Changeset 3093637
- Timestamp:
- 05/28/2024 05:37:42 AM (22 months ago)
- Location:
- ce21-suite/trunk
- Files:
-
- 1 added
- 18 edited
-
README.txt (modified) (1 diff)
-
single-sign-on-ce21.php (modified) (3 diffs)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/ClassLoader.php (modified) (24 diffs)
-
vendor/composer/LICENSE (modified) (1 diff)
-
vendor/composer/autoload_classmap.php (modified) (1 diff)
-
vendor/composer/autoload_namespaces.php (modified) (1 diff)
-
vendor/composer/autoload_psr4.php (modified) (1 diff)
-
vendor/composer/autoload_real.php (modified) (2 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
-
vendor/composer/installed.json (modified) (1 diff)
-
vendor/firebase/php-jwt/CHANGELOG.md (added)
-
vendor/firebase/php-jwt/LICENSE (modified) (1 diff)
-
vendor/firebase/php-jwt/README.md (modified) (6 diffs)
-
vendor/firebase/php-jwt/composer.json (modified) (3 diffs)
-
vendor/firebase/php-jwt/src/BeforeValidException.php (modified) (1 diff)
-
vendor/firebase/php-jwt/src/ExpiredException.php (modified) (1 diff)
-
vendor/firebase/php-jwt/src/JWT.php (modified) (19 diffs)
-
vendor/firebase/php-jwt/src/SignatureInvalidException.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
ce21-suite/trunk/README.txt
r3093629 r3093637 5 5 Requires at least: 4.0 6 6 Tested up to: 6.5 7 Stable tag: 2. 1.97 Stable tag: 2.2.0 8 8 Requires PHP: 5.4 9 9 License: GPLv2 or later -
ce21-suite/trunk/single-sign-on-ce21.php
r3093629 r3093637 16 16 * Plugin URI: https://www.ce21.com 17 17 * Description: CE21 Suite. 18 * Version: 2. 1.918 * Version: 2.2.0 19 19 * Author: CE21 20 20 * Author URI: https://www.ce21.com … … 95 95 require_once('vendor/autoload.php'); 96 96 use \Firebase\JWT\JWT; 97 session_start();97 use \Firebase\JWT\Key; 98 98 99 99 global $sesionHelper; … … 241 241 242 242 $key_ce21 = "ixqv4z0ZOY0bmNCjBK7v3wgijyAv0D3jvyt6bk3lpEDUtVxdR72ZjuGW1hcR6TP"; 243 $user_data = JWT::decode($token_ce21, $key_ce21, array('HS256'));243 $user_data = JWT::decode( $token_ce21, new Key( $key_ce21 , 'HS256')); 244 244 $tid = $user_data->tenantId; 245 245 $customerId = $user_data->customerId; -
ce21-suite/trunk/vendor/autoload.php
r3093629 r3093637 3 3 // autoload.php @generated by Composer 4 4 5 if (PHP_VERSION_ID < 50600) { 6 if (!headers_sent()) { 7 header('HTTP/1.1 500 Internal Server Error'); 8 } 9 $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL; 10 if (!ini_get('display_errors')) { 11 if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { 12 fwrite(STDERR, $err); 13 } elseif (!headers_sent()) { 14 echo $err; 15 } 16 } 17 trigger_error( 18 $err, 19 E_USER_ERROR 20 ); 21 } 22 5 23 require_once __DIR__ . '/composer/autoload_real.php'; 6 24 -
ce21-suite/trunk/vendor/composer/ClassLoader.php
r3093629 r3093637 38 38 * @author Fabien Potencier <fabien@symfony.com> 39 39 * @author Jordi Boggiano <j.boggiano@seld.be> 40 * @see http ://www.php-fig.org/psr/psr-0/41 * @see http ://www.php-fig.org/psr/psr-4/40 * @see https://www.php-fig.org/psr/psr-0/ 41 * @see https://www.php-fig.org/psr/psr-4/ 42 42 */ 43 43 class ClassLoader 44 44 { 45 /** @var \Closure(string):void */ 46 private static $includeFile; 47 48 /** @var string|null */ 49 private $vendorDir; 50 45 51 // PSR-4 52 /** 53 * @var array<string, array<string, int>> 54 */ 46 55 private $prefixLengthsPsr4 = array(); 56 /** 57 * @var array<string, list<string>> 58 */ 47 59 private $prefixDirsPsr4 = array(); 60 /** 61 * @var list<string> 62 */ 48 63 private $fallbackDirsPsr4 = array(); 49 64 50 65 // PSR-0 66 /** 67 * List of PSR-0 prefixes 68 * 69 * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) 70 * 71 * @var array<string, array<string, list<string>>> 72 */ 51 73 private $prefixesPsr0 = array(); 74 /** 75 * @var list<string> 76 */ 52 77 private $fallbackDirsPsr0 = array(); 53 78 79 /** @var bool */ 54 80 private $useIncludePath = false; 81 82 /** 83 * @var array<string, string> 84 */ 55 85 private $classMap = array(); 86 87 /** @var bool */ 56 88 private $classMapAuthoritative = false; 89 90 /** 91 * @var array<string, bool> 92 */ 57 93 private $missingClasses = array(); 94 95 /** @var string|null */ 58 96 private $apcuPrefix; 59 97 98 /** 99 * @var array<string, self> 100 */ 101 private static $registeredLoaders = array(); 102 103 /** 104 * @param string|null $vendorDir 105 */ 106 public function __construct($vendorDir = null) 107 { 108 $this->vendorDir = $vendorDir; 109 self::initializeIncludeClosure(); 110 } 111 112 /** 113 * @return array<string, list<string>> 114 */ 60 115 public function getPrefixes() 61 116 { 62 117 if (!empty($this->prefixesPsr0)) { 63 return call_user_func_array('array_merge', $this->prefixesPsr0);118 return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); 64 119 } 65 120 … … 67 122 } 68 123 124 /** 125 * @return array<string, list<string>> 126 */ 69 127 public function getPrefixesPsr4() 70 128 { … … 72 130 } 73 131 132 /** 133 * @return list<string> 134 */ 74 135 public function getFallbackDirs() 75 136 { … … 77 138 } 78 139 140 /** 141 * @return list<string> 142 */ 79 143 public function getFallbackDirsPsr4() 80 144 { … … 82 146 } 83 147 148 /** 149 * @return array<string, string> Array of classname => path 150 */ 84 151 public function getClassMap() 85 152 { … … 88 155 89 156 /** 90 * @param array $classMap Class to filename map 157 * @param array<string, string> $classMap Class to filename map 158 * 159 * @return void 91 160 */ 92 161 public function addClassMap(array $classMap) … … 103 172 * appending or prepending to the ones previously set for this prefix. 104 173 * 105 * @param string $prefix The prefix 106 * @param array|string $paths The PSR-0 root directories 107 * @param bool $prepend Whether to prepend the directories 174 * @param string $prefix The prefix 175 * @param list<string>|string $paths The PSR-0 root directories 176 * @param bool $prepend Whether to prepend the directories 177 * 178 * @return void 108 179 */ 109 180 public function add($prefix, $paths, $prepend = false) 110 181 { 182 $paths = (array) $paths; 111 183 if (!