Skip to content

Commit

Permalink
day16
Browse files Browse the repository at this point in the history
  • Loading branch information
@MilesChou
MilesChou committed Oct 1, 2022
1 parent b2a55b7 commit 6873795
Show file tree
Hide file tree
Showing 5 changed files with 735 additions and 4 deletions.
35 changes: 35 additions & 0 deletions app/Console/Commands/JwtCheck.php
View file
@@ -0,0 +1,35 @@
<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Jose\Component\Checker\ClaimCheckerManagerFactory;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\JWSLoader;

class JwtCheck extends Command
{
protected $signature = 'jwt:check {--ignore-time-checker} {jwt}';

protected $description = 'Check JWT';

public function handle(
JWK $jwk,
JWSLoader $loader,
ClaimCheckerManagerFactory $claimCheckerManagerFactory,
) {
$jwt = $this->argument('jwt');

$jws = $loader->loadAndVerifyWithKey($jwt, $jwk, $signature);

if ($this->option('ignore-time-checker')) {
$claimCheckerManager = $claimCheckerManagerFactory->create(['aud', 'iss']);
} else {
$claimCheckerManager = $claimCheckerManagerFactory->create(['aud', 'exp', 'iat', 'iss']);
}

$claimCheckerManager->check(json_decode($jws->getPayload(), true));

return 0;
}
}
21 changes: 19 additions & 2 deletions app/Http/Controllers/Auth/HydraCallback.php
View file
Expand Up @@ -5,13 +5,22 @@
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
use Jose\Component\Checker\ClaimCheckerManagerFactory;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\JWSLoader;
use Ory\Hydra\Client\Api\AdminApi;
use Ory\Hydra\Client\Api\PublicApi;

class HydraCallback
{
public function __invoke(Request $request, PublicApi $hydra, AdminApi $admin)
{
public function __invoke(
Request $request,
PublicApi $hydra,
AdminApi $admin,
JWK $jwk,
JWSLoader $loader,
ClaimCheckerManagerFactory $claimCheckerManagerFactory,
) {
$error = $request->input('error');

if (null !== $error) {
Expand Down Expand Up @@ -49,6 +58,14 @@ public function __invoke(Request $request, PublicApi $hydra, AdminApi $admin)

Log::debug('Token Introspection: ', json_decode((string)$introspectToken, true));

$idToken = $tokenResponse->getIdToken();

$jws = $loader->loadAndVerifyWithKey($idToken, $jwk, $signature);

$claimCheckerManager = $claimCheckerManagerFactory->create(['aud', 'exp', 'iat', 'iss']);

$claimCheckerManager->check(json_decode($jws->getPayload(), true));

return response('拿到身分驗證回應了');
}
}
47 changes: 47 additions & 0 deletions app/Providers/AppServiceProvider.php
View file
Expand Up @@ -3,6 +3,18 @@
namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Jose\Component\Checker\AudienceChecker;
use Jose\Component\Checker\ClaimCheckerManagerFactory;
use Jose\Component\Checker\ExpirationTimeChecker;
use Jose\Component\Checker\IssuedAtChecker;
use Jose\Component\Checker\IssuerChecker;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\RS256;
use Jose\Component\Signature\JWSLoader;
use Jose\Component\Signature\JWSVerifier;
use Jose\Component\Signature\Serializer\CompactSerializer;
use Jose\Component\Signature\Serializer\JWSSerializerManager;
use Ory\Hydra\Client\Api\AdminApi;
use Ory\Hydra\Client\Api\PublicApi;

Expand Down Expand Up @@ -30,6 +42,41 @@ public function register()
$instance->getConfig()->setHost('http://127.0.0.1:4445');
});
});

$this->app->singleton(ClaimCheckerManagerFactory::class, function () {
return tap(new ClaimCheckerManagerFactory(), function (ClaimCheckerManagerFactory $instance) {
$instance->add('aud', new AudienceChecker('my-rp'));
$instance->add('exp', new ExpirationTimeChecker(10));
$instance->add('iat', new IssuedAtChecker(10));
$instance->add('iss', new IssuerChecker(['http://127.0.0.1:4444/']));
});
});

$this->app->singleton(JWSLoader::class, function () {
return new JWSLoader(
new JWSSerializerManager([
new CompactSerializer(),
]),
new JWSVerifier(new AlgorithmManager([
new RS256()
])),
null,
);
});

// 目前 Key 只有一把,所以先偷懶這樣寫
$this->app->singleton(JWK::class, function () {
$jwkJson = '{
"use": "sig",
"kty": "RSA",
"kid": "public:hydra.openid.id-token",
"alg": "RS256",
"n": "3fLBH5AZuoJurOEDA8_MAodU9slUs7AQaeus3C6C7JdSpo7JjgyNMgNV5Fnu53gQlY3Pr5ZyWpfmzJwIFRLrfvT-iQcktXjnZIcFvkX67nAwoUiqBoppprQyTju56ZxrAZnLLr8CYpaDKIjrJkFQw5BWX2X00DIo_YjG_2AJkdlxGuCtFhaUl0VpPr7PmVTxroscagtWdRbb6bitwlkcyc-0ESP2NRIWp2erQ5FJeigPtyGfqSpXUAFbgfz3-koTBpcyf73FRc3BqkuOmAsUJWHl-7s9u8pDK_H9dq-Cg_hWqGohWc_oaA0_01-um647xkMvm4FLA4UH-h1pOiZoL5hyqNGF3FRcBoOLJcFqb4P3zq22sW28dluEEht2_WV3nxAHttHD3Sxbq4uMtjVucBjTwS8x4EVUvipqQ8z-jV386v9bG2xvx6KgUEMyPOsSAYI6ww6HDrlDHBXi1Fr0x7b9bPvlJe9MtLEvFTMe8UgmrcXOJO-xu4EN5HwH6wtnnnsYuw-0duiLL0mvE0AeXZurQy_u_vbh-thkTLkdQFBY93cY3yLcp0sll2FpXSrGNtZddX3x4yIDMQLbYqUzybiVbsohhu7xSYowTX77xIZobGxnuNpbGa857RD9zox9ugSh59Yq9qr4TC2DLAunXQEaalijUjr4sYIV6NCtrRk",
"e": "AQAB"
}';

return JWK::createFromJson($jwkJson);
});
}

/**
Expand Down
3 changes: 2 additions & 1 deletion composer.json
View file
Expand Up @@ -11,7 +11,8 @@
"laravel/framework": "^9.19",
"laravel/sanctum": "^3.0",
"laravel/tinker": "^2.7",
"ory/hydra-client": "^1.11"
"ory/hydra-client": "^1.11",
"web-token/jwt-framework": "^3.1"
},
"require-dev": {
"fakerphp/faker": "^1.9.1",
Expand Down

0 comments on commit 6873795

Please sign in to comment.