OSR:PHP JOSE Library: verschil tussen versies

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
(Nieuwe pagina aangemaakt met 'Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose')
 
k
 
(2 tussenliggende versies door 2 gebruikers niet weergegeven)
Regel 1: Regel 1:
 
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose
 
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose
  +
  +
<syntaxhighlight lang="php">
  +
<?php
  +
require_once __DIR__.'/vendor/autoload.php';
  +
use Jose\Factory\JWEFactory;
  +
use Jose\Factory\JWKFactory;
  +
use Jose\Factory\JWSFactory;
  +
use Jose\Signer;
  +
  +
// Specify your certificate PEM file and password.
  +
// The PEM file contains public and private keys
  +
$combined_key = 'combined_keys.pem';
  +
$password = '';
  +
  +
// The JSON message of create endpoint.
  +
// This is different for every supplier.
  +
if (!isset($_POST['body']) && empty($_POST['body'])) {
  +
print '<form action="index.php" method="POST">';
  +
print 'Body:<br/><textarea name="body" cols="150" rows="30">
  +
{
  +
"administration_id": "0000000700020SS00001",
  +
"attributes": "",
  +
"mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
  +
"service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
  +
"url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
  +
}</textarea><br/><br/>';
  +
print '<input type="submit" value="submit" name="submit"/></form>';
  +
}
  +
else {
  +
  +
// The JSON message is canonicalized and all whitespaces are removed
  +
$body = $_POST['body'];
  +
$body = json_decode($body, true);
  +
  +
// public key is used to create the JWK (JSON Web Key)
  +
$jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
  +
'kid' => 'Kennisnet signing certificate',
  +
'alg' => 'RS256',
  +
'use' => 'sig',
  +
]);
  +
  +
$jwtHeader = [
  +
"alg" => "RS256",
  +
"type" => "JWT",
  +
"jwk" => $jwtFromCertificateFile
  +
];
  +
  +
$body = json_encode($body, true);
  +
  +
print "<pre>";
  +
print_r($body);
  +
print "</pre>";
  +
  +
  +
// Hash of the header is calculated. SHA256 hash that is BASE64 encoded
  +
$base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));
  +
  +
print "<pre>";
  +
print_r($jwtHeader);
  +
print "</pre>";
  +
  +
// JWT Payload is specified
  +
$jwtPayload = [
  +
"iat" => time(),
  +
"nbf" => time(),
  +
"exp" => time() + 3600,
  +
"sub" => "http://osr-api.kennisnet.nl/api/v1",
  +
"aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
  +
"iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
  +
"edustd:body" => [
  +
"hash" => $base64EncodedHash,
  +
"alg" => "B64SHA256"
  +
]
  +
];
  +
  +
  +
print "<pre>";
  +
print_r($jwtPayload);
  +
print "</pre>";
  +
  +
  +
// Create JWT token using private key
  +
$privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
  +
openssl_pkey_export($privateKey, $privateKey);
  +
  +
$jwk = JWKFactory::createFromKey($privateKey);
  +
  +
$jws = JWSFactory::createJWS($jwtPayload)
  +
->addSignatureInformation(
  +
$jwk,
  +
$jwtHeader);
  +
  +
  +
$signer = Signer::createSigner(['RS256']);
  +
$signer->sign($jws);
  +
  +
// Calculated JWT token
  +
print "JWT Header value:<br/>";
  +
print $jws->toCompactJSON(0);
  +
}
  +
  +
</syntaxhighlight>
  +
  +
  +
[[Category:OSR]]

Huidige versie van 13 mei 2019 om 07:29

Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose

<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;

// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_keys.pem';
$password = '';

// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
    print '<form action="index.php" method="POST">';
    print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
    "administration_id": "0000000700020SS00001",
    "attributes": "",
    "mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
    "service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
    "url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
    print '<input type="submit" value="submit" name="submit"/></form>';
}
else {

    // The JSON message is canonicalized and all whitespaces are removed
    $body = $_POST['body'];
    $body = json_decode($body, true);

    // public key is used to create the JWK (JSON Web Key)
    $jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
        'kid' => 'Kennisnet signing certificate',
        'alg' => 'RS256',
        'use' => 'sig',
    ]);

    $jwtHeader = [
        "alg"   => "RS256",
        "type"  => "JWT",
        "jwk"   => $jwtFromCertificateFile
    ];

    $body = json_encode($body, true);

    print "<pre>";
    print_r($body);
    print "</pre>";


    // Hash of the header is calculated. SHA256 hash that is BASE64 encoded
    $base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));

    print "<pre>";
    print_r($jwtHeader);
    print "</pre>";

    // JWT Payload is specified
    $jwtPayload = [ 
        "iat" => time(), 
        "nbf" => time(), 
        "exp" => time() + 3600,
        "sub" => "http://osr-api.kennisnet.nl/api/v1",
        "aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
        "iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
        "edustd:body" => [
            "hash" => $base64EncodedHash,
            "alg" => "B64SHA256"
        ]
    ];


    print "<pre>";
    print_r($jwtPayload);
    print "</pre>";


    // Create JWT token using private key
    $privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
    openssl_pkey_export($privateKey, $privateKey);

    $jwk = JWKFactory::createFromKey($privateKey);

    $jws = JWSFactory::createJWS($jwtPayload)
                ->addSignatureInformation(
                    $jwk,
                    $jwtHeader);


    $signer = Signer::createSigner(['RS256']);
    $signer->sign($jws);

    // Calculated JWT token
    print "JWT Header value:<br/>";
    print $jws->toCompactJSON(0);
}