$prefix) { 112 184 if ($prepend) { 113 185 $this->fallbackDirsPsr0 = array_merge( 114 (array)$paths,186 $paths, 115 187 $this->fallbackDirsPsr0 116 188 ); … … 118 190 $this->fallbackDirsPsr0 = array_merge( 119 191 $this->fallbackDirsPsr0, 120 (array)$paths192 $paths 121 193 ); 122 194 } … … 127 199 $first = $prefix[0]; 128 200 if (!isset($this->prefixesPsr0[$first][$prefix])) { 129 $this->prefixesPsr0[$first][$prefix] = (array)$paths;201 $this->prefixesPsr0[$first][$prefix] = $paths; 130 202 131 203 return; … … 133 205 if ($prepend) { 134 206 $this->prefixesPsr0[$first][$prefix] = array_merge( 135 (array)$paths,207 $paths, 136 208 $this->prefixesPsr0[$first][$prefix] 137 209 ); … … 139 211 $this->prefixesPsr0[$first][$prefix] = array_merge( 140 212 $this->prefixesPsr0[$first][$prefix], 141 (array)$paths213 $paths 142 214 ); 143 215 } … … 148 220 * appending or prepending to the ones previously set for this namespace. 149 221 * 150 * @param string $prefix The prefix/namespace, with trailing '\\'151 * @param array|string $paths The PSR-4 base directories152 * @param bool $prepend Whether to prepend the directories222 * @param string $prefix The prefix/namespace, with trailing '\\' 223 * @param list<string>|string $paths The PSR-4 base directories 224 * @param bool $prepend Whether to prepend the directories 153 225 * 154 226 * @throws \InvalidArgumentException 227 * 228 * @return void 155 229 */ 156 230 public function addPsr4($prefix, $paths, $prepend = false) 157 231 { 232 $paths = (array) $paths; 158 233 if (!$prefix) { 159 234 // Register directories for the root namespace. 160 235 if ($prepend) { 161 236 $this->fallbackDirsPsr4 = array_merge( 162 (array)$paths,237 $paths, 163 238 $this->fallbackDirsPsr4 164 239 ); … … 166 241 $this->fallbackDirsPsr4 = array_merge( 167 242 $this->fallbackDirsPsr4, 168 (array)$paths243 $paths 169 244 ); 170 245 } … … 176 251 } 177 252 $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; 178 $this->prefixDirsPsr4[$prefix] = (array)$paths;253 $this->prefixDirsPsr4[$prefix] = $paths; 179 254 } elseif ($prepend) { 180 255 // Prepend directories for an already registered namespace. 181 256 $this->prefixDirsPsr4[$prefix] = array_merge( 182 (array)$paths,257 $paths, 183 258 $this->prefixDirsPsr4[$prefix] 184 259 ); … … 187 262 $this->prefixDirsPsr4[$prefix] = array_merge( 188 263 $this->prefixDirsPsr4[$prefix], 189 (array)$paths264 $paths 190 265 ); 191 266 } … … 196 271 * replacing any others previously set for this prefix. 197 272 * 198 * @param string $prefix The prefix 199 * @param array|string $paths The PSR-0 base directories 273 * @param string $prefix The prefix 274 * @param list<string>|string $paths The PSR-0 base directories 275 * 276 * @return void 200 277 */ 201 278 public function set($prefix, $paths) … … 212 289 * replacing any others previously set for this namespace. 213 290 * 214 * @param string $prefix The prefix/namespace, with trailing '\\'215 * @param array|string $paths The PSR-4 base directories291 * @param string $prefix The prefix/namespace, with trailing '\\' 292 * @param list<string>|string $paths The PSR-4 base directories 216 293 * 217 294 * @throws \InvalidArgumentException 295 * 296 * @return void 218 297 */ 219 298 public function setPsr4($prefix, $paths) … … 235 314 * 236 315 * @param bool $useIncludePath 316 * 317 * @return void 237 318 */ 238 319 public function setUseIncludePath($useIncludePath) … … 257 338 * 258 339 * @param bool $classMapAuthoritative 340 * 341 * @return void 259 342 */ 260 343 public function setClassMapAuthoritative($classMapAuthoritative) … … 277 360 * 278 361 * @param string|null $apcuPrefix 362 * 363 * @return void 279 364 */ 280 365 public function setApcuPrefix($apcuPrefix) 281 366 { 282 $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;367 $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null; 283 368 } 284 369 … … 297 382 * 298 383 * @param bool $prepend Whether to prepend the autoloader or not 384 * 385 * @return void 299 386 */ 300 387 public function register($prepend = false) 301 388 { 302 389 spl_autoload_register(array($this, 'loadClass'), true, $prepend); 390 391 if (null === $this->vendorDir) { 392 return; 393 } 394 395 if ($prepend) { 396 self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders; 397 } else { 398 unset(self::$registeredLoaders[$this->vendorDir]); 399 self::$registeredLoaders[$this->vendorDir] = $this; 400 } 303 401 } 304 402 305 403 /** 306 404 * Unregisters this instance as an autoloader. 405 * 406 * @return void 307 407 */ 308 408 public function unregister() 309 409 { 310 410 spl_autoload_unregister(array($this, 'loadClass')); 411 412 if (null !== $this->vendorDir) { 413 unset(self::$registeredLoaders[$this->vendorDir]); 414 } 311 415 } 312 416 … … 315 419 * 316 420 * @param string $class The name of the class 317 * @return bool|null True if loaded, null otherwise421 * @return true|null True if loaded, null otherwise 318 422 */ 319 423 public function loadClass($class) 320 424 { 321 425 if ($file = $this->findFile($class)) { 322 includeFile($file); 426 $includeFile = self::$includeFile; 427 $includeFile($file); 323 428 324 429 return true; 325 430 } 431 432 return null; 326 433 } 327 434 … … 368 475 } 369 476 477 /** 478 * Returns the currently registered loaders keyed by their corresponding vendor directories. 479 * 480 * @return array<string, self> 481 */ 482 public static function getRegisteredLoaders() 483 { 484 return self::$registeredLoaders; 485 } 486 487 /** 488 * @param string $class 489 * @param string $ext 490 * @return string|false 491 */ 370 492 private function findFileWithExtension($class, $ext) 371 493 { … … 433 555 return false; 434 556 } 557 558 /** 559 * @return void 560 */ 561 private static function initializeIncludeClosure() 562 { 563 if (self::$includeFile !== null) { 564 return; 565 } 566 567 /** 568 * Scope isolated include. 569 * 570 * Prevents access to $this/self from included files. 571 * 572 * @param string $file 573 * @return void 574 */ 575 self::$includeFile = \Closure::bind(static function($file) { 576 include $file; 577 }, null, null); 578 } 435 579 } 436 437 /**438 * Scope isolated include.439 *440 * Prevents access to $this/self from included files.441 */442 function includeFile($file)443 {444 include $file;445 } -
ce21-suite/trunk/vendor/composer/LICENSE
