/** * @test * * @covers \Lcobucci\JWT\Configuration * @covers \Lcobucci\JWT\Builder * @covers \Lcobucci\JWT\Parser * @covers \Lcobucci\JWT\Token * @covers \Lcobucci\JWT\Signature * @covers \Lcobucci\JWT\Signer\Key * @covers \Lcobucci\JWT\Signer\BaseSigner * @covers \Lcobucci\JWT\Signer\Ecdsa * @covers \Lcobucci\JWT\Signer\Ecdsa\KeyParser * @covers \Lcobucci\JWT\Signer\Ecdsa\EccAdapter * @covers \Lcobucci\JWT\Signer\Ecdsa\SignatureSerializer * @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512 * @covers \Lcobucci\JWT\Signer\Hmac * @covers \Lcobucci\JWT\Signer\Hmac\Sha512 * @covers \Lcobucci\JWT\Claim\Factory * @covers \Lcobucci\JWT\Claim\Basic */ public function preventRegressionsThatAllowsMaliciousTampering() { $data = 'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' . 'AQx1MqdTni6KuzfOoedg2-7NUiwe-b88SWbdmviz40GTwrM0Mybp1i1tVtm' . 'TSQ91oEXGXBdtwsN6yalzP9J-sp2YATX_Tv4h-BednbdSvYxZsYnUoZ--ZU' . 'dL10t7g8Yt3y9hdY_diOjIptcha6ajX8yzkDGYG42iSe3f5LywSuD6FO5c'; $key = new Key('-----BEGIN PUBLIC KEY-----' . PHP_EOL . 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcpkss6wI7PPlxj3t7A1RqMH3nvL4' . PHP_EOL . 'L5Tzxze/XeeYZnHqxiX+gle70DlGRMqqOq+PJ6RYX7vK0PJFdiAIXlyPQq0B3KaU' . PHP_EOL . 'e86IvFeQSFrJdCc0K8NfiH2G1loIk3fiR+YLqlXk6FAeKtpXJKxR1pCQCAM+vBCs' . PHP_EOL . 'mZudf1zCUZ8/4eodlHU=' . PHP_EOL . '-----END PUBLIC KEY-----'); // Let's let the attacker tamper with our message! $bad = $this->createMaliciousToken($data, $key); /** * At this point, we have our forged message in $bad for testing... * * Now, if we allow the attacker to dictate what Signer we use * (e.g. HMAC-SHA512 instead of ECDSA), they can forge messages! */ $token = $this->config->getParser()->parse((string) $bad); self::assertEquals('world', $token->getClaim('hello'), 'The claim content should not be modified'); self::assertTrue($token->verify(new HS512(), $key), 'Using the attackers signer should make things unsafe'); self::assertFalse($token->verify(Sha512::create(), $key), 'But we know which Signer should be used so the attack fails'); }