jwt use the encrypt library instead of internal one
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5810 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
78
jwt.php
78
jwt.php
@@ -4,6 +4,8 @@
|
|||||||
* @author Dominique Fournier <dominique@fournier38.fr>
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
require_once ("domframework/encrypt.php");
|
||||||
|
|
||||||
/** Allow to manage the JSON Web Tokens
|
/** Allow to manage the JSON Web Tokens
|
||||||
* Based on https://tools.ietf.org/html/rfc7519
|
* Based on https://tools.ietf.org/html/rfc7519
|
||||||
*
|
*
|
||||||
@@ -47,7 +49,10 @@ class jwt
|
|||||||
$segments[] = $this->urlsafeB64Encode ($this->jsonEncode ($header));
|
$segments[] = $this->urlsafeB64Encode ($this->jsonEncode ($header));
|
||||||
$payload = $this->jsonEncode ($payload);
|
$payload = $this->jsonEncode ($payload);
|
||||||
if ($ckey)
|
if ($ckey)
|
||||||
$payload = $this->encrypt ($payload, $ckey);
|
{
|
||||||
|
$encrypt = new encrypt ();
|
||||||
|
$payload = $encrypt->encrypt ($payload, $ckey);
|
||||||
|
}
|
||||||
$segments[] = $this->urlsafeB64Encode ($payload);
|
$segments[] = $this->urlsafeB64Encode ($payload);
|
||||||
$toBeSigned = implode ('.', $segments);
|
$toBeSigned = implode ('.', $segments);
|
||||||
$signature = $this->sign ($toBeSigned, $key, $alg);
|
$signature = $this->sign ($toBeSigned, $key, $alg);
|
||||||
@@ -83,7 +88,10 @@ class jwt
|
|||||||
$header = (object)$this->jsonDecode ($this->urlsafeB64Decode ($headerb64));
|
$header = (object)$this->jsonDecode ($this->urlsafeB64Decode ($headerb64));
|
||||||
$payload = $this->urlsafeB64Decode ($payloadb64);
|
$payload = $this->urlsafeB64Decode ($payloadb64);
|
||||||
if ($ckey)
|
if ($ckey)
|
||||||
$payload = $this->decrypt ($payload, $ckey);
|
{
|
||||||
|
$encrypt = new encrypt ();
|
||||||
|
$payload = $encrypt->decrypt ($payload, $ckey);
|
||||||
|
}
|
||||||
$payload = $this->jsonDecode ($payload);
|
$payload = $this->jsonDecode ($payload);
|
||||||
$signature = $this->urlsafeB64Decode ($signb64);
|
$signature = $this->urlsafeB64Decode ($signb64);
|
||||||
if ($header === null)
|
if ($header === null)
|
||||||
@@ -150,72 +158,6 @@ class jwt
|
|||||||
}
|
}
|
||||||
// }}}
|
// }}}
|
||||||
|
|
||||||
/** Encrypt the payload to not be readable by anybody
|
|
||||||
* @param string $payload The payload to encrypt
|
|
||||||
* @param string $ckey The 24 chars for the cipher key
|
|
||||||
* @param string|null $cipherMethod DES-EDE3-CBC by default
|
|
||||||
* @return base64 encrypted payload
|
|
||||||
*/
|
|
||||||
private function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc")
|
|
||||||
// {{{
|
|
||||||
{
|
|
||||||
if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid cipher provided to encrypt method : ".
|
|
||||||
"doesn't exists in OpenSSL"), 500);
|
|
||||||
if (! is_string ($payload))
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid payload provided to encrypt method : ".
|
|
||||||
"Not a string"), 500);
|
|
||||||
if (strlen ($ckey) !== 24)
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid cipherKey provided to encrypt method :" .
|
|
||||||
" length different of 24 chars"), 500);
|
|
||||||
// Must be the same as decrypt
|
|
||||||
$options = true;
|
|
||||||
$ivlen = openssl_cipher_iv_length ($cipherMethod);
|
|
||||||
$iv = openssl_random_pseudo_bytes ($ivlen);
|
|
||||||
$ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options,
|
|
||||||
$iv);
|
|
||||||
if ($ciphertext === false)
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Can not encrypt the payload"), 500);
|
|
||||||
$ciphertext = $iv . $ciphertext;
|
|
||||||
return ($ciphertext);
|
|
||||||
}
|
|
||||||
// }}}
|
|
||||||
|
|
||||||
/** Decrypt the payload
|
|
||||||
* @param string $ciphertext The payload to decrypt
|
|
||||||
* @param string $ckey The 24 chars for the cipher key
|
|
||||||
* @param string|null $cipherMethod DES-EDE3-CBC by default
|
|
||||||
* @return decrypted payload
|
|
||||||
*/
|
|
||||||
private function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc")
|
|
||||||
// {{{
|
|
||||||
{
|
|
||||||
if (! is_string ($ciphertext))
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid ciphertext provided to decrypt method : not a string"), 500);
|
|
||||||
if (trim ($ciphertext) === "")
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid ciphertext provided to decrypt method : empty string"), 500);
|
|
||||||
if (strlen ($ckey) !== 24)
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Invalid cipherKey provided to decrypt method :" .
|
|
||||||
" length different of 24 chars"), 500);
|
|
||||||
$ivlen = openssl_cipher_iv_length ($cipherMethod);
|
|
||||||
$iv = substr ($ciphertext, 0, $ivlen);
|
|
||||||
if (strlen ($iv) != $ivlen)
|
|
||||||
throw new \Exception (dgettext ("domframework",
|
|
||||||
"Can not decrypt the payload : invalid salt"), 500);
|
|
||||||
// Must be the same as encrypt
|
|
||||||
$options = true;
|
|
||||||
$ciphertext = substr ($ciphertext, $ivlen);
|
|
||||||
return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv);
|
|
||||||
}
|
|
||||||
// }}}
|
|
||||||
|
|
||||||
/** Sign the requested string with the provided key and based on the algorithm
|
/** Sign the requested string with the provided key and based on the algorithm
|
||||||
* @param string $input The string to sign
|
* @param string $input The string to sign
|
||||||
* @param string $key The key to use
|
* @param string $key The key to use
|
||||||
|
|||||||
Reference in New Issue
Block a user