Пример #1
2
 /**
  * @test
  *
  * @uses Lcobucci\JWT\RsaKeys
  *
  * @covers Lcobucci\JWT\Signer\Keychain::getPublicKey
  */
 public function getPublicKeyShouldReturnAValidResource()
 {
     $keychain = new Keychain();
     $publicKey = $keychain->getPublicKey($this->publicRsaContent());
     $this->assertInternalType('resource', $publicKey);
     $this->assertEquals(openssl_pkey_get_details($publicKey), openssl_pkey_get_details($this->publicRsa()));
 }
Пример #2
0
 public function authenticate()
 {
     // parse response
     $code = null;
     $state = null;
     if (isset($_GET['error'])) {
         throw new \Exception('Response from Authorization Server: ' . $_GET['error']);
     }
     if (isset($_GET['code'])) {
         $code = $_GET['code'];
     }
     if (isset($_GET['state'])) {
         $state = $_GET['state'];
     }
     $existingState = $this->getStateSession();
     if ($existingState !== $state) {
         throw new \Exception('Broken authorization flow - state mismatch');
     }
     if ($code === null) {
         throw new \Exception('"code" param has not been received from Authorization Server');
     }
     $authorizationCode = $this->requestTokens($code);
     if (isset($authorizationCode->error)) {
         throw new \Exception($authorizationCode->error_description);
     }
     if (!isset($authorizationCode->id_token)) {
         throw new \Exception('id_token has not been received from Authorization Server');
     }
     $tmpimpl = count(explode('.', $authorizationCode->id_token));
     if ($tmpimpl != 3 && $tmpimpl != 5) {
         throw new \Exception('Incorrect id_token received from Authorization Server');
     }
     if ($tmpimpl == 5) {
         throw new \Exception('Encrypted JWT is not supported yet');
     }
     $parser = new Lcobucci\JWT\Parser();
     $token = $parser->parse($authorizationCode->id_token);
     $alg = $token->getHeader('alg');
     if ($alg !== 'RS256') {
         throw new \Exception('Only alg RS256 is accepted');
     }
     $kid = $token->getHeader('kid');
     $validationData = new Lcobucci\JWT\ValidationData();
     $validationData->setIssuer($this->getProviderURL());
     $validationData->setAudience($this->clientID);
     $isValidToken = $token->validate($validationData);
     if (!$isValidToken) {
         throw new \Exception('Received "id_token" is not valid - propbably expired');
     }
     // verify sig
     $jwks_uri = $this->getOPConfigValue('jwks_uri');
     $jwks_body = $this->runHttpRequest($jwks_uri);
     $this->jwks = json_decode($jwks_body, true);
     if (!is_array($this->jwks) || !array_key_exists('keys', $this->jwks)) {
         throw new \Exception('JWKS not found, cannot verify signature');
     }
     $keyVer = null;
     foreach ($this->jwks['keys'] as $key => $val) {
         if ($val['kid'] === $kid && $val['use'] === 'sig') {
             $keyVer = $this->jwks['keys'][$key];
             break;
         }
     }
     if ($keyVer === null) {
         throw new \Exception('JWK not found, cannot verify signature');
     }
     $jwkObj = new Jwk($keyVer);
     $signer = new Lcobucci\JWT\Signer\Rsa\Sha256();
     $keychain = new Lcobucci\JWT\Signer\Keychain();
     $sigValid = $token->verify($signer, $keychain->getPublicKey($jwkObj->toKey()));
     if ($sigValid !== true) {