r3093629 r3093637 1 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/2 Upstream-Name: Composer3 Upstream-Contact: Jordi Boggiano <j.boggiano@seld.be>4 Source: https://github.com/composer/composer5 1 6 Files: * 7 Copyright: 2016, Nils Adermann <naderman@naderman.de> 8 2016, Jordi Boggiano <j.boggiano@seld.be> 9 License: Expat 2 Copyright (c) Nils Adermann, Jordi Boggiano 10 3 11 Files: src/Composer/Util/TlsHelper.php 12 Copyright: 2016, Nils Adermann <naderman@naderman.de> 13 2016, Jordi Boggiano <j.boggiano@seld.be> 14 2013, Evan Coury <me@evancoury.com> 15 License: Expat and BSD-2-Clause 4 Permission is hereby granted, free of charge, to any person obtaining a copy 5 of this software and associated documentation files (the "Software"), to deal 6 in the Software without restriction, including without limitation the rights 7 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 copies of the Software, and to permit persons to whom the Software is furnished 9 to do so, subject to the following conditions: 16 10 17 License: BSD-2-Clause 18 Redistribution and use in source and binary forms, with or without modification, 19 are permitted provided that the following conditions are met: 20 . 21 * Redistributions of source code must retain the above copyright notice, 22 this list of conditions and the following disclaimer. 23 . 24 * Redistributions in binary form must reproduce the above copyright notice, 25 this list of conditions and the following disclaimer in the documentation 26 and/or other materials provided with the distribution. 27 . 28 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 29 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 30 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 31 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 32 ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 33 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 35 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 37 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 11 The above copyright notice and this permission notice shall be included in all 12 copies or substantial portions of the Software. 38 13 39 License: Expat 40 Permission is hereby granted, free of charge, to any person obtaining a copy 41 of this software and associated documentation files (the "Software"), to deal 42 in the Software without restriction, including without limitation the rights 43 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 44 copies of the Software, and to permit persons to whom the Software is furnished 45 to do so, subject to the following conditions: 46 . 47 The above copyright notice and this permission notice shall be included in all 48 copies or substantial portions of the Software. 49 . 50 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 51 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 52 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 53 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 54 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 55 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 56 THE SOFTWARE. 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20 THE SOFTWARE. 21 -
ce21-suite/trunk/vendor/composer/autoload_classmap.php
r3093629 r3093637 3 3 // autoload_classmap.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 8 8 return array( 9 'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php', 9 10 ); -
ce21-suite/trunk/vendor/composer/autoload_namespaces.php
r3093629 r3093637 3 3 // autoload_namespaces.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 -
ce21-suite/trunk/vendor/composer/autoload_psr4.php
r3093629 r3093637 3 3 // autoload_psr4.php @generated by Composer 4 4 5 $vendorDir = dirname( dirname(__FILE__));5 $vendorDir = dirname(__DIR__); 6 6 $baseDir = dirname($vendorDir); 7 7 -
ce21-suite/trunk/vendor/composer/autoload_real.php
r3093629 r3093637 14 14 } 15 15 16 /** 17 * @return \Composer\Autoload\ClassLoader 18 */ 16 19 public static function getLoader() 17 20 { … … 20 23 } 21 24 25 require __DIR__ . '/platform_check.php'; 26 22 27 spl_autoload_register(array('ComposerAutoloaderInit0ad48517006997bd6c20c77d85ed2a72', 'loadClassLoader'), true, true); 23 self::$loader = $loader = new \Composer\Autoload\ClassLoader( );28 self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__)); 24 29 spl_autoload_unregister(array('ComposerAutoloaderInit0ad48517006997bd6c20c77d85ed2a72', 'loadClassLoader')); 25 30 26 $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); 27 if ($useStaticLoader) { 28 require_once __DIR__ . '/autoload_static.php'; 29 30 call_user_func(\Composer\Autoload\ComposerStaticInit0ad48517006997bd6c20c77d85ed2a72::getInitializer($loader)); 31 } else { 32 $map = require __DIR__ . '/autoload_namespaces.php'; 33 foreach ($map as $namespace => $path) { 34 $loader->set($namespace, $path); 35 } 36 37 $map = require __DIR__ . '/autoload_psr4.php'; 38 foreach ($map as $namespace => $path) { 39 $loader->setPsr4($namespace, $path); 40 } 41 42 $classMap = require __DIR__ . '/autoload_classmap.php'; 43 if ($classMap) { 44 $loader->addClassMap($classMap); 45 } 46 } 31 require __DIR__ . '/autoload_static.php'; 32 call_user_func(\Composer\Autoload\ComposerStaticInit0ad48517006997bd6c20c77d85ed2a72::getInitializer($loader)); 47 33 48 34 $loader->register(true); -
ce21-suite/trunk/vendor/composer/autoload_static.php
r3093629 r3093637 21 21 ); 22 22 23 public static $classMap = array ( 24 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', 25 ); 26 23 27 public static function getInitializer(ClassLoader $loader) 24 28 { … … 26 30 $loader->prefixLengthsPsr4 = ComposerStaticInit0ad48517006997bd6c20c77d85ed2a72::$prefixLengthsPsr4; 27 31 $loader->prefixDirsPsr4 = ComposerStaticInit0ad48517006997bd6c20c77d85ed2a72::$prefixDirsPsr4; 32 $loader->classMap = ComposerStaticInit0ad48517006997bd6c20c77d85ed2a72::$classMap; 28 33 29 34 }, null, ClassLoader::class); -
ce21-suite/trunk/vendor/composer/installed.json
