/SimpleJWT/Crypt/{ => Encryption}/AESGCM.php             | 4 +++-
 .../Crypt/{ => Encryption}/EncryptionAlgorithm.php          | 4 +++-
 src/SimpleJWT/JWE.php                                       | 4 ++--
 tests/{ => Encryption}/AESCBC_HMACSHA2Test.php              | 2 +-
 tests/{ => Encryption}/AESGCMTest.php                       | 2 +-
 8 files changed, 17 insertions(+), 11 deletions(-)
 rename src/SimpleJWT/Crypt/{ => Encryption}/AESCBC_HMACSHA2.php (97%)
 rename src/SimpleJWT/Crypt/{ => Encryption}/AESGCM.php (97%)
 rename src/SimpleJWT/Crypt/{ => Encryption}/EncryptionAlgorithm.php (98%)
 rename tests/{ => Encryption}/AESCBC_HMACSHA2Test.php (98%)
 rename tests/{ => Encryption}/AESGCMTest.php (99%)

diff --git a/src/SimpleJWT/Crypt/AlgorithmFactory.php b/src/SimpleJWT/Crypt/AlgorithmFactory.php
index 8bd0b04..ea78805 100644
--- a/src/SimpleJWT/Crypt/AlgorithmFactory.php
+++ b/src/SimpleJWT/Crypt/AlgorithmFactory.php
@@ -64,14 +64,14 @@ class AlgorithmFactory {
         '/^ECDH-ES\\+A\d+KW$/' => 'SimpleJWT\Crypt\ECDH_AESKeyWrap',
 
         // Content encryption algorithms
-        '/^A\d+CBC-HS\d+$/' => 'SimpleJWT\Crypt\AESCBC_HMACSHA2',
-        '/^A\d+GCM$/' => 'SimpleJWT\Crypt\AESGCM'
+        '/^A\d+CBC-HS\d+$/' => 'SimpleJWT\Crypt\Encryption\AESCBC_HMACSHA2',
+        '/^A\d+GCM$/' => 'SimpleJWT\Crypt\Encryption\AESGCM'
     ];
 
     /** @var array<string, string> $use_map */
     private static $use_map = [
         Algorithm::SIGNATURE_ALGORITHM => 'SimpleJWT\Crypt\SignatureAlgorithm',
-        Algorithm::ENCRYPTION_ALGORITHM => 'SimpleJWT\Crypt\EncryptionAlgorithm',
+        Algorithm::ENCRYPTION_ALGORITHM => 'SimpleJWT\Crypt\Encryption\EncryptionAlgorithm',
         Algorithm::KEY_ALGORITHM => 'SimpleJWT\Crypt\KeyManagementAlgorithm'
     ];
 
diff --git a/src/SimpleJWT/Crypt/ECDH.php b/src/SimpleJWT/Crypt/ECDH.php
index 7d0892d..4b5eefc 100644
--- a/src/SimpleJWT/Crypt/ECDH.php
+++ b/src/SimpleJWT/Crypt/ECDH.php
@@ -93,7 +93,7 @@ public function deriveKey($keys, &$headers, $kid = null) {
         // 1. Get the required key length and alg input into Concat KDF
         if (isset($headers['enc'])) {
             try {
-                /** @var \SimpleJWT\Crypt\EncryptionAlgorithm $enc */
+                /** @var \SimpleJWT\Crypt\Encryption\EncryptionAlgorithm $enc */
                 $enc = AlgorithmFactory::create($headers['enc'], Algorithm::ENCRYPTION_ALGORITHM);
                 $size = $enc->getCEKSize();
             } catch (\UnexpectedValueException $e) {
diff --git a/src/SimpleJWT/Crypt/AESCBC_HMACSHA2.php b/src/SimpleJWT/Crypt/Encryption/AESCBC_HMACSHA2.php
similarity index 97%
rename from src/SimpleJWT/Crypt/AESCBC_HMACSHA2.php
rename to src/SimpleJWT/Crypt/Encryption/AESCBC_HMACSHA2.php
index 9bfa9fe..2baa6ab 100644
--- a/src/SimpleJWT/Crypt/AESCBC_HMACSHA2.php
+++ b/src/SimpleJWT/Crypt/Encryption/AESCBC_HMACSHA2.php
@@ -33,8 +33,10 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Encryption;
 
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Util\Util;
 
 /**
diff --git a/src/SimpleJWT/Crypt/AESGCM.php b/src/SimpleJWT/Crypt/Encryption/AESGCM.php
similarity index 97%
rename from src/SimpleJWT/Crypt/AESGCM.php
rename to src/SimpleJWT/Crypt/Encryption/AESGCM.php
index 936dfd2..22108d5 100644
--- a/src/SimpleJWT/Crypt/AESGCM.php
+++ b/src/SimpleJWT/Crypt/Encryption/AESGCM.php
@@ -33,8 +33,10 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Encryption;
 
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Util\Util;
 
 /**
diff --git a/src/SimpleJWT/Crypt/EncryptionAlgorithm.php b/src/SimpleJWT/Crypt/Encryption/EncryptionAlgorithm.php
similarity index 98%
rename from src/SimpleJWT/Crypt/EncryptionAlgorithm.php
rename to src/SimpleJWT/Crypt/Encryption/EncryptionAlgorithm.php
index d43d6fb..410d56e 100644
--- a/src/SimpleJWT/Crypt/EncryptionAlgorithm.php
+++ b/src/SimpleJWT/Crypt/Encryption/EncryptionAlgorithm.php
@@ -33,7 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Encryption;
+
+use SimpleJWT\Crypt\CryptException;
 
