Skip to content
This repository has been archived by the owner on Jan 3, 2024. It is now read-only.

Moved the RSA signing throw into the signing function #37

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Moved the RSA signing throw into the signing function #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4645b22
Moved the RSA signing throw into the signing function
oauth2-middleware Jul 14, 2017
0a3c4f2
Added checking for depcrecated hashing algorithms
oauth2-middleware Jul 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions src/JOSE/JWS.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,6 @@ function sign($private_key_or_secret, $algorithm = 'HS256') {
$this->header['kid'] = $private_key_or_secret->components['kid'];
}
$this->signature = $this->_sign($private_key_or_secret);
if (!$this->signature) {
throw new JOSE_Exception('Signing failed because of unknown reason');
}
return $this;
}

Expand Down Expand Up @@ -69,32 +66,41 @@ private function rsa($public_or_private_key, $padding_mode) {
}

private function digest() {
$digest = '';
switch ($this->header['alg']) {
case 'HS256':
case 'RS256':
case 'ES256':
case 'PS256':
return 'sha256';
$digest = 'sha256';
break;
case 'HS384':
case 'RS384':
case 'ES384':
case 'PS384':
return 'sha384';
$digest = 'sha384';
break;
case 'HS512':
case 'RS512':
case 'ES512':
case 'PS512':
return 'sha512';
$digest = 'sha512';
break;
default:
throw new JOSE_Exception_UnexpectedAlgorithm('Unknown algorithm');
}
if(!in_array($digest, hash_algos())) {
throw new JOSE_Exception_UnexpectedAlgorithm(sprintf('Hashing algorithm %s does not exist', $this->header['alg']));
}
return $digest;
}

private function _sign($private_key_or_secret) {
$signature_base_string = implode('.', array(
$this->compact((object) $this->header),
$this->compact((object) $this->claims)
));

switch ($this->header['alg']) {
case 'HS256':
case 'HS384':
Expand All @@ -103,7 +109,11 @@ private function _sign($private_key_or_secret) {
case 'RS256':
case 'RS384':
case 'RS512':
return $this->rsa($private_key_or_secret, RSA::SIGNATURE_PKCS1)->sign($signature_base_string);
$hash = $this->rsa($private_key_or_secret, RSA::SIGNATURE_PKCS1)->sign($signature_base_string);
if (!$hash) {
throw new JOSE_Exception('RSA signing failed because of unknown reason');
}
return $hash;
case 'ES256':
case 'ES384':
case 'ES512':
Expand Down
6 changes: 6 additions & 0 deletions test/JOSE/JWS_Test.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ function testToJSONWithGeneralSyntax() {
$this->assertEquals($expected, sprintf('%s', $jws->toJSON('general-syntax')));
}

function testSignBadAlgorithm() {
$jws = new JOSE_JWS($this->plain_jwt);
$this->setExpectedException('JOSE_Exception_UnexpectedAlgorithm');
$jws = $jws->sign('shared-secret', 'blah');
}

function testSignHS256() {
$expected = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.jBKXM6zRu0nP2tYgNTgFxRDwKoiEbNl1P6GyXEHIwEw';
$jws = new JOSE_JWS($this->plain_jwt);
Expand Down