Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

jwt use the encrypt library instead of internal one

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5810 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-12-09 09:35:34 +00:00
parent 1638357f75
commit a3e4ab6b5b
1 changed files with 10 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
jwt.php
View File

@@ -4,6 +4,8 @@
* @author Dominique Fournier <dominique@fournier38.fr>
*/
require_once ("domframework/encrypt.php");
/** Allow to manage the JSON Web Tokens
* Based on https://tools.ietf.org/html/rfc7519
*
@@ -47,7 +49,10 @@ class jwt
$segments[] = $this->urlsafeB64Encode ($this->jsonEncode ($header));
$payload = $this->jsonEncode ($payload);
if ($ckey)
$payload = $this->encrypt ($payload, $ckey);
{
$encrypt = new encrypt ();
$payload = $encrypt->encrypt ($payload, $ckey);
}
$segments[] = $this->urlsafeB64Encode ($payload);
$toBeSigned = implode ('.', $segments);
$signature = $this->sign ($toBeSigned, $key, $alg);
@@ -83,7 +88,10 @@ class jwt
$header = (object)$this->jsonDecode ($this->urlsafeB64Decode ($headerb64));
$payload = $this->urlsafeB64Decode ($payloadb64);
if ($ckey)
$payload = $this->decrypt ($payload, $ckey);
{
$encrypt = new encrypt ();
$payload = $encrypt->decrypt ($payload, $ckey);
}
$payload = $this->jsonDecode ($payload);
$signature = $this->urlsafeB64Decode ($signb64);
if ($header === null)
@@ -150,72 +158,6 @@ class jwt
}
// }}}
/** Encrypt the payload to not be readable by anybody
* @param string $payload The payload to encrypt
* @param string $ckey The 24 chars for the cipher key
* @param string|null $cipherMethod DES-EDE3-CBC by default
* @return base64 encrypted payload
*/
private function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc")
// {{{
{
if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
throw new \Exception (dgettext ("domframework",
"Invalid cipher provided to encrypt method : ".
"doesn't exists in OpenSSL"), 500);
if (! is_string ($payload))
throw new \Exception (dgettext ("domframework",
"Invalid payload provided to encrypt method : ".
"Not a string"), 500);
if (strlen ($ckey) !== 24)
throw new \Exception (dgettext ("domframework",
"Invalid cipherKey provided to encrypt method :" .
" length different of 24 chars"), 500);
// Must be the same as decrypt
$options = true;
$ivlen = openssl_cipher_iv_length ($cipherMethod);
$iv = openssl_random_pseudo_bytes ($ivlen);
$ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options,
$iv);
if ($ciphertext === false)
throw new \Exception (dgettext ("domframework",
"Can not encrypt the payload"), 500);
$ciphertext = $iv . $ciphertext;
return ($ciphertext);
}
// }}}
/** Decrypt the payload
* @param string $ciphertext The payload to decrypt
* @param string $ckey The 24 chars for the cipher key
* @param string|null $cipherMethod DES-EDE3-CBC by default
* @return decrypted payload
*/
private function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc")
// {{{
{
if (! is_string ($ciphertext))
throw new \Exception (dgettext ("domframework",
"Invalid ciphertext provided to decrypt method : not a string"), 500);
if (trim ($ciphertext) === "")
throw new \Exception (dgettext ("domframework",
"Invalid ciphertext provided to decrypt method : empty string"), 500);
if (strlen ($ckey) !== 24)
throw new \Exception (dgettext ("domframework",
"Invalid cipherKey provided to decrypt method :" .
" length different of 24 chars"), 500);
$ivlen = openssl_cipher_iv_length ($cipherMethod);
$iv = substr ($ciphertext, 0, $ivlen);
if (strlen ($iv) != $ivlen)
throw new \Exception (dgettext ("domframework",
"Can not decrypt the payload : invalid salt"), 500);
// Must be the same as encrypt
$options = true;
$ciphertext = substr ($ciphertext, $ivlen);
return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv);
}
// }}}
/** Sign the requested string with the provided key and based on the algorithm
* @param string $input The string to sign
* @param string $key The key to use