diff options
| author | John LeSueur <john.lesueur@gmail.com> | 2014-06-19 11:03:53 -0600 |
|---|---|---|
| committer | John LeSueur <john.lesueur@gmail.com> | 2014-06-19 11:03:53 -0600 |
| commit | b31429e98267ca75007d64d9f560777b701e15d4 (patch) | |
| tree | 8ca3dbd25501c3116b9c582b51352edf86ffd7b4 | |
| parent | 269eca3703f0546ea6bc5ff05d1650cece3e7fa5 (diff) | |
| download | php-jwt-b31429e98267ca75007d64d9f560777b701e15d4.zip php-jwt-b31429e98267ca75007d64d9f560777b701e15d4.tar.gz php-jwt-b31429e98267ca75007d64d9f560777b701e15d4.tar.bz2 | |
Update JWT.php
Try to add the RS256 algorithm.
| -rw-r--r-- | Authentication/JWT.php | 50 |
1 files changed, 40 insertions, 10 deletions
diff --git a/Authentication/JWT.php b/Authentication/JWT.php index 771f223..efb2ef0 100644 --- a/Authentication/JWT.php +++ b/Authentication/JWT.php @@ -26,7 +26,12 @@ */ class JWT { - + static $methods = array( + 'HS256' => array('hash_hmac', 'SHA256'), + 'HS512' => array('hash_hmac', 'SHA512'), + 'HS384' => array('hash_hmac', 'SHA384'), + 'RS256' => array('openssl', 'SHA256'), + ); /** * Returns just the header portion of the jwt. This allows * you to determine which key should be used to verify @@ -80,7 +85,7 @@ class JWT if (empty($header->alg)) { throw new DomainException('Empty algorithm'); } - if ($sig != JWT::sign("$headb64.$bodyb64", $key, $header->alg)) { + if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { throw new UnexpectedValueException('Signature verification failed'); } // Check token expiry time if defined. @@ -131,16 +136,41 @@ class JWT */ public static function sign($msg, $key, $method = 'HS256') { - $methods = array( - 'HS256' => 'sha256', - 'HS384' => 'sha384', - 'HS512' => 'sha512', - ); - if (empty($methods[$method])) { + if (empty(self::$methods[$method])) { + throw new DomainException('Algorithm not supported'); + } + list($function, $algo) = self::$methods[$method]; + switch($function) { + case 'hash_hmac': + return hash_hmac($algo, $msg, $key, true); + case 'openssl': + $signature = ''; + $success = openssl_sign($msg, $signature, $key, $algo); + if(!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + } + } + + public static function verify($msg, $signature $key, $method = 'HS256') { + if (empty(self::$methods[$method])) { throw new DomainException('Algorithm not supported'); } - - return hash_hmac($methods[$method], $msg, $key, true); + list($function, $algo) = self::$methods[$method]; + switch($function) { + case 'openssl': + $success = openssl_verify($msg, $signature, $key, $algo); + if(!$success) { + throw new DomainException("OpenSSL unable to sign data"); + } else { + return $signature; + } + case 'hash_hmac': + default: + return $signature === hash_hmac($algo, $msg, $key, true); + } } /** |