/** * https://tools.ietf.org/html/rfc7516#section-9 * @param string $compact_serialization * @return IBasicJWT * @throws InvalidJWKType * @throws InvalidCompactSerializationException */ public static function build($compact_serialization) { $segments = explode(IBasicJWT::SegmentSeparator, $compact_serialization); // JWSs have three segments separated by two period ('.') characters. // JWEs have five segments separated by four period ('.') characters. switch (count($segments)) { case 3: // JWS or unsecured one $header = JOSEHeaderSerializer::deserialize($segments[0]); if ($header->getAlgorithm()->getString() === 'none' && empty($segments[2])) { return UnsecuredJWT::fromCompactSerialization($compact_serialization); } return JWSFactory::build(new JWS_CompactFormatSpecification($compact_serialization)); break; case 5: // JWE return JWEFactory::build(new JWE_CompactFormatSpecification($compact_serialization)); break; default: throw new InvalidCompactSerializationException(); break; } return null; }
/** * @throws \jwk\exceptions\InvalidJWKAlgorithm * @throws \jwk\exceptions\InvalidJWKType */ public function testSignAndVerificationTokenRSAUnicode() { $claim_set = JWTClaimSetFactory::build(array(RegisteredJWTClaimNames::Issuer => 'セバスチャン', RegisteredJWTClaimNames::ExpirationTime => 1300819380, "http://example.com/is_root" => true, 'groups' => array('admin', 'sudo', 'devs'))); //load server private key. $key = RSAJWKFactory::build(new RSAJWKPEMPrivateKeySpecification(TestKeys::$private_key_pem, RSAJWKPEMPrivateKeySpecification::WithoutPassword, JSONWebSignatureAndEncryptionAlgorithms::PS512)); $key->setId('server_key'); $alg = new StringOrURI(JSONWebSignatureAndEncryptionAlgorithms::PS512); $jws = JWSFactory::build(new JWS_ParamsSpecification($key, $alg, $claim_set)); // and sign with server private key $compact_serialization = $jws->toCompactSerialization(); $this->assertTrue(!is_null($jws)); $this->assertTrue(!empty($compact_serialization)); // then on client side, load the JWS from compact format $jws_1 = JWSFactory::build(new JWS_CompactFormatSpecification($compact_serialization)); $this->assertTrue(!is_null($jws_1)); // get the server public key from jose header .. $public_key = $jws_1->getJOSEHeader()->getHeaderByName(RegisteredJOSEHeaderNames::JSONWebKey); $this->assertTrue(!is_null($public_key)); $public_key = $public_key->getRawValue(); // and re built it