public function setUp()
{
$this->payload = $this->getMockBuilder('Emarref\\Jwt\\Token\\Payload')->getMock();
$this->token = $this->getMockBuilder('Emarref\\Jwt\\Token')->getMock();
$this->token->expects($this->any())->method('getPayload')->will($this->returnValue($this->payload));
$this->verifier = new ExpirationVerifier();
}
public function sign(Token $token)
{
$token->addHeader(new Algorithm($this->encryption->getAlgorithmName()));
$rawSignature = $this->getUnsignedValue($token);
$signature = $this->encryption->encrypt($rawSignature);
$token->setSignature($signature);
}
/**
* @param Token $token
* @throws InvalidSubjectException
*/
public function verify(Token $token)
{
/** @var Claim\Subject $subjectClaim */
$subjectClaim = $token->getPayload()->findClaimByName(Claim\Subject::NAME);
$subject = null === $subjectClaim ? null : $subjectClaim->getValue();
if ($this->subject !== $subject) {
throw new InvalidSubjectException();
}
}
/**
* @param Token $token
* @throws VerificationException
*/
public function verify(Token $token)
{
/** @var Claim\Issuer $issuerClaim */
$issuerClaim = $token->getPayload()->findClaimByName(Claim\Issuer::NAME);
$issuer = null === $issuerClaim ? null : $issuerClaim->getValue();
if ($this->issuer !== $issuer) {
throw new VerificationException('Issuer is invalid.');
}
}
public function testStringAudience()
{
$audienceClaim = $this->getMockBuilder('Emarref\\Jwt\\Claim\\Audience')->getMock();
$audienceClaim->expects($this->once())->method('getValue')->will($this->returnValue('urn://audienceone'));
$this->payload->expects($this->once())->method('findClaimByName')->with(Claim\Audience::NAME)->will($this->returnValue($audienceClaim));
$this->token->expects($this->once())->method('getPayload')->will($this->returnValue($this->payload));
$verifier = new AudienceVerifier('urn://audienceone');
$verifier->verify($this->token);
}
public function testSuccess()
{
$issuerClaim = $this->getMockBuilder('Emarref\\Jwt\\Claim\\Issuer')->getMock();
$issuerClaim->expects($this->once())->method('getValue')->will($this->returnValue('an_issuer'));
$this->token->expects($this->once())->method('getPayload')->will($this->returnValue($this->payload));
$this->payload->expects($this->once())->method('findClaimByName')->with(Claim\Issuer::NAME)->will($this->returnValue($issuerClaim));
$verifier = new IssuerVerifier('an_issuer');
$verifier->verify($this->token);
}
/**
* @param array $spec
* @return Token
*/
private function getTokenWithout(array $spec)
{
$mappings = [self::VALID_USER_ID => new PublicClaim('userId', self::USER_ID), self::VALID_GROUP_ID => new PublicClaim('groupId', self::GROUP_ID), self::VALID_APP_ID => new PublicClaim('appId', self::APP_ID), self::VALID_EXPIRY_DATE => new PublicClaim('exp', $this->getNonExpiredDate()), self::VALID_IS_ADMIN => new PublicClaim('isAdmin', self::IS_ADMIN), self::VALID_SEGMENTS => new PublicClaim('segments', $this->testSegments)];
$spec = array_diff(array_keys($mappings), $spec);
$token = new Token();
foreach ($spec as $desiredClaim) {
$token->addClaim($mappings[$desiredClaim]);
}
return $token;
}
protected static function authorization()
{
$token = new Emarref\Jwt\Token();
$parameter = new Emarref\Jwt\HeaderParameter\Custom('typ', 'JWT');
$token->addHeader($parameter, true);
$token->addClaim(new Emarref\Jwt\Claim\Expiration(new \DateTime(self::$duration)));
$jwt = new Emarref\Jwt\Jwt();
$algorithm = new Emarref\Jwt\Algorithm\Hs256(self::$appSecret);
$encryption = Emarref\Jwt\Encryption\Factory::create($algorithm);
$serializedToken = $jwt->serialize($token, $encryption);
return $serializedToken;
}
/**
* @param Token $token
* @throws VerificationException
*/
public function verify(Token $token)
{
/** @var Claim\Audience $audienceClaim */
$audienceClaim = $token->getPayload()->findClaimByName(Claim\Audience::NAME);
