Пример #1
0
 /**
  * @param \Cyh\Jose\Signing\Signer\SignerInterface $signer
  * @param string $jwt_strings
  * @param resource|string $key default null
  * @param ValidateInterface[] $validators
  * @return array
  * @throws MalformedException
  * @throws InvalidSignatureException
  * @throws ValidateException
  */
 public static function verify(SignerInterface $signer, $jwt_strings, $key = null, array $validators = array())
 {
     $jwt_arr = explode('.', $jwt_strings);
     if (3 !== count($jwt_arr)) {
         throw new MalformedException('Wrong number of segments');
     }
     $header_base64 = $jwt_arr[0];
     $header = Header::fromString($header_base64);
     // Do not determine algorithm by header.
     if ($signer->getAlg() !== $header->getAlg()) {
         throw new MalformedException('Invalid alg header');
     }
     $payload_base64 = $jwt_arr[1];
     $message = $header_base64 . '.' . $payload_base64;
     $signature = Base64Url::decode($jwt_arr[2]);
     $signer->verify($message, $signature, $key);
     $payload_json = Base64Url::decode($payload_base64);
     $claims = Json::decode($payload_json);
     foreach ($validators as $validator) {
         if (!$validator instanceof ValidateInterface) {
             throw new UnexpectedValueException('validator is must implement ValidateInterface');
         }
         if (!$validator->validate($claims)) {
             throw new ValidateException('Validation failed. validator name: ' . $validator->getName());
         }
     }
     return $claims;
 }
Пример #2
0
 /**
  * @param AlgInterface $alg
  * @param EncInterface $enc
  * @param string $content
  * @param string $private_or_secret_key
  * @param string $pass_phrase default null
  * @return string
  * @throws \Cyh\Jose\Exception\MalformedException
  */
 public static function decrypt(AlgInterface $alg, EncInterface $enc, $content, $private_or_secret_key, $pass_phrase = null)
 {
     $components = explode('.', $content);
     if (5 !== count($components)) {
         throw new MalformedException('Wrong number of segments');
     }
     $encrypted_cek = Base64Url::decode($components[1]);
     $cek = new ContentEncryptionKey($alg->decrypt($encrypted_cek, $private_or_secret_key, $pass_phrase));
     $aad_base64 = $components[0];
     $protected_header = Header::fromString($components[0]);
     if ($alg->getAlg() !== $protected_header->getAlg()) {
         throw new MalformedException('invalid alg header');
     }
     if ($enc->getEnc() !== $protected_header->getEnc()) {
         throw new MalformedException('invalid enc header');
     }
     $iv = Base64Url::decode($components[2]);
     $cipher_text = Base64Url::decode($components[3]);
     $auth_tag = Base64Url::decode($components[4]);
     return $enc->decrypt($aad_base64, $cek, $iv, $cipher_text, $auth_tag);
 }