OSR:PHP JOSE Library: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
(Nieuwe pagina aangemaakt met 'Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose') |
|||
| Regel 1: | Regel 1: | ||
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose |
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose |
||
| + | |||
| + | <syntaxhighlight lang="php"> |
||
| + | <?php |
||
| + | require_once __DIR__.'/vendor/autoload.php'; |
||
| + | use Jose\Factory\JWEFactory; |
||
| + | use Jose\Factory\JWKFactory; |
||
| + | use Jose\Factory\JWSFactory; |
||
| + | use Jose\Signer; |
||
| + | |||
| + | // Specify your certificate PEM file and password. |
||
| + | // The PEM file contains public and private keys |
||
| + | $combined_key = 'combined_key.pem'; |
||
| + | $password = ''; |
||
| + | |||
| + | // The JSON message of create endpoint. |
||
| + | // This is different for every supplier. |
||
| + | if (!isset($_POST['body']) && empty($_POST['body'])) { |
||
| + | print '<form action="index.php" method="POST">'; |
||
| + | print 'Body:<br/><textarea name="body" cols="150" rows="30"> |
||
| + | { |
||
| + | "administration_id": "0000000700020SS00001", |
||
| + | "attributes": "", |
||
| + | "mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4", |
||
| + | "service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/", |
||
| + | "url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt" |
||
| + | }</textarea><br/><br/>'; |
||
| + | print '<input type="submit" value="submit" name="submit"/></form>'; |
||
| + | } |
||
| + | else { |
||
| + | |||
| + | // The JSON message is canonicalized and all whitespaces are removed |
||
| + | $body = $_POST['body']; |
||
| + | $body = json_decode($body, true); |
||
| + | |||
| + | // public key is used to create the JWK (JSON Web Key) |
||
| + | $jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [ |
||
| + | 'kid' => 'Kennisnet signing certificate', |
||
| + | 'alg' => 'RS256', |
||
| + | 'use' => 'sig', |
||
| + | ]); |
||
| + | |||
| + | $jwtHeader = [ |
||
| + | "alg" => "RS256", |
||
| + | "type" => "JWT", |
||
| + | "jwk" => $jwtFromCertificateFile |
||
| + | ]; |
||
| + | |||
| + | $body = json_encode($body, true); |
||
| + | |||
| + | print "<pre>"; |
||
| + | print_r($body); |
||
| + | print "</pre>"; |
||
| + | |||
| + | |||
| + | // Hash of the header is calculated. SHA256 hash that is BASE64 encoded |
||
| + | $base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body)); |
||
| + | |||
| + | print "<pre>"; |
||
| + | print_r($jwtHeader); |
||
| + | print "</pre>"; |
||
| + | |||
| + | // JWT Payload is specified |
||
| + | $jwtPayload = [ |
||
| + | "iat" => time(), |
||
| + | "nbf" => time(), |
||
| + | "exp" => time() + 3600, |
||
| + | "sub" => "http://osr-api.kennisnet.nl/api/v1", |
||
| + | "aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet |
||
| + | "iss" => "edustd:oin:00000003272448340104", // OIN of the supplier |
||
| + | "edustd:body" => [ |
||
| + | "hash" => $base64EncodedHash, |
||
| + | "alg" => "B64SHA256" |
||
| + | ] |
||
| + | ]; |
||
| + | |||
| + | |||
| + | print "<pre>"; |
||
| + | print_r($jwtPayload); |
||
| + | print "</pre>"; |
||
| + | |||
| + | |||
| + | // Create JWT token using private key |
||
| + | $privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password); |
||
| + | openssl_pkey_export($privateKey, $privateKey); |
||
| + | |||
| + | $jwk = JWKFactory::createFromKey($privateKey); |
||
| + | |||
| + | $jws = JWSFactory::createJWS($jwtPayload) |
||
| + | ->addSignatureInformation( |
||
| + | $jwk, |
||
| + | $jwtHeader); |
||
| + | |||
| + | |||
| + | $signer = Signer::createSigner(['RS256']); |
||
| + | $signer->sign($jws); |
||
| + | |||
| + | // Calculated JWT token |
||
| + | print "JWT Header value:<br/>"; |
||
| + | print $jws->toCompactJSON(0); |
||
| + | } |
||
| + | |||
| + | </syntaxhighlight> |
||
Versie van 8 mei 2019 15:14
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose
<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;
// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_key.pem';
$password = '';
// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
print '<form action="index.php" method="POST">';
print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
"administration_id": "0000000700020SS00001",
"attributes": "",
"mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
"service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
"url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
print '<input type="submit" value="submit" name="submit"/></form>';
}
else {
// The JSON message is canonicalized and all whitespaces are removed
$body = $_POST['body'];
$body = json_decode($body, true);
// public key is used to create the JWK (JSON Web Key)
$jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
'kid' => 'Kennisnet signing certificate',
'alg' => 'RS256',
'use' => 'sig',
]);
$jwtHeader = [
"alg" => "RS256",
"type" => "JWT",
"jwk" => $jwtFromCertificateFile
];
$body = json_encode($body, true);
print "<pre>";
print_r($body);
print "</pre>";
// Hash of the header is calculated. SHA256 hash that is BASE64 encoded
$base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));
print "<pre>";
print_r($jwtHeader);
print "</pre>";
// JWT Payload is specified
$jwtPayload = [
"iat" => time(),
"nbf" => time(),
"exp" => time() + 3600,
"sub" => "http://osr-api.kennisnet.nl/api/v1",
"aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
"iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
"edustd:body" => [
"hash" => $base64EncodedHash,
"alg" => "B64SHA256"
]
];
print "<pre>";
print_r($jwtPayload);
print "</pre>";
// Create JWT token using private key
$privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
openssl_pkey_export($privateKey, $privateKey);
$jwk = JWKFactory::createFromKey($privateKey);
$jws = JWSFactory::createJWS($jwtPayload)
->addSignatureInformation(
$jwk,
$jwtHeader);
$signer = Signer::createSigner(['RS256']);
$signer->sign($jws);
// Calculated JWT token
print "JWT Header value:<br/>";
print $jws->toCompactJSON(0);
}