JWToken.class.php 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. <?php
  2. /**
  3. * JWToken utilities.
  4. * @author Kiss Team
  5. * @category Plugin
  6. * @license MIT
  7. */
  8. class JWToken {
  9. /* Décrypte une JWT Token avec la clé secrete fournie */
  10. public static function parse($encodedString,$key){
  11. $infos = explode('.', $encodedString);
  12. if(count($infos)!=3) throw new Exception("JWT error : incorrect format", 401);
  13. list($header64, $payloadb64, $signatureb64) = $infos;
  14. $header = $header64;
  15. $payload = $payloadb64;
  16. //header
  17. $remainder = strlen($header) % 4;
  18. if ($remainder) {
  19. $padlen = 4 - $remainder;
  20. $header .= str_repeat('=', $padlen);
  21. }
  22. $header = base64_decode(strtr($header, '-_', '+/'));
  23. $header = json_decode($header,true);
  24. //payload
  25. $remainder = strlen($payload) % 4;
  26. if ($remainder) {
  27. $padlen = 4 - $remainder;
  28. $payload .= str_repeat('=', $padlen);
  29. }
  30. $payload = base64_decode(strtr($payload, '-_', '+/'));
  31. $payload = json_decode($payload,true);
  32. //signature
  33. $remainder = strlen($signatureb64) % 4;
  34. if ($remainder) {
  35. $padlen = 4 - $remainder;
  36. $signatureb64 .= str_repeat('=', $padlen);
  37. }
  38. $signature = base64_decode(strtr($signatureb64, '-_', '+/'));
  39. $hash = hash_hmac('SHA256', "$header64.$payloadb64", $key, true);
  40. $len = min(mb_strlen($signature, '8bit'),mb_strlen($hash, '8bit') );
  41. $status = 0;
  42. for ($i = 0; $i < $len; $i++) {
  43. $status |= (ord($signature[$i]) ^ ord($hash[$i]));
  44. }
  45. $status |= (mb_strlen($signature, '8bit') ^ mb_strlen($hash, '8bit'));
  46. $verify = ($status === 0);
  47. if(!$verify) throw new Exception("JWT error : bad signature or encryption key", 401);
  48. if($payload['exp']<time()) throw new Exception("JWT error : token is expired since ".date('d/m/Y H:i:s',$payload['exp']), 498);
  49. return $payload;
  50. }
  51. //Créé un token crypté en HS256 à partir du payload / clé privée fournis
  52. public static function createFromJson($payload, $key) {
  53. $header = json_encode(array('typ' => 'JWT', 'alg' => 'HS256'));
  54. $payload = json_encode($payload);
  55. $segments = array();
  56. $segments[] = str_replace('=', '', strtr(base64_encode($header), '+/', '-_'));
  57. $segments[] = str_replace('=', '', strtr(base64_encode($payload), '+/', '-_'));
  58. $signing_input = implode('.', $segments);
  59. $signature = hash_hmac('SHA256', $signing_input, $key, true);
  60. $segments[] = str_replace('=', '', strtr(base64_encode($signature), '+/', '-_'));
  61. return implode('.', $segments);
  62. }
  63. }