r3093629 r3093637 1 [ 2 { 3 "name": "firebase/php-jwt", 4 "version": "v5.0.0", 5 "version_normalized": "5.0.0.0", 6 "source": { 7 "type": "git", 8 "url": "https://github.com/firebase/php-jwt.git", 9 "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e" 10 }, 11 "dist": { 12 "type": "zip", 13 "url": "https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", 14 "reference": "9984a4d3a32ae7673d6971ea00bae9d0a1abba0e", 15 "shasum": "" 16 }, 17 "require": { 18 "php": ">=5.3.0" 19 }, 20 "require-dev": { 21 "phpunit/phpunit": " 4.8.35" 22 }, 23 "time": "2017-06-27T22:17:23+00:00", 24 "type": "library", 25 "installation-source": "dist", 26 "autoload": { 27 "psr-4": { 28 "Firebase\\JWT\\": "src" 29 } 30 }, 31 "notification-url": "https://packagist.org/downloads/", 32 "license": [ 33 "BSD-3-Clause" 1 { 2 "packages": [ 3 { 4 "name": "firebase/php-jwt", 5 "version": "v6.10.1", 6 "version_normalized": "6.10.1.0", 7 "source": { 8 "type": "git", 9 "url": "https://github.com/firebase/php-jwt.git", 10 "reference": "500501c2ce893c824c801da135d02661199f60c5" 11 }, 12 "dist": { 13 "type": "zip", 14 "url": "https://api.github.com/repos/firebase/php-jwt/zipball/500501c2ce893c824c801da135d02661199f60c5", 15 "reference": "500501c2ce893c824c801da135d02661199f60c5", 16 "shasum": "" 17 }, 18 "require": { 19 "php": "^8.0" 20 }, 21 "require-dev": { 22 "guzzlehttp/guzzle": "^7.4", 23 "phpspec/prophecy-phpunit": "^2.0", 24 "phpunit/phpunit": "^9.5", 25 "psr/cache": "^2.0||^3.0", 26 "psr/http-client": "^1.0", 27 "psr/http-factory": "^1.0" 28 }, 29 "suggest": { 30 "ext-sodium": "Support EdDSA (Ed25519) signatures", 31 "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present" 32 }, 33 "time": "2024-05-18T18:05:11+00:00", 34 "type": "library", 35 "installation-source": "dist", 36 "autoload": { 37 "psr-4": { 38 "Firebase\\JWT\\": "src" 39 } 40 }, 41 "notification-url": "https://packagist.org/downloads/", 42 "license": [ 43 "BSD-3-Clause" 44 ], 45 "authors": [ 46 { 47 "name": "Neuman Vong", 48 "email": "neuman+pear@twilio.com", 49 "role": "Developer" 50 }, 51 { 52 "name": "Anant Narayanan", 53 "email": "anant@php.net", 54 "role": "Developer" 55 } 56 ], 57 "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", 58 "homepage": "https://github.com/firebase/php-jwt", 59 "keywords": [ 60 "jwt", 61 "php" 62 ], 63 "support": { 64 "issues": "https://github.com/firebase/php-jwt/issues", 65 "source": "https://github.com/firebase/php-jwt/tree/v6.10.1" 66 }, 67 "install-path": "../firebase/php-jwt" 68 } 34 69 ], 35 "authors": [ 36 { 37 "name": "Neuman Vong", 38 "role": "Developer", 39 "email": "neuman+pear@twilio.com" 40 }, 41 { 42 "name": "Anant Narayanan", 43 "role": "Developer", 44 "email": "anant@php.net" 45 } 46 ], 47 "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", 48 "homepage": "https://github.com/firebase/php-jwt" 49 } 50 ] 70 "dev": true, 71 "dev-package-names": [] 72 } -
ce21-suite/trunk/vendor/firebase/php-jwt/LICENSE
r3093629 r3093637 14 14 with the distribution. 15 15 16 * Neither the name of Neuman Vongnor the names of other16 * Neither the name of the copyright holder nor the names of other 17 17 contributors may be used to endorse or promote products derived 18 18 from this software without specific prior written permission. -
ce21-suite/trunk/vendor/firebase/php-jwt/README.md
r3093629 r3093637 1 [](https://travis-ci.org/firebase/php-jwt)1  2 2 [](https://packagist.org/packages/firebase/php-jwt) 3 3 [](https://packagist.org/packages/firebase/php-jwt) … … 17 17 ``` 18 18 19 Optionally, install the `paragonie/sodium_compat` package from composer if your 20 php env does not have libsodium installed: 21 22 ```bash 23 composer require paragonie/sodium_compat 24 ``` 25 19 26 Example 20 27 ------- 21 28 ```php 22 <?php 23 use \Firebase\JWT\JWT;24 25 $key = "example_key";26 $ token = array(27 "iss" => "http://example.org",28 "aud" => "http://example.com",29 "iat"=> 1356999524,30 "nbf"=> 135700000031 );29 use Firebase\JWT\JWT; 30 use Firebase\JWT\Key; 31 32 $key = 'example_key'; 33 $payload = [ 34 'iss' => 'http://example.org', 35 'aud' => 'http://example.com', 36 'iat' => 1356999524, 37 'nbf' => 1357000000 38 ]; 32 39 33 40 /** … … 37 44 * for a list of spec-compliant algorithms. 38 45 */ 39 $jwt = JWT::encode($token, $key); 40 $decoded = JWT::decode($jwt, $key, array('HS256')); 41 46 $jwt = JWT::encode($payload, $key, 'HS256'); 47 $decoded = JWT::decode($jwt, new Key($key, 'HS256')); 42 48 print_r($decoded); 49 50 // Pass a stdClass in as the third parameter to get the decoded header values 51 $decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers = new stdClass()); 52 print_r($headers); 43 53 44 54 /* … … 57 67 */ 58 68 JWT::$leeway = 60; // $leeway in seconds 59 $decoded = JWT::decode($jwt, $key, array('HS256')); 60 61 ?> 69 $decoded = JWT::decode($jwt, new Key($key, 'HS256')); 70 ``` 71 Example encode/decode headers 72 ------- 73 Decoding the JWT headers without verifying the JWT first is NOT recommended, and is not supported by 74 this library. This is because without verifying the JWT, the header values could have been tampered with. 75 Any value pulled from an unverified header should be treated as if it could be any string sent in from an 76 attacker. If this is something you still want to do in your application for whatever reason, it's possible to 77 decode the header values manually simply by calling `json_decode` and `base64_decode` on the JWT 78 header part: 79 ```php 80 use Firebase\JWT\JWT; 81 82 $key = 'example_key'; 83 $payload = [ 84 'iss' => 'http://example.org', 85 'aud' => 'http://example.com', 86 'iat' => 1356999524, 87 'nbf' => 1357000000 88 ]; 89 90 $headers = [ 91 'x-forwarded-for' => 'www.google.com' 92 ]; 93 94 // Encode headers in the JWT string 95 $jwt = JWT::encode($payload, $key, 'HS256', null, $headers); 96 97 // Decode headers from the JWT string WITHOUT validation 98 // **IMPORTANT**: This operation is vulnerable to attacks, as the JWT has not yet been verified. 99 // These headers could be any value sent by an attacker. 