-
Notifications
You must be signed in to change notification settings - Fork 133
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow for custom properties in JWS header
* Switch JWS constructor to accept header as array * Includes bump to major version 4 in README * Move auto claim handling into new EasyJWS class
- Loading branch information
1 parent
4278a06
commit c2e29fd
Showing
8 changed files
with
213 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
<?php | ||
|
||
namespace Namshi\JOSE; | ||
|
||
/** | ||
* Class providing an easy to use JWS implementation. | ||
*/ | ||
class EasyJWS extends JWS | ||
{ | ||
/** | ||
* Constructor | ||
* | ||
* @param array $header An associative array of headers. The value can be any type accepted by json_encode or a JSON serializable object | ||
* @see http://php.net/manual/en/function.json-encode.php | ||
* @see http://php.net/manual/en/jsonserializable.jsonserialize.php | ||
* @see https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4 | ||
* } | ||
*/ | ||
public function __construct($header = array()) | ||
{ | ||
if (!isset($header['typ'])) { | ||
$header['typ'] = 'JWS'; | ||
} | ||
parent::__construct($header); | ||
} | ||
|
||
/** | ||
* Sets the payload of the current JWS with an issued at value in the 'iat' property. | ||
* | ||
* @param array $payload | ||
*/ | ||
public function setPayload(array $payload) | ||
{ | ||
if (!isset($payload['iat'])) { | ||
$now = new \DateTime('now'); | ||
$payload['iat'] = $now->format('U'); | ||
} | ||
|
||
return parent::setPayload($payload); | ||
} | ||
|
||
/** | ||
* Checks that the JWS has been signed with a valid private key by verifying it with a public $key | ||
* and the token is not expired. | ||
* | ||
* @param resource|string $key | ||
* @param string $algo The algorithms this JWS should be signed with. Use it if you want to restrict which algorithms you want to allow to be validated. | ||
* | ||
* @return bool | ||
*/ | ||
public function isValid($key, $algo = null) | ||
{ | ||
return $this->verify($key, $algo) && ! $this->isExpired(); | ||
} | ||
|
||
/** | ||
* Checks whether the token is expired based on the 'exp' value. | ||
* | ||
* @return bool | ||
*/ | ||
protected function isExpired() | ||
{ | ||
$payload = $this->getPayload(); | ||
|
||
if (isset($payload['exp']) && is_numeric($payload['exp'])) { | ||
$now = new \DateTime('now'); | ||
|
||
return ($now->format('U') - $payload['exp']) > 0; | ||
} | ||
|
||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?php | ||
|
||
namespace Namshi\JOSE\Test; | ||
|
||
use PHPUnit_Framework_TestCase as TestCase; | ||
use Namshi\JOSE\EasyJWS; | ||
use DateTime; | ||
|
||
class EasyJWSTest extends TestCase | ||
{ | ||
const SSL_KEY_PASSPHRASE = 'tests'; | ||
|
||
public function setup() | ||
{ | ||
$date = new DateTime('tomorrow'); | ||
$data = array( | ||
'a' => 'b', | ||
'exp' => $date->format('U') | ||
); | ||
$this->jws = new EasyJWS(array('alg' => 'RS256')); | ||
$this->jws->setPayload($data); | ||
} | ||
|
||
public function testConstruction() | ||
{ | ||
$this->assertSame($this->jws->getHeader(), array('alg' => 'RS256', 'typ' => 'JWS')); | ||
$this->assertRegExp('/^\d+$/', $this->jws->getPayload()['iat'], 'iat property has integer value (from construction)'); | ||
} | ||
|
||
public function testValidationOfAValidEasyJWS() | ||
{ | ||
$privateKey = openssl_pkey_get_private(SSL_KEYS_PATH . "private.key", self::SSL_KEY_PASSPHRASE); | ||
$this->jws->sign($privateKey); | ||
|
||
$jws = EasyJWS::load($this->jws->getTokenString()); | ||
$public_key = openssl_pkey_get_public(SSL_KEYS_PATH . "public.key"); | ||
$this->assertTrue($jws->isValid($public_key, 'RS256')); | ||
} | ||
|
||
public function testValidationOfInvalidEasyJWS() | ||
{ | ||
$date = new DateTime('yesterday'); | ||
$this->jws->setPayload(array( | ||
'exp' => $date->format('U') | ||
)); | ||
$privateKey = openssl_pkey_get_private(SSL_KEYS_PATH . "private.key", self::SSL_KEY_PASSPHRASE); | ||
$this->jws->sign($privateKey); | ||
|
||
$jws = EasyJWS::load($this->jws->getTokenString()); | ||
$public_key = openssl_pkey_get_public(SSL_KEYS_PATH . "public.key"); | ||
$this->assertFalse($jws->isValid($public_key, 'RS256')); | ||
} | ||
} |
Oops, something went wrong.