OSR:PHP JOSE Library: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
k |
k |
||
Regel 11: | Regel 11: | ||
// Specify your certificate PEM file and password. |
// Specify your certificate PEM file and password. |
||
// The PEM file contains public and private keys |
// The PEM file contains public and private keys |
||
− | $combined_key = ' |
+ | $combined_key = 'combined_keys.pem'; |
$password = ''; |
$password = ''; |
||
Huidige versie van 13 mei 2019 om 07:29
Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose
<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;
// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_keys.pem';
$password = '';
// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
print '<form action="index.php" method="POST">';
print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
"administration_id": "0000000700020SS00001",
"attributes": "",
"mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
"service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
"url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
print '<input type="submit" value="submit" name="submit"/></form>';
}
else {
// The JSON message is canonicalized and all whitespaces are removed
$body = $_POST['body'];
$body = json_decode($body, true);
// public key is used to create the JWK (JSON Web Key)
$jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
'kid' => 'Kennisnet signing certificate',
'alg' => 'RS256',
'use' => 'sig',
]);
$jwtHeader = [
"alg" => "RS256",
"type" => "JWT",
"jwk" => $jwtFromCertificateFile
];
$body = json_encode($body, true);
print "<pre>";
print_r($body);
print "</pre>";
// Hash of the header is calculated. SHA256 hash that is BASE64 encoded
$base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));
print "<pre>";
print_r($jwtHeader);
print "</pre>";
// JWT Payload is specified
$jwtPayload = [
"iat" => time(),
"nbf" => time(),
"exp" => time() + 3600,
"sub" => "http://osr-api.kennisnet.nl/api/v1",
"aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
"iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
"edustd:body" => [
"hash" => $base64EncodedHash,
"alg" => "B64SHA256"
]
];
print "<pre>";
print_r($jwtPayload);
print "</pre>";
// Create JWT token using private key
$privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
openssl_pkey_export($privateKey, $privateKey);
$jwk = JWKFactory::createFromKey($privateKey);
$jws = JWSFactory::createJWS($jwtPayload)
->addSignatureInformation(
$jwk,
$jwtHeader);
$signer = Signer::createSigner(['RS256']);
$signer->sign($jws);
// Calculated JWT token
print "JWT Header value:<br/>";
print $jws->toCompactJSON(0);
}