         throw new \Exception('Received "id_token" is not valid. Signature validation failed');
     }
     /**
      * @var Lcobucci\JWT\Claim\Basic[] $claimsObj
      */
     $claimsObj = $token->getClaims();
     $claims = array();
     foreach ($claimsObj as $cl) {
         if ($cl instanceof Lcobucci\JWT\Claim\Basic) {
             $claims['' . $cl->getName() . ''] = $cl->getValue();
         }
     }
     $claims['iss'] = $token->getClaim('iss');
     unset($_SESSION['joidc_once']);
     unset($_SESSION['joidc_state']);
     unset($_SESSION['joidc_issuer']);
     return $claims;
 }
Пример #3
0
 /**
  * @beforeClass
  */
 public static function createEcdsaKeys()
 {
     $keychain = new Keychain();
     $dir = 'file://' . __DIR__;
     static::$ecdsaKeys = ['private' => $keychain->getPrivateKey($dir . '/ecdsa/private.key'), 'public1' => $keychain->getPublicKey($dir . '/ecdsa/public1.key'), 'public2' => $keychain->getPublicKey($dir . '/ecdsa/public2.key')];
 }
 /**
  * @test
  *
  * @covers Lcobucci\JWT\Builder
  * @covers Lcobucci\JWT\Parser
  * @covers Lcobucci\JWT\Token
  * @covers Lcobucci\JWT\Signature
  * @covers Lcobucci\JWT\Signer\Key
  * @covers Lcobucci\JWT\Signer\BaseSigner
  * @covers Lcobucci\JWT\Signer\Ecdsa
  * @covers Lcobucci\JWT\Signer\Ecdsa\KeyParser
  * @covers Lcobucci\JWT\Signer\Ecdsa\Sha512
  * @covers Lcobucci\JWT\Signer\Keychain
  * @covers Lcobucci\JWT\Claim\Factory
  * @covers Lcobucci\JWT\Claim\Basic
  * @covers Lcobucci\JWT\Parsing\Encoder
  * @covers Lcobucci\JWT\Parsing\Decoder
  */
 public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs()
 {
     $data = 'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' . 'AQx1MqdTni6KuzfOoedg2-7NUiwe-b88SWbdmviz40GTwrM0Mybp1i1tVtm' . 'TSQ91oEXGXBdtwsN6yalzP9J-sp2YATX_Tv4h-BednbdSvYxZsYnUoZ--ZU' . 'dL10t7g8Yt3y9hdY_diOjIptcha6ajX8yzkDGYG42iSe3f5LywSuD6FO5c';
     $key = '-----BEGIN PUBLIC KEY-----' . PHP_EOL . 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcpkss6wI7PPlxj3t7A1RqMH3nvL4' . PHP_EOL . 'L5Tzxze/XeeYZnHqxiX+gle70DlGRMqqOq+PJ6RYX7vK0PJFdiAIXlyPQq0B3KaU' . PHP_EOL . 'e86IvFeQSFrJdCc0K8NfiH2G1loIk3fiR+YLqlXk6FAeKtpXJKxR1pCQCAM+vBCs' . PHP_EOL . 'mZudf1zCUZ8/4eodlHU=' . PHP_EOL . '-----END PUBLIC KEY-----';
     $keychain = new Keychain();
     $token = (new Parser())->parse((string) $data);
     $this->assertEquals('world', $token->getClaim('hello'));
     $this->assertTrue($token->verify(new Sha512(), $keychain->getPublicKey($key)));
 }
Пример #5
0
    public function setToken($tokencred){
        $tk = json_decode($tokencred,true);
        $this->token_desc  = $tk['token_description'];
        $this->token = $tk['token'];
        $this->sign = $tk['sign'];
        list($this->salt,$this->tokenstr)=explode('$$',$this->token);
        $hasil= $this->decrypt($this->tokenstr,$this->lms_secret,$this->salt);
        $hasil = json_decode($hasil,true);
        $this->result = $hasil;


        $signer = new Sha256();
        $keychain = new Keychain();
        $mysign = (new Parser())->parse($this->sign);
        $isSignValid = $mysign->verify($signer,$keychain->getPublicKey('file://' . $this->public_key_file_name));
        $this->isValid = ($isSignValid==true) && ($hasil!=false) && isset($hasil['ident']) && ($hasil['ident']=='OK');
    }