/** * @param \Cyh\Jose\Signing\Signer\SignerInterface $signer * @param string $jwt_strings * @param resource|string $key default null * @param ValidateInterface[] $validators * @return array * @throws MalformedException * @throws InvalidSignatureException * @throws ValidateException */ public static function verify(SignerInterface $signer, $jwt_strings, $key = null, array $validators = array()) { $jwt_arr = explode('.', $jwt_strings); if (3 !== count($jwt_arr)) { throw new MalformedException('Wrong number of segments'); } $header_base64 = $jwt_arr[0]; $header = Header::fromString($header_base64); // Do not determine algorithm by header. if ($signer->getAlg() !== $header->getAlg()) { throw new MalformedException('Invalid alg header'); } $payload_base64 = $jwt_arr[1]; $message = $header_base64 . '.' . $payload_base64; $signature = Base64Url::decode($jwt_arr[2]); $signer->verify($message, $signature, $key); $payload_json = Base64Url::decode($payload_base64); $claims = Json::decode($payload_json); foreach ($validators as $validator) { if (!$validator instanceof ValidateInterface) { throw new UnexpectedValueException('validator is must implement ValidateInterface'); } if (!$validator->validate($claims)) { throw new ValidateException('Validation failed. validator name: ' . $validator->getName()); } } return $claims; }
/** * @param AlgInterface $alg * @param EncInterface $enc * @param string $content * @param string $private_or_secret_key * @param string $pass_phrase default null * @return string * @throws \Cyh\Jose\Exception\MalformedException */ public static function decrypt(AlgInterface $alg, EncInterface $enc, $content, $private_or_secret_key, $pass_phrase = null) { $components = explode('.', $content); if (5 !== count($components)) { throw new MalformedException('Wrong number of segments'); } $encrypted_cek = Base64Url::decode($components[1]); $cek = new ContentEncryptionKey($alg->decrypt($encrypted_cek, $private_or_secret_key, $pass_phrase)); $aad_base64 = $components[0]; $protected_header = Header::fromString($components[0]); if ($alg->getAlg() !== $protected_header->getAlg()) { throw new MalformedException('invalid alg header'); } if ($enc->getEnc() !== $protected_header->getEnc()) { throw new MalformedException('invalid enc header'); } $iv = Base64Url::decode($components[2]); $cipher_text = Base64Url::decode($components[3]); $auth_tag = Base64Url::decode($components[4]); return $enc->decrypt($aad_base64, $cek, $iv, $cipher_text, $auth_tag); }
/** * @expectedException \Cyh\Jose\Exception\UnexpectedValueException */ public function testEncodeBase64InvalidParam() { Base64Url::encode(array()); }
/** * @return string */ public function __toString() { return Base64Url::encode(Json::encode($this->headers)); }
/** * @expectedException Cyh\Jose\Signing\Exception\InvalidSignatureException */ public function testRS256ModifiedClaimExp() { $token_strings = Jwt::sign(new RS256(), $this->valid_claims, $this->rsa_prv_key); list($h, $p, $s) = explode('.', $token_strings); $payload = Json::decode(Base64Url::decode($p)); $payload['exp'] = time() + 86400; $p = Base64Url::encode(Json::encode($payload)); $mod_token = "{$h}.{$p}.{$s}"; Jwt::verify(new RS256(), $mod_token, $this->rsa_pub_key); }