public function setUp() { $this->payload = $this->getMockBuilder('Emarref\\Jwt\\Token\\Payload')->getMock(); $this->token = $this->getMockBuilder('Emarref\\Jwt\\Token')->getMock(); $this->token->expects($this->any())->method('getPayload')->will($this->returnValue($this->payload)); $this->verifier = new ExpirationVerifier(); }
public function sign(Token $token) { $token->addHeader(new Algorithm($this->encryption->getAlgorithmName())); $rawSignature = $this->getUnsignedValue($token); $signature = $this->encryption->encrypt($rawSignature); $token->setSignature($signature); }
/** * @param Token $token * @throws InvalidSubjectException */ public function verify(Token $token) { /** @var Claim\Subject $subjectClaim */ $subjectClaim = $token->getPayload()->findClaimByName(Claim\Subject::NAME); $subject = null === $subjectClaim ? null : $subjectClaim->getValue(); if ($this->subject !== $subject) { throw new InvalidSubjectException(); } }
/** * @param Token $token * @throws VerificationException */ public function verify(Token $token) { /** @var Claim\Issuer $issuerClaim */ $issuerClaim = $token->getPayload()->findClaimByName(Claim\Issuer::NAME); $issuer = null === $issuerClaim ? null : $issuerClaim->getValue(); if ($this->issuer !== $issuer) { throw new VerificationException('Issuer is invalid.'); } }
public function testStringAudience() { $audienceClaim = $this->getMockBuilder('Emarref\\Jwt\\Claim\\Audience')->getMock(); $audienceClaim->expects($this->once())->method('getValue')->will($this->returnValue('urn://audienceone')); $this->payload->expects($this->once())->method('findClaimByName')->with(Claim\Audience::NAME)->will($this->returnValue($audienceClaim)); $this->token->expects($this->once())->method('getPayload')->will($this->returnValue($this->payload)); $verifier = new AudienceVerifier('urn://audienceone'); $verifier->verify($this->token); }
public function testSuccess() { $issuerClaim = $this->getMockBuilder('Emarref\\Jwt\\Claim\\Issuer')->getMock(); $issuerClaim->expects($this->once())->method('getValue')->will($this->returnValue('an_issuer')); $this->token->expects($this->once())->method('getPayload')->will($this->returnValue($this->payload)); $this->payload->expects($this->once())->method('findClaimByName')->with(Claim\Issuer::NAME)->will($this->returnValue($issuerClaim)); $verifier = new IssuerVerifier('an_issuer'); $verifier->verify($this->token); }
/** * @param array $spec * @return Token */ private function getTokenWithout(array $spec) { $mappings = [self::VALID_USER_ID => new PublicClaim('userId', self::USER_ID), self::VALID_GROUP_ID => new PublicClaim('groupId', self::GROUP_ID), self::VALID_APP_ID => new PublicClaim('appId', self::APP_ID), self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()), self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN), self::VALID_SEGMENTS => new PublicClaim('segments', $this->testSegments)]; $spec = array_diff(array_keys($mappings), $spec); $token = new Token(); foreach ($spec as $desiredClaim) { $token->addClaim($mappings[$desiredClaim]); } return $token; }
protected static function authorization() { $token = new Emarref\Jwt\Token(); $parameter = new Emarref\Jwt\HeaderParameter\Custom('typ', 'JWT'); $token->addHeader($parameter, true); $token->addClaim(new Emarref\Jwt\Claim\Expiration(new \DateTime(self::$duration))); $jwt = new Emarref\Jwt\Jwt(); $algorithm = new Emarref\Jwt\Algorithm\Hs256(self::$appSecret); $encryption = Emarref\Jwt\Encryption\Factory::create($algorithm); $serializedToken = $jwt->serialize($token, $encryption); return $serializedToken; }