from params $public_key = RSAJWKFactory::build(new RSAJWKParamsPublicKeySpecification($public_key[RSAKeysParameters::Modulus], $public_key[RSAKeysParameters::Exponent], $public_key[JSONWebKeyParameters::Algorithm], $public_key[JSONWebKeyParameters::PublicKeyUse])); //set the server public key and then proceed to verify signature $res = $jws_1->setKey($public_key)->verify($alg->getString()); $this->assertTrue($res); $this->assertTrue($jws_1->getClaimSet()->getIssuer()->getString() === 'セバスチャン'); }
public function testDecryptZipped() { $jwe_compact_form = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.QsuGdnlMU4koqOkEXn-pJOjq-qsdVjMas_324HoUJgmPTNvL7Q6JNb2sa62rPp2oCumhXiPXss2HkvPKrEsy1WxrAaJtzKKMp_bl65IUe4l7eiHX0TbUiUoCpsacJa7K7L_vY4uEb5nr6sZ8IsdaW9mlJNrQf_dlq18rl6RoIKkGsHU7cNPxw-V7WtFWJjgMdDBJ2MJw050DLQrA217r7HuahLvts1lHUWLOXkiLpThYr0K2iV4mXouODcz8c90jTh-gCUz1yjwGajpeMwUovabPjPAQKhaOjHaoxaRBh1SD2DTnhvbtEPaxuRxvKEiM7uf3t3qBm1vs4Tjjma2PNSHf-iEJEUkUMVl10PPZ0Q4smS622KgcG371_JAjdBMn614gB2x8FBV_0y6EAc1DHF4Lxrpo4B2yw8WOdsS9ooUFakXRulcpAj4DYfL4ZJphzC7tXbrIX6vq-yo1a-nPAAGY87hkQow1nSoYUSeSVvEDFZD0MVzuSXE1btVZJfnHd8mjDEFTLxfqrCWZxC5jhzdGcGnBFOV3Gzt3obvn20iS-8jds3LVe4to28aSOX_jGUJjxXRQXRCzVuy9kUeHfrX56gKIp8IEaeQQP4Cr9cyXsbrS5WvUw8dmZjPLvC_t_pb5dHFeDK7gE3rPKlNgsjecfhlgmdp7Tve3Evee83Q.uIUD3haEyB45qWTbY-3txWWlDUX3XA8cVwonOYoX_543hxqSHkegWZ3IgU4PhcAFcHB3RFackjw6C4ZnbIGQvw.DeSYoiSvZ5YvXrnWc90XVwWDmUvfYZgdAcx2x4Y5CTSRPEIuZTnOoTGrsHZDg25hlTPXfE8w2z4LFc1_OYVIBlDZ82p3-doMZqr6k0fiR_J3TJV2oRzs10gZveWbqHGTQRZ3TE7IOJtJ-dh_saO4R_IcZG_FwIq_d9YHHXBv2Bd8yEA7U7e1LBZA_CFYryQz2RHjaEnxVhwpKXkBId26MUS7eOBUhJ9yie0kEB-E6Rd7a6gvMxItM7feoe23M1069Ydt8UEqbtls4l496Qus61nxE0g5VZuhpQmR_CFRjQhgrKjyZPLQit2gmwt8yk_Ow7fzHK0TVxUe40TV6Nzf-9XueLhFbRc_KKyey10LDwX_QSijYS8keKcu3s84DHTapujLO7x3CAZ6VzdKYvMBkm_KtHyIU4V6UbT_uX3RtDIfQDhJ7XRrz8Zg9sEtctt3kSdUAKkvvlANOAsqK4Z-9nNCFP2IfYlR5LXFofzVtxZCMMLYCymB-1KmKwLEXDTWcooVAT2cC0nDX6IlYT3r3-VcNIuquJwji_yxDvcszziSdTMIlExrYXSDwDc2z-jvXCu11iZJ5u3MscVgTXypPUkrGAhIvdl6lQTWhtdwuKvcPBZbrOeAJq-tHnC0Sr49wecEmpaGvq3UCRTqYgzR-u9DEEzlMa_d54Y64ilOXWblBc3JcxblnQuO9tGBqVis1KwZ1CYLlYC2gye6BpPkYR73_tueisOKciaZIBYEDYhfow5PFFS1rQZFDu6Iq04S43IXvGg9k7JWv3d5cE1iqmMzMehZ7hf4_2gbF05s02y4HLxoooP7r6tekOAMcPkBCSqEqW04g993QhbOwCDnn2H_I-9YavdBknuDopVxcGQPydih-nJaID50rmAcszUCX5mIyMt3LMzJH6WdDhw__3kl2PeQO0hKCiTSDfdFVxJb0m7vdCFMFKOlpC1GneYU7x1YWEbulru57g4wmjkkmEO9G6oQPn-1SmCRQb5r16TH2_cYQsbCKFHeZxLWugcbUcnXZKdIVKre8icNUFQjjxypjJw6pNkXHzRXP6jvvfxmudsRuq6LB6VyiuMlmnuafqf55XlJLU9wQJGbj86-sUIpqW9o8YaYZSsFhgiwT6ETSOhJRRA91GDyhjJzjaskf3Grr0PGtWNv2fHBJyT469RspK6lQuCNhOGg4yd7itGoMT61sqxdYWVp8qMcBz1NPb0dQ93ibCRtPZO5GkUSOsLJHsu9axtB0DYICbCZwayjal-4FY6Tm-feuP84bqZEQy--vYogJ48DWEm_HOV-7Ihx3ibrVLahpn773HvS4QK8X6ifLbWhum563-hXBNc_6TK0BWBcQXJbDkVGlaiA4qAhczMnMifCzTLwLOjvbvaKl4rPTjdZr-uS-MgRzTIZK6U7MDZOMlYedj1jhmKROP0h7eQapIhugguKuILAdyy_36ckq-GSNpgolqI4m3AfIRxlUAo5nMECy8rSRtCusT90OhPbwR01Vr_tUze4-eot9sqquy85kAi8AtiwknLF_KKUnyNDS8dT8GzHbMilJK3OvL0P6iLyDBRpaGQ3Sb8YDKJBmSQvxGlqdxzTeAw4QMLJCogPkuT4vGsg6b6RomrX1UhtM6T03ia1qR8WMvrpRhwJPQCbG0vTEmaKMJiJ4YKmnGPPLJ7zClZ_OxYoDr-DXk10A-jHAJ-8xX-l88dD-cgYlyOvT6GZxjjvx9Qmzr3WJsFSA2U2gC5sHqrHzD-vUky9I7WFHieOpUW3_hM_-ypZDfWJnn7ehNi8te-EbUUSlhYmn_GoygalbCdx0zvVpZlzZsCEYjvOlU9ZdKFST2BPbjpRKppLhLUnlWHH7-KpP3elyiJy2GJcY1N0JY4LP3ZTJyCI_CVTeNDDbZHUdMD3v-oO78wu4DAK_XgVX_-rCOrt1pFZ_k-FONSVq8zQtts6LVeWcaX60Q-zc4jGvZ7bn88UuNNtiBuq3jzskSgI0jS185-EZd5gBM_ahkcEHnkEVk4DLC6fnKp5V3Cek8xEw7p_ADsVx-cNPR46T3JIblOQil_u4I8gh-w1S9R7J_5QVFDsFsdRWy-yzI2fmzbw7DUsysNUqXPXyFKnUOUFjTAIhiYtLKsXx2YO8l5Dj2P9lLgEkwGq3oxlf7vVG29A1iVtcKtyLqah5hMvi7Dp445jvHzHQmvb7Psi0Yy8_PjepEP0pWZ982NBn75Fx9D04FqBIoHvsAg0hVhykOMoBEdCA8GHzMP8zUDXeH7Gj6QeTYmRL0Q7JLdPxQUGsPyiwPCo9Q-5SirIJpDZjDwtH6_vZ_BrB_kWQSSWdDvd2okqpqaynVhlSutJdyU.pO_I4zL-ky1p1OQPd1Ta2bAV3kpcdOjrvY1whQ7-7Q6kuA-iaVkIoHilDhCslp6_PZ_wdTun96yG8JxQfH56AA'; $jwe_2 = JWEFactory::build(new JWE_CompactFormatSpecification($jwe_compact_form)); $this->assertTrue(!is_null($jwe_2)); $recipient_key = RSAJWKFactory::build(new RSAJWKPEMPrivateKeySpecification(TestKeys::$private_key2_pem, RSAJWKPEMPrivateKeySpecification::WithoutPassword, $jwe_2->getJOSEHeader()->getAlgorithm()->getString())); $recipient_key->setKeyUse(JSONWebKeyPublicKeyUseValues::Encryption)->setId('recipient_public_key'); $jwe_2->setRecipientKey($recipient_key); $payload_2 = $jwe_2->getPlainText(); $this->assertTrue(!empty($payload_2)); $jws = JWSFactory::build(new JWS_CompactFormatSpecification($payload_2)); $this->assertTrue(!is_null($jws)); $server_key = RSAJWKFactory::build(new RSAJWKPEMPublicKeySpecification(TestKeys::$public_key_pem, JSONWebSignatureAndEncryptionAlgorithms::RS384)); $server_key->setId('rsa_server'); // and verify signature. $res = $jws->setKey($server_key)->verify(JSONWebSignatureAndEncryptionAlgorithms::RS384); $this->assertTrue($res); }