/**
* @test
*
* @covers \Lcobucci\JWT\Configuration
* @covers \Lcobucci\JWT\Builder
* @covers \Lcobucci\JWT\Parser
* @covers \Lcobucci\JWT\Token
* @covers \Lcobucci\JWT\Signature
* @covers \Lcobucci\JWT\Signer\Key
* @covers \Lcobucci\JWT\Signer\BaseSigner
* @covers \Lcobucci\JWT\Signer\Ecdsa
* @covers \Lcobucci\JWT\Signer\Ecdsa\KeyParser
* @covers \Lcobucci\JWT\Signer\Ecdsa\EccAdapter
* @covers \Lcobucci\JWT\Signer\Ecdsa\SignatureSerializer
* @covers \Lcobucci\JWT\Signer\Ecdsa\Sha512
* @covers \Lcobucci\JWT\Signer\Hmac
* @covers \Lcobucci\JWT\Signer\Hmac\Sha512
* @covers \Lcobucci\JWT\Claim\Factory
* @covers \Lcobucci\JWT\Claim\Basic
*/
public function preventRegressionsThatAllowsMaliciousTampering()
{
$data = 'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' . 'AQx1MqdTni6KuzfOoedg2-7NUiwe-b88SWbdmviz40GTwrM0Mybp1i1tVtm' . 'TSQ91oEXGXBdtwsN6yalzP9J-sp2YATX_Tv4h-BednbdSvYxZsYnUoZ--ZU' . 'dL10t7g8Yt3y9hdY_diOjIptcha6ajX8yzkDGYG42iSe3f5LywSuD6FO5c';
$key = new Key('-----BEGIN PUBLIC KEY-----' . PHP_EOL . 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcpkss6wI7PPlxj3t7A1RqMH3nvL4' . PHP_EOL . 'L5Tzxze/XeeYZnHqxiX+gle70DlGRMqqOq+PJ6RYX7vK0PJFdiAIXlyPQq0B3KaU' . PHP_EOL . 'e86IvFeQSFrJdCc0K8NfiH2G1loIk3fiR+YLqlXk6FAeKtpXJKxR1pCQCAM+vBCs' . PHP_EOL . 'mZudf1zCUZ8/4eodlHU=' . PHP_EOL . '-----END PUBLIC KEY-----');
// Let's let the attacker tamper with our message!
$bad = $this->createMaliciousToken($data, $key);
/**
* At this point, we have our forged message in $bad for testing...
*
* Now, if we allow the attacker to dictate what Signer we use
* (e.g. HMAC-SHA512 instead of ECDSA), they can forge messages!
*/
$token = $this->config->getParser()->parse((string) $bad);
self::assertEquals('world', $token->getClaim('hello'), 'The claim content should not be modified');
self::assertTrue($token->verify(new HS512(), $key), 'Using the attackers signer should make things unsafe');
self::assertFalse($token->verify(Sha512::create(), $key), 'But we know which Signer should be used so the attack fails');
}
