Beispiel #1
0
 /**
  *
  */
 public function testNoneSignAndVerifyComplete()
 {
     $jwt = new JWT();
     $jwt->setProtectedHeader(['alg' => 'none']);
     $jwt->setPayload('Je suis Charlie');
     $jwk = new JWK(['kty' => 'none']);
     $instruction1 = new SignatureInstruction();
     $instruction1->setKey($jwk)->setProtectedHeader(['alg' => 'none']);
     $signer = $this->getSigner();
     $loader = $this->getLoader();
     $signed = $signer->sign($jwt, [$instruction1]);
     $this->assertTrue(is_string($signed));
     $result = $loader->load($signed);
     $this->assertInstanceOf('Jose\\JWSInterface', $result);
     $this->assertEquals('Je suis Charlie', $result->getPayload());
     $this->assertEquals('none', $result->getAlgorithm());
 }
 /**
  * @Given I have a valid client assertion for client :client in the body request
  */
 public function IHaveAValidClientAssertionForClientInTheBodyRequest($client)
 {
     /*
      * @var \Jose\JWKManagerInterface
      */
     $key_manager = $this->getContainer()->get('jose.jwk_manager');
     $jwk1 = $key_manager->createJWK(['kid' => 'JWK1', 'kty' => 'oct', 'use' => 'enc', 'k' => 'ABEiM0RVZneImaq7zN3u_wABAgMEBQYHCAkKCwwNDg8']);
     $jwk2 = $key_manager->createJWK(['kid' => 'JWK2', 'kty' => 'oct', 'use' => 'sig', 'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow']);
     $jose = $this->getContainer()->get('jose');
     $input = ['exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client];
     $signature_instruction = new SignatureInstruction();
     $signature_instruction->setKey($jwk2)->setProtectedHeader(['cty' => 'JWT', 'alg' => 'HS512'])->setUnprotectedHeader([]);
     $encryption_instruction = new EncryptionInstruction();
     $encryption_instruction->setRecipientKey($jwk1);
     $jws = $jose->sign($input, [$signature_instruction]);
     $jwe = $jose->encrypt($jws, [$encryption_instruction], ['cty' => 'JWT', 'alg' => 'A256KW', 'enc' => 'A256CBC-HS512', 'exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]);
     $this->iAddKeyWithValueInTheBodyRequest('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
     $this->iAddKeyWithValueInTheBodyRequest('client_assertion', $jwe);
 }
Beispiel #3
0
 /**
  * @param string $kid
  * @param mixed  $payload
  * @param array  $protected_header
  * @param array  $unprotected_header
  * @param string $mode
  *
  * @throws \Exception
  *
  * @return string
  */
 public function sign($kid, $payload, array $protected_header, array $unprotected_header = [], $mode = JSONSerializationModes::JSON_COMPACT_SERIALIZATION)
 {
     $key = $this->getKeysetManager()->getKeyByKid($kid);
     if (!$key instanceof JWKInterface) {
         throw new \Exception('Unable to determine the key used to sign the payload.');
     }
     if (!array_key_exists('kid', $protected_header)) {
         $protected_header['kid'] = $kid;
     }
     $instruction = new SignatureInstruction();
     $instruction->setKey($key)->setProtectedHeader($protected_header)->setUnprotectedHeader($unprotected_header);
     return $this->getSigner()->sign($payload, [$instruction], $mode);
 }
Beispiel #4
0
 /**
  *
  */
 public function testCompletePS512Sign()
 {
     $input = new JWT();
     $input->setProtectedHeaderValue('alg', 'PS512')->setProtectedHeaderValue('jwk', ['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB'])->setPayload('Je suis Charlie');
     $key = new JWK(['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB', 'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc', 'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ', 'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU', 'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M', 'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE', 'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os']);
     $instruction = new SignatureInstruction();
     $instruction->setKey($key);
     $signer = $this->getSigner();
     $signature = $signer->sign($input, [$instruction]);
     $loader = $this->getLoader();
     $result = $loader->load($signature);
     $this->assertInstanceOf('Jose\\JWSInterface', $result);
     $this->assertEquals('Je suis Charlie', $result->getPayload());
     $this->assertEquals('PS512', $result->getAlgorithm());
 }
Beispiel #5
0
 /**
  *
  */
 public function testSignAndLoadJWKSet()
 {
     $signer = $this->getSigner();
     $loader = $this->getLoader();
     $instruction1 = new SignatureInstruction();
     $instruction1->setKey($this->getKey1())->setProtectedHeader(['alg' => 'HS512'])->setUnprotectedHeader(['foo' => 'bar']);
     $instruction2 = new SignatureInstruction();
     $instruction2->setKey($this->getKey2())->setProtectedHeader(['alg' => 'RS512']);
     $signatures = $signer->sign($this->getKeyset(), [$instruction1, $instruction2], JSONSerializationModes::JSON_SERIALIZATION);
     $this->assertTrue(is_string($signatures));
     $loaded = $loader->load($signatures);
     /*
      * @var \Jose\JWSInterface[] $loaded
      */
     $this->assertTrue(is_array($loaded));
     $this->assertEquals(2, count($loaded));
     foreach ($loaded as $jws) {
         $this->assertInstanceOf('\\Jose\\JWSInterface', $jws);
         $this->assertEquals($this->getKeyset(), $jws->getPayload());
         $this->assertTrue($loader->verifySignature($jws));
     }
     $this->assertEquals('HS512', $loaded[0]->getAlgorithm());
     $this->assertEquals('RS512', $loaded[1]->getAlgorithm());
 }