100 list($headersB64, $payloadB64, $sig) = explode('.', $jwt); 101 $decoded = json_decode(base64_decode($headersB64), true); 102 103 print_r($decoded); 62 104 ``` 63 105 Example with RS256 (openssl) 64 106 ---------------------------- 65 107 ```php 66 <?php 67 use \Firebase\JWT\JWT;108 use Firebase\JWT\JWT; 109 use Firebase\JWT\Key; 68 110 69 111 $privateKey = <<<EOD 70 112 -----BEGIN RSA PRIVATE KEY----- 71 MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn 72 vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 73 5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB 74 AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz 75 bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J 76 Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1 77 cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5 78 5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck 79 ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe 80 k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb 81 qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k 82 eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm 83 B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM= 113 MIIEowIBAAKCAQEAuzWHNM5f+amCjQztc5QTfJfzCC5J4nuW+L/aOxZ4f8J3Frew 114 M2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJhzkPYLae7bTVro3hok0zDITR8F6S 115 JGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548tu4czCuqU8BGVOlnp6IqBHhAswNMM 116 78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vSopcT51koWOgiTf3C7nJUoMWZHZI5 117 HqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTzTTqo1SCSH2pooJl9O8at6kkRYsrZ 118 WwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/BwQIDAQABAoIBAFtGaOqNKGwggn9k 119 6yzr6GhZ6Wt2rh1Xpq8XUz514UBhPxD7dFRLpbzCrLVpzY80LbmVGJ9+1pJozyWc 120 VKeCeUdNwbqkr240Oe7GTFmGjDoxU+5/HX/SJYPpC8JZ9oqgEA87iz+WQX9hVoP2 121 oF6EB4ckDvXmk8FMwVZW2l2/kd5mrEVbDaXKxhvUDf52iVD+sGIlTif7mBgR99/b 122 c3qiCnxCMmfYUnT2eh7Vv2LhCR/G9S6C3R4lA71rEyiU3KgsGfg0d82/XWXbegJW 123 h3QbWNtQLxTuIvLq5aAryV3PfaHlPgdgK0ft6ocU2de2FagFka3nfVEyC7IUsNTK 124 bq6nhAECgYEA7d/0DPOIaItl/8BWKyCuAHMss47j0wlGbBSHdJIiS55akMvnAG0M 125 39y22Qqfzh1at9kBFeYeFIIU82ZLF3xOcE3z6pJZ4Dyvx4BYdXH77odo9uVK9s1l 126 3T3BlMcqd1hvZLMS7dviyH79jZo4CXSHiKzc7pQ2YfK5eKxKqONeXuECgYEAyXlG 127 vonaus/YTb1IBei9HwaccnQ/1HRn6MvfDjb7JJDIBhNClGPt6xRlzBbSZ73c2QEC 128 6Fu9h36K/HZ2qcLd2bXiNyhIV7b6tVKk+0Psoj0dL9EbhsD1OsmE1nTPyAc9XZbb 129 OPYxy+dpBCUA8/1U9+uiFoCa7mIbWcSQ+39gHuECgYAz82pQfct30aH4JiBrkNqP 130 nJfRq05UY70uk5k1u0ikLTRoVS/hJu/d4E1Kv4hBMqYCavFSwAwnvHUo51lVCr/y 131 xQOVYlsgnwBg2MX4+GjmIkqpSVCC8D7j/73MaWb746OIYZervQ8dbKahi2HbpsiG 132 8AHcVSA/agxZr38qvWV54QKBgCD5TlDE8x18AuTGQ9FjxAAd7uD0kbXNz2vUYg9L 133 hFL5tyL3aAAtUrUUw4xhd9IuysRhW/53dU+FsG2dXdJu6CxHjlyEpUJl2iZu/j15 134 YnMzGWHIEX8+eWRDsw/+Ujtko/B7TinGcWPz3cYl4EAOiCeDUyXnqnO1btCEUU44 135 DJ1BAoGBAJuPD27ErTSVtId90+M4zFPNibFP50KprVdc8CR37BE7r8vuGgNYXmnI 136 RLnGP9p3pVgFCktORuYS2J/6t84I3+A17nEoB4xvhTLeAinAW/uTQOUmNicOP4Ek 137 2MsLL2kHgL8bLTmvXV4FX+PXphrDKg1XxzOYn0otuoqdAQrkK4og 84 138 -----END RSA PRIVATE KEY----- 85 139 EOD; … … 87 141 $publicKey = <<<EOD 88 142 -----BEGIN PUBLIC KEY----- 89 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H 90 4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t 91 0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4 92 ehde/zUxo6UvS7UrBQIDAQAB 143 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzWHNM5f+amCjQztc5QT 144 fJfzCC5J4nuW+L/aOxZ4f8J3FrewM2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJ 145 hzkPYLae7bTVro3hok0zDITR8F6SJGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548t 146 u4czCuqU8BGVOlnp6IqBHhAswNMM78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vS 147 opcT51koWOgiTf3C7nJUoMWZHZI5HqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTz 148 TTqo1SCSH2pooJl9O8at6kkRYsrZWwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/B 149 wQIDAQAB 93 150 -----END PUBLIC KEY----- 94 151 EOD; 95 152 96 $ token = array(97 "iss" => "example.org",98 "aud" => "example.com",99 "iat"=> 1356999524,100 "nbf"=> 1357000000101 );102 103 $jwt = JWT::encode($ token, $privateKey, 'RS256');153 $payload = [ 154 'iss' => 'example.org', 155 'aud' => 'example.com', 156 'iat' => 1356999524, 157 'nbf' => 1357000000 158 ]; 159 160 $jwt = JWT::encode($payload, $privateKey, 'RS256'); 104 161 echo "Encode:\n" . print_r($jwt, true) . "\n"; 105 162 106 $decoded = JWT::decode($jwt, $publicKey, array('RS256'));163 $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); 107 164 108 165 /* … … 113 170 $decoded_array = (array) $decoded; 114 171 echo "Decode:\n" . print_r($decoded_array, true) . "\n"; 115 ?> 116 ``` 117 118 Changelog 119 --------- 120 121 #### 5.0.0 / 2017-06-26 122 - Support RS384 and RS512. 123 See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! 124 - Add an example for RS256 openssl. 125 See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! 126 - Detect invalid Base64 encoding in signature. 127 See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! 128 - Update `JWT::verify` to handle OpenSSL errors. 129 See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! 130 - Add `array` type hinting to `decode` method 131 See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! 132 - Add all JSON error types. 133 See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! 134 - Bugfix 'kid' not in given key list. 135 See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! 136 - Miscellaneous cleanup, documentation and test fixes. 137 See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115), 138 [#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and 139 [#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), 140 [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! 141 142 #### 4.0.0 / 2016-07-17 143 - Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! 144 - Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! 145 - Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! 146 - Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! 147 148 #### 3.0.0 / 2015-07-22 149 - Minimum PHP version updated from `5.2.0` to `5.3.0`. 150 - Add `\Firebase\JWT` namespace. See 151 [#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to 152 [@Dashron](https://github.com/Dashron)! 153 - Require a non-empty key to decode and verify a JWT. See 154 [#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to 155 [@sjones608](https://github.com/sjones608)! 156 - Cleaner documentation blocks in the code. See 157 [#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to 158 [@johanderuijter](https://github.com/johanderuijter)! 159 160 #### 2.2.0 / 2015-06-22 161 - Add support for adding custom, optional JWT headers to `JWT::encode()`. See 162 [#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to 163 [@mcocaro](https://github.com/mcocaro)! 164 165 #### 2.1.0 / 2015-05-20 166 - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew 167 between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! 