pax_global_header00006660000000000000000000000064125537605540014526gustar00rootroot0000000000000052 comment=fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1 php-jwt-3.0.0/000077500000000000000000000000001255376055400131175ustar00rootroot00000000000000php-jwt-3.0.0/.gitignore000066400000000000000000000000631255376055400151060ustar00rootroot00000000000000vendor phpunit.phar phpunit.phar.asc composer.phar php-jwt-3.0.0/.travis.yml000066400000000000000000000003071255376055400152300ustar00rootroot00000000000000language: php php: - 5.3 - 5.4 - 5.5 - hhvm before_script: - wget -nc http://getcomposer.org/composer.phar - php composer.phar install script: phpunit --configuration phpunit.xml.dist php-jwt-3.0.0/LICENSE000066400000000000000000000027601255376055400141310ustar00rootroot00000000000000Copyright (c) 2011, Neuman Vong All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Neuman Vong nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. php-jwt-3.0.0/README.md000066400000000000000000000072241255376055400144030ustar00rootroot00000000000000[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) [![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) [![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) [![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) PHP-JWT ======= A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the [current spec](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06) Installation ------------ Use composer to manage your dependencies and download PHP-JWT: ```bash composer require firebase/php-jwt ``` Example ------- ```php "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, "nbf" => 1357000000 ); /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $jwt = JWT::encode($token, $key); $decoded = JWT::decode($jwt, $key, array('HS256')); print_r($decoded); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); ?> ``` Changelog --------- #### 3.0.0 / 2015-07-22 - Minimum PHP version updated from `5.2.0` to `5.3.0`. - Add `\Firebase\JWT` namespace. See [#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to [@Dashron](https://github.com/Dashron)! - Require a non-empty key to decode and verify a JWT. See [#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to [@sjones608](https://github.com/sjones608)! - Cleaner documentation blocks in the code. See [#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to [@johanderuijter](https://github.com/johanderuijter)! #### 2.2.0 / 2015-06-22 - Add support for adding custom, optional JWT headers to `JWT::encode()`. See [#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to [@mcocaro](https://github.com/mcocaro)! #### 2.1.0 / 2015-05-20 - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! - Add support for passing an object implementing the `ArrayAccess` interface for `$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! #### 2.0.0 / 2015-04-01 - **Note**: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together. - Update signature for `JWT::decode(...)` to require an array of supported algorithms to use when verifying token signatures. Tests ----- Run the tests using phpunit: ```bash $ pear install PHPUnit $ phpunit --configuration phpunit.xml.dist PHPUnit 3.7.10 by Sebastian Bergmann. ..... Time: 0 seconds, Memory: 2.50Mb OK (5 tests, 5 assertions) ``` License ------- [3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). php-jwt-3.0.0/composer.json000066400000000000000000000013031255376055400156360ustar00rootroot00000000000000{ "name": "firebase/php-jwt", "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", "homepage": "https://github.com/firebase/php-jwt", "authors": [ { "name": "Neuman Vong", "email": "neuman+pear@twilio.com", "role": "Developer" }, { "name": "Anant Narayanan", "email": "anant@php.net", "role": "Developer" } ], "license": "BSD-3-Clause", "require": { "php": ">=5.3.0" }, "autoload": { "psr-4": { "Firebase\\JWT\\": "src" } }, "minimum-stability": "dev" } php-jwt-3.0.0/composer.lock000066400000000000000000000010571255376055400156230ustar00rootroot00000000000000{ "_readme": [ "This file locks the dependencies of your project to a known state", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], "hash": "60a5df5d283a7ae9000173248eba8909", "packages": [], "packages-dev": [], "aliases": [], "minimum-stability": "dev", "stability-flags": [], "prefer-stable": false, "prefer-lowest": false, "platform": { "php": ">=5.2.0" }, "platform-dev": [] } php-jwt-3.0.0/package.xml000066400000000000000000000041331255376055400152350ustar00rootroot00000000000000 JWT pear.php.net A JWT encoder/decoder. A JWT encoder/decoder library for PHP. Neuman Vong lcfrs neuman+pear@twilio.com yes Firebase Operations firebase operations@firebase.com yes 2015-07-22 3.0.0 3.0.0 beta beta BSD 3-Clause License Initial release with basic support for JWT encoding, decoding and signature verification. 