function testEncrypt()
{
$jwt = new JOSE_JWT(array('foo' => 'bar'));
$jwe = $jwt->encrypt($this->rsa_keys['public']);
$this->assertInstanceOf('JOSE_JWT', $jwt);
$this->assertInstanceOf('JOSE_JWE', $jwe);
}
function testEncryptRSAOAEP_A256CBCHS512()
{
$jwe = new JOSE_JWE($this->plain_text);
$jwe->encrypt($this->rsa_keys['public'], 'RSA-OAEP', 'A256CBC-HS512');
$jwe_decoded = JOSE_JWT::decode($jwe->toString());
$this->assertEquals($this->plain_text, $jwe_decoded->decrypt($this->rsa_keys['private'])->plain_text);
}
function testEncryptDir_A128CBCHS256()
{
$secret = Random::string(256 / 8);
$jwe = new JOSE_JWE($this->plain_text);
$jwe = $jwe->encrypt($secret, 'dir');
$jwe_decoded = JOSE_JWT::decode($jwe->toString());
$this->assertEquals($this->plain_text, $jwe_decoded->decrypt($secret)->plain_text);
}
function testVerifyMalformedJWS_RS256_to_HS256_with_explicit_alg()
{
$malformed_jwt = JOSE_JWT::decode($this->plain_jwt->sign($this->rsa_keys['public'], 'HS256')->toString());
$this->setExpectedException('PHPUnit_Framework_Error_Notice', 'Invalid signature');
$malformed_jwt->verify($this->rsa_keys['public'], 'RS256');
}
/**
* Sign an array of parameters using provided keys and nonce
*
* @param array $params
* @param string $privateKey
* @param string $publicKey
* @param string $nonce
*
* @return string Json encoded signed params
*
* @throws \InvalidArgumentException
*/
protected function signParams(array $params, $privateKey, $publicKey, $nonce)
{
if (empty($nonce)) {
throw new \InvalidArgumentException('Empty nonce provided');
}
$RsaPublicKey = $this->getRsa();
$RsaPublicKey->loadKey($publicKey);
$jwt = new \JOSE_JWT($params);
$jwt->header['jwk'] = \JOSE_JWK::encode($RsaPublicKey)->components;
$jwt->header['nonce'] = $nonce;
// as of 20151203, boulder doesn't support SHA512
return $jwt->sign($privateKey, 'RS256')->toJson();
}
/**
* Enforces that the ID Token is a \JOSE_JWT object
* @param mixed $idToken
* @return \JOSE_JWE|\JOSE_JWT
*/
private function getIdToken($idToken)
{
if (!$idToken instanceof \JOSE_JWT) {
$idToken = \JOSE_JWT::decode($idToken);
}
return $idToken;
}
/**
* Call a ACME standard URL using JWS encoding signing for $this->userKey
* @param string $api api url to call (short name, like "new-reg" or starting by http)
* @param array $params list of key=>value to sent as a json object or array.
* @return array the api call result (header + decoded content)
*/
private function stdCall($api, $params, $resource = null)
{
$this->init();
$public_key = new RSA();
$public_key->loadKey($this->userKey["publickey"]);
$jwk = \JOSE_JWK::encode($public_key);
// => JOSE_JWK instance
if (substr($api, 0, 4) == "http") {
$url = $api;
if (is_null($resource)) {
throw new AcmeException("stdCall with URL api MUST include resource name", 14);
}
} else {
$url = $this->apiUrl[$api];
if (is_null($resource)) {
$resource = $api;
}
}
$params["resource"] = $resource;
$jwt = new \JOSE_JWT($params);
$jwt->header['jwk'] = $jwk->components;
$jwt->header['nonce'] = $this->nonce;
// as of 20151203, boulder doesn't support SHA512
$jws = $jwt->sign($this->userKey["privatekey"], 'RS256');
// call the API
$httpResult = $this->http->post($url, $jws->toJson());
// save the new Nonce
if (isset($httpResult[0]["Replay-Nonce"]) && $httpResult[0]["Replay-Nonce"]) {
$this->nonce = $httpResult[0]["Replay-Nonce"][0];
// we save this nonce, so that next call will have it ready to use:
$this->db->setStatus(array("nonce" => $this->nonce));
} else {
$this->nonce = null;
}
$httpResult[1] = json_decode($httpResult[1]);
return $httpResult;
}