168 - Add support for passing an object implementing the `ArrayAccess` interface for 169 `$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! 170 171 #### 2.0.0 / 2015-04-01 172 - **Note**: It is strongly recommended that you update to > v2.0.0 to address 173 known security vulnerabilities in prior versions when both symmetric and 174 asymmetric keys are used together. 175 - Update signature for `JWT::decode(...)` to require an array of supported 176 algorithms to use when verifying token signatures. 177 172 ``` 173 174 Example with a passphrase 175 ------------------------- 176 177 ```php 178 use Firebase\JWT\JWT; 179 use Firebase\JWT\Key; 180 181 // Your passphrase 182 $passphrase = '[YOUR_PASSPHRASE]'; 183 184 // Your private key file with passphrase 185 // Can be generated with "ssh-keygen -t rsa -m pem" 186 $privateKeyFile = '/path/to/key-with-passphrase.pem'; 187 188 // Create a private key of type "resource" 189 $privateKey = openssl_pkey_get_private( 190 file_get_contents($privateKeyFile), 191 $passphrase 192 ); 193 194 $payload = [ 195 'iss' => 'example.org', 196 'aud' => 'example.com', 197 'iat' => 1356999524, 198 'nbf' => 1357000000 199 ]; 200 201 $jwt = JWT::encode($payload, $privateKey, 'RS256'); 202 echo "Encode:\n" . print_r($jwt, true) . "\n"; 203 204 // Get public key from the private key, or pull from from a file. 205 $publicKey = openssl_pkey_get_details($privateKey)['key']; 206 207 $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); 208 echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; 209 ``` 210 211 Example with EdDSA (libsodium and Ed25519 signature) 212 ---------------------------- 213 ```php 214 use Firebase\JWT\JWT; 215 use Firebase\JWT\Key; 216 217 // Public and private keys are expected to be Base64 encoded. The last 218 // non-empty line is used so that keys can be generated with 219 // sodium_crypto_sign_keypair(). The secret keys generated by other tools may 220 // need to be adjusted to match the input expected by libsodium. 221 222 $keyPair = sodium_crypto_sign_keypair(); 223 224 $privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair)); 225 226 $publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair)); 227 228 $payload = [ 229 'iss' => 'example.org', 230 'aud' => 'example.com', 231 'iat' => 1356999524, 232 'nbf' => 1357000000 233 ]; 234 235 $jwt = JWT::encode($payload, $privateKey, 'EdDSA'); 236 echo "Encode:\n" . print_r($jwt, true) . "\n"; 237 238 $decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA')); 239 echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; 240 ```` 241 242 Example with multiple keys 243 -------------------------- 244 ```php 245 use Firebase\JWT\JWT; 246 use Firebase\JWT\Key; 247 248 // Example RSA keys from previous example 249 // $privateKey1 = '...'; 250 // $publicKey1 = '...'; 251 252 // Example EdDSA keys from previous example 253 // $privateKey2 = '...'; 254 // $publicKey2 = '...'; 255 256 $payload = [ 257 'iss' => 'example.org', 258 'aud' => 'example.com', 259 'iat' => 1356999524, 260 'nbf' => 1357000000 261 ]; 262 263 $jwt1 = JWT::encode($payload, $privateKey1, 'RS256', 'kid1'); 264 $jwt2 = JWT::encode($payload, $privateKey2, 'EdDSA', 'kid2'); 265 echo "Encode 1:\n" . print_r($jwt1, true) . "\n"; 266 echo "Encode 2:\n" . print_r($jwt2, true) . "\n"; 267 268 $keys = [ 269 'kid1' => new Key($publicKey1, 'RS256'), 270 'kid2' => new Key($publicKey2, 'EdDSA'), 271 ]; 272 273 $decoded1 = JWT::decode($jwt1, $keys); 274 $decoded2 = JWT::decode($jwt2, $keys); 275 276 echo "Decode 1:\n" . print_r((array) $decoded1, true) . "\n"; 277 echo "Decode 2:\n" . print_r((array) $decoded2, true) . "\n"; 278 ``` 279 280 Using JWKs 281 ---------- 282 283 ```php 284 use Firebase\JWT\JWK; 285 use Firebase\JWT\JWT; 286 287 // Set of keys. The "keys" key is required. For example, the JSON response to 288 // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk 289 $jwks = ['keys' => []]; 290 291 // JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key 292 // objects. Pass this as the second parameter to JWT::decode. 293 JWT::decode($payload, JWK::parseKeySet($jwks)); 294 ``` 295 296 Using Cached Key Sets 297 --------------------- 298 299 The `CachedKeySet` class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI. 300 This has the following advantages: 301 302 1. The results are cached for performance. 303 2. If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation. 304 3. If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second. 305 306 ```php 307 use Firebase\JWT\CachedKeySet; 308 use Firebase\JWT\JWT; 309 310 // The URI for the JWKS you wish to cache the results from 311 $jwksUri = 'https://www.gstatic.com/iap/verify/public_key-jwk'; 312 313 // Create an HTTP client (can be any PSR-7 compatible HTTP client) 314 $httpClient = new GuzzleHttp\Client(); 315 316 // Create an HTTP request factory (can be any PSR-17 compatible HTTP request factory) 317 $httpFactory = new GuzzleHttp\Psr\HttpFactory(); 318 319 // Create a cache item pool (can be any PSR-6 compatible cache item pool) 320 $cacheItemPool = Phpfastcache\CacheManager::getInstance('files'); 321 322 $keySet = new CachedKeySet( 323 $jwksUri, 324 $httpClient, 325 $httpFactory, 326 $cacheItemPool, 327 null, // $expiresAfter int seconds to set the JWKS to expire 328 true // $rateLimit true to enable rate limit of 10 RPS on lookup of invalid keys 329 ); 330 331 $jwt = 'eyJhbGci...'; // Some JWT signed by a key from the $jwkUri above 332 $decoded = JWT::decode($jwt, $keySet); 333 ``` 334 335 Miscellaneous 336 ------------- 337 338 #### Exception Handling 339 340 When a call to `JWT::decode` is invalid, it will throw one of the following exceptions: 341 342 ```php 343 use Firebase\JWT\JWT; 344 use Firebase\JWT\SignatureInvalidException; 345 use Firebase\JWT\BeforeValidException; 346 use Firebase\JWT\ExpiredException; 347 use DomainException; 348 use InvalidArgumentException; 349 use UnexpectedValueException; 350 351 try { 352 $decoded = JWT::decode($payload, $keys); 353 } catch (InvalidArgumentException $e) { 354 // provided key/key-array is empty or malformed. 