Automatic pass to convert with php-cs-fixer
This commit is contained in:
180
src/Jwt.php
180
src/Jwt.php
@@ -1,44 +1,48 @@
|
||||
<?php
|
||||
|
||||
/** DomFramework
|
||||
* @package domframework
|
||||
* @author Dominique Fournier <dominique@fournier38.fr>
|
||||
* @license BSD
|
||||
*/
|
||||
/**
|
||||
* DomFramework
|
||||
* @package domframework
|
||||
* @author Dominique Fournier <dominique@fournier38.fr>
|
||||
* @license BSD
|
||||
*/
|
||||
|
||||
namespace Domframework;
|
||||
|
||||
/** Allow to manage the JSON Web Tokens
|
||||
* Based on https://tools.ietf.org/html/rfc7519
|
||||
*
|
||||
* Do not put confidential data in payload without encrypt it, as the result
|
||||
* is only a Base64 format of JSON...
|
||||
*/
|
||||
/**
|
||||
* Allow to manage the JSON Web Tokens
|
||||
* Based on https://tools.ietf.org/html/rfc7519
|
||||
*
|
||||
* Do not put confidential data in payload without encrypt it, as the result
|
||||
* is only a Base64 format of JSON...
|
||||
*/
|
||||
class Jwt
|
||||
{
|
||||
// PROPERTIES
|
||||
/** List the allowed algorithms to sign the token
|
||||
*/
|
||||
private $supportedAlgs = array(
|
||||
'HS256' => array('hash_hmac', 'SHA256'),
|
||||
'HS512' => array('hash_hmac', 'SHA512'),
|
||||
'HS384' => array('hash_hmac', 'SHA384'),
|
||||
);
|
||||
/**
|
||||
* List the allowed algorithms to sign the token
|
||||
*/
|
||||
private $supportedAlgs = [
|
||||
'HS256' => ['hash_hmac', 'SHA256'],
|
||||
'HS512' => ['hash_hmac', 'SHA512'],
|
||||
'HS384' => ['hash_hmac', 'SHA384'],
|
||||
];
|
||||
|
||||
/** Create the token based on payload, sign it with key, and optionally
|
||||
* encrypt it with ckey
|
||||
* Do not put confidential data in payload without encrypt it, as the result
|
||||
* is only a Base64 format of JSON...
|
||||
* @param array $payload The payload to store
|
||||
* @param string $key The key to be used to sign the token
|
||||
* @param string|null $alg The algorithm to use to sign the token (default
|
||||
* is HS256)
|
||||
* Allowed algorithms : HS256, HS512, HS384
|
||||
* @param string|null $ckey The cipher key to encrypt the payload
|
||||
* @param string|null $cipherMethod The method to cipher the payload
|
||||
* des-ede3-cbc by default
|
||||
* @return string The Token
|
||||
*/
|
||||
/**
|
||||
* Create the token based on payload, sign it with key, and optionally
|
||||
* encrypt it with ckey
|
||||
* Do not put confidential data in payload without encrypt it, as the result
|
||||
* is only a Base64 format of JSON...
|
||||
* @param array $payload The payload to store
|
||||
* @param string $key The key to be used to sign the token
|
||||
* @param string|null $alg The algorithm to use to sign the token (default
|
||||
* is HS256)
|
||||
* Allowed algorithms : HS256, HS512, HS384
|
||||
* @param string|null $ckey The cipher key to encrypt the payload
|
||||
* @param string|null $cipherMethod The method to cipher the payload
|
||||
* des-ede3-cbc by default
|
||||
* @return string The Token
|
||||
*/
|
||||
public function encode(
|
||||
$payload,
|
||||
$key,
|
||||
@@ -52,8 +56,8 @@ class Jwt
|
||||
"Invalid encode algorithm requested : not allowed"
|
||||
), 500);
|
||||
}
|
||||
$header = array("typ" => "JWT", "alg" => $alg);
|
||||
$segments = array();
|
||||
$header = ["typ" => "JWT", "alg" => $alg];
|
||||
$segments = [];
|
||||
$segments[] = $this->urlsafeB64Encode($this->jsonEncode($header));
|
||||
$payload = $this->jsonEncode($payload);
|
||||
if ($ckey) {
|
||||
@@ -67,18 +71,19 @@ class Jwt
|
||||
return implode('.', $segments);
|
||||
}
|
||||
|
||||
/** Decode the provide JWT and return an array of the payload
|
||||
* @param string $jwt The token to examine
|
||||
* @param string $key The key used to sign the message
|
||||
* @param array|null $allowedAlg List of allowed algorithms. If null, all the
|
||||
* algorithms defined in $this->supportedAlgs are allowed
|
||||
* @param string|null $ckey The cipher key to decrypt the payload
|
||||
* @param string|null $cipherMethod The method to cipher the payload
|
||||
* des-ede3-cbc by default
|
||||
* @return array the decoded payload
|
||||
* @throw Exception if the key is not able to verify the token with the
|
||||
* provided password
|
||||
*/
|
||||
/**
|
||||
* Decode the provide JWT and return an array of the payload
|
||||
* @param string $jwt The token to examine
|
||||
* @param string $key The key used to sign the message
|
||||
* @param array|null $allowedAlg List of allowed algorithms. If null, all the
|
||||
* algorithms defined in $this->supportedAlgs are allowed
|
||||
* @param string|null $ckey The cipher key to decrypt the payload
|
||||
* @param string|null $cipherMethod The method to cipher the payload
|
||||
* des-ede3-cbc by default
|
||||
* @return array the decoded payload
|
||||
* @throw Exception if the key is not able to verify the token with the
|
||||
* provided password
|
||||
*/
|
||||
public function decode(
|
||||
$jwt,
|
||||
$key,
|
||||
