Rev 826 | Rev 1050 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 826 | Rev 830 | ||
---|---|---|---|
Line 261... | Line 261... | ||
261 | // Individual functions |
261 | // Individual functions |
262 | 262 | ||
263 | public function loadJWT($jwt) { |
263 | public function loadJWT($jwt) { |
264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
264 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
265 | if (OIDplus::getPkiStatus()) { |
265 | if (OIDplus::getPkiStatus()) { |
266 | $pubKey = OIDplus::config()->getValue('oidplus_public_key'); |
266 | $pubKey = OIDplus::getSystemPublicKey(); |
267 | $k = new \Firebase\JWT\Key($pubKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
267 | $k = new \Firebase\JWT\Key($pubKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
268 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
268 | $this->content = (array) \Firebase\JWT\JWT::decode($jwt, $k); |
269 | } else { |
269 | } else { |
270 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
270 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
271 | $key = hash_pbkdf2('sha512', $key, '', 10000, 32/*256bit*/, false); |
271 | $key = hash_pbkdf2('sha512', $key, '', 10000, 32/*256bit*/, false); |
Line 280... | Line 280... | ||
280 | $payload["aud"] = OIDplus::getEditionInfo()['jwtaud']; |
280 | $payload["aud"] = OIDplus::getEditionInfo()['jwtaud']; |
281 | $payload["jti"] = gen_uuid(); |
281 | $payload["jti"] = gen_uuid(); |
282 | $payload["iat"] = time(); |
282 | $payload["iat"] = time(); |
283 | 283 | ||
284 | if (OIDplus::getPkiStatus()) { |
284 | if (OIDplus::getPkiStatus()) { |
285 | $privKey = OIDplus::config()->getValue('oidplus_private_key'); |
285 | $privKey = OIDplus::getSystemPrivateKey(); |
286 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
286 | return \Firebase\JWT\JWT::encode($payload, $privKey, 'RS256'); // RSA+SHA256 ist hardcoded in getPkiStatus() generation |
287 | } else { |
287 | } else { |
288 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
288 | $key = OIDplus::baseConfig()->getValue('SERVER_SECRET', '').'/OIDplusAuthContentStoreJWT'; |
289 | $key = hash_pbkdf2('sha512', $key, '', 10000, 32/*256bit*/, false); |
289 | $key = hash_pbkdf2('sha512', $key, '', 10000, 32/*256bit*/, false); |
290 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); // HMAC+SHA512 is hardcoded here |
290 | return \Firebase\JWT\JWT::encode($payload, $key, 'HS512'); // HMAC+SHA512 is hardcoded here |