function testEncrypt() { $jwt = new JOSE_JWT(array('foo' => 'bar')); $jwe = $jwt->encrypt($this->rsa_keys['public']); $this->assertInstanceOf('JOSE_JWT', $jwt); $this->assertInstanceOf('JOSE_JWE', $jwe); }
function testEncryptRSAOAEP_A256CBCHS512() { $jwe = new JOSE_JWE($this->plain_text); $jwe->encrypt($this->rsa_keys['public'], 'RSA-OAEP', 'A256CBC-HS512'); $jwe_decoded = JOSE_JWT::decode($jwe->toString()); $this->assertEquals($this->plain_text, $jwe_decoded->decrypt($this->rsa_keys['private'])->plain_text); }
function testEncryptDir_A128CBCHS256() { $secret = Random::string(256 / 8); $jwe = new JOSE_JWE($this->plain_text); $jwe = $jwe->encrypt($secret, 'dir'); $jwe_decoded = JOSE_JWT::decode($jwe->toString()); $this->assertEquals($this->plain_text, $jwe_decoded->decrypt($secret)->plain_text); }
function testVerifyMalformedJWS_RS256_to_HS256_with_explicit_alg() { $malformed_jwt = JOSE_JWT::decode($this->plain_jwt->sign($this->rsa_keys['public'], 'HS256')->toString()); $this->setExpectedException('PHPUnit_Framework_Error_Notice', 'Invalid signature'); $malformed_jwt->verify($this->rsa_keys['public'], 'RS256'); }
/** * Sign an array of parameters using provided keys and nonce * * @param array $params * @param string $privateKey * @param string $publicKey * @param string $nonce * * @return string Json encoded signed params * * @throws \InvalidArgumentException */ protected function signParams(array $params, $privateKey, $publicKey, $nonce) { if (empty($nonce)) { throw new \InvalidArgumentException('Empty nonce provided'); } $RsaPublicKey = $this->getRsa(); $RsaPublicKey->loadKey($publicKey); $jwt = new \JOSE_JWT($params); $jwt->header['jwk'] = \JOSE_JWK::encode($RsaPublicKey)->components; $jwt->header['nonce'] = $nonce; // as of 20151203, boulder doesn't support SHA512 return $jwt->sign($privateKey, 'RS256')->toJson(); }
/** * Enforces that the ID Token is a \JOSE_JWT object * @param mixed $idToken * @return \JOSE_JWE|\JOSE_JWT */ private function getIdToken($idToken) { if (!$idToken instanceof \JOSE_JWT) { $idToken = \JOSE_JWT::decode($idToken); } return $idToken; }
/** * Call a ACME standard URL using JWS encoding signing for $this->userKey * @param string $api api url to call (short name, like "new-reg" or starting by http) * @param array $params list of key=>value to sent as a json object or array. * @return array the api call result (header + decoded content) */ private function stdCall($api, $params, $resource = null) { $this->init(); $public_key = new RSA(); $public_key->loadKey($this->userKey["publickey"]); $jwk = \JOSE_JWK::encode($public_key); // => JOSE_JWK instance if (substr($api, 0, 4) == "http") { $url = $api; if (is_null($resource)) { throw new AcmeException("stdCall with URL api MUST include resource name", 14); } } else { $url = $this->apiUrl[$api]; if (is_null($resource)) { $resource = $api; } } $params["resource"] = $resource; $jwt = new \JOSE_JWT($params); $jwt->header['jwk'] = $jwk->components; $jwt->header['nonce'] = $this->nonce; // as of 20151203, boulder doesn't support SHA512 $jws = $jwt->sign($this->userKey["privatekey"], 'RS256'); // call the API $httpResult = $this->http->post($url, $jws->toJson()); // save the new Nonce if (isset($httpResult[0]["Replay-Nonce"]) && $httpResult[0]["Replay-Nonce"]) { $this->nonce = $httpResult[0]["Replay-Nonce"][0]; // we save this nonce, so that next call will have it ready to use: $this->db->setStatus(array("nonce" => $this->nonce)); } else { $this->nonce = null; } $httpResult[1] = json_decode($httpResult[1]); return $httpResult; }