@@ -135,7 +140,7 @@ class Jwt
|
||||
"JWT with Empty algorithm"
|
||||
), 403);
|
||||
}
|
||||
if (! in_array($header->alg, $allowedAlg)) {
|
||||
if (! in_array($header->alg, $allowedAlg, true)) {
|
||||
throw new \Exception(dgettext(
|
||||
"domframework",
|
||||
"JWT with Invalid algorithm"
|
||||
@@ -169,14 +174,15 @@ class Jwt
|
||||
return $payload;
|
||||
}
|
||||
|
||||
/** Verify the provided token with the key and generate an return true if it
|
||||
* can be verify
|
||||
* @param string $input The text in Base64 to check
|
||||
* @param string $sign The user provided signature in binary
|
||||
* @param string $key The key to use to sign the input
|
||||
* @param string $alg The algorithm to use to sign the input
|
||||
* @return boolean Return true if the input signed is valid
|
||||
*/
|
||||
/**
|
||||
* Verify the provided token with the key and generate an return true if it
|
||||
* can be verify
|
||||
* @param string $input The text in Base64 to check
|
||||
* @param string $sign The user provided signature in binary
|
||||
* @param string $key The key to use to sign the input
|
||||
* @param string $alg The algorithm to use to sign the input
|
||||
* @return boolean Return true if the input signed is valid
|
||||
*/
|
||||
private function verify($input, $sign, $key, $alg)
|
||||
{
|
||||
$signature = $this->sign($input, $key, $alg);
|
||||
@@ -197,20 +203,22 @@ class Jwt
|
||||
return $status === 0;
|
||||
}
|
||||
|
||||
/** Create a signing key
|
||||
* @return string the signing key proposed
|
||||
*/
|
||||
/**
|
||||
* Create a signing key
|
||||
* @return string the signing key proposed
|
||||
*/
|
||||
public function createKey()
|
||||
{
|
||||
return sha1(microtime(true));
|
||||
}
|
||||
|
||||
/** Sign the requested string with the provided key and based on the algorithm
|
||||
* @param string $input The string to sign
|
||||
* @param string $key The key to use
|
||||
* @param string $alg The algorithm to use to sign
|
||||
* @return string The signed string in binary
|
||||
*/
|
||||
/**
|
||||
* Sign the requested string with the provided key and based on the algorithm
|
||||
* @param string $input The string to sign
|
||||
* @param string $key The key to use
|
||||
* @param string $alg The algorithm to use to sign
|
||||
* @return string The signed string in binary
|
||||
*/
|
||||
private function sign($input, $key, $alg)
|
||||
{
|
||||
if (! key_exists($alg, $this->supportedAlgs)) {
|
||||
@@ -231,21 +239,23 @@ class Jwt
|
||||
}
|
||||
}
|
||||
|
||||
/** Return the provided string in base64 without equal at the end
|
||||
* To be URL compliant, the slash and plus are converted to underscore and
|
||||
* dash
|
||||
* @param string $str The string the convert in base64
|
||||
* @return string The string converted in base64
|
||||
*/
|
||||
/**
|
||||
* Return the provided string in base64 without equal at the end
|
||||
* To be URL compliant, the slash and plus are converted to underscore and
|
||||
* dash
|
||||
* @param string $str The string the convert in base64
|
||||
* @return string The string converted in base64
|
||||
*/
|
||||
private function urlsafeB64Encode($str)
|
||||
{
|
||||
return rtrim(strtr(base64_encode($str), '+/', '-_'), "=");
|
||||
}
|
||||
|
||||
/** Return the provided base64 to string
|
||||
* @param string $str The string the convert from base64
|
||||
* @return string The string converted from base64
|
||||
*/
|
||||
/**
|
||||
* Return the provided base64 to string
|
||||
* @param string $str The string the convert from base64
|
||||
* @return string The string converted from base64
|
||||
*/
|
||||
private function urlsafeB64Decode($str)
|
||||
{
|
||||
$str = strtr($str, '-_', '+/');
|
||||
@@ -262,13 +272,14 @@ class Jwt
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
return base64_decode($str);
|
||||
return base64_decode($str, true);
|
||||
}
|
||||
|
||||
/** Return the provided array to JSON string
|
||||
* @param object $input The object to convert in JSON
|
||||
* @return string The JSON string
|
||||
*/
|
||||
/**
|
||||
* Return the provided array to JSON string
|
||||
* @param object $input The object to convert in JSON
|
||||
* @return string The JSON string
|
||||
*/
|
||||
private function jsonEncode($input)
|
||||
{
|
||||
$json = json_encode($input);
|
||||
@@ -281,11 +292,12 @@ class Jwt
|
||||
return $json;
|
||||
}
|
||||
|
||||
/** Decode the provided JSON string and return the result
|
||||
* If null, there is a decode problem
|
||||
* @param string $input The string to decode
|
||||
* @return mixed The decoded string in object
|
||||
*/
|
||||
/**
|
||||
* Decode the provided JSON string and return the result
|
||||
* If null, there is a decode problem
|
||||
* @param string $input The string to decode
|
||||
* @return mixed The decoded string in object
|
||||
*/
|
||||
private function jsonDecode($input)
|
||||
{
|
||||
return json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
|
||||
|
||||
Reference in New Issue
Block a user