5.1 1.7.0 json hash 0.1.0 0.1.0 beta beta 2015-04-01 BSD 3-Clause License Initial release with basic support for JWT encoding, decoding and signature verification. php-jwt-3.0.0/phpunit.xml.dist000066400000000000000000000010671255376055400162760ustar00rootroot00000000000000 ./tests php-jwt-3.0.0/run-tests.sh000077500000000000000000000022401255376055400154200ustar00rootroot00000000000000 #!/usr/bin/env bash gpg --fingerprint D8406D0D82947747293778314AA394086372C20A if [ $? -ne 0 ]; then echo -e "\033[33mDownloading PGP Public Key...\033[0m" gpg --recv-keys D8406D0D82947747293778314AA394086372C20A # Sebastian Bergmann gpg --fingerprint D8406D0D82947747293778314AA394086372C20A if [ $? -ne 0 ]; then echo -e "\033[31mCould not download PGP public key for verification\033[0m" exit fi fi # Let's grab the latest release and its signature if [ ! -f phpunit.phar ]; then wget https://phar.phpunit.de/phpunit.phar fi if [ ! -f phpunit.phar.asc ]; then wget https://phar.phpunit.de/phpunit.phar.asc fi # Verify before running gpg --verify phpunit.phar.asc phpunit.phar if [ $? -eq 0 ]; then echo echo -e "\033[33mBegin Unit Testing\033[0m" # Run the testing suite php --version php phpunit.phar --configuration phpunit.xml.dist else echo chmod -x phpunit.phar mv phpunit.phar /tmp/bad-phpunit.phar mv phpunit.phar.asc /tmp/bad-phpunit.phar.asc echo -e "\033[31mSignature did not match! PHPUnit has been moved to /tmp/bad-phpunit.phar\033[0m" exit 1 fi php-jwt-3.0.0/src/000077500000000000000000000000001255376055400137065ustar00rootroot00000000000000php-jwt-3.0.0/src/BeforeValidException.php000066400000000000000000000001411255376055400204540ustar00rootroot00000000000000 * @author Anant Narayanan * @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD * @link https://github.com/firebase/php-jwt */ class JWT { /** * When checking nbf, iat or expiration times, * we want to provide some extra leeway time to * account for clock skew. */ public static $leeway = 0; public static $supported_algs = array( 'HS256' => array('hash_hmac', 'SHA256'), 'HS512' => array('hash_hmac', 'SHA512'), 'HS384' => array('hash_hmac', 'SHA384'), 'RS256' => array('openssl', 'SHA256'), ); /** * Decodes a JWT string into a PHP object. * * @param string $jwt The JWT * @param string|array|null $key The key, or map of keys. * If the algorithm used is asymmetric, this is the public key * @param array $allowed_algs List of supported verification algorithms * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * * @return object The JWT's payload as a PHP object * * @throws DomainException Algorithm was not provided * @throws UnexpectedValueException Provided JWT was invalid * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed * @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf' * @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat' * @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim * * @uses jsonDecode * @uses urlsafeB64Decode */ public static function decode($jwt, $key, $allowed_algs = array()) { if (empty($key)) { throw new InvalidArgumentException('Key may not be empty'); } $tks = explode('.', $jwt); if (count($tks) != 3) { throw new UnexpectedValueException('Wrong number of segments'); } list($headb64, $bodyb64, $cryptob64) = $tks; if (null === ($header = JWT::jsonDecode(JWT::urlsafeB64Decode($headb64)))) { throw new UnexpectedValueException('Invalid header encoding'); } if (null === $payload = JWT::jsonDecode(JWT::urlsafeB64Decode($bodyb64))) { throw new UnexpectedValueException('Invalid claims encoding'); } $sig = JWT::urlsafeB64Decode($cryptob64); if (empty($header->alg)) { throw new DomainException('Empty algorithm'); } if (empty(self::$supported_algs[$header->alg])) { throw new DomainException('Algorithm not supported'); } if (!is_array($allowed_algs) || !in_array($header->alg, $allowed_algs)) { throw new DomainException('Algorithm not allowed'); } if (is_array($key) || $key instanceof \ArrayAccess) { if (isset($header->kid)) { $key = $key[$header->kid]; } else { throw new DomainException('"kid" empty, unable to lookup correct key'); } } // Check the signature