 /**
  * Interface for content authenticated encryption algorithms.
diff --git a/src/SimpleJWT/JWE.php b/src/SimpleJWT/JWE.php
index 6406073..ce77ae3 100644
--- a/src/SimpleJWT/JWE.php
+++ b/src/SimpleJWT/JWE.php
@@ -138,7 +138,7 @@ public static function decrypt($token, $keys, $expected_alg) {
         if ($headers['alg'] != $expected_alg) throw new InvalidTokenException('Unexpected algorithm', InvalidTokenException::DECRYPTION_ERROR);
         $key_enc = AlgorithmFactory::create($headers['alg']);
 
-        /** @var \SimpleJWT\Crypt\EncryptionAlgorithm $content_enc */
+        /** @var \SimpleJWT\Crypt\Encryption\EncryptionAlgorithm $content_enc */
         $content_enc = AlgorithmFactory::create($headers['enc']);
 
         if ($key_enc instanceof KeyDerivationAlgorithm) {
@@ -250,7 +250,7 @@ public function encrypt($keys, $kid = null, $format = self::COMPACT_FORMAT) {
 
         $key_enc = AlgorithmFactory::create($this->headers['alg']);
         
-        /** @var \SimpleJWT\Crypt\EncryptionAlgorithm $content_enc */
+        /** @var \SimpleJWT\Crypt\Encryption\EncryptionAlgorithm $content_enc */
         $content_enc = AlgorithmFactory::create($this->headers['enc']);
 
         if ($kid != null) $this->headers['kid'] = $kid;
diff --git a/tests/AESCBC_HMACSHA2Test.php b/tests/Encryption/AESCBC_HMACSHA2Test.php
similarity index 98%
rename from tests/AESCBC_HMACSHA2Test.php
rename to tests/Encryption/AESCBC_HMACSHA2Test.php
index 73f05c3..903521e 100644
--- a/tests/AESCBC_HMACSHA2Test.php
+++ b/tests/Encryption/AESCBC_HMACSHA2Test.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Encryption;
 
 use SimpleJWT\Util\Util;
 use PHPUnit\Framework\TestCase;
diff --git a/tests/AESGCMTest.php b/tests/Encryption/AESGCMTest.php
similarity index 99%
rename from tests/AESGCMTest.php
rename to tests/Encryption/AESGCMTest.php
index 834c2dd..b46ae8d 100644
--- a/tests/AESGCMTest.php
+++ b/tests/Encryption/AESGCMTest.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Encryption;
 
 use SimpleJWT\Util\Util;
 use PHPUnit\Framework\TestCase;

From 59ab107296319a41955333815c4759ce5eec6943 Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 08:28:53 +1100
Subject: [PATCH 2/6] Refactor signature algorithms into own namespace

---
 src/SimpleJWT/Crypt/AlgorithmFactory.php             | 12 ++++++------
 src/SimpleJWT/Crypt/{ => Signature}/HMAC.php         |  2 +-
 src/SimpleJWT/Crypt/{ => Signature}/None.php         |  4 +++-
 src/SimpleJWT/Crypt/{ => Signature}/OpenSSLSig.php   |  3 ++-
 src/SimpleJWT/Crypt/{ => Signature}/SHA2.php         |  3 ++-
 .../Crypt/{ => Signature}/SignatureAlgorithm.php     |  3 ++-
 src/SimpleJWT/JWT.php                                |  6 +++---
 7 files changed, 19 insertions(+), 14 deletions(-)
 rename src/SimpleJWT/Crypt/{ => Signature}/HMAC.php (98%)
 rename src/SimpleJWT/Crypt/{ => Signature}/None.php (97%)
 rename src/SimpleJWT/Crypt/{ => Signature}/OpenSSLSig.php (98%)
 rename src/SimpleJWT/Crypt/{ => Signature}/SHA2.php (97%)
 rename src/SimpleJWT/Crypt/{ => Signature}/SignatureAlgorithm.php (98%)

diff --git a/src/SimpleJWT/Crypt/AlgorithmFactory.php b/src/SimpleJWT/Crypt/AlgorithmFactory.php
index ea78805..938eab0 100644
--- a/src/SimpleJWT/Crypt/AlgorithmFactory.php
+++ b/src/SimpleJWT/Crypt/AlgorithmFactory.php
@@ -48,10 +48,10 @@ class AlgorithmFactory {
     /** @var array<string, string> $alg_map */
     static $alg_map = [
         // Signature algorithms
-        '/^ES\d+$/' => 'SimpleJWT\Crypt\OpenSSLSig',
-        '/^ES256K$/' => 'SimpleJWT\Crypt\OpenSSLSig',
-        '/^RS\d+$/' => 'SimpleJWT\Crypt\OpenSSLSig',
-        '/^HS\d+$/' => 'SimpleJWT\Crypt\HMAC',
+        '/^ES\d+$/' => 'SimpleJWT\Crypt\Signature\OpenSSLSig',
+        '/^ES256K$/' => 'SimpleJWT\Crypt\Signature\OpenSSLSig',
+        '/^RS\d+$/' => 'SimpleJWT\Crypt\Signature\OpenSSLSig',
+        '/^HS\d+$/' => 'SimpleJWT\Crypt\Signature\HMAC',
 
         // Key management algorithms (derivation or encryption)
         '/^dir$/' => 'SimpleJWT\Crypt\DirectEncryption',
@@ -70,7 +70,7 @@ class AlgorithmFactory {
 
     /** @var array<string, string> $use_map */
     private static $use_map = [
-        Algorithm::SIGNATURE_ALGORITHM => 'SimpleJWT\Crypt\SignatureAlgorithm',
+        Algorithm::SIGNATURE_ALGORITHM => 'SimpleJWT\Crypt\Signature\SignatureAlgorithm',
         Algorithm::ENCRYPTION_ALGORITHM => 'SimpleJWT\Crypt\Encryption\EncryptionAlgorithm',
         Algorithm::KEY_ALGORITHM => 'SimpleJWT\Crypt\KeyManagementAlgorithm'
     ];
@@ -141,7 +141,7 @@ static public function getSupportedAlgs($use) {
      * @return void
      */
     static public function addNoneAlg() {
-        self::$alg_map['/^none$/'] = 'SimpleJWT\Crypt\None';
+        self::$alg_map['/^none$/'] = 'SimpleJWT\Crypt\Signature\None';
     }
 
