Returns the string representing the JWT.
| public getTokenString ( ) : string | ||
| return | string | |
/**
* Create a JSON Web Token.
*
* @param array $payload
*
* @throws \Tymon\JWTAuth\Exceptions\JWTException
*
* @return string
*/
public function encode(array $payload)
{
try {
$this->jws->setPayload($payload)->sign($this->getSigningKey(), $this->getPassphrase());
return (string) $this->jws->getTokenString();
} catch (Exception $e) {
throw new JWTException('Could not create token: ' . $e->getMessage());
}
}
/**
* Create a JSON Web Token.
*
* @throws \Tymon\JWTAuth\Exceptions\JWTException
*
* @return string
*/
public function encode(array $payload)
{
try {
$this->jws->setPayload($payload)->sign($this->secret['private']);
return $this->jws->getTokenString();
} catch (Exception $e) {
throw new JWTException('Could not create token: ' . $e->getMessage());
}
}
/**
* {@inheritdoc}
*/
public function encode(array $data)
{
$jws = new JWS(self::ALGORYTHM);
$jws->setPayload($data);
$jws->sign($this->getPrivateKey());
return $jws->getTokenString();
}
/**
* @param array $payload
* @param int $ttl
*
* @return string
*/
public function encode(array $payload, $ttl = 86400)
{
$payload['iat'] = time();
$payload['exp'] = time() + $ttl;
$jws = new JWS(['typ' => 'JWS', 'alg' => self::ALG]);
$jws->setPayload($payload);
$jws->sign($this->key);
return $jws->getTokenString();
}
public function testTestBC()
{
$data = array(array('order_nr' => 'ae123123'), array('username' => 'asdasdasd'), array('anything' => '!@#$%^&*()_+'));
foreach ($data as $payload) {
$jwsOld = new JWS(array('alg' => 'RS256'));
$jwsOld->setEncoder(new Base64Encoder());
$jwsOld->setPayload($payload);
$jwsOld->sign(openssl_pkey_get_private(SSL_KEYS_PATH . 'private.key', self::SSL_KEY_PASSPHRASE));
$t = $jwsOld->getTokenString();
$jwsNew = JWS::load($t);
$this->assertTrue($jwsNew->verify(openssl_pkey_get_public(SSL_KEYS_PATH . 'public.key')));
}
}
public function testTestBC()
{
$data = array(array("order_nr" => "ae123123"), array("username" => "asdasdasd"), array("anything" => "!@#\$%^&*()_+"));
foreach ($data as $payload) {
$jwsOld = new JWS("RS256");
$jwsOld->setEncoder(new Base64Encoder());
$jwsOld->setPayload($payload);
$jwsOld->sign(openssl_pkey_get_private(SSL_KEYS_PATH . "private.key", self::SSL_KEY_PASSPHRASE));
$t = $jwsOld->getTokenString();
$jwsNew = JWS::load($t);
$this->assertTrue($jwsNew->verify(openssl_pkey_get_public(SSL_KEYS_PATH . "public.key")));
}
}
/**
* @param RequestInterface $request
*
* @return RequestInterface
*/
public function __invoke(RequestInterface $request)
{
$uri = $request->getUri();
$path = $uri->getPath();
$path .= $uri->getQuery() != null ? '?' . $uri->getQuery() : '';
$payload = ['key' => 'master', 'exp' => time() + $this->exp, 'method' => $request->getMethod(), 'path' => $path];
if (in_array($request->getMethod(), ['PUT', 'POST'])) {
$body = $request->getBody();
$computedHash = \GuzzleHttp\Psr7\hash($body, 'sha256');
$payload['body'] = ['alg' => 'sha256', 'hash' => $computedHash];
}
$jws = new JWS(['typ' => 'JWT', 'alg' => 'HS256']);
$jws->setPayload($payload)->sign($this->secret);
$token = $jws->getTokenString();
return $request->withHeader('Authorization', 'JWT token="' . $token . '"');
}
public function testVerifyIncorrectPubKey()
{
$content = new JWS(['alg' => 'RS256']);
$content->setPayload(['prop' => 'val'], false);
$content->sign(openssl_pkey_get_private('file://' . $GLOBALS['KEYs']['private'], $GLOBALS['KEYs']['password']));
$obj = new Statement(['actor' => ['mbox' => COMMON_MBOX], 'verb' => ['id' => COMMON_VERB_ID], 'object' => new Activity(['id' => COMMON_ACTIVITY_ID . '/StatementTest/testSignNoPassword']), 'attachments' => [['usageType' => 'http://adlnet.gov/expapi/attachments/signature', 'display' => ['en-US' => 'test display'], 'contentType' => 'application/octet-stream', 'content' => $content->getTokenString()]]]);