$audience = null === $audienceClaim ? null : $audienceClaim->getValue();
if (!is_array($audience)) {
$audience = [$audience];
}
if (!in_array($this->audience, $audience, true)) {
throw new VerificationException('Audience is invalid.');
}
}
public function verify(Token $token)
{
/** @var Claim\Expiration $expirationClaim */
$expirationClaim = $token->getPayload()->findClaimByName(Claim\Expiration::NAME);
if (null === $expirationClaim) {
return null;
}
$now = new \DateTime('now', new \DateTimeZone('UTC'));
if ($now->getTimestamp() > $expirationClaim->getValue()) {
$expiration = $this->getDateTimeFromClaim($expirationClaim);
throw new ExpiredException($expiration);
}
}
/**
* @param Token $token
* @throws InvalidSignatureException
*/
public function verify(Token $token)
{
/** @var HeaderParameter\Algorithm $algorithmParameter */
$algorithmParameter = $token->getHeader()->findParameterByName(HeaderParameter\Algorithm::NAME);
if (null === $algorithmParameter) {
throw new \RuntimeException('Algorithm parameter not found in token header.');
}
if ($algorithmParameter->getValue() !== $this->encryption->getAlgorithmName()) {
throw new \RuntimeException(sprintf('Cannot use "%s" algorithm to decrypt token encrypted with algorithm "%s".', $this->encryption->getAlgorithmName(), $algorithmParameter->getValue()));
}
if (!$this->encryption->verify($this->signer->getUnsignedValue($token), $token->getSignature())) {
throw new InvalidSignatureException();
}
}
public function verify(Token $token)
{
/** @var Claim\NotBefore $notBeforeClaim */
$notBeforeClaim = $token->getPayload()->findClaimByName(Claim\NotBefore::NAME);
if (null === $notBeforeClaim) {
return null;
}
$now = new \DateTime('now', new \DateTimeZone('UTC'));
if (!is_long($notBeforeClaim->getValue())) {
throw new \InvalidArgumentException(sprintf('Invalid not before timestamp "%s"', $notBeforeClaim->getValue()));
}
if ($now->getTimestamp() < $notBeforeClaim->getValue()) {
$notBefore = new \DateTime();
$notBefore->setTimestamp($notBeforeClaim->getValue());
throw new VerificationException(sprintf('Token must not be processed before "%s"', $notBefore->format('r')));
}
}
public function testValidSignature()
{
$algorithmParameter = $this->getMockBuilder('Emarref\\Jwt\\HeaderParameter\\Algorithm')->getMock();
$algorithmParameter->expects($this->once())->method('getValue')->will($this->returnValue('foo'));
$this->header->expects($this->once())->method('findParameterByName')->with(HeaderParameter\Algorithm::NAME)->will($this->returnValue($algorithmParameter));
$this->encryption->expects($this->once())->method('getAlgorithmName')->will($this->returnValue('foo'));
$this->encryption->expects($this->once())->method('verify')->will($this->returnValue(true));
$this->signer->expects($this->once())->method('getUnsignedValue')->will($this->returnValue('bar'));
$this->token->expects($this->once())->method('getSignature')->will($this->returnValue('bar'));
$verifier = new EncryptionVerifierStub($this->encryption, $this->encoder, $this->signer);
$verifier->verify($this->token);
}
/**
* Get a claim if we have one or return null
* @param string $claim the name of the claim
* @return mixed
*/
private function getClaimOrNull($claim)
{
$claim = $this->token->getPayload()->findClaimByName($claim);
return $claim ? $claim->getValue() : null;
}
/**
* @param Token $token
* @return string
*/
public function serialize(Token $token)
{
$serializedHeader = $token->getHeader()->getParameters()->jsonSerialize();
$serializedPayload = $token->getPayload()->getClaims()->jsonSerialize();
$signature = $token->getSignature();
return sprintf('%s.%s.%s', $this->encoding->encode($serializedHeader), $this->encoding->encode($serializedPayload), $this->encoding->encode($signature));
}