     /**
diff --git a/src/SimpleJWT/Crypt/HMAC.php b/src/SimpleJWT/Crypt/Signature/HMAC.php
similarity index 98%
rename from src/SimpleJWT/Crypt/HMAC.php
rename to src/SimpleJWT/Crypt/Signature/HMAC.php
index 45e3e65..72b84df 100644
--- a/src/SimpleJWT/Crypt/HMAC.php
+++ b/src/SimpleJWT/Crypt/Signature/HMAC.php
@@ -33,7 +33,7 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Signature;
 
 use SimpleJWT\Keys\KeyException;
 use SimpleJWT\Util\Util;
diff --git a/src/SimpleJWT/Crypt/None.php b/src/SimpleJWT/Crypt/Signature/None.php
similarity index 97%
rename from src/SimpleJWT/Crypt/None.php
rename to src/SimpleJWT/Crypt/Signature/None.php
index 51fea6b..81faa70 100644
--- a/src/SimpleJWT/Crypt/None.php
+++ b/src/SimpleJWT/Crypt/Signature/None.php
@@ -33,7 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Signature;
+
+use SimpleJWT\Crypt\Algorithm;
 
 /**
  * Implements the `none` signature algorithm.
diff --git a/src/SimpleJWT/Crypt/OpenSSLSig.php b/src/SimpleJWT/Crypt/Signature/OpenSSLSig.php
similarity index 98%
rename from src/SimpleJWT/Crypt/OpenSSLSig.php
rename to src/SimpleJWT/Crypt/Signature/OpenSSLSig.php
index 51c23cb..c3464e7 100644
--- a/src/SimpleJWT/Crypt/OpenSSLSig.php
+++ b/src/SimpleJWT/Crypt/Signature/OpenSSLSig.php
@@ -33,8 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Signature;
 
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\KeyException;
 use SimpleJWT\Util\ASN1;
diff --git a/src/SimpleJWT/Crypt/SHA2.php b/src/SimpleJWT/Crypt/Signature/SHA2.php
similarity index 97%
rename from src/SimpleJWT/Crypt/SHA2.php
rename to src/SimpleJWT/Crypt/Signature/SHA2.php
index 62979db..0b9b797 100644
--- a/src/SimpleJWT/Crypt/SHA2.php
+++ b/src/SimpleJWT/Crypt/Signature/SHA2.php
@@ -33,8 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Signature;
 
+use SimpleJWT\Crypt\Algorithm;
 use SimpleJWT\Util\Util;
 
 /**
diff --git a/src/SimpleJWT/Crypt/SignatureAlgorithm.php b/src/SimpleJWT/Crypt/Signature/SignatureAlgorithm.php
similarity index 98%
rename from src/SimpleJWT/Crypt/SignatureAlgorithm.php
rename to src/SimpleJWT/Crypt/Signature/SignatureAlgorithm.php
index ad140ad..dd69d9a 100644
--- a/src/SimpleJWT/Crypt/SignatureAlgorithm.php
+++ b/src/SimpleJWT/Crypt/Signature/SignatureAlgorithm.php
@@ -33,8 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\Signature;
 
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Keys\KeyException;
diff --git a/src/SimpleJWT/JWT.php b/src/SimpleJWT/JWT.php
index d0f4564..c5e8eb8 100644
--- a/src/SimpleJWT/JWT.php
+++ b/src/SimpleJWT/JWT.php
@@ -137,7 +137,7 @@ public static function decode($token, $keys, $expected_alg, $kid = null, $skip_v
 
         // Check signatures
         if ($headers['alg'] != $expected_alg) throw new InvalidTokenException('Unexpected algorithm', InvalidTokenException::SIGNATURE_VERIFICATION_ERROR);
-        /** @var \SimpleJWT\Crypt\SignatureAlgorithm $signer */
+        /** @var \SimpleJWT\Crypt\Signature\SignatureAlgorithm $signer */
         $signer = AlgorithmFactory::create($expected_alg);
 
         try {
@@ -228,7 +228,7 @@ public function encode($keys, $kid = null, $auto_complete = ['iat', 'kid'], $alg
         if (in_array('iat', $auto_complete) && !isset($this->claims['iat'])) $this->claims['iat'] = time();
 
         try {
-            /** @var \SimpleJWT\Crypt\SignatureAlgorithm $signer */
+            /** @var \SimpleJWT\Crypt\Signature\SignatureAlgorithm $signer */
             $signer = AlgorithmFactory::create($this->headers['alg']);
         } catch (\UnexpectedValueException $e) {
             throw new CryptException($e->getMessage(), 0, $e);
@@ -390,7 +390,7 @@ public static function tokenHash($token) {
         $deserialised = self::deserialise($token);
         $alg = $deserialised['signatures'][0]['headers']['alg'];
 
-        /** @var \SimpleJWT\Crypt\SignatureAlgorithm $signer */
+        /** @var \SimpleJWT\Crypt\Signature\SignatureAlgorithm $signer */
         $signer = AlgorithmFactory::create($alg);
         return $signer->shortHash($token);
     }

From d495277908f02c2951fddc40849c5e7e156062d0 Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 08:41:04 +1100
Subject: [PATCH 3/6] Refactor key management algorithms into own namespace

