Rev 639 | Rev 699 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 639 | Rev 679 | ||
|---|---|---|---|
| Line 262... | Line 262... | ||
| 262 | 262 | ||
| 263 | public function loadJWT($jwt) { |
263 | public function loadJWT($jwt) { |
| 264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
| 265 | if (OIDplus::getPkiStatus()) { |
265 | if (OIDplus::getPkiStatus()) { |
| 266 | $pubKey = OIDplus::config()->getValue('oidplus_public_key'); |
266 | $pubKey = OIDplus::config()->getValue('oidplus_public_key'); |
| - | 267 | $k = new \Firebase\JWT\Key($pubKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
|
| 267 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $pubKey, array('RS256', 'RS384', 'RS512')); |
268 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
| 268 | } else { |
269 | } else { |
| 269 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
270 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
| 270 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
271 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
| - | 272 | $k = new \Firebase\JWT\Key($key, 'HS512'); // HMAC+SHA512 is hardcoded here |
|
| 271 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $key, array('HS256', 'HS384', 'HS512')); |
273 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
| 272 | } |
274 | } |
| 273 | } |
275 | } |
| 274 | 276 | ||
| 275 | public function getJWTToken() { |
277 | public function getJWTToken() { |
| 276 | $payload = $this->content; |
278 | $payload = $this->content; |
| Line 279... | Line 281... | ||
| 279 | $payload["jti"] = gen_uuid(); |
281 | $payload["jti"] = gen_uuid(); |
| 280 | $payload["iat"] = time(); |
282 | $payload["iat"] = time(); |
| 281 | 283 | ||
| 282 | if (OIDplus::getPkiStatus()) { |
284 | if (OIDplus::getPkiStatus()) { |
| 283 | $privKey = OIDplus::config()->getValue('oidplus_private_key'); |
285 | $privKey = OIDplus::config()->getValue('oidplus_private_key'); |
| 284 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS512'); |
286 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
| 285 | } else { |
287 | } else { |
| 286 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
288 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
| 287 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
289 | $key = hash_pbkdf2('sha512', $key, '', 10000, 64/*256bit*/, false); |
| 288 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); |
290 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); // HMAC+SHA512 is hardcoded here |
| 289 | } |
291 | } |
| 290 | } |
292 | } |
| 291 | 293 | ||
| 292 | } |
294 | } |