xmnk
/
zcgl


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
							<?php

namespace Namshi\JOSE\Test;

use DateTime;
use Namshi\JOSE\JWS;
use PHPUnit_Framework_TestCase as TestCase;
use Prophecy\Argument;
use Namshi\JOSE\Signer\OpenSSL\HS256;
use Namshi\JOSE\Base64\Base64UrlSafeEncoder;

class JWSTest extends TestCase
{
    const SSL_KEY_PASSPHRASE = 'tests';

    public function setup()
    {
        $date = new DateTime('tomorrow');
        $data = array(
            'a' => 'b',
        );
        $this->jws = new JWS(array('alg' => 'RS256'));
        $this->jws->setPayload($data);
    }

    /**
     * @expectedException InvalidArgumentException
     */
    public function testLoadingUnsecureJwsWithNoneAlgo()
    {
        $date = new DateTime('tomorrow');
        $data = array(
            'a' => 'b',
            'exp' => $date->format('U'),
        );
        $this->jws = new JWS(array('alg' => 'None'));
        $this->jws->setPayload($data);
        $this->jws->sign('111');

        $jws = JWS::load($this->jws->getTokenString());
        $this->assertFalse($jws->verify('111'));

        $payload = $jws->getPayload();
        $this->assertEquals('b', $payload['a']);
    }

    /**
     * @expectedException InvalidArgumentException
     */
    public function testLoadingUnsecureJwsWithLowercaseNone()
    {
        $date = new DateTime('tomorrow');
        $data = array(
            'a' => 'b',
            'exp' => $date->format('U'),
        );
        $this->jws = new JWS(array('alg' => 'none'));
        $this->jws->setPayload($data);
        $this->jws->sign('111');

        $jws = JWS::load($this->jws->getTokenString());
        $this->assertFalse($jws->verify('111'));

        $payload = $jws->getPayload();
        $this->assertEquals('b', $payload['a']);
    }

    public function testAllowingUnsecureJws()
    {
        $date = new DateTime('tomorrow');
        $data = array(
            'a' => 'b',
            'exp' => $date->format('U'),
        );
        $this->jws = new JWS(array('alg' => 'None'));
        $this->jws->setPayload($data);
        $this->jws->sign('111');

        $jws = JWS::load($this->jws->getTokenString(), true);
        $this->assertTrue($jws->verify('111'));

        $payload = $jws->getPayload();
        $this->assertEquals('b', $payload['a']);
    }

    public function testRestrictingTheAlgorithmsKo()
    {
        $this->jws = new JWS(array('alg' => 'HS256'));
        $this->jws->sign('12345');

        $jws = JWS::load($this->jws->getTokenString());
        $this->assertFalse($jws->verify('12345', 'RS256'));
    }

    public function testRestrictingTheAlgorithmsOk()
    {
        $date = new DateTime('tomorrow');
        $data = array(
            'a' => 'b',
            'exp' => $date->format('U'),
        );
        $this->jws = new JWS(array('alg' => 'HS256'));
        $this->jws->setPayload($data);
        $this->jws->sign('123');

        $jws = JWS::load($this->jws->getTokenString());
        $this->assertTrue($jws->verify('123', 'HS256'));
    }

    public function testVerificationRS256()
    {
        $privateKey = openssl_pkey_get_private(SSL_KEYS_PATH.'private.key', self::SSL_KEY_PASSPHRASE);
        $this->jws->sign($privateKey);

        $jws = JWS::load($this->jws->getTokenString());
        $public_key = openssl_pkey_get_public(SSL_KEYS_PATH.'public.key');
        $this->assertTrue($jws->verify($public_key));

        $payload = $jws->getPayload();
        $this->assertEquals('b', $payload['a']);
    }

    public function testVerificationRS256KeyAsString()
    {
        $privateKey = file_get_contents(TEST_DIR.'/private.key');
        $this->jws->sign($privateKey, self::SSL_KEY_PASSPHRASE);

        $jws = JWS::load($this->jws->getTokenString());
        $public_key = openssl_pkey_get_public(SSL_KEYS_PATH.'public.key');
        $this->assertTrue($jws->verify($public_key));

        $payload = $jws->getPayload();
        $this->assertEquals('b', $payload['a']);
    }

    public function testUseOfCustomEncoder()
    {
        $encoder = $this->prophesize('Namshi\JOSE\Base64\Encoder');
        $encoder
            ->decode(Argument::any())
            ->willReturn('{"whatever": "the payload should be"}')
            ->shouldBeCalled();
        $encoder
            ->decode(Argument::any())
            ->willReturn('{"alg": "test"}')
            ->shouldBeCalled();
        JWS::load($this->jws->getTokenString(), false, $encoder->reveal());
    }

    public function testVerificationThatTheJWSIsSigned()
    {
        $privateKey = openssl_pkey_get_private(SSL_KEYS_PATH.'private.key', self::SSL_KEY_PASSPHRASE);
        $this->jws->sign($privateKey);
        $this->assertTrue($this->jws->isSigned());
    }

    public function testVerificationThatTheJWSIsNotSigned()
    {
        $this->assertFalse($this->jws->isSigned());
    }

