function testSign() { $expected = array('jwt' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJmb28iOiJiYXIifQ.', 'jws' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.bVhBeMrW5g33Vi4FLSLn7aqcmAiupmmw-AY17YxCYLI'); $expected_with_signature = ''; $jwt = new JOSE_JWT(array('foo' => 'bar')); $jws = $jwt->sign('secret'); $this->assertEquals($expected['jwt'], $jwt->toString()); // no signature for the original $jwt object $this->assertEquals($expected['jws'], $jws->toString()); }
/** * Sign an array of parameters using provided keys and nonce * * @param array $params * @param string $privateKey * @param string $publicKey * @param string $nonce * * @return string Json encoded signed params * * @throws \InvalidArgumentException */ protected function signParams(array $params, $privateKey, $publicKey, $nonce) { if (empty($nonce)) { throw new \InvalidArgumentException('Empty nonce provided'); } $RsaPublicKey = $this->getRsa(); $RsaPublicKey->loadKey($publicKey); $jwt = new \JOSE_JWT($params); $jwt->header['jwk'] = \JOSE_JWK::encode($RsaPublicKey)->components; $jwt->header['nonce'] = $nonce; // as of 20151203, boulder doesn't support SHA512 return $jwt->sign($privateKey, 'RS256')->toJson(); }
/** * Call a ACME standard URL using JWS encoding signing for $this->userKey * @param string $api api url to call (short name, like "new-reg" or starting by http) * @param array $params list of key=>value to sent as a json object or array. * @return array the api call result (header + decoded content) */ private function stdCall($api, $params, $resource = null) { $this->init(); $public_key = new RSA(); $public_key->loadKey($this->userKey["publickey"]); $jwk = \JOSE_JWK::encode($public_key); // => JOSE_JWK instance if (substr($api, 0, 4) == "http") { $url = $api; if (is_null($resource)) { throw new AcmeException("stdCall with URL api MUST include resource name", 14); } } else { $url = $this->apiUrl[$api]; if (is_null($resource)) { $resource = $api; } } $params["resource"] = $resource; $jwt = new \JOSE_JWT($params); $jwt->header['jwk'] = $jwk->components; $jwt->header['nonce'] = $this->nonce; // as of 20151203, boulder doesn't support SHA512 $jws = $jwt->sign($this->userKey["privatekey"], 'RS256'); // call the API $httpResult = $this->http->post($url, $jws->toJson()); // save the new Nonce if (isset($httpResult[0]["Replay-Nonce"]) && $httpResult[0]["Replay-Nonce"]) { $this->nonce = $httpResult[0]["Replay-Nonce"][0]; // we save this nonce, so that next call will have it ready to use: $this->db->setStatus(array("nonce" => $this->nonce)); } else { $this->nonce = null; } $httpResult[1] = json_decode($httpResult[1]); return $httpResult; }