/** * */ public function testNoneSignAndVerifyComplete() { $jwt = new JWT(); $jwt->setProtectedHeader(['alg' => 'none']); $jwt->setPayload('Je suis Charlie'); $jwk = new JWK(['kty' => 'none']); $instruction1 = new SignatureInstruction(); $instruction1->setKey($jwk)->setProtectedHeader(['alg' => 'none']); $signer = $this->getSigner(); $loader = $this->getLoader(); $signed = $signer->sign($jwt, [$instruction1]); $this->assertTrue(is_string($signed)); $result = $loader->load($signed); $this->assertInstanceOf('Jose\\JWSInterface', $result); $this->assertEquals('Je suis Charlie', $result->getPayload()); $this->assertEquals('none', $result->getAlgorithm()); }
/** * @Given I have a valid client assertion for client :client in the body request */ public function IHaveAValidClientAssertionForClientInTheBodyRequest($client) { /* * @var \Jose\JWKManagerInterface */ $key_manager = $this->getContainer()->get('jose.jwk_manager'); $jwk1 = $key_manager->createJWK(['kid' => 'JWK1', 'kty' => 'oct', 'use' => 'enc', 'k' => 'ABEiM0RVZneImaq7zN3u_wABAgMEBQYHCAkKCwwNDg8']); $jwk2 = $key_manager->createJWK(['kid' => 'JWK2', 'kty' => 'oct', 'use' => 'sig', 'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow']); $jose = $this->getContainer()->get('jose'); $input = ['exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]; $signature_instruction = new SignatureInstruction(); $signature_instruction->setKey($jwk2)->setProtectedHeader(['cty' => 'JWT', 'alg' => 'HS512'])->setUnprotectedHeader([]); $encryption_instruction = new EncryptionInstruction(); $encryption_instruction->setRecipientKey($jwk1); $jws = $jose->sign($input, [$signature_instruction]); $jwe = $jose->encrypt($jws, [$encryption_instruction], ['cty' => 'JWT', 'alg' => 'A256KW', 'enc' => 'A256CBC-HS512', 'exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]); $this->iAddKeyWithValueInTheBodyRequest('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'); $this->iAddKeyWithValueInTheBodyRequest('client_assertion', $jwe); }
/** * @param string $kid * @param mixed $payload * @param array $protected_header * @param array $unprotected_header * @param string $mode * * @throws \Exception * * @return string */ public function sign($kid, $payload, array $protected_header, array $unprotected_header = [], $mode = JSONSerializationModes::JSON_COMPACT_SERIALIZATION) { $key = $this->getKeysetManager()->getKeyByKid($kid); if (!$key instanceof JWKInterface) { throw new \Exception('Unable to determine the key used to sign the payload.'); } if (!array_key_exists('kid', $protected_header)) { $protected_header['kid'] = $kid; } $instruction = new SignatureInstruction(); $instruction->setKey($key)->setProtectedHeader($protected_header)->setUnprotectedHeader($unprotected_header); return $this->getSigner()->sign($payload, [$instruction], $mode); }
/** * */ public function testCompletePS512Sign() { $input = new JWT(); $input->setProtectedHeaderValue('alg', 'PS512')->setProtectedHeaderValue('jwk', ['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB'])->setPayload('Je suis Charlie'); $key = new JWK(['kty' => 'RSA', 'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw', 'e' => 'AQAB', 'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc', 'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ', 'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU', 'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M', 'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE', 'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os']); $instruction = new SignatureInstruction(); $instruction->setKey($key); $signer = $this->getSigner(); $signature = $signer->sign($input, [$instruction]); $loader = $this->getLoader(); $result = $loader->load($signature); $this->assertInstanceOf('Jose\\JWSInterface', $result); $this->assertEquals('Je suis Charlie', $result->getPayload()); $this->assertEquals('PS512', $result->getAlgorithm()); }
/** * */ public function testSignAndLoadJWKSet() { $signer = $this->getSigner(); $loader = $this->getLoader(); $instruction1 = new SignatureInstruction(); $instruction1->setKey($this->getKey1())->setProtectedHeader(['alg' => 'HS512'])->setUnprotectedHeader(['foo' => 'bar']); $instruction2 = new SignatureInstruction(); $instruction2->setKey($this->getKey2())->setProtectedHeader(['alg' => 'RS512']); $signatures = $signer->sign($this->getKeyset(), [$instruction1, $instruction2], JSONSerializationModes::JSON_SERIALIZATION); $this->assertTrue(is_string($signatures)); $loaded = $loader->load($signatures); /* * @var \Jose\JWSInterface[] $loaded */ $this->assertTrue(is_array($loaded)); $this->assertEquals(2, count($loaded)); foreach ($loaded as $jws) { $this->assertInstanceOf('\\Jose\\JWSInterface', $jws); $this->assertEquals($this->getKeyset(), $jws->getPayload()); $this->assertTrue($loader->verifySignature($jws)); } $this->assertEquals('HS512', $loaded[0]->getAlgorithm()); $this->assertEquals('RS512', $loaded[1]->getAlgorithm()); }