---
 src/SimpleJWT/Crypt/AlgorithmFactory.php       | 18 +++++++++---------
 .../Crypt/{ => KeyManagement}/AESKeyWrap.php   |  4 +++-
 .../{ => KeyManagement}/AESKeyWrapTrait.php    |  2 +-
 .../{ => KeyManagement}/DirectEncryption.php   |  4 +++-
 .../Crypt/{ => KeyManagement}/ECDH.php         |  5 ++++-
 .../{ => KeyManagement}/ECDH_AESKeyWrap.php    |  2 +-
 .../KeyDerivationAlgorithm.php                 |  3 ++-
 .../KeyEncryptionAlgorithm.php                 |  3 ++-
 .../KeyManagementAlgorithm.php                 |  2 +-
 .../Crypt/{ => KeyManagement}/PBES2.php        |  6 ++++--
 .../Crypt/{ => KeyManagement}/RSAES.php        |  6 ++++--
 .../Crypt/{ => KeyManagement}/openssl.cnf      |  0
 src/SimpleJWT/JWE.php                          |  4 ++--
 tests/{ => KeyManagement}/AESKeyWrapTest.php   |  2 +-
 tests/{ => KeyManagement}/ECDHTest.php         |  5 +++--
 .../ECDH_AESKeyWrapTest.php                    |  3 ++-
 tests/{ => KeyManagement}/PBES2Test.php        |  4 ++--
 tests/{ => KeyManagement}/RSAESTest.php        |  2 +-
 18 files changed, 45 insertions(+), 30 deletions(-)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/AESKeyWrap.php (98%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/AESKeyWrapTrait.php (99%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/DirectEncryption.php (95%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/ECDH.php (98%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/ECDH_AESKeyWrap.php (98%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/KeyDerivationAlgorithm.php (97%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/KeyEncryptionAlgorithm.php (97%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/KeyManagementAlgorithm.php (97%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/PBES2.php (97%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/RSAES.php (98%)
 rename src/SimpleJWT/Crypt/{ => KeyManagement}/openssl.cnf (100%)
 rename tests/{ => KeyManagement}/AESKeyWrapTest.php (99%)
 rename tests/{ => KeyManagement}/ECDHTest.php (96%)
 rename tests/{ => KeyManagement}/ECDH_AESKeyWrapTest.php (98%)
 rename tests/{ => KeyManagement}/PBES2Test.php (93%)
 rename tests/{ => KeyManagement}/RSAESTest.php (99%)

diff --git a/src/SimpleJWT/Crypt/AlgorithmFactory.php b/src/SimpleJWT/Crypt/AlgorithmFactory.php
index 938eab0..375cf4a 100644
--- a/src/SimpleJWT/Crypt/AlgorithmFactory.php
+++ b/src/SimpleJWT/Crypt/AlgorithmFactory.php
@@ -54,14 +54,14 @@ class AlgorithmFactory {
         '/^HS\d+$/' => 'SimpleJWT\Crypt\Signature\HMAC',
 
         // Key management algorithms (derivation or encryption)
-        '/^dir$/' => 'SimpleJWT\Crypt\DirectEncryption',
-        '/^RSA1_5$/' => 'SimpleJWT\Crypt\RSAES',
-        '/^RSA-OAEP$/' => 'SimpleJWT\Crypt\RSAES',
-        '/^RSA-OAEP-256$/' => 'SimpleJWT\Crypt\RSAES',
-        '/^A\d+KW$/' => 'SimpleJWT\Crypt\AESKeyWrap',
-        '/^PBES2-HS\d+\\+A\d+KW$/' => 'SimpleJWT\Crypt\PBES2',
-        '/^ECDH-ES$/' => 'SimpleJWT\Crypt\ECDH',
-        '/^ECDH-ES\\+A\d+KW$/' => 'SimpleJWT\Crypt\ECDH_AESKeyWrap',
+        '/^dir$/' => 'SimpleJWT\Crypt\KeyManagement\DirectEncryption',
+        '/^RSA1_5$/' => 'SimpleJWT\Crypt\KeyManagement\RSAES',
+        '/^RSA-OAEP$/' => 'SimpleJWT\Crypt\KeyManagement\RSAES',
+        '/^RSA-OAEP-256$/' => 'SimpleJWT\Crypt\KeyManagement\RSAES',
+        '/^A\d+KW$/' => 'SimpleJWT\Crypt\KeyManagement\AESKeyWrap',
+        '/^PBES2-HS\d+\\+A\d+KW$/' => 'SimpleJWT\Crypt\KeyManagement\PBES2',
+        '/^ECDH-ES$/' => 'SimpleJWT\Crypt\KeyManagement\ECDH',
+        '/^ECDH-ES\\+A\d+KW$/' => 'SimpleJWT\Crypt\KeyManagement\ECDH_AESKeyWrap',
 
         // Content encryption algorithms
         '/^A\d+CBC-HS\d+$/' => 'SimpleJWT\Crypt\Encryption\AESCBC_HMACSHA2',
@@ -72,7 +72,7 @@ class AlgorithmFactory {
     private static $use_map = [
         Algorithm::SIGNATURE_ALGORITHM => 'SimpleJWT\Crypt\Signature\SignatureAlgorithm',
         Algorithm::ENCRYPTION_ALGORITHM => 'SimpleJWT\Crypt\Encryption\EncryptionAlgorithm',
-        Algorithm::KEY_ALGORITHM => 'SimpleJWT\Crypt\KeyManagementAlgorithm'
+        Algorithm::KEY_ALGORITHM => 'SimpleJWT\Crypt\KeyManagement\KeyManagementAlgorithm'
     ];
 