355 } catch (DomainException $e) { 356 // provided algorithm is unsupported OR 357 // provided key is invalid OR 358 // unknown error thrown in openSSL or libsodium OR 359 // libsodium is required but not available. 360 } catch (SignatureInvalidException $e) { 361 // provided JWT signature verification failed. 362 } catch (BeforeValidException $e) { 363 // provided JWT is trying to be used before "nbf" claim OR 364 // provided JWT is trying to be used before "iat" claim. 365 } catch (ExpiredException $e) { 366 // provided JWT is trying to be used after "exp" claim. 367 } catch (UnexpectedValueException $e) { 368 // provided JWT is malformed OR 369 // provided JWT is missing an algorithm / using an unsupported algorithm OR 370 // provided JWT algorithm does not match provided key OR 371 // provided key ID in key/key-array is empty or invalid. 372 } 373 ``` 374 375 All exceptions in the `Firebase\JWT` namespace extend `UnexpectedValueException`, and can be simplified 376 like this: 377 378 ```php 379 use Firebase\JWT\JWT; 380 use UnexpectedValueException; 381 try { 382 $decoded = JWT::decode($payload, $keys); 383 } catch (LogicException $e) { 384 // errors having to do with environmental setup or malformed JWT Keys 385 } catch (UnexpectedValueException $e) { 386 // errors having to do with JWT signature and claims 387 } 388 ``` 389 390 #### Casting to array 391 392 The return value of `JWT::decode` is the generic PHP object `stdClass`. If you'd like to handle with arrays 393 instead, you can do the following: 394 395 ```php 396 // return type is stdClass 397 $decoded = JWT::decode($payload, $keys); 398 399 // cast to array 400 $decoded = json_decode(json_encode($decoded), true); 401 ``` 178 402 179 403 Tests -
ce21-suite/trunk/vendor/firebase/php-jwt/composer.json
r3093629 r3093637 3 3 "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", 4 4 "homepage": "https://github.com/firebase/php-jwt", 5 "keywords": [ 6 "php", 7 "jwt" 8 ], 5 9 "authors": [ 6 10 { … … 17 21 "license": "BSD-3-Clause", 18 22 "require": { 19 "php": ">=5.3.0" 23 "php": "^8.0" 24 }, 25 "suggest": { 26 "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present", 27 "ext-sodium": "Support EdDSA (Ed25519) signatures" 20 28 }, 21 29 "autoload": { … … 25 33 }, 26 34 "require-dev": { 27 "phpunit/phpunit": " 4.8.35" 35 "guzzlehttp/guzzle": "^7.4", 36 "phpspec/prophecy-phpunit": "^2.0", 37 "phpunit/phpunit": "^9.5", 38 "psr/cache": "^2.0||^3.0", 39 "psr/http-client": "^1.0", 40 "psr/http-factory": "^1.0" 28 41 } 29 42 } -
ce21-suite/trunk/vendor/firebase/php-jwt/src/BeforeValidException.php
r3093629 r3093637 1 1 <?php 2 2 3 namespace Firebase\JWT; 3 4 4 class BeforeValidException extends \UnexpectedValueException 5 class BeforeValidException extends \UnexpectedValueException implements JWTExceptionWithPayloadInterface 5 6 { 7 private object $payload; 6 8 9 public function setPayload(object $payload): void 10 { 11 $this->payload = $payload; 12 } 13 14 public function getPayload(): object 15 { 16 return $this->payload; 17 } 7 18 } -
ce21-suite/trunk/vendor/firebase/php-jwt/src/ExpiredException.php
r3093629 r3093637 1 1 <?php 2 2 3 namespace Firebase\JWT; 3 4 4 class ExpiredException extends \UnexpectedValueException 5 class ExpiredException extends \UnexpectedValueException implements JWTExceptionWithPayloadInterface 5 6 { 7 private object $payload; 6 8 9 public function setPayload(object $payload): void 10 { 11 $this->payload = $payload; 12 } 13 14 public function getPayload(): object 15 { 16 return $this->payload; 17 } 7 18 } -
ce21-suite/trunk/vendor/firebase/php-jwt/src/JWT.php
r3093629 r3093637 2 2 3 3 namespace Firebase\JWT; 4 use \DomainException; 5 use \InvalidArgumentException; 6 use \UnexpectedValueException; 7 use \DateTime; 4 5 use ArrayAccess; 6 use DateTime; 7 use DomainException; 8 use Exception; 9 use InvalidArgumentException; 10 use OpenSSLAsymmetricKey; 11 use OpenSSLCertificate; 12 use stdClass; 13 use UnexpectedValueException; 8 14 9 15 /** … … 22 28 class JWT 23 29 { 30 private const ASN1_INTEGER = 0x02; 31 private const ASN1_SEQUENCE = 0x10; 32 private const ASN1_BIT_STRING = 0x03; 24 33 25 34 /** … … 27 36 * we want to provide some extra leeway time to 28 37 * account for clock skew. 38 * 39 * @var int 29 40 */ 30 41 public static $leeway = 0; … … 33 44 * Allow the current timestamp to be specified. 34 45 * Useful for fixing a value within unit testing. 35 *36 46 * Will default to PHP time() value if null. 47 * 48 * @var ?int 37 49 */ 38 50 public static $timestamp = null; 39 51 40 public static $supported_algs = array( 41 'HS256' => array('hash_hmac', 'SHA256'), 42 'HS512' => array('hash_hmac', 'SHA512'), 43 'HS384' => array('hash_hmac', 'SHA384'), 44 'RS256' => array('openssl', 'SHA256'), 45 'RS384' => array('openssl', 'SHA384'), 46 'RS512' => array('openssl', 'SHA512'), 47 ); 52 /** 53 * @var array<string, string[]> 54 */ 55 public static $supported_algs = [ 56 'ES384' => ['openssl', 'SHA384'], 57 'ES256' => ['openssl', 'SHA256'], 58 'ES256K' => ['openssl', 'SHA256'], 59 'HS256' => ['hash_hmac', 'SHA256'], 60 'HS384' => ['hash_hmac', 'SHA384'], 61 'HS512' => ['hash_hmac', 'SHA512'], 62 'RS256' => ['openssl', 'SHA256'], 63 'RS384' => ['openssl', 'SHA384'], 64 'RS512' => ['openssl', 'SHA512'], 65 'EdDSA' => ['sodium_crypto', 'EdDSA'], 66 ]; 48 67 49 68 /** 50 69 * Decodes a JWT string into a PHP object. 51 70 * 52 * @param string $jwt The JWT 53 * @param string|array $key The key, or map of keys. 54 * If the algorithm used is asymmetric, this is the public key 55 * @param array $allowed_algs List of supported verification algorithms 56 * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' 57 * 58 * @return object The JWT's payload as a PHP object 59 * 71 * @param string $jwt The JWT 72 * @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray The Key or associative array of key IDs 73 * (kid) to Key objects. 74 * If the algorithm used is asymmetric, this is 75 * the public key. 76 * Each Key object contains an algorithm and 77 * matching key. 78 * Supported algorithms are 'ES384','ES256', 79 * 'HS256', 'HS384', 'HS512', 'RS256', 'RS384' 80 * and 'RS512'. 81 * @param stdClass $headers Optional. Populates stdClass with headers. 