$newKey = openssl_pkey_new(['private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
$pubKey = openssl_pkey_get_details($newKey);
$pubKey = $pubKey["key"];
$result = $obj->verify(['publicKey' => $pubKey]);
$this->assertFalse($result['success'], 'success');
$this->assertSame($result['reason'], 'Failed to verify signature', 'reason');
}
public function testSignAndVerifyWithEmptyStringPublicKey()
{
$public_key = false;
$jwsHMAC = new JWS('HS256');
$jwsHMAC->sign('');
$jws = JWS::load($jwsHMAC->getTokenString());
$this->assertFalse($jws->verify($public_key));
}
public function testSignAndVerifyWithSecLib()
{
if (version_compare(PHP_VERSION, '7.0.0-dev') >= 0) {
$this->setExpectedException('InvalidArgumentException');
}
$jwsRSA = new JWS(array('alg' => 'RS256'), 'SecLib');
$data = array('a' => 'b');
$jwsRSA->setPayload($data);
$jwsRSA->sign(file_get_contents(SSL_KEYS_PATH . 'private.key'), 'tests');
$jws = JWS::load($jwsRSA->getTokenString(), false, null, 'SecLib');
$this->assertTrue($jws->verify(file_get_contents(SSL_KEYS_PATH . 'public.key', 'RS256')));
}
public function testSignAndVerifyWithSecLib()
{
$jwsRSA = new JWS(array('alg' => 'RS256'), 'SecLib');
$data = array('a' => 'b');
$jwsRSA->setPayload($data);
$jwsRSA->sign(file_get_contents(SSL_KEYS_PATH . "private.key"), 'tests');
$jws = JWS::load($jwsRSA->getTokenString(), false, null, 'SecLib');
$this->assertTrue($jws->verify(file_get_contents(SSL_KEYS_PATH . "public.key", 'RS256')));
}
public function sign($privateKeyFile, $privateKeyPass, $options = array())
{
if (!isset($options['version'])) {
$options['version'] = Version::latest();
}
if (!isset($options['algorithm'])) {
$options['algorithm'] = 'RS256';
}
if (!isset($options['display'])) {
$options['display'] = array('en-US' => 'Statement Signature');
}
if (!isset($options['signatureHeader'])) {
$options['signatureHeader'] = array();
}
if (!in_array($options['algorithm'], array('RS256', 'RS384', 'RS512'), true)) {
throw new \InvalidArgumentException("Invalid signing algorithm: '" . $options['algorithm'] . "'");
}
// serialize the statement
$serialization = $this->serializeForSignature($options['version']);
//
// commands to generate required files:
// openssl genrsa -aes256 -out private.key 2048
// openssl req -new -x509 -key private.key -out cacert.pem -days 1095
//
$privateKey = openssl_pkey_get_private($privateKeyFile, $privateKeyPass);
if (!$privateKey) {
throw new \Exception('Unable to get private key: ' . openssl_error_string());
}
$jwsHeader = array('alg' => $options['algorithm'], 'TinCanPHP' => true);
if (isset($options['signatureHeader'])) {
array_replace($jwsHeader, $options['signatureHeader']);
}
if (isset($options['x5c'])) {
$jwsHeader['x5c'] = array();
if (!is_array($options['x5c'])) {
$options['x5c'] = array($options['x5c']);
}
foreach ($options['x5c'] as $cert) {
$cert = openssl_x509_read($cert);
if (!$cert) {
throw new \Exception('Unable to read certificate for x5c inclusion: ' . openssl_error_string());
}
if (!openssl_x509_export($cert, $x5c, true)) {
throw new \Exception('Unable to export certificate for x5c inclusion: ' . openssl_error_string());
}
$x5c = preg_replace(array("/^-----BEGIN CERTIFICATE-----\r?\n/", "/-----END CERTIFICATE-----\r?\n\$/", "/\r?\n/"), '', $x5c);
array_push($jwsHeader['x5c'], $x5c);
}
}
$jws = new JWS($jwsHeader);
$jws->setPayload($serialization, false);
$jws->sign($privateKey);
$attachment = array('contentType' => self::SIGNATURE_CONTENT_TYPE, 'usageType' => self::SIGNATURE_USAGE_TYPE, 'content' => $jws->getTokenString(), 'display' => $options['display']);
if (isset($options['description'])) {
$attachment['description'] = $options['description'];
}
$this->addAttachment($attachment);
}