     /**
diff --git a/src/SimpleJWT/Crypt/AESKeyWrap.php b/src/SimpleJWT/Crypt/KeyManagement/AESKeyWrap.php
similarity index 98%
rename from src/SimpleJWT/Crypt/AESKeyWrap.php
rename to src/SimpleJWT/Crypt/KeyManagement/AESKeyWrap.php
index e6e3773..8dad8fd 100644
--- a/src/SimpleJWT/Crypt/AESKeyWrap.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/AESKeyWrap.php
@@ -33,8 +33,10 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Util\Util;
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\SymmetricKey;
diff --git a/src/SimpleJWT/Crypt/AESKeyWrapTrait.php b/src/SimpleJWT/Crypt/KeyManagement/AESKeyWrapTrait.php
similarity index 99%
rename from src/SimpleJWT/Crypt/AESKeyWrapTrait.php
rename to src/SimpleJWT/Crypt/KeyManagement/AESKeyWrapTrait.php
index 72812bc..792d382 100644
--- a/src/SimpleJWT/Crypt/AESKeyWrapTrait.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/AESKeyWrapTrait.php
@@ -33,7 +33,7 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\KeySet;
diff --git a/src/SimpleJWT/Crypt/DirectEncryption.php b/src/SimpleJWT/Crypt/KeyManagement/DirectEncryption.php
similarity index 95%
rename from src/SimpleJWT/Crypt/DirectEncryption.php
rename to src/SimpleJWT/Crypt/KeyManagement/DirectEncryption.php
index 1d399df..50bff06 100644
--- a/src/SimpleJWT/Crypt/DirectEncryption.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/DirectEncryption.php
@@ -33,8 +33,10 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Util\Util;
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\SymmetricKey;
diff --git a/src/SimpleJWT/Crypt/ECDH.php b/src/SimpleJWT/Crypt/KeyManagement/ECDH.php
similarity index 98%
rename from src/SimpleJWT/Crypt/ECDH.php
rename to src/SimpleJWT/Crypt/KeyManagement/ECDH.php
index 4b5eefc..044e68d 100644
--- a/src/SimpleJWT/Crypt/ECDH.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/ECDH.php
@@ -33,8 +33,11 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\AlgorithmFactory;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\ECKey;
 use SimpleJWT\Keys\KeyFactory;
 use SimpleJWT\Util\Util;
diff --git a/src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php b/src/SimpleJWT/Crypt/KeyManagement/ECDH_AESKeyWrap.php
similarity index 98%
rename from src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php
rename to src/SimpleJWT/Crypt/KeyManagement/ECDH_AESKeyWrap.php
index a7120cb..1ec7885 100644
--- a/src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/ECDH_AESKeyWrap.php
@@ -33,7 +33,7 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 use SimpleJWT\Keys\KeySet;
 
diff --git a/src/SimpleJWT/Crypt/KeyDerivationAlgorithm.php b/src/SimpleJWT/Crypt/KeyManagement/KeyDerivationAlgorithm.php
similarity index 97%
rename from src/SimpleJWT/Crypt/KeyDerivationAlgorithm.php
rename to src/SimpleJWT/Crypt/KeyManagement/KeyDerivationAlgorithm.php
index 8c75bfe..a043811 100644
--- a/src/SimpleJWT/Crypt/KeyDerivationAlgorithm.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/KeyDerivationAlgorithm.php
@@ -33,8 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Keys\KeyException;
 
diff --git a/src/SimpleJWT/Crypt/KeyEncryptionAlgorithm.php b/src/SimpleJWT/Crypt/KeyManagement/KeyEncryptionAlgorithm.php
similarity index 97%
rename from src/SimpleJWT/Crypt/KeyEncryptionAlgorithm.php
rename to src/SimpleJWT/Crypt/KeyManagement/KeyEncryptionAlgorithm.php
index a90c9b9..895da49 100644
--- a/src/SimpleJWT/Crypt/KeyEncryptionAlgorithm.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/KeyEncryptionAlgorithm.php
@@ -33,8 +33,9 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Keys\KeyException;
 
diff --git a/src/SimpleJWT/Crypt/KeyManagementAlgorithm.php b/src/SimpleJWT/Crypt/KeyManagement/KeyManagementAlgorithm.php
similarity index 97%
rename from src/SimpleJWT/Crypt/KeyManagementAlgorithm.php
rename to src/SimpleJWT/Crypt/KeyManagement/KeyManagementAlgorithm.php
index 7d19391..74ff2a0 100644
--- a/src/SimpleJWT/Crypt/KeyManagementAlgorithm.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/KeyManagementAlgorithm.php
@@ -33,7 +33,7 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 /**
  * Interface for key management algorithms.  These can be *key encryption
diff --git a/src/SimpleJWT/Crypt/PBES2.php b/src/SimpleJWT/Crypt/KeyManagement/PBES2.php
similarity index 97%
rename from src/SimpleJWT/Crypt/PBES2.php
rename to src/SimpleJWT/Crypt/KeyManagement/PBES2.php
index 7c0aa61..164e7cd 100644
--- a/src/SimpleJWT/Crypt/PBES2.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/PBES2.php
@@ -33,12 +33,14 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
-use SimpleJWT\Util\Util;
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\Key;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Keys\SymmetricKey;
+use SimpleJWT\Util\Util;
 
 /**
  * Implements PBES2 key encryption algorithm with AES key wrap.
diff --git a/src/SimpleJWT/Crypt/RSAES.php b/src/SimpleJWT/Crypt/KeyManagement/RSAES.php
similarity index 98%
rename from src/SimpleJWT/Crypt/RSAES.php
rename to src/SimpleJWT/Crypt/KeyManagement/RSAES.php
index 320e83d..b55ed86 100644
--- a/src/SimpleJWT/Crypt/RSAES.php
+++ b/src/SimpleJWT/Crypt/KeyManagement/RSAES.php
@@ -33,10 +33,12 @@
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
-use SimpleJWT\Util\Util;
+use SimpleJWT\Crypt\Algorithm;
+use SimpleJWT\Crypt\CryptException;
 use SimpleJWT\Keys\Key;
+use SimpleJWT\Util\Util;
 
 /**
  * Implementation of the RSA Encryption Scheme algorithms, including `RSA1_5` and
diff --git a/src/SimpleJWT/Crypt/openssl.cnf b/src/SimpleJWT/Crypt/KeyManagement/openssl.cnf
similarity index 100%
rename from src/SimpleJWT/Crypt/openssl.cnf
rename to src/SimpleJWT/Crypt/KeyManagement/openssl.cnf
diff --git a/src/SimpleJWT/JWE.php b/src/SimpleJWT/JWE.php
index ce77ae3..813ecf0 100644
--- a/src/SimpleJWT/JWE.php
+++ b/src/SimpleJWT/JWE.php
@@ -36,8 +36,8 @@
 
 use SimpleJWT\Crypt\AlgorithmFactory;
 use SimpleJWT\Crypt\CryptException;
-use SimpleJWT\Crypt\KeyDerivationAlgorithm;
-use SimpleJWT\Crypt\KeyEncryptionAlgorithm;
+use SimpleJWT\Crypt\KeyManagement\KeyDerivationAlgorithm;
+use SimpleJWT\Crypt\KeyManagement\KeyEncryptionAlgorithm;
 use SimpleJWT\Keys\SymmetricKey;
 use SimpleJWT\Keys\KeyException;
 use SimpleJWT\Util\Helper;
diff --git a/tests/AESKeyWrapTest.php b/tests/KeyManagement/AESKeyWrapTest.php
similarity index 99%
rename from tests/AESKeyWrapTest.php
rename to tests/KeyManagement/AESKeyWrapTest.php
index 91217f5..d81f1d0 100644
--- a/tests/AESKeyWrapTest.php
+++ b/tests/KeyManagement/AESKeyWrapTest.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 use SimpleJWT\Util\Util;
 use PHPUnit\Framework\TestCase;
diff --git a/tests/ECDHTest.php b/tests/KeyManagement/ECDHTest.php
similarity index 96%
rename from tests/ECDHTest.php
rename to tests/KeyManagement/ECDHTest.php
index 513476d..7a11780 100644
--- a/tests/ECDHTest.php
+++ b/tests/KeyManagement/ECDHTest.php
@@ -1,6 +1,7 @@
 <?php
 
-use SimpleJWT\Crypt\ECDH;
+namespace SimpleJWT\Crypt\KeyManagement;
+
 use SimpleJWT\Keys\ECKey;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Util\Util;
@@ -27,7 +28,7 @@ protected function getECDHStub() {
             'y' => 'SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps'
         ], 'php');
 
-        $stub = $this->getMockBuilder('SimpleJWT\Crypt\ECDH')
+        $stub = $this->getMockBuilder('SimpleJWT\Crypt\KeyManagement\ECDH')
             ->setMethods(['createEphemeralKey'])->setConstructorArgs(['ECDH-ES'])->getMock();
 
         $stub->method('createEphemeralKey')->willReturn($ephemeral_key);
diff --git a/tests/ECDH_AESKeyWrapTest.php b/tests/KeyManagement/ECDH_AESKeyWrapTest.php
similarity index 98%
rename from tests/ECDH_AESKeyWrapTest.php
rename to tests/KeyManagement/ECDH_AESKeyWrapTest.php
index cf17229..525bcc4 100644
--- a/tests/ECDH_AESKeyWrapTest.php
+++ b/tests/KeyManagement/ECDH_AESKeyWrapTest.php
@@ -1,6 +1,7 @@
 <?php
 
-use SimpleJWT\Crypt\ECDH_AESKeyWrap;
+namespace SimpleJWT\Crypt\KeyManagement;
+
 use SimpleJWT\Keys\ECKey;
 use SimpleJWT\Keys\KeySet;
 use SimpleJWT\Util\Util;
diff --git a/tests/PBES2Test.php b/tests/KeyManagement/PBES2Test.php
similarity index 93%
rename from tests/PBES2Test.php
rename to tests/KeyManagement/PBES2Test.php
index eccac64..78a7949 100644
--- a/tests/PBES2Test.php
+++ b/tests/KeyManagement/PBES2Test.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 use SimpleJWT\Util\Util;
 use PHPUnit\Framework\TestCase;
@@ -17,7 +17,7 @@ function testPBES2Encrypt() {
         $password = 'Thus from my lips, by yours, my sin is purged.';
         $keys = $this->getKeySet($password);
 
-        $stub = $this->getMockBuilder('SimpleJWT\Crypt\PBES2')
+        $stub = $this->getMockBuilder('SimpleJWT\Crypt\KeyManagement\PBES2')
             ->setMethods(['generateSaltInput'])->setConstructorArgs(['PBES2-HS256+A128KW'])->getMock();
 
         $stub->method('generateSaltInput')->willReturn(Util::base64url_decode('2WCTcJZ1Rvd_CJuJripQ1w'));
diff --git a/tests/RSAESTest.php b/tests/KeyManagement/RSAESTest.php
similarity index 99%
rename from tests/RSAESTest.php
rename to tests/KeyManagement/RSAESTest.php
index 5b18dac..c113823 100644
--- a/tests/RSAESTest.php
+++ b/tests/KeyManagement/RSAESTest.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace SimpleJWT\Crypt;
+namespace SimpleJWT\Crypt\KeyManagement;
 
 use SimpleJWT\Util\Util;
 use SimpleJWT\Keys\KeySet;

From cef89a5d8e80a8a2113a92310edba9b9f749f950 Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 08:45:40 +1100
Subject: [PATCH 4/6] Update Changelog

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9d272e..abb1f70 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+- Changed: Split `SimpleJWT\Crypt` namespace into multiple namespaces, one
+  for each algorithm type (#60)
+
 ## 0.6.2
 
 - Changed: Updated `symfony/console` package version

From 627f5a688b79c5e9fbff0628b357cba0a807d975 Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 11:15:38 +1100
Subject: [PATCH 5/6] Refactor JWT and JWT to derive from a common parent class