82 * 83 * @return stdClass The JWT's payload as a PHP object 84 * 85 * @throws InvalidArgumentException Provided key/key-array was empty or malformed 86 * @throws DomainException Provided JWT is malformed 60 87 * @throws UnexpectedValueException Provided JWT was invalid 61 88 * @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed … … 67 94 * @uses urlsafeB64Decode 68 95 */ 69 public static function decode($jwt, $key, array $allowed_algs = array()) 70 { 71 $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; 72 73 if (empty($key)) { 96 public static function decode( 97 string $jwt, 98 $keyOrKeyArray, 99 stdClass &$headers = null 100 ): stdClass { 101 // Validate JWT 102 $timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp; 103 104 if (empty($keyOrKeyArray)) { 74 105 throw new InvalidArgumentException('Key may not be empty'); 75 106 } 76 $tks = explode('.', $jwt);77 if ( count($tks) != 3) {107 $tks = \explode('.', $jwt); 108 if (\count($tks) !== 3) { 78 109 throw new UnexpectedValueException('Wrong number of segments'); 79 110 } 80 111 list($headb64, $bodyb64, $cryptob64) = $tks; 81 if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) { 112 $headerRaw = static::urlsafeB64Decode($headb64); 113 if (null === ($header = static::jsonDecode($headerRaw))) { 82 114 throw new UnexpectedValueException('Invalid header encoding'); 83 115 } 84 if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { 116 if ($headers !== null) { 117 $headers = $header; 118 } 119 $payloadRaw = static::urlsafeB64Decode($bodyb64); 120 if (null === ($payload = static::jsonDecode($payloadRaw))) { 85 121 throw new UnexpectedValueException('Invalid claims encoding'); 86 122 } 87 if (false === ($sig = static::urlsafeB64Decode($cryptob64))) { 88 throw new UnexpectedValueException('Invalid signature encoding'); 89 } 123 if (\is_array($payload)) { 124 // prevent PHP Fatal Error in edge-cases when payload is empty array 125 $payload = (object) $payload; 126 } 127 if (!$payload instanceof stdClass) { 128 throw new UnexpectedValueException('Payload must be a JSON object'); 129 } 130 $sig = static::urlsafeB64Decode($cryptob64); 90 131 if (empty($header->alg)) { 91 132 throw new UnexpectedValueException('Empty algorithm'); … … 94 135 throw new UnexpectedValueException('Algorithm not supported'); 95 136 } 96 if (!in_array($header->alg, $allowed_algs)) { 97 throw new UnexpectedValueException('Algorithm not allowed'); 98 } 99 if (is_array($key) || $key instanceof \ArrayAccess) { 100 if (isset($header->kid)) { 101 if (!isset($key[$header->kid])) { 102 throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key'); 103 } 104 $key = $key[$header->kid]; 105 } else { 106 throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); 107 } 108 } 109 110 // Check the signature 111 if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { 137 138 $key = self::getKey($keyOrKeyArray, property_exists($header, 'kid') ? $header->kid : null); 139 140 // Check the algorithm 141 if (!self::constantTimeEquals($key->getAlgorithm(), $header->alg)) { 142 // See issue #351 143 throw new UnexpectedValueException('Incorrect key for this algorithm'); 144 } 145 if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) { 146 // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures 147 $sig = self::signatureToDER($sig); 148 } 149 if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) { 112 150 throw new SignatureInvalidException('Signature verification failed'); 113 151 } 114 152 115 // Check ifthe nbf if it is defined. This is the time that the153 // Check the nbf if it is defined. This is the time that the 116 154 // token can actually be used. If it's not yet that time, abort. 117 if (isset($payload->nbf) && $payload->nbf> ($timestamp + static::$leeway)) {118 thrownew BeforeValidException(119 'Cannot handle token prior to ' . date(DateTime::ISO8601,$payload->nbf)155 if (isset($payload->nbf) && floor($payload->nbf) > ($timestamp + static::$leeway)) { 156 $ex = new BeforeValidException( 157 'Cannot handle token with nbf prior to ' . \date(DateTime::ISO8601, (int) $payload->nbf) 120 158 ); 159 $ex->setPayload($payload); 160 throw $ex; 121 161 } 122 162 … … 124 164 // using tokens that have been created for later use (and haven't 125 165 // correctly used the nbf claim). 126 if ( isset($payload->iat) && $payload->iat> ($timestamp + static::$leeway)) {127 thrownew BeforeValidException(128 'Cannot handle token prior to ' . date(DateTime::ISO8601,$payload->iat)166 if (!isset($payload->nbf) && isset($payload->iat) && floor($payload->iat) > ($timestamp + static::$leeway)) { 167 $ex = new BeforeValidException( 168 'Cannot handle token with iat prior to ' . \date(DateTime::ISO8601, (int) $payload->iat) 129 169 ); 170 $ex->setPayload($payload); 171 throw $ex; 130 172 } 131 173 132 174 // Check if this token has expired. 133 175 if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) { 134 throw new ExpiredException('Expired token'); 176 $ex = new ExpiredException('Expired token'); 177 $ex->setPayload($payload); 178 throw $ex; 135 179 } 136 180 … … 139 183 140 184 /** 141 * Converts and signs a PHP object or array into a JWT string. 142 * 143 * @param object|array $payload PHP object or array 144 * @param string $key The secret key. 145 * If the algorithm used is asymmetric, this is the private key 146 * @param string $alg The signing algorithm. 147 * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256' 148 * @param mixed $keyId 149 * @param array $head An array with header elements to attach 185 * Converts and signs a PHP array into a JWT string. 186 * 187 * @param array<mixed> $payload PHP array 188 * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key. 189 * @param string $alg Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256', 190 * 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' 191 * @param string $keyId 192 * @param array<string, string> $head An array with header elements to attach 150 193 * 151 194 * @return string A signed JWT … … 154 197 * @uses urlsafeB64Encode 155 198 */ 156 public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) 157 { 158 $header = array('typ' => 'JWT', 'alg' => $alg); 199 public static function encode( 200 array $payload, 201 $key, 202 string $alg, 203 string $keyId = null, 204 array $head = null 205 ): string { 206 $header = ['typ' => 'JWT']; 207 if (isset($head) && \is_array($head)) { 208 $header = \