    /**
     * @expectedException InvalidArgumentException
     */
    public function testWrongVerificationRS256()
    {
        $privateKey = openssl_pkey_get_private(SSL_KEYS_PATH.'private.key', self::SSL_KEY_PASSPHRASE);
        $this->jws->sign($privateKey);

        $jws = JWS::load('eyJhbGciOiJ0ZXN0In0=.eyJhbGciOiJ0ZXN0In0=.eyJhbGciOiJ0ZXN0In0=');
        $public_key = openssl_pkey_get_public(SSL_KEYS_PATH.'public.key');
        $this->assertFalse($jws->verify($public_key));
    }

    /**
     * @expectedException InvalidArgumentException
     */
    public function testLoadingAMalformedTokenString()
    {
        JWS::load('test.Test.TEST');
    }

    /**
     * @expectedException InvalidArgumentException
     */
    public function testLoadingAMalformedTokenString2()
    {
        JWS::load('test');
    }

    public function testSignAndVerifyWithFalsePublicKey()
    {
        $public_key = false;
        $jwsHMAC = new JWS(array('alg' => 'HS256'));

        $jwsHMAC->sign(false);
        $jws = JWS::load($jwsHMAC->getTokenString());

        $this->assertFalse($jws->verify($public_key));
    }

    public function testSignAndVerifyWithEmptyStringPublicKey()
    {
        $public_key = false;
        $jwsHMAC = new JWS(array('alg' => 'HS256'));

        $jwsHMAC->sign('');
        $jws = JWS::load($jwsHMAC->getTokenString());

        $this->assertFalse($jws->verify($public_key));
    }

    public function testLoadingWithAnyOrderOfHeaders()
    {
        $privateKey = openssl_pkey_get_private(SSL_KEYS_PATH.'private.key', self::SSL_KEY_PASSPHRASE);
        $public_key = openssl_pkey_get_public(SSL_KEYS_PATH.'public.key');

        $this->jws = new JWS(array('alg' => 'RS256', 'custom' => '1'));

        $header = $this->jws->getHeader();
        $reversedHeader = array_reverse($header);
        $this->assertFalse($header === $reversedHeader);

        $this->jws->setHeader($reversedHeader);
        $this->jws->sign($privateKey);

        $tokenString = $this->jws->getTokenString();
        $jws = JWS::load($tokenString);
        $this->assertTrue($reversedHeader === $jws->getHeader());
    }

    public function testSignAndVerifyWithSecLib()
    {
        if (version_compare(PHP_VERSION, '7.0.0-dev') >= 0) {
            $this->setExpectedException('InvalidArgumentException');
        }

        $jwsRSA = new JWS(array('alg' => 'RS256'), 'SecLib');
        $data = array('a' => 'b');
        $jwsRSA->setPayload($data);

        $jwsRSA->sign(file_get_contents(SSL_KEYS_PATH.'private.key'), 'tests');
        $jws = JWS::load($jwsRSA->getTokenString(), false, null, 'SecLib');

        $this->assertTrue($jws->verify(file_get_contents(SSL_KEYS_PATH.'public.key', 'RS256')));
    }

    public function testConstructionFromHeader()
    {
        $header = array('alg' => 'RS256', 'test' => true);
        $jws = new JWS($header);

        $this->assertTrue($header == $jws->getHeader());
    }

    public function testVerificationCustomizedHeader()
    {
        $header = $this->jws->getHeader();
        $header['test'] = true;
        $this->jws->setHeader($header);

        $privateKey = openssl_pkey_get_private(SSL_KEYS_PATH.'private.key', self::SSL_KEY_PASSPHRASE);
        $this->jws->sign($privateKey);

        $jws = JWS::load($this->jws->getTokenString());
        $public_key = openssl_pkey_get_public(SSL_KEYS_PATH.'public.key');
        $headerFromSig = $jws->getHeader();

        $this->assertSame($headerFromSig['test'], true);
        $this->assertTrue($jws->verify($public_key));
    }

    public function testVerificationWithJsonThatContainsWhitespace()
    {
        $header = '{
            "alg": "HS256"
        }';

        $payload = '{
            "a": "b"
        }';

        $encoder = new Base64UrlSafeEncoder();
        $signer = new HS256();

        $token = sprintf('%s.%s', $encoder->encode($header), $encoder->encode($payload));
        $signature = $encoder->encode($signer->sign($token, '123'));
        $jwsToken = sprintf('%s.%s', $token, $signature);

        $jws = JWS::load($jwsToken);

        $this->assertTrue($jws->verify('123'));
    }
}