---
 CHANGELOG.md                  |  1 +
 src/SimpleJWT/JWE.php         | 28 +-----------
 src/SimpleJWT/JWT.php         | 28 +-----------
 src/SimpleJWT/Token.php       | 82 +++++++++++++++++++++++++++++++++++
 src/SimpleJWT/Util/Helper.php | 15 +++----
 tests/HelperTest.php          | 12 ++---
 6 files changed, 99 insertions(+), 67 deletions(-)
 create mode 100644 src/SimpleJWT/Token.php

diff --git a/CHANGELOG.md b/CHANGELOG.md
index abb1f70..b2ce82a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 
 - Changed: Split `SimpleJWT\Crypt` namespace into multiple namespaces, one
   for each algorithm type (#60)
+- Changed: `JWT` and `JWE` now derives from a common parent class `Token`
 
 ## 0.6.2
 
diff --git a/src/SimpleJWT/JWE.php b/src/SimpleJWT/JWE.php
index 813ecf0..18e355e 100644
--- a/src/SimpleJWT/JWE.php
+++ b/src/SimpleJWT/JWE.php
@@ -43,12 +43,7 @@
 use SimpleJWT\Util\Helper;
 use SimpleJWT\Util\Util;
 
-class JWE {
-    /** @var string COMPACT_FORMAT Compact JWE serialisation format */
-    const COMPACT_FORMAT = Helper::COMPACT_FORMAT;
-    /** @var string JSON_FORMAT JSON JWE serialisation format */
-    const JSON_FORMAT = Helper::JSON_FORMAT;
-
+class JWE extends Token {
     /** @var array<string, mixed> $headers */
     protected $headers = ['typ' => 'JWE'];
 
@@ -62,7 +57,7 @@ class JWE {
      * @param string $plaintext the plaintext to encrypt
      */
     public function __construct($headers, $plaintext) {
-        $this->headers = $headers;
+        parent::__construct($headers);
         $this->plaintext = $plaintext;
     }
 
@@ -203,25 +198,6 @@ public static function decrypt($token, $keys, $expected_alg) {
         return new JWE($headers, $plaintext);
     }
 
-    /**
-     * Returns the JWE's headers.
-     *
-     * @return array<string, mixed> the headers
-     */
-    public function getHeaders() {
-        return $this->headers;
-    }
-
-    /**
-     * Returns a specified header
-     *
-     * @param string $header the header to return
-     * @return mixed the header value
-     */
-    public function getHeader($header) {
-        return $this->headers[$header];
-    }
-
     /**
      * Returns the JWE's plaintext
      *
diff --git a/src/SimpleJWT/JWT.php b/src/SimpleJWT/JWT.php
index c5e8eb8..8f8ddab 100644
--- a/src/SimpleJWT/JWT.php
+++ b/src/SimpleJWT/JWT.php
@@ -53,12 +53,7 @@
  * claims can then be retrieved using the {@link getHeaders()} and {@link getClaims()}
  * functions.
  */
-class JWT {
-    /** @var string COMPACT_FORMAT Compact JWT serialisation format */
-    const COMPACT_FORMAT = Helper::COMPACT_FORMAT;
-    /** @var string JSON_FORMAT JSON JWT serialisation format */
-    const JSON_FORMAT = Helper::JSON_FORMAT;
-
+class JWT extends Token {
     /** @var int $TIME_ALLOWANCE */
     static public $TIME_ALLOWANCE = 300;
 
@@ -78,7 +73,7 @@ class JWT {
      * @param array<string, mixed> $claims the claims
      */
     public function __construct($headers, $claims) {
-        $this->headers = $headers;
+        parent::__construct($headers);
         $this->claims = $claims;
     }
 
@@ -167,25 +162,6 @@ public static function decode($token, $keys, $expected_alg, $kid = null, $skip_v
         return new JWT($headers, $claims);
     }
 
-    /**
-     * Returns the JWT's headers.
-     *
-     * @return array<string, mixed> the headers
-     */
-    public function getHeaders() {
-        return $this->headers;
-    }
-
-    /**
-     * Returns a specified header
-     *
-     * @param string $header the header to return
-     * @return mixed the header value
-     */
-    public function getHeader($header) {
-        return $this->headers[$header];
-    }
-
     /**
      * Returns the JWT's claims.
      *
diff --git a/src/SimpleJWT/Token.php b/src/SimpleJWT/Token.php
new file mode 100644
index 0000000..510eb31
--- /dev/null
+++ b/src/SimpleJWT/Token.php
@@ -0,0 +1,82 @@
+<?php
+/*
+ * SimpleJWT
+ *
+ * Copyright (C) Kelvin Mo 2022
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials provided
+ *    with the distribution.
+ *
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace SimpleJWT;
+
+/**
+ * A JSON Object Signing and Encryption (JOSE) token.
+ * 
+ * A JOSE token can be a JSON web token (JWT) or a JSON web encryption
+ * (JWE).  These are represented by the subclasses {@link JWE} and
+ * {@link JWT} respectively.
+ */
+abstract class Token {
+    /** @var string COMPACT_FORMAT Compact token serialisation format */
+    const COMPACT_FORMAT = 'compact';
+    /** @var string JSON_FORMAT JSON token serialisation format */
+    const JSON_FORMAT = 'json';
+
+    /** @var array<string, mixed> $headers */
+    protected $headers;
+
+    /**
+     * Creates a new token.
+     *
+     * @param array<string, mixed> $headers the headers
+     */
+    public function __construct($headers) {
+        $this->headers = $headers;
+    }
+
+    /**
+     * Returns the token's headers.
+     *
+     * @return array<string, mixed> the headers
+     */
+    public function getHeaders() {
+        return $this->headers;
+    }
+
+    /**
+     * Returns a specified header
+     *
+     * @param string $header the header to return
+     * @return mixed the header value
+     */
+    public function getHeader($header) {
+        return $this->headers[$header];
+    }
+}
+?>
diff --git a/src/SimpleJWT/Util/Helper.php b/src/SimpleJWT/Util/Helper.php
index d195076..e57ea7a 100644
--- a/src/SimpleJWT/Util/Helper.php
+++ b/src/SimpleJWT/Util/Helper.php
@@ -37,6 +37,7 @@
 
 use SimpleJWT\JWT;
 use SimpleJWT\JWE;
+use SimpleJWT\Token;
 use SimpleJWT\InvalidTokenException;
 