/** * @param Token $token * @throws VerificationException */ public function verify(Token $token) { /** @var Claim\Audience $audienceClaim */ $audienceClaim = $token->getPayload()->findClaimByName(Claim\Audience::NAME); $audience = null === $audienceClaim ? null : $audienceClaim->getValue(); if (!is_array($audience)) { $audience = [$audience]; } if (!in_array($this->audience, $audience, true)) { throw new VerificationException('Audience is invalid.'); } }
public function verify(Token $token) { /** @var Claim\Expiration $expirationClaim */ $expirationClaim = $token->getPayload()->findClaimByName(Claim\Expiration::NAME); if (null === $expirationClaim) { return null; } $now = new \DateTime('now', new \DateTimeZone('UTC')); if ($now->getTimestamp() > $expirationClaim->getValue()) { $expiration = $this->getDateTimeFromClaim($expirationClaim); throw new ExpiredException($expiration); } }
/** * @param Token $token * @throws InvalidSignatureException */ public function verify(Token $token) { /** @var HeaderParameter\Algorithm $algorithmParameter */ $algorithmParameter = $token->getHeader()->findParameterByName(HeaderParameter\Algorithm::NAME); if (null === $algorithmParameter) { throw new \RuntimeException('Algorithm parameter not found in token header.'); } if ($algorithmParameter->getValue() !== $this->encryption->getAlgorithmName()) { throw new \RuntimeException(sprintf('Cannot use "%s" algorithm to decrypt token encrypted with algorithm "%s".', $this->encryption->getAlgorithmName(), $algorithmParameter->getValue())); } if (!$this->encryption->verify($this->signer->getUnsignedValue($token), $token->getSignature())) { throw new InvalidSignatureException(); } }
public function verify(Token $token) { /** @var Claim\NotBefore $notBeforeClaim */ $notBeforeClaim = $token->getPayload()->findClaimByName(Claim\NotBefore::NAME); if (null === $notBeforeClaim) { return null; } $now = new \DateTime('now', new \DateTimeZone('UTC')); if (!is_long($notBeforeClaim->getValue())) { throw new \InvalidArgumentException(sprintf('Invalid not before timestamp "%s"', $notBeforeClaim->getValue())); } if ($now->getTimestamp() < $notBeforeClaim->getValue()) { $notBefore = new \DateTime(); $notBefore->setTimestamp($notBeforeClaim->getValue()); throw new VerificationException(sprintf('Token must not be processed before "%s"', $notBefore->format('r'))); } }
public function testValidSignature() { $algorithmParameter = $this->getMockBuilder('Emarref\\Jwt\\HeaderParameter\\Algorithm')->getMock(); $algorithmParameter->expects($this->once())->method('getValue')->will($this->returnValue('foo')); $this->header->expects($this->once())->method('findParameterByName')->with(HeaderParameter\Algorithm::NAME)->will($this->returnValue($algorithmParameter)); $this->encryption->expects($this->once())->method('getAlgorithmName')->will($this->returnValue('foo')); $this->encryption->expects($this->once())->method('verify')->will($this->returnValue(true)); $this->signer->expects($this->once())->method('getUnsignedValue')->will($this->returnValue('bar')); $this->token->expects($this->once())->method('getSignature')->will($this->returnValue('bar')); $verifier = new EncryptionVerifierStub($this->encryption, $this->encoder, $this->signer); $verifier->verify($this->token); }
/** * Get a claim if we have one or return null * @param string $claim the name of the claim * @return mixed */ private function getClaimOrNull($claim) { $claim = $this->token->getPayload()->findClaimByName($claim); return $claim ? $claim->getValue() : null; }
/** * @param Token $token * @return string */ public function serialize(Token $token) { $serializedHeader = $token->getHeader()->getParameters()->jsonSerialize(); $serializedPayload = $token->getPayload()->getClaims()->jsonSerialize(); $signature = $token->getSignature(); return sprintf('%s.%s.%s', $this->encoding->encode($serializedHeader), $this->encoding->encode($serializedPayload), $this->encoding->encode($signature)); }