/** * @test * * @uses Lcobucci\JWT\RsaKeys * * @covers Lcobucci\JWT\Signer\Keychain::getPublicKey */ public function getPublicKeyShouldReturnAValidResource() { $keychain = new Keychain(); $publicKey = $keychain->getPublicKey($this->publicRsaContent()); $this->assertInternalType('resource', $publicKey); $this->assertEquals(openssl_pkey_get_details($publicKey), openssl_pkey_get_details($this->publicRsa())); }
public function authenticate() { // parse response $code = null; $state = null; if (isset($_GET['error'])) { throw new \Exception('Response from Authorization Server: ' . $_GET['error']); } if (isset($_GET['code'])) { $code = $_GET['code']; } if (isset($_GET['state'])) { $state = $_GET['state']; } $existingState = $this->getStateSession(); if ($existingState !== $state) { throw new \Exception('Broken authorization flow - state mismatch'); } if ($code === null) { throw new \Exception('"code" param has not been received from Authorization Server'); } $authorizationCode = $this->requestTokens($code); if (isset($authorizationCode->error)) { throw new \Exception($authorizationCode->error_description); } if (!isset($authorizationCode->id_token)) { throw new \Exception('id_token has not been received from Authorization Server'); } $tmpimpl = count(explode('.', $authorizationCode->id_token)); if ($tmpimpl != 3 && $tmpimpl != 5) { throw new \Exception('Incorrect id_token received from Authorization Server'); } if ($tmpimpl == 5) { throw new \Exception('Encrypted JWT is not supported yet'); } $parser = new Lcobucci\JWT\Parser(); $token = $parser->parse($authorizationCode->id_token); $alg = $token->getHeader('alg'); if ($alg !== 'RS256') { throw new \Exception('Only alg RS256 is accepted'); } $kid = $token->getHeader('kid'); $validationData = new Lcobucci\JWT\ValidationData(); $validationData->setIssuer($this->getProviderURL()); $validationData->setAudience($this->clientID); $isValidToken = $token->validate($validationData); if (!$isValidToken) { throw new \Exception('Received "id_token" is not valid - propbably expired'); } // verify sig $jwks_uri = $this->getOPConfigValue('jwks_uri'); $jwks_body = $this->runHttpRequest($jwks_uri); $this->jwks = json_decode($jwks_body, true); if (!is_array($this->jwks) || !array_key_exists('keys', $this->jwks)) { throw new \Exception('JWKS not found, cannot verify signature'); } $keyVer = null; foreach ($this->jwks['keys'] as $key => $val) { if ($val['kid'] === $kid && $val['use'] === 'sig') { $keyVer = $this->jwks['keys'][$key]; break; } } if ($keyVer === null) { throw new \Exception('JWK not found, cannot verify signature'); } $jwkObj = new Jwk($keyVer); $signer = new Lcobucci\JWT\Signer\Rsa\Sha256(); $keychain = new Lcobucci\JWT\Signer\Keychain(); $sigValid = $token->verify($signer, $keychain->getPublicKey($jwkObj->toKey())); if ($sigValid !== true) { throw new \Exception('Received "id_token" is not valid. Signature validation failed'); } /** * @var Lcobucci\JWT\Claim\Basic[] $claimsObj */ $claimsObj = $token->getClaims(); $claims = array(); foreach ($claimsObj as $cl) { if ($cl instanceof Lcobucci\JWT\Claim\Basic) { $claims['' . $cl->getName() . ''] = $cl->getValue(); } } $claims['iss'] = $token->getClaim('iss'); unset($_SESSION['joidc_once']); unset($_SESSION['joidc_state']); unset($_SESSION['joidc_issuer']); return $claims; }
/** * @beforeClass */ public static function createEcdsaKeys() { $keychain = new Keychain(); $dir = 'file://' . __DIR__; static::$ecdsaKeys = ['private' => $keychain->getPrivateKey($dir . '/ecdsa/private.key'), 'public1' => $keychain->getPublicKey($dir . '/ecdsa/public1.key'), 'public2' => $keychain->getPublicKey($dir . '/ecdsa/public2.key')]; }
/** * @test * * @covers Lcobucci\JWT\Builder * @covers Lcobucci\JWT\Parser * @covers Lcobucci\JWT\Token * @covers Lcobucci\JWT\Signature * @covers Lcobucci\JWT\Signer\Key * @covers Lcobucci\JWT\Signer\BaseSigner * @covers Lcobucci\JWT\Signer\Ecdsa * @covers Lcobucci\JWT\Signer\Ecdsa\KeyParser * @covers Lcobucci\JWT\Signer\Ecdsa\Sha512 * @covers Lcobucci\JWT\Signer\Keychain * @covers Lcobucci\JWT\Claim\Factory * @covers Lcobucci\JWT\Claim\Basic * @covers Lcobucci\JWT\Parsing\Encoder * @covers Lcobucci\JWT\Parsing\Decoder */ public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs() { $data = 'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' . 'AQx1MqdTni6KuzfOoedg2-7NUiwe-b88SWbdmviz40GTwrM0Mybp1i1tVtm' . 'TSQ91oEXGXBdtwsN6yalzP9J-sp2YATX_Tv4h-BednbdSvYxZsYnUoZ--ZU' . 'dL10t7g8Yt3y9hdY_diOjIptcha6ajX8yzkDGYG42iSe3f5LywSuD6FO5c'; $key = '-----BEGIN PUBLIC KEY-----' . PHP_EOL . 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcpkss6wI7PPlxj3t7A1RqMH3nvL4' . PHP_EOL . 'L5Tzxze/XeeYZnHqxiX+gle70DlGRMqqOq+PJ6RYX7vK0PJFdiAIXlyPQq0B3KaU' . PHP_EOL . 'e86IvFeQSFrJdCc0K8NfiH2G1loIk3fiR+YLqlXk6FAeKtpXJKxR1pCQCAM+vBCs' . PHP_EOL . 'mZudf1zCUZ8/4eodlHU=' . PHP_EOL . '-----END PUBLIC KEY-----'; $keychain = new Keychain(); $token = (new Parser())->parse((string) $data); $this->assertEquals('world', $token->getClaim('hello')); $this->assertTrue($token->verify(new Sha512(), $keychain->getPublicKey($key))); }
public function setToken($tokencred){ $tk = json_decode($tokencred,true); $this->token_desc = $tk['token_description']; $this->token = $tk['token']; $this->sign = $tk['sign']; list($this->salt,$this->tokenstr)=explode('$$',$this->token); $hasil= $this->decrypt($this->tokenstr,$this->lms_secret,$this->salt); $hasil = json_decode($hasil,true); $this->result = $hasil; $signer = new Sha256(); $keychain = new Keychain(); $mysign = (new Parser())->parse($this->sign); $isSignValid = $mysign->verify($signer,$keychain->getPublicKey('file://' . $this->public_key_file_name)); $this->isValid = ($isSignValid==true) && ($hasil!=false) && isset($hasil['ident']) && ($hasil['ident']=='OK'); }