Rev 639 | Rev 699 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 639 | Rev 679 | ||
---|---|---|---|
Line 262... | Line 262... | ||
262 | 262 | ||
263 | public function loadJWT($jwt) { |
263 | public function loadJWT($jwt) { |
264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
265 | if (OIDplus::getPkiStatus()) { |
265 | if (OIDplus::getPkiStatus()) { |
266 | $pubKey = OIDplus::config()->getValue('oidplus_public_key'); |
266 | $pubKey = OIDplus::config()->getValue('oidplus_public_key'); |
- | 267 | $k = new \Firebase\JWT\Key($pubKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
|
267 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $pubKey, array('RS256', 'RS384', 'RS512')); |
268 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
268 | } else { |
269 | } else { |
269 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
270 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
270 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
271 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
- | 272 | $k = new \Firebase\JWT\Key($key, 'HS512'); // HMAC+SHA512 is hardcoded here |
|
271 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $key, array('HS256', 'HS384', 'HS512')); |
273 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
272 | } |
274 | } |
273 | } |
275 | } |
274 | 276 | ||
275 | public function getJWTToken() { |
277 | public function getJWTToken() { |
276 | $payload = $this->content; |
278 | $payload = $this->content; |
Line 279... | Line 281... | ||
279 | $payload["jti"] = gen_uuid(); |
281 | $payload["jti"] = gen_uuid(); |
280 | $payload["iat"] = time(); |
282 | $payload["iat"] = time(); |
281 | 283 | ||
282 | if (OIDplus::getPkiStatus()) { |
284 | if (OIDplus::getPkiStatus()) { |
283 | $privKey = OIDplus::config()->getValue('oidplus_private_key'); |
285 | $privKey = OIDplus::config()->getValue('oidplus_private_key'); |
284 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS512'); |
286 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
285 | } else { |
287 | } else { |
286 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
288 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
287 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
289 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
288 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); |
290 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); // HMAC+SHA512 is hardcoded here |
289 | } |
291 | } |
290 | } |
292 | } |
291 | 293 | ||
292 | } |
294 | } |