/** * @param string $signature * @param string $securedInput * @param string $key * * @return bool */ public function verify($signature, $securedInput, $key) { if (null != $key) { throw new JoseJwtException('Plaintext algorithm expects key to be null'); } return StringUtils::length($signature) === 0; }
/** * @param string $encryptedCek * @param string $kek * @param int $cekSizeBits * @param array $header * * @return string */ public function unwrap($encryptedCek, $kek, $cekSizeBits, array $header) { $kekLen = StringUtils::length($kek); if ($kekLen * 8 != $this->kekLengthBits) { throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8)); } return $this->aesUnwrap($kek, $encryptedCek); }
/** * @param Context $context * @param array|object $payload * @param string|resource $key * @param string $jwsAlgorithm * @param array $extraHeaders * * @return string */ public static function encode(Context $context, $payload, $key, $jwsAlgorithm, $extraHeaders = []) { $header = array_merge(['alg' => '', 'typ' => 'JWT'], $extraHeaders); $hashAlgorithm = $context->jwsAlgorithms()->get($jwsAlgorithm); if (null == $hashAlgorithm) { throw new JoseJwtException(sprintf('Unknown algorithm "%s"', $jwsAlgorithm)); } $header['alg'] = $jwsAlgorithm; $payloadString = StringUtils::payload2string($payload, $context->jsonMapper()); $signingInput = implode('.', [UrlSafeB64Encoder::encode(json_encode($header)), UrlSafeB64Encoder::encode($payloadString)]); $signature = $hashAlgorithm->sign($signingInput, $key); $signature = UrlSafeB64Encoder::encode($signature); return $signingInput . '.' . $signature; }
/** * @param Context $context * @param $payload * @param $key * @param $jweAlgorithm * @param $jweEncryption * @param array $extraHeaders * * @return string */ public static function encode(Context $context, $payload, $key, $jweAlgorithm, $jweEncryption, array $extraHeaders = []) { if (empty($payload) || is_string($payload) && trim($payload) == '') { throw new JoseJwtException('Payload can not be empty'); } $algorithm = $context->jweAlgorithms()->get($jweAlgorithm); if (null === $algorithm) { throw new JoseJwtException(sprintf('Invalid or unsupported algorithm "%s"', $jweAlgorithm)); } $encryption = $context->jweEncryptions()->get($jweEncryption); if (null === $encryption) { throw new JoseJwtException(sprintf('Invalid or unsupported encryption "%s"', $jweEncryption)); } $header = array_merge(['alg' => $jweAlgorithm, 'enc' => $jweEncryption, 'typ' => 'JWT'], $extraHeaders); list($cek, $encryptedCek) = $algorithm->wrapNewKey($encryption->getKeySize(), $key, $header); $payloadString = StringUtils::payload2string($payload, $context->jsonMapper()); $headerString = json_encode($header); $aad = UrlSafeB64Encoder::encode($headerString); $parts = $encryption->encrypt($aad, $payloadString, $cek); return implode('.', [UrlSafeB64Encoder::encode($headerString), UrlSafeB64Encoder::encode($encryptedCek), UrlSafeB64Encoder::encode($parts[0]), UrlSafeB64Encoder::encode($parts[1]), UrlSafeB64Encoder::encode($parts[2])]); }
/** * @expectedException \JoseJwt\Error\JoseJwtException * @expectedExceptionMessage Unable to serialize payload */ public function test_throws_when_unable_to_serialize() { StringUtils::payload2string(new \stdClass()); }
/** * @param $aad * @param $iv * @param $cipherText * @param $hmacKey * * @return string */ private function computeAuthTag($aad, $iv, $cipherText, $hmacKey) { $aadLen = StringUtils::length($aad); $max32bit = 2147483647; $hmacInput = implode('', [$aad, $iv, $cipherText, pack('N2', $aadLen / $max32bit * 8, $aadLen % $max32bit * 8)]); $authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey); $authTagLen = StringUtils::length($authTag); $authTag = StringUtils::substring($authTag, 0, $authTagLen / 2); return $authTag; }