/**
*
*/
public function testNoneSignAndVerifyComplete()
{
$jwt = new JWT();
$jwt->setProtectedHeader(['alg' => 'none']);
$jwt->setPayload('Je suis Charlie');
$jwk = new JWK(['kty' => 'none']);
$instruction1 = new SignatureInstruction();
$instruction1->setKey($jwk)->setProtectedHeader(['alg' => 'none']);
$signer = $this->getSigner();
$loader = $this->getLoader();
$signed = $signer->sign($jwt, [$instruction1]);
$this->assertTrue(is_string($signed));
$result = $loader->load($signed);
$this->assertInstanceOf('Jose\\JWSInterface', $result);
$this->assertEquals('Je suis Charlie', $result->getPayload());
$this->assertEquals('none', $result->getAlgorithm());
}
/**
* @Given I have a valid client assertion for client :client in the body request
*/
public function IHaveAValidClientAssertionForClientInTheBodyRequest($client)
{
/*
* @var \Jose\JWKManagerInterface
*/
$key_manager = $this->getContainer()->get('jose.jwk_manager');
$jwk1 = $key_manager->createJWK(['kid' => 'JWK1', 'kty' => 'oct', 'use' => 'enc', 'k' => 'ABEiM0RVZneImaq7zN3u_wABAgMEBQYHCAkKCwwNDg8']);
$jwk2 = $key_manager->createJWK(['kid' => 'JWK2', 'kty' => 'oct', 'use' => 'sig', 'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow']);
$jose = $this->getContainer()->get('jose');
$input = ['exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client];
$signature_instruction = new SignatureInstruction();
$signature_instruction->setKey($jwk2)->setProtectedHeader(['cty' => 'JWT', 'alg' => 'HS512'])->setUnprotectedHeader([]);
$encryption_instruction = new EncryptionInstruction();
$encryption_instruction->setRecipientKey($jwk1);
$jws = $jose->sign($input, [$signature_instruction]);
$jwe = $jose->encrypt($jws, [$encryption_instruction], ['cty' => 'JWT', 'alg' => 'A256KW', 'enc' => 'A256CBC-HS512', 'exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]);
$this->iAddKeyWithValueInTheBodyRequest('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
$this->iAddKeyWithValueInTheBodyRequest('client_assertion', $jwe);
}
/**
* @param string $kid
* @param mixed $payload
* @param array $protected_header
* @param array $unprotected_header
* @param string $mode
*
* @throws \Exception
*
* @return string
*/
public function sign($kid, $payload, array $protected_header, array $unprotected_header = [], $mode = JSONSerializationModes::JSON_COMPACT_SERIALIZATION)
{
$key = $this->getKeysetManager()->getKeyByKid($kid);
if (!$key instanceof JWKInterface) {
throw new \Exception('Unable to determine the key used to sign the payload.');
}
if (!array_key_exists('kid', $protected_header)) {
$protected_header['kid'] = $kid;
}
$instruction = new SignatureInstruction();
$instruction->setKey($key)->setProtectedHeader($protected_header)->setUnprotectedHeader($unprotected_header);
return $this->getSigner()->sign($payload, [$instruction], $mode);
}
/**
*
*/
public function testCompletePS512Sign()
{
$input = new JWT();
$input->setProtectedHeaderValue('alg', 'PS512')->setProtectedHeaderValue('jwk', ['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB'])->setPayload('Je suis Charlie');
$key = new JWK(['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB', 'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc', 'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ', 'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU', 'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M', 'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE', 'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os']);
$instruction = new SignatureInstruction();
$instruction->setKey($key);
$signer = $this->getSigner();
$signature = $signer->sign($input, [$instruction]);
$loader = $this->getLoader();
$result = $loader->load($signature);
$this->assertInstanceOf('Jose\\JWSInterface', $result);
$this->assertEquals('Je suis Charlie', $result->getPayload());
$this->assertEquals('PS512', $result->getAlgorithm());
}
/**
*
*/
public function testSignAndLoadJWKSet()
{
$signer = $this->getSigner();
$loader = $this->getLoader();
$instruction1 = new SignatureInstruction();
$instruction1->setKey($this->getKey1())->setProtectedHeader(['alg' => 'HS512'])->setUnprotectedHeader(['foo' => 'bar']);
$instruction2 = new SignatureInstruction();
$instruction2->setKey($this->getKey2())->setProtectedHeader(['alg' => 'RS512']);
$signatures = $signer->sign($this->getKeyset(), [$instruction1, $instruction2], JSONSerializationModes::JSON_SERIALIZATION);
$this->assertTrue(is_string($signatures));
$loaded = $loader->load($signatures);
/*
* @var \Jose\JWSInterface[] $loaded
*/
$this->assertTrue(is_array($loaded));
$this->assertEquals(2, count($loaded));
foreach ($loaded as $jws) {
$this->assertInstanceOf('\\Jose\\JWSInterface', $jws);
$this->assertEquals($this->getKeyset(), $jws->getPayload());
$this->assertTrue($loader->verifySignature($jws));
}
$this->assertEquals('HS512', $loaded[0]->getAlgorithm());
$this->assertEquals('RS512', $loaded[1]->getAlgorithm());
}