OSR:PHP JOSE Library

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
De printervriendelijke versie wordt niet langer ondersteund en kan weergavefouten bevatten. Werk uw browserbladwijzers bij en gebruik de gewone afdrukfunctie van de browser.

Onderwijs Serviceregister-symbol.png Onderwijs Serviceregister: PHP JOSE Library

Onderstaand voorbeeld is gebaseerd op de PHP JWT library: https://github.com/Spomky-Labs/jose 

<?php
require_once __DIR__.'/vendor/autoload.php';
use Jose\Factory\JWEFactory;
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
use Jose\Signer;

// Specify your certificate PEM file and password.
// The PEM file contains public and private keys
$combined_key = 'combined_key.pem';
$password = '';

// The JSON message of create endpoint.
// This is different for every supplier.
if (!isset($_POST['body']) && empty($_POST['body'])) {
    print '<form action="index.php" method="POST">';
    print 'Body:<br/><textarea name="body" cols="150" rows="30">
{
    "administration_id": "0000000700020SS00001",
    "attributes": "",
    "mandate_token": "0fa856bc-910f-4ed0-1473-92df3ab117d4",
    "service_version_namespace": "http://vokoppelpunt.vroegtijdigaanmelden.nl/v1_0/",
    "url": "https://bron-ontwikkel-vva.educus.nl/service/vokoppelpunt"
}</textarea><br/><br/>';
    print '<input type="submit" value="submit" name="submit"/></form>';
}
else {

    // The JSON message is canonicalized and all whitespaces are removed
    $body = $_POST['body'];
    $body = json_decode($body, true);

    // public key is used to create the JWK (JSON Web Key)
    $jwtFromCertificateFile = JWKFactory::createFromCertificateFile($combined_key, [
        'kid' => 'Kennisnet signing certificate',
        'alg' => 'RS256',
        'use' => 'sig',
    ]);

    $jwtHeader = [
        "alg"   => "RS256",
        "type"  => "JWT",
        "jwk"   => $jwtFromCertificateFile
    ];

    $body = json_encode($body, true);

    print "<pre>";
    print_r($body);
    print "</pre>";


    // Hash of the header is calculated. SHA256 hash that is BASE64 encoded
    $base64EncodedHash = base64_encode(Jose\Util\Hash::sha256()->hash($body));

    print "<pre>";
    print_r($jwtHeader);
    print "</pre>";

    // JWT Payload is specified
    $jwtPayload = [ 
        "iat" => time(), 
        "nbf" => time(), 
        "exp" => time() + 3600,
        "sub" => "http://osr-api.kennisnet.nl/api/v1",
        "aud" => "edustd:oin:00000003272448340116", // OIN of Kennisnet
        "iss" => "edustd:oin:00000003272448340104", // OIN of the supplier
        "edustd:body" => [
            "hash" => $base64EncodedHash,
            "alg" => "B64SHA256"
        ]
    ];


    print "<pre>";
    print_r($jwtPayload);
    print "</pre>";


    // Create JWT token using private key
    $privateKey = openssl_pkey_get_private('/path/to/private_cert/' . $combined_key, $password);
    openssl_pkey_export($privateKey, $privateKey);

    $jwk = JWKFactory::createFromKey($privateKey);

    $jws = JWSFactory::createJWS($jwtPayload)
                ->addSignatureInformation(
                    $jwk,
                    $jwtHeader);


    $signer = Signer::createSigner(['RS256']);
    $signer->sign($jws);

    // Calculated JWT token
    print "JWT Header value:<br/>";
    print $jws->toCompactJSON(0);
}
Overgenomen van "https://developers.wiki.kennisnet.nl/index.php?title=OSR:PHP_JOSE_Library&oldid=10162"