if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { throw new SignatureInvalidException('Signature verification failed'); } // Check if the nbf if it is defined. This is the time that the // token can actually be used. If it's not yet that time, abort. if (isset($payload->nbf) && $payload->nbf > (time() + self::$leeway)) { throw new BeforeValidException( 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) ); } // Check that this token has been created before 'now'. This prevents // using tokens that have been created for later use (and haven't // correctly used the nbf claim). if (isset($payload->iat) && $payload->iat > (time() + self::$leeway)) { throw new BeforeValidException( 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) ); } // Check if this token has expired. if (isset($payload->exp) && (time() - self::$leeway) >= $payload->exp) { throw new ExpiredException('Expired token'); } return $payload; } /** * Converts and signs a PHP object or array into a JWT string. * * @param object|array $payload PHP object or array * @param string $key The secret key. * If the algorithm used is asymmetric, this is the private key * @param string $alg The signing algorithm. * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * @param array $head An array with header elements to attach * * @return string A signed JWT * * @uses jsonEncode * @uses urlsafeB64Encode */ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) { $header = array('typ' => 'JWT', 'alg' => $alg); if ($keyId !== null) { $header['kid'] = $keyId; } if ( isset($head) && is_array($head) ) { $header = array_merge($head, $header); } $segments = array(); $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header)); $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload)); $signing_input = implode('.', $segments); $signature = JWT::sign($signing_input, $key, $alg); $segments[] = JWT::urlsafeB64Encode($signature); return implode('.', $segments); } /** * Sign a string with a given key and algorithm. * * @param string $msg The message to sign * @param string|resource $key The secret key * @param string $alg The signing algorithm. * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' * * @return string An encrypted message * * @throws DomainException Unsupported algorithm was specified */ public static function sign($msg, $key, $alg = 'HS256') { if (empty(self::$supported_algs[$alg])) { throw new DomainException('Algorithm not supported'); } list($function, $algorithm) = self::$supported_algs[$alg]; switch($function) { case 'hash_hmac': return hash_hmac($algorithm, $msg, $key, true); case 'openssl': $signature = ''; $success = openssl_sign($msg, $signature, $key, $algorithm); if (!$success) { throw new DomainException("OpenSSL unable to sign data"); } else { return $signature; } } } /** * Verify a signature with the message, key and method. Not all methods * are symmetric, so we must have a separate verify and sign method. * * @param string $msg The original message (header and body) * @param string $signature The original signature * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key * @param string $alg The algorithm * * @return bool * * @throws DomainException Invalid Algorithm or OpenSSL failure */ private static function verify($msg, $signature, $key, $alg) { if (empty(self::$supported_algs[$alg])) { throw new DomainException('Algorithm not supported'); } list($function, $algorithm) = self::$supported_algs[$alg]; switch($function) { case 'openssl': $success = openssl_verify($msg, $signature, $key, $algorithm); if (!$success) { throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); } else { return $signature; } case 'hash_hmac': default: $hash = hash_hmac($algorithm, $msg, $key, true); if (function_exists('hash_equals')) { return hash_equals($signature, $hash); } $len = min(self::safeStrlen($signature), self::safeStrlen($hash)); $status = 0; for ($i = 0; $i < $len; $i++) { $status |= (ord($signature[$i]) ^ ord($hash[$i])); } $status |= (self::safeStrlen($signature) ^ self::safeStrlen($hash)); return ($status === 0); } } /** * Decode a JSON string into a PHP object. * * @param string $input JSON string * * @return object Object representation of JSON string * * @throws DomainException Provided string was invalid JSON */ public static function jsonDecode($input) { if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you * to specify that large ints (like Steam Transaction IDs) should be treated as * strings, rather than the PHP default behaviour of converting them to floats. */ $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); } else { /** Not all servers will support that, however, so for older versions we must * manually detect large ints in the JSON string and quote them (thus converting *them to strings) before decoding, hence the preg_replace() call. */ $max_int_length = strlen((string) PHP_INT_MAX) - 1; $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); $obj = json_decode($json_without_bigints); } if (function_exists('json_last_error') && $errno = json_last_error()) { JWT::handleJsonError($errno); } elseif ($obj === null && $input !