From 4c79857331ca55067c6774d2eac65cb0cb38f08c Mon Sep 17 00:00:00 2001 From: Apiwat Chantawibul Date: Sun, 8 Dec 2024 15:25:57 +0700 Subject: [PATCH 1/2] Parse octet typed JWK Resolves https://github.com/firebase/php-jwt/issues/555 --- src/JWK.php | 6 ++++++ tests/JWKTest.php | 24 ++++++++++++++++++++++++ tests/data/octet-jwkset.json | 22 ++++++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 tests/data/octet-jwkset.json diff --git a/src/JWK.php b/src/JWK.php index 6efc2fe3..405dcc49 100644 --- a/src/JWK.php +++ b/src/JWK.php @@ -172,6 +172,12 @@ public static function parseKey(array $jwk, ?string $defaultAlg = null): ?Key // This library works internally with EdDSA keys (Ed25519) encoded in standard base64. $publicKey = JWT::convertBase64urlToBase64($jwk['x']); return new Key($publicKey, $jwk['alg']); + case 'oct': + if (!isset($jwk['k'])) { + throw new UnexpectedValueException('k not set'); + } + + return new Key(JWT::urlsafeB64Decode($jwk['k']), $jwk['alg']); default: break; } diff --git a/tests/JWKTest.php b/tests/JWKTest.php index 496f6bad..1e95e261 100644 --- a/tests/JWKTest.php +++ b/tests/JWKTest.php @@ -170,6 +170,30 @@ public function testDecodeByMultiJwkKeySet() $this->assertSame('bar', $result->sub); } + public function testDecodeByOctetJwkKeySet() + { + $jwkSet = json_decode( + file_get_contents(__DIR__ . '/data/octet-jwkset.json'), + true + ); + $keys = JWK::parseKeySet($jwkSet); + $payload = ['sub' => 'foo', 'exp' => strtotime('+10 seconds')]; + foreach ($keys as $keyId => $key) { + $msg = JWT::encode($payload, $key->getKeyMaterial(), $key->getAlgorithm(), $keyId); + $result = JWT::decode($msg, $keys); + + $this->assertSame('foo', $result->sub); + } + } + + public function testOctetJwkMissingK() { + $this->expectException(UnexpectedValueException::class); + $this->expectExceptionMessage('k not set'); + + $badJwk = ['kty' => 'oct', 'alg' => 'HS256']; + $keys = JWK::parseKeySet(['keys' => [$badJwk]]); + } + public function testParseKey() { // Use a known module and exponent, and ensure it parses as expected diff --git a/tests/data/octet-jwkset.json b/tests/data/octet-jwkset.json new file mode 100644 index 00000000..5555b9dd --- /dev/null +++ b/tests/data/octet-jwkset.json @@ -0,0 +1,22 @@ +{ + "keys": [ + { + "kty": "oct", + "alg": "HS256", + "kid": "jwk1", + "k": "xUNfVvQ-WdmXB9qp6qK0SrG-yKW4AJqmcSP66Gm2TrE" + }, + { + "kty": "oct", + "alg": "HS384", + "kid": "jwk2", + "k": "z7990HoD72QDX9JKqeQc3l7EtXutco72j2YulZMjeakFVDbFGXGDFG4awOF7eu9l" + }, + { + "kty": "oct", + "alg": "HS512", + "kid": "jwk3", + "k": "EmYGSDG5W1UjkPIL7LelG-QMVtsXn7bz5lUxBrkqq3kdFEzkLWVGrXKpZxRe7YcApCe0d4s9lXRQtn5Nzaf49w" + } + ] +} From cdd1eac10187d733c4ae05240b487dacee2b4bb4 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Wed, 22 Jan 2025 21:02:50 -0800 Subject: [PATCH 2/2] Update tests/JWKTest.php --- tests/JWKTest.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/JWKTest.php b/tests/JWKTest.php index 1e95e261..db385c87 100644 --- a/tests/JWKTest.php +++ b/tests/JWKTest.php @@ -186,7 +186,8 @@ public function testDecodeByOctetJwkKeySet() } } - public function testOctetJwkMissingK() { + public function testOctetJwkMissingK() + { $this->expectException(UnexpectedValueException::class); $this->expectExceptionMessage('k not set');