/** * @param \Cyh\Jose\Signing\Signer\SignerInterface $signer * @param string $jwt_strings * @param resource|string $key default null * @param ValidateInterface[] $validators * @return array * @throws MalformedException * @throws InvalidSignatureException * @throws ValidateException */ public static function verify(SignerInterface $signer, $jwt_strings, $key = null, array $validators = array()) { $jwt_arr = explode('.', $jwt_strings); if (3 !== count($jwt_arr)) { throw new MalformedException('Wrong number of segments'); } $header_base64 = $jwt_arr[0]; $header = Header::fromString($header_base64); // Do not determine algorithm by header. if ($signer->getAlg() !== $header->getAlg()) { throw new MalformedException('Invalid alg header'); } $payload_base64 = $jwt_arr[1]; $message = $header_base64 . '.' . $payload_base64; $signature = Base64Url::decode($jwt_arr[2]); $signer->verify($message, $signature, $key); $payload_json = Base64Url::decode($payload_base64); $claims = Json::decode($payload_json); foreach ($validators as $validator) { if (!$validator instanceof ValidateInterface) { throw new UnexpectedValueException('validator is must implement ValidateInterface'); } if (!$validator->validate($claims)) { throw new ValidateException('Validation failed. validator name: ' . $validator->getName()); } } return $claims; }
/** * @expectedException \Cyh\Jose\Exception\UnexpectedValueException */ public function testDecodeJsonInvalidParam() { Json::decode('{abc}'); }
/** * @param string $encoded_header * @return Header */ public static function fromString($encoded_header) { $headers = Json::decode(Base64Url::decode($encoded_header)); return new self($headers); }
/** * @expectedException Cyh\Jose\Signing\Exception\InvalidSignatureException */ public function testRS256ModifiedClaimExp() { $token_strings = Jwt::sign(new RS256(), $this->valid_claims, $this->rsa_prv_key); list($h, $p, $s) = explode('.', $token_strings); $payload = Json::decode(Base64Url::decode($p)); $payload['exp'] = time() + 86400; $p = Base64Url::encode(Json::encode($payload)); $mod_token = "{$h}.{$p}.{$s}"; Jwt::verify(new RS256(), $mod_token, $this->rsa_pub_key); }