== 'null') { throw new DomainException('Null result with non-null input'); } return $obj; } /** * Encode a PHP object into a JSON string. * * @param object|array $input A PHP object or array * * @return string JSON representation of the PHP object or array * * @throws DomainException Provided object could not be encoded to valid JSON */ public static function jsonEncode($input) { $json = json_encode($input); if (function_exists('json_last_error') && $errno = json_last_error()) { JWT::handleJsonError($errno); } elseif ($json === 'null' && $input !== null) { throw new DomainException('Null result with non-null input'); } return $json; } /** * Decode a string with URL-safe Base64. * * @param string $input A Base64 encoded string * * @return string A decoded string */ public static function urlsafeB64Decode($input) { $remainder = strlen($input) % 4; if ($remainder) { $padlen = 4 - $remainder; $input .= str_repeat('=', $padlen); } return base64_decode(strtr($input, '-_', '+/')); } /** * Encode a string with URL-safe Base64. * * @param string $input The string you want encoded * * @return string The base64 encode of what you passed in */ public static function urlsafeB64Encode($input) { return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); } /** * Helper method to create a JSON error. * * @param int $errno An error number from json_last_error() * * @return void */ private static function handleJsonError($errno) { $messages = array( JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' ); throw new DomainException( isset($messages[$errno]) ? $messages[$errno] : 'Unknown JSON error: ' . $errno ); } /** * Get the number of bytes in cryptographic strings. * * @param string * * @return int */ private static function safeStrlen($str) { if (function_exists('mb_strlen')) { return mb_strlen($str, '8bit'); } return strlen($str); } } php-jwt-3.0.0/src/SignatureInvalidException.php000066400000000000000000000001461255376055400215470ustar00rootroot00000000000000assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc'); } public function testDecodeFromPython() { $msg = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.Iio6aHR0cDovL2FwcGxpY2F0aW9uL2NsaWNreT9ibGFoPTEuMjMmZi5vbz00NTYgQUMwMDAgMTIzIg.E_U8X2YpMT5K1cEiT_3-IvBYfrdIFIeVYeOqre_Z5Cg'; $this->assertEquals( JWT::decode($msg, 'my_key', array('HS256')), '*:http://application/clicky?blah=1.23&f.oo=456 AC000 123' ); } public function testUrlSafeCharacters() { $encoded = JWT::encode('f?', 'a'); $this->assertEquals('f?', JWT::decode($encoded, 'a', array('HS256'))); } public function testMalformedUtf8StringsFail() { $this->setExpectedException('DomainException'); JWT::encode(pack('c', 128), 'a'); } public function testMalformedJsonThrowsException() { $this->setExpectedException('DomainException'); JWT::jsonDecode('this is not valid JSON string'); } public function testExpiredToken() { $this->setExpectedException('Firebase\JWT\ExpiredException'); $payload = array( "message" => "abc", "exp" => time() - 20); // time in the past $encoded = JWT::encode($payload, 'my_key'); JWT::decode($encoded, 'my_key', array('HS256')); } public function testBeforeValidTokenWithNbf() { $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "nbf" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); JWT::decode($encoded, 'my_key', array('HS256')); } public function testBeforeValidTokenWithIat() { $this->setExpectedException('Firebase\JWT\BeforeValidException'); $payload = array( "message" => "abc", "iat" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); JWT::decode($encoded, 'my_key', array('HS256')); } public function testValidToken() { $payload = array( "message" => "abc", "exp" => time() + JWT::$leeway + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); } public function testValidTokenWithLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "exp" => time() - 