|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the tmilos/jose-jwt package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Milos Tomic <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the MIT license that is bundled |
|
9
|
|
|
* with this source code in the file LICENSE. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Tmilos\JoseJwt; |
|
13
|
|
|
|
|
14
|
|
|
use Tmilos\JoseJwt\Context\Context; |
|
15
|
|
|
use Tmilos\JoseJwt\Error\IntegrityException; |
|
16
|
|
|
use Tmilos\JoseJwt\Error\JoseJwtException; |
|
17
|
|
|
use Tmilos\JoseJwt\Util\StringUtils; |
|
18
|
|
|
use Tmilos\JoseJwt\Util\UrlSafeB64Encoder; |
|
19
|
|
|
|
|
20
|
|
|
class Jwt |
|
21
|
|
|
{ |
|
22
|
|
|
private function __construct() |
|
23
|
|
|
{ |
|
24
|
|
|
} |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* @param Context $context |
|
28
|
|
|
* @param array|object $payload |
|
29
|
|
|
* @param string|resource $key |
|
30
|
|
|
* @param string $jwsAlgorithm |
|
31
|
|
|
* @param array $extraHeaders |
|
32
|
|
|
* |
|
33
|
|
|
* @return string |
|
34
|
|
|
*/ |
|
35
|
|
|
public static function encode(Context $context, $payload, $key, $jwsAlgorithm, $extraHeaders = []) |
|
36
|
|
|
{ |
|
37
|
|
|
$header = array_merge([ |
|
38
|
|
|
'alg' => '', |
|
39
|
|
|
'typ' => 'JWT', |
|
40
|
|
|
], $extraHeaders); |
|
41
|
|
|
|
|
42
|
|
|
$hashAlgorithm = $context->jwsAlgorithms()->get($jwsAlgorithm); |
|
43
|
|
|
if (null == $hashAlgorithm) { |
|
44
|
|
|
throw new JoseJwtException(sprintf('Unknown algorithm "%s"', $jwsAlgorithm)); |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
$header['alg'] = $jwsAlgorithm; |
|
48
|
|
|
|
|
49
|
|
|
$payloadString = StringUtils::payload2string($payload, $context->jsonMapper()); |
|
50
|
|
|
|
|
51
|
|
|
$signingInput = implode('.', [ |
|
52
|
|
|
UrlSafeB64Encoder::encode(json_encode($header)), |
|
53
|
|
|
UrlSafeB64Encoder::encode($payloadString), |
|
54
|
|
|
]); |
|
55
|
|
|
|
|
56
|
|
|
$signature = $hashAlgorithm->sign($signingInput, $key); |
|
57
|
|
|
$signature = UrlSafeB64Encoder::encode($signature); |
|
58
|
|
|
|
|
59
|
|
|
return $signingInput.'.'.$signature; |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
/** |
|
63
|
|
|
* @param Context $context |
|
64
|
|
|
* @param string $token |
|
65
|
|
|
* @param string|resource $key |
|
66
|
|
|
* |
|
67
|
|
|
* @return array |
|
68
|
|
|
*/ |
|
69
|
|
|
public static function decode(Context $context, $token, $key) |
|
70
|
|
|
{ |
|
71
|
|
|
if (empty($token) || trim($token) === '') { |
|
72
|
|
|
throw new JoseJwtException('Incoming token expected to be in compact serialization form, but is empty'); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
$parts = explode('.', $token); |
|
76
|
|
|
if (count($parts) == 5) { |
|
77
|
|
|
return Jwe::decode($context, $token, $key); |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
$decodedParts = []; |
|
81
|
|
|
foreach ($parts as $part) { |
|
82
|
|
|
$decodedParts[] = UrlSafeB64Encoder::decode($part); |
|
83
|
|
|
} |
|
84
|
|
|
$header = json_decode($decodedParts[0], true); |
|
85
|
|
|
if (null == $header) { |
|
86
|
|
|
throw new JoseJwtException('Invalid header'); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
// signed or plain JWT |
|
90
|
|
|
$signedInput = $parts[0].'.'.$parts[1]; |
|
91
|
|
|
$algorithmId = $header['alg']; |
|
92
|
|
|
$algorithm = $context->jwsAlgorithms()->get($algorithmId); |
|
93
|
|
|
if (null === $algorithm) { |
|
94
|
|
|
throw new JoseJwtException(sprintf('Invalid algorithm "%s"', $algorithmId)); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
if (false === $algorithm->verify($decodedParts[2], $signedInput, $key)) { |
|
98
|
|
|
throw new IntegrityException('Invalid signature'); |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
return json_decode($decodedParts[1], true); |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
/** |
|
105
|
|
|
* @param $token |
|
106
|
|
|
* |
|
107
|
|
|
* @return array |
|
108
|
|
|
*/ |
|
109
|
|
View Code Duplication |
public static function header($token) |
|
|
|
|
|
|
110
|
|
|
{ |
|
111
|
|
|
if (null === $token || trim($token) === '') { |
|
112
|
|
|
throw new JoseJwtException('Incoming token expected to be in compact serialization form, but is empty'); |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
$parts = explode('.', $token); |
|
116
|
|
|
if (count($parts) != 3 && count($parts) != 5) { |
|
117
|
|
|
throw new JoseJwtException('Invalid JWT'); |
|
118
|
|
|
} |
|
119
|
|
|
|
|
120
|
|
|
$header = json_decode(UrlSafeB64Encoder::decode($parts[0]), true); |
|
121
|
|
|
if (null == $header) { |
|
122
|
|
|
throw new JoseJwtException('Invalid header'); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
return $header; |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
/** |
|
129
|
|
|
* @param $token |
|
130
|
|
|
* |
|
131
|
|
|
* @return array |
|
132
|
|
|
*/ |
|
133
|
|
View Code Duplication |
public static function payload($token) |
|
|
|
|
|
|
134
|
|
|
{ |
|
135
|
|
|
if (null === $token || trim($token) === '') { |
|
136
|
|
|
throw new JoseJwtException('Incoming token expected to be in compact serialization form, but is empty'); |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
|
|
$parts = explode('.', $token); |
|
140
|
|
|
if (count($parts) != 3) { |
|
141
|
|
|
throw new JoseJwtException('Invalid JWT'); |
|
142
|
|
|
} |
|
143
|
|
|
|
|
144
|
|
|
$payload = json_decode(UrlSafeB64Encoder::decode($parts[1]), true); |
|
145
|
|
|
if (null == $payload) { |
|
146
|
|
|
throw new JoseJwtException('Invalid payload'); |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
return $payload; |
|
150
|
|
|
} |
|
151
|
|
|
} |
|
152
|
|
|
|
tmilos /
jose-jwt
Milos Tomic
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.