php version >= 5.4.8
php-json extension
php-hash extension
php-openssl extension
php-mbstring extension
*signing/verifying
*encryption/decryption
*claims validation(optional)
if you need, you can use a claim set validator at verifying.
you can add another validator that you have created.
it's must implement the Cyh\Jose\Validate\ValidateInterface.
*already exp, nbf, iss, aud validator.
JWS signing: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
JWE key encryption: RSA1_5, RSA-OAEP
JWE content encryption: A128CBC-HS256, A256CBC-HS512
<?php
require_once './vendor/autoload.php';
use Cyh\Jose\Jwt;
use Cyh\Jose\Signing\Signer\HS256;
use Cyh\Jose\Validate\Expiration;
use Cyh\Jose\Signing\Exception\InvalidSignatureException;
use Cyh\Jose\Validate\Exception\ExpiredException;
use Cyh\Jose\Jwe;
use Cyh\Jose\Encryption\Alg\RSA_OAEP;
use Cyh\Jose\Encryption\Enc\A128CBC_HS256;
// sign
$claims = array(
'sub' => 'iamsubject',
'exp' => (time() + 3600),
);
$secret_key = hash('sha256', 'secret_key');
$token_strings = Jwt::sign(new HS256(), $claims, $secret_key);
// verify
try {
$verified_claims = Jwt::verify(
new HS256(),
$token_strings,
$secret_key,
array(new Expiration())
);
var_dump($verified_claims);
} catch (InvalidSignatureException $e) {
// ...
} catch (ExpiredException $e) {
// ...
} catch (\Exception $e) {
// ...
}
// encrypt
$rsa_pub_key = 'file://' . dirname(__FILE__) . '/tests/keys/rsa_aes256_2048_public.pem';
$content = 'i am plain text content';
$encrypted = Jwe::encrypt(
new RSA_OAEP(),
new A128CBC_HS256(),
$content,
$rsa_pub_key
);
// decrypt
$rsa_prv_key = 'file://' . dirname(__FILE__) . '/tests/keys/rsa_aes256_2048_private.pem';
$decrypted = Jwe::decrypt(
new RSA_OAEP(),
new A128CBC_HS256(),
$encrypted,
$rsa_prv_key,
'password'
);
var_dump($decrypted);