20); // time in the past $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); JWT::$leeway = 0; } public function testExpiredTokenWithLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "exp" => time() - 70); // time far in the past $this->setExpectedException('Firebase\JWT\ExpiredException'); $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); JWT::$leeway = 0; } public function testValidTokenWithList() { $payload = array( "message" => "abc", "exp" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256', 'HS512')); $this->assertEquals($decoded->message, 'abc'); } public function testValidTokenWithNbf() { $payload = array( "message" => "abc", "iat" => time(), "exp" => time() + 20, // time in the future "nbf" => time() - 20); $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); } public function testValidTokenWithNbfLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "nbf" => time() + 20); // not before in near (leeway) future $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); JWT::$leeway = 0; } public function testInvalidTokenWithNbfLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "nbf" => time() + 65); // not before too far in future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } public function testValidTokenWithIatLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "iat" => time() + 20); // issued in near (leeway) future $encoded = JWT::encode($payload, 'my_key'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); $this->assertEquals($decoded->message, 'abc'); JWT::$leeway = 0; } public function testInvalidTokenWithIatLeeway() { JWT::$leeway = 60; $payload = array( "message" => "abc", "iat" => time() + 65); // issued too far in future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('Firebase\JWT\BeforeValidException'); $decoded = JWT::decode($encoded, 'my_key', array('HS256')); JWT::$leeway = 0; } public function testInvalidToken() { $payload = array( "message" => "abc", "exp" => time() + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('Firebase\JWT\SignatureInvalidException'); $decoded = JWT::decode($encoded, 'my_key2', array('HS256')); } public function testNullKeyFails() { $payload = array( "message" => "abc", "exp" => time() + JWT::$leeway + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('InvalidArgumentException'); $decoded = JWT::decode($encoded, null, array('HS256')); } public function testEmptyKeyFails() { $payload = array( "message" => "abc", "exp" => time() + JWT::$leeway + 20); // time in the future $encoded = JWT::encode($payload, 'my_key'); $this->setExpectedException('InvalidArgumentException'); $decoded = JWT::decode($encoded, '', array('HS256')); } public function testRSEncodeDecode() { $privKey = openssl_pkey_new(array('digest_alg' => 'sha256', 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA)); $msg = JWT::encode('abc', $privKey, 'RS256'); $pubKey = openssl_pkey_get_details($privKey); $pubKey = $pubKey['key']; $decoded = JWT::decode($msg, $pubKey, array('RS256')); $this->assertEquals($decoded, 'abc'); } public function testKIDChooser() { $keys = array('1' => 'my_key', '2' => 'my_key2'); $msg = JWT::encode('abc', $keys['1'], 'HS256', '1'); $decoded = JWT::decode($msg, $keys, array('HS256')); $this->assertEquals($decoded, 'abc'); } public function testArrayAccessKIDChooser() { $keys = new ArrayObject(array('1' => 'my_key', '2' => 'my_key2')); $msg = JWT::encode('abc', $keys['1'], 'HS256', '1'); $decoded = JWT::decode($msg, $keys, array('HS256')); $this->assertEquals($decoded, 'abc'); } public function testNoneAlgorithm() { $msg = JWT::encode('abc', 'my_key'); $this->setExpectedException('DomainException'); JWT::decode($msg, 'my_key', array('none')); } public function testIncorrectAlgorithm() { $msg = JWT::encode('abc', 'my_key'); $this->setExpectedException('DomainException'); JWT::decode($msg, 'my_key', array('RS256')); } public function testMissingAlgorithm() { $msg = JWT::encode('abc', 'my_key'); $this->setExpectedException('DomainException'); JWT::decode($msg, 'my_key'); } public function testAdditionalHeaders() { $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' => 'test-eit;v=1')); $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc'); } public function testInvalidSegmentCount() { $this->setExpectedException('UnexpectedValueException'); JWT::decode('brokenheader.brokenbody', 'my_key', array('HS256')); } } php-jwt-3.0.0/tests/autoload.php.dist000066400000000000000000000006641255376055400175520ustar00rootroot00000000000000