 /**
@@ -45,10 +46,6 @@
  * JWTs and JWEs are accepted.
  */
 class Helper {
-
-    const COMPACT_FORMAT = 'compact';
-    const JSON_FORMAT = 'json';
-
     /** @var string $data */
     private $data;
 
@@ -106,7 +103,7 @@ function getFormat() {
      * should be agreed between the parties out-of-band
      * @param string $kid the ID of the key to use for verification of a JWT. If null, this
      * is automatically retrieved.  For a JWE, this parameter is ignored.
-     * @return JWT|JWE the decoded JWT or JWE
+     * @return Token the decoded JWT or JWE
      * @throws InvalidTokenException if the token is invalid for any reason
      */
     function getObject($keys, $expected_alg, $kid = null) {
@@ -173,18 +170,18 @@ static function detect($data) {
             $dot_count = substr_count($data, '.');
             if (($dot_count == 1) || ($dot_count == 2)) {
                 $results['type'] = 'JWT';
-                $results['format'] = self::COMPACT_FORMAT;
+                $results['format'] = Token::COMPACT_FORMAT;
             } elseif ($dot_count == 4) {
                 $results['type'] = 'JWE';
-                $results['format'] = self::COMPACT_FORMAT;
+                $results['format'] = Token::COMPACT_FORMAT;
             }
         } else {
             if (isset($obj['signature']) || isset($obj['signatures'])) {
                 $results['type'] = 'JWT';
-                $results['format'] = self::JSON_FORMAT;
+                $results['format'] = Token::JSON_FORMAT;
             } elseif (isset($obj['ciphertext'])) {
                 $results['type'] = 'JWE';
-                $results['format'] = self::JSON_FORMAT;
+                $results['format'] = Token::JSON_FORMAT;
             }
         }
 
diff --git a/tests/HelperTest.php b/tests/HelperTest.php
index fa1c4ff..3a9c443 100644
--- a/tests/HelperTest.php
+++ b/tests/HelperTest.php
@@ -13,7 +13,7 @@ function testJWSCompact() {
 
         $results = Helper::detect($compact);
         $this->assertEquals('JWT', $results['type']);
-        $this->assertEquals(Helper::COMPACT_FORMAT, $results['format']);
+        $this->assertEquals(Token::COMPACT_FORMAT, $results['format']);
     }
 
     function testJWSJSON() {
@@ -35,7 +35,7 @@ function testJWSJSON() {
 
         $results = Helper::detect($complete_json);
         $this->assertEquals('JWT', $results['type']);
-        $this->assertEquals(Helper::JSON_FORMAT, $results['format']);
+        $this->assertEquals(Token::JSON_FORMAT, $results['format']);
 
         $flattened_json = <<<END
         {
@@ -51,7 +51,7 @@ function testJWSJSON() {
 
         $results = Helper::detect($flattened_json);
         $this->assertEquals('JWT', $results['type']);
-        $this->assertEquals(Helper::JSON_FORMAT, $results['format']);
+        $this->assertEquals(Token::JSON_FORMAT, $results['format']);
     }
 
     function testJWECompact() {
@@ -59,7 +59,7 @@ function testJWECompact() {
 
         $results = Helper::detect($compact);
         $this->assertEquals('JWE', $results['type']);
-        $this->assertEquals(Helper::COMPACT_FORMAT, $results['format']);
+        $this->assertEquals(Token::COMPACT_FORMAT, $results['format']);
     }
 
     function testJWEJSON() {
@@ -89,7 +89,7 @@ function testJWEJSON() {
 
         $results = Helper::detect($complete_json);
         $this->assertEquals('JWE', $results['type']);
-        $this->assertEquals(Helper::JSON_FORMAT, $results['format']);
+        $this->assertEquals(Token::JSON_FORMAT, $results['format']);
 
         $flattened_json = <<<END
         {
@@ -112,7 +112,7 @@ function testJWEJSON() {
 
         $results = Helper::detect($flattened_json);
         $this->assertEquals('JWE', $results['type']);
-        $this->assertEquals(Helper::JSON_FORMAT, $results['format']);
+        $this->assertEquals(Token::JSON_FORMAT, $results['format']);
     }
 
     function testInvalidToken() {

From f23cf8fe3bc6ee913529a9bc0f8e00ac9e6510af Mon Sep 17 00:00:00 2001
From: Kelvin Mo <kmo@users.sourceforge.net>
Date: Sat, 19 Feb 2022 11:20:48 +1100
Subject: [PATCH 6/6] Fix code documentation

---
 src/SimpleJWT/Util/Helper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/SimpleJWT/Util/Helper.php b/src/SimpleJWT/Util/Helper.php
index 219faaf..44a0284 100644
--- a/src/SimpleJWT/Util/Helper.php
+++ b/src/SimpleJWT/Util/Helper.php
@@ -123,7 +123,7 @@ function decode($keys, $expected_alg, $kid = null) {
      * should be agreed between the parties out-of-band
      * @param string $kid the ID of the key to use for verification of a JWT. If null, this
      * is automatically retrieved.  For a JWE, this parameter is ignored.
-     * @return JWT|JWE the decoded JWT or JWE
+     * @return Token the decoded JWT or JWE
      * @throws InvalidTokenException if the token is invalid for any reason
      * @deprecated use {@link decode()} instead
      * @codeCoverageIgnore