class JwtTranscoder in JSON Web Token Authentication (JWT) 8
Same name and namespace in other branches
- 8.0 src/Transcoder/JwtTranscoder.php \Drupal\jwt\Transcoder\JwtTranscoder
Class JwtTranscoder.
@package Drupal\jwt
Hierarchy
- class \Drupal\jwt\Transcoder\JwtTranscoder implements JwtTranscoderInterface
Expanded class hierarchy of JwtTranscoder
1 file declares its use of JwtTranscoder
- ConfigForm.php in src/
Form/ ConfigForm.php
1 string reference to 'JwtTranscoder'
1 service uses JwtTranscoder
File
- src/
Transcoder/ JwtTranscoder.php, line 16
Namespace
Drupal\jwt\TranscoderView source
class JwtTranscoder implements JwtTranscoderInterface {
/**
* The firebase/php-jwt transcoder.
*
* @var \Firebase\JWT\JWT
*/
protected $transcoder;
/**
* The allowed algorithms with which a JWT can be decoded.
*
* @var string
*/
protected $algorithm;
/**
* The algorithm type we are using.
*
* @var string
*/
protected $algorithmType;
/**
* The key used to encode/decode a JsonWebToken.
*
* @var string
*/
protected $secret = NULL;
/**
* The PEM encoded private key used for signing RSA JWTs.
*
* @var string
*/
protected $privateKey = NULL;
/**
* The PEM encoded public key used to verify signatures on RSA JWTs.
*
* @var string
*/
protected $publicKey = NULL;
/**
* {@inheritdoc}
*/
public static function getAlgorithmOptions() {
return [
'HS256' => 'HMAC using SHA-256 (HS256)',
'HS384' => 'HMAC using SHA-384 (HS384)',
'HS512' => 'HMAC using SHA-512 (HS512)',
'RS256' => 'RSASSA-PKCS1-v1_5 using SHA-256 (RS256)',
];
}
/**
* {@inheritdoc}
*/
public static function getAlgorithmType($algorithm) {
switch ($algorithm) {
case 'HS256':
case 'HS384':
case 'HS512':
return 'jwt_hs';
case 'RS256':
return 'jwt_rs';
default:
return NULL;
}
}
/**
* Constructs a new JwtTranscoder.
*
* @param \Firebase\JWT\JWT $php_jwt
* The JWT library object.
* @param Drupal\Core\Config\ConfigFactoryInterface $configFactory
* Drupal config factory to retrieve the configuration information.
* @param Drupal\key\KeyRepositoryInterface $key_repo
* The Key repository to retrieve the key.
*/
public function __construct(JWT $php_jwt, ConfigFactoryInterface $configFactory, KeyRepositoryInterface $key_repo) {
$this->transcoder = $php_jwt;
$key_id = $configFactory
->get('jwt.config')
->get('key_id');
$this
->setAlgorithm($configFactory
->get('jwt.config')
->get('algorithm'));
if (isset($key_id)) {
$key = $key_repo
->getKey($key_id);
if (!is_null($key)) {
$key_value = $key
->getKeyValue();
if ($this->algorithmType == 'jwt_hs') {
// Symmetric algorithm so we set the secret.
$this
->setSecret($key_value);
}
elseif ($this->algorithmType == 'jwt_rs') {
// Asymmetric algorithm so we set the private key if possible.
if (strpos($key_value, '-----BEGIN PUBLIC KEY-----') !== FALSE) {
$this
->setPublicKey($key_value);
}
else {
$this
->setPrivateKey($key_value);
}
}
}
}
}
/**
* {@inheritdoc}
*/
public function setSecret($secret) {
$this->secret = $secret;
}
/**
* {@inheritdoc}
*/
public function setAlgorithm($algorithm) {
$this->algorithm = $algorithm;
$this->algorithmType = $this
->getAlgorithmType($algorithm);
}
/**
* {@inheritdoc}
*/
public function setPrivateKey($private_key, $derive_public_key = TRUE) {
$key_context = openssl_pkey_get_private($private_key);
if ($key_context === FALSE) {
return FALSE;
}
$key_details = openssl_pkey_get_details($key_context);
if ($key_details === FALSE || $key_details['type'] != OPENSSL_KEYTYPE_RSA) {
return FALSE;
}
$this->privateKey = $private_key;
if ($derive_public_key) {
$this->publicKey = $key_details['key'];
}
return TRUE;
}
/**
* {@inheritdoc}
*/
public function setPublicKey($public_key) {
$key_context = openssl_pkey_get_public($public_key);
if ($key_context === FALSE) {
return FALSE;
}
$key_details = openssl_pkey_get_details($key_context);
if ($key_details === FALSE || $key_details['type'] != OPENSSL_KEYTYPE_RSA) {
return FALSE;
}
$this->publicKey = $public_key;
return TRUE;
}
/**
* {@inheritdoc}
*/
public function decode($jwt) {
$key = $this
->getKey('decode');
$algorithms = [
$this->algorithm,
];
try {
$token = $this->transcoder
->decode($jwt, $key, $algorithms);
} catch (\Exception $e) {
throw JwtDecodeException::newFromException($e);
}
return new JsonWebToken($token);
}
/**
* {@inheritdoc}
*/
public function encode(JsonWebTokenInterface $jwt) {
$key = $this
->getKey('encode');
// Refuse to encode if we don't have a key yet.
if ($key === NULL) {
return FALSE;
}
$encoded = $this->transcoder
->encode($jwt
->getPayload(), $key, $this->algorithm);
return $encoded;
}
/**
* Helper function to get the correct key based on operation.
*
* @param string $operation
* The operation being performed. One of: encode, decode.
*
* @return null|string
* Returns NULL if opteration is not found. Otherwise returns key.
*/
protected function getKey($operation) {
if ($this->algorithmType == 'jwt_hs') {
return $this->secret;
}
elseif ($this->algorithmType == 'jwt_rs') {
if ($operation == 'encode') {
return $this->privateKey;
}
elseif ($operation == 'decode') {
return $this->publicKey;
}
}
return NULL;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
JwtTranscoder:: |
protected | property | The allowed algorithms with which a JWT can be decoded. | |
JwtTranscoder:: |
protected | property | The algorithm type we are using. | |
JwtTranscoder:: |
protected | property | The PEM encoded private key used for signing RSA JWTs. | |
JwtTranscoder:: |
protected | property | The PEM encoded public key used to verify signatures on RSA JWTs. | |
JwtTranscoder:: |
protected | property | The key used to encode/decode a JsonWebToken. | |
JwtTranscoder:: |
protected | property | The firebase/php-jwt transcoder. | |
JwtTranscoder:: |
public | function |
Gets a validated JsonWebToken from an encoded JWT. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public | function |
Encodes a JsonWebToken. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public static | function |
Gets a list of algorithms supported by this transcoder. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public static | function |
Return the type of algorithm selected. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
protected | function | Helper function to get the correct key based on operation. | |
JwtTranscoder:: |
public | function |
Sets the algorithm to be used for the JWT. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public | function |
Sets the private key used to create signatures for an asymmetric algorithm. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public | function |
Sets the public key used to verify signatures for an asymmetric algorithm. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public | function |
Sets the secret that is used for a symmetric algorithm signature. Overrides JwtTranscoderInterface:: |
|
JwtTranscoder:: |
public | function | Constructs a new JwtTranscoder. |