diff --git a/jwt.php b/jwt.php index 7779977..33fdd3d 100644 --- a/jwt.php +++ b/jwt.php @@ -4,6 +4,8 @@ * @author Dominique Fournier */ +require_once ("domframework/encrypt.php"); + /** Allow to manage the JSON Web Tokens * Based on https://tools.ietf.org/html/rfc7519 * @@ -47,7 +49,10 @@ class jwt $segments[] = $this->urlsafeB64Encode ($this->jsonEncode ($header)); $payload = $this->jsonEncode ($payload); if ($ckey) - $payload = $this->encrypt ($payload, $ckey); + { + $encrypt = new encrypt (); + $payload = $encrypt->encrypt ($payload, $ckey); + } $segments[] = $this->urlsafeB64Encode ($payload); $toBeSigned = implode ('.', $segments); $signature = $this->sign ($toBeSigned, $key, $alg); @@ -83,7 +88,10 @@ class jwt $header = (object)$this->jsonDecode ($this->urlsafeB64Decode ($headerb64)); $payload = $this->urlsafeB64Decode ($payloadb64); if ($ckey) - $payload = $this->decrypt ($payload, $ckey); + { + $encrypt = new encrypt (); + $payload = $encrypt->decrypt ($payload, $ckey); + } $payload = $this->jsonDecode ($payload); $signature = $this->urlsafeB64Decode ($signb64); if ($header === null) @@ -150,72 +158,6 @@ class jwt } // }}} - /** Encrypt the payload to not be readable by anybody - * @param string $payload The payload to encrypt - * @param string $ckey The 24 chars for the cipher key - * @param string|null $cipherMethod DES-EDE3-CBC by default - * @return base64 encrypted payload - */ - private function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc") - // {{{ - { - if (! in_array ($cipherMethod, openssl_get_cipher_methods())) - throw new \Exception (dgettext ("domframework", - "Invalid cipher provided to encrypt method : ". - "doesn't exists in OpenSSL"), 500); - if (! is_string ($payload)) - throw new \Exception (dgettext ("domframework", - "Invalid payload provided to encrypt method : ". - "Not a string"), 500); - if (strlen ($ckey) !== 24) - throw new \Exception (dgettext ("domframework", - "Invalid cipherKey provided to encrypt method :" . - " length different of 24 chars"), 500); - // Must be the same as decrypt - $options = true; - $ivlen = openssl_cipher_iv_length ($cipherMethod); - $iv = openssl_random_pseudo_bytes ($ivlen); - $ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options, - $iv); - if ($ciphertext === false) - throw new \Exception (dgettext ("domframework", - "Can not encrypt the payload"), 500); - $ciphertext = $iv . $ciphertext; - return ($ciphertext); - } - // }}} - - /** Decrypt the payload - * @param string $ciphertext The payload to decrypt - * @param string $ckey The 24 chars for the cipher key - * @param string|null $cipherMethod DES-EDE3-CBC by default - * @return decrypted payload - */ - private function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc") - // {{{ - { - if (! is_string ($ciphertext)) - throw new \Exception (dgettext ("domframework", - "Invalid ciphertext provided to decrypt method : not a string"), 500); - if (trim ($ciphertext) === "") - throw new \Exception (dgettext ("domframework", - "Invalid ciphertext provided to decrypt method : empty string"), 500); - if (strlen ($ckey) !== 24) - throw new \Exception (dgettext ("domframework", - "Invalid cipherKey provided to decrypt method :" . - " length different of 24 chars"), 500); - $ivlen = openssl_cipher_iv_length ($cipherMethod); - $iv = substr ($ciphertext, 0, $ivlen); - if (strlen ($iv) != $ivlen) - throw new \Exception (dgettext ("domframework", - "Can not decrypt the payload : invalid salt"), 500); - // Must be the same as encrypt - $options = true; - $ciphertext = substr ($ciphertext, $ivlen); - return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv); - } - // }}} - /** Sign the requested string with the provided key and based on the algorithm * @param string $input The string to sign * @param string $key The key to use