OSR:PHP JOSE Library: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
(Nieuwe pagina aangemaakt met 'Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose') |
Geen bewerkingssamenvatting |
||
| Regel 1: | Regel 1: | ||
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose | Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose | ||
<syntaxhighlight lang="php"> | |||
<?php | |||
require_once __DIR__.'/vendor/autoload.php'; | |||
use Jose\Factory\JWEFactory; | |||
use Jose\Factory\JWKFactory; | |||
use Jose\Factory\JWSFactory; | |||
use Jose\Signer; | |||
// Specify your certificate PEM file and password. | |||
// The PEM file contains public and private keys | |||
$combined_key = 'combined_key.pem'; | |||
$password = ''; | |||
// The JSON message of create endpoint. | |||
// This is different for every supplier. | |||
if (!isset($_POST['body']) && empty($_POST['body'])) { | |||
print '<form action="index.php" method="POST">'; | |||
print 'Body:<br/><textarea name="body" cols="150" rows="30"> | |||
{ | |||
"administration_id": "0000000700020SS00001", | |||
"attributes": "", | |||
"mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4", | |||
"service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/", | |||
"url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt" | |||
}</textarea><br/><br/>'; | |||
print '<input type="submit" value="submit" name="submit"/></form>'; | |||
} | |||
else { | |||
// The JSON message is canonicalized and all whitespaces are removed | |||
$body = $_POST['body']; | |||
$body = json_decode($body, true); | |||
// public key is used to create the JWK (JSON Web Key) | |||
$jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [ | |||
'kid' => 'Kennisnet signing certificate', | |||
'alg' => 'RS256', | |||
'use' => 'sig', | |||
]); | |||
$jwtHeader = [ | |||
"alg" => "RS256", | |||
"type" => "JWT", | |||
"jwk" => $jwtFromCertificateFile | |||
]; | |||
$body = json_encode($body, true); | |||
print "<pre>"; | |||
print_r($body); | |||
print "</pre>"; | |||
// Hash of the header is calculated. SHA256 hash that is BASE64 encoded | |||
$base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body)); | |||
print "<pre>"; | |||
print_r($jwtHeader); | |||
print "</pre>"; | |||
// JWT Payload is specified | |||
$jwtPayload = [ | |||
"iat" => time(), | |||
"nbf" => time(), | |||
"exp" => time() + 3600, | |||
"sub" => "http://osr-api.kennisnet.nl/api/v1", | |||
"aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet | |||
"iss" => "edustd:oin:00000003272448340104", // OIN of the supplier | |||
"edustd:body" => [ | |||
"hash" => $base64EncodedHash, | |||
"alg" => "B64SHA256" | |||
] | |||
]; | |||
print "<pre>"; | |||
print_r($jwtPayload); | |||
print "</pre>"; | |||
// Create JWT token using private key | |||
$privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password); | |||
openssl_pkey_export($privateKey, $privateKey); | |||
$jwk = JWKFactory::createFromKey($privateKey); | |||
$jws = JWSFactory::createJWS($jwtPayload) | |||
->addSignatureInformation( | |||
$jwk, | |||
$jwtHeader); | |||
$signer = Signer::createSigner(['RS256']); | |||
$signer->sign($jws); | |||
// Calculated JWT token | |||
print "JWT Header value:<br/>"; | |||
print $jws->toCompactJSON(0); | |||
} | |||
</syntaxhighlight> | |||
Versie van 8 mei 2019 16:14
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose
<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;
// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_key.pem';
$password = '';
// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
print '<form action="index.php" method="POST">';
print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
"administration_id": "0000000700020SS00001",
"attributes": "",
"mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
"service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
"url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
print '<input type="submit" value="submit" name="submit"/></form>';
}
else {
// The JSON message is canonicalized and all whitespaces are removed
$body = $_POST['body'];
$body = json_decode($body, true);
// public key is used to create the JWK (JSON Web Key)
$jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
'kid' => 'Kennisnet signing certificate',
'alg' => 'RS256',
'use' => 'sig',
]);
$jwtHeader = [
"alg" => "RS256",
"type" => "JWT",
"jwk" => $jwtFromCertificateFile
];
$body = json_encode($body, true);
print "<pre>";
print_r($body);
print "</pre>";
// Hash of the header is calculated. SHA256 hash that is BASE64 encoded
$base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));
print "<pre>";
print_r($jwtHeader);
print "</pre>";
// JWT Payload is specified
$jwtPayload = [
"iat" => time(),
"nbf" => time(),
"exp" => time() + 3600,
"sub" => "http://osr-api.kennisnet.nl/api/v1",
"aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
"iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
"edustd:body" => [
"hash" => $base64EncodedHash,
"alg" => "B64SHA256"
]
];
print "<pre>";
print_r($jwtPayload);
print "</pre>";
// Create JWT token using private key
$privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
openssl_pkey_export($privateKey, $privateKey);
$jwk = JWKFactory::createFromKey($privateKey);
$jws = JWSFactory::createJWS($jwtPayload)
->addSignatureInformation(
$jwk,
$jwtHeader);
$signer = Signer::createSigner(['RS256']);
$signer->sign($jws);
// Calculated JWT token
print "JWT Header value:<br/>";
print $jws->toCompactJSON(0);
}