OSR:PHP JOSE Library

Uit Kennisnet Developers Documentatie
Ga naar: navigatie, zoeken

Onderwijs Serviceregister-symbol.png Onderwijs Serviceregister: PHP JOSE Library

Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose

<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;

// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_keys.pem';
$password = '';

// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
    print '<form action="index.php" method="POST">';
    print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
    "administration_id": "0000000700020SS00001",
    "attributes": "",
    "mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
    "service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
    "url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
    print '<input type="submit" value="submit" name="submit"/></form>';
}
else {

    // The JSON message is canonicalized and all whitespaces are removed
    $body = $_POST['body'];
    $body = json_decode($body, true);

    // public key is used to create the JWK (JSON Web Key)
    $jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
        'kid' => 'Kennisnet signing certificate',
        'alg' => 'RS256',
        'use' => 'sig',
    ]);

    $jwtHeader = [
        "alg"   => "RS256",
        "type"  => "JWT",
        "jwk"   => $jwtFromCertificateFile
    ];

    $body = json_encode($body, true);

    print "<pre>";
    print_r($body);
    print "</pre>";


    // Hash of the header is calculated. SHA256 hash that is BASE64 encoded
    $base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));

    print "<pre>";
    print_r($jwtHeader);
    print "</pre>";

    // JWT Payload is specified
    $jwtPayload = [ 
        "iat" => time(), 
        "nbf" => time(), 
        "exp" => time() + 3600,
        "sub" => "http://osr-api.kennisnet.nl/api/v1",
        "aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
        "iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
        "edustd:body" => [
            "hash" => $base64EncodedHash,
            "alg" => "B64SHA256"
        ]
    ];


    print "<pre>";
    print_r($jwtPayload);
    print "</pre>";


    // Create JWT token using private key
    $privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
    openssl_pkey_export($privateKey, $privateKey);

    $jwk = JWKFactory::createFromKey($privateKey);

    $jws = JWSFactory::createJWS($jwtPayload)
                ->addSignatureInformation(
                    $jwk,
                    $jwtHeader);


    $signer = Signer::createSigner(['RS256']);
    $signer->sign($jws);

    // Calculated JWT token
    print "JWT Header value:<br/>";
    print $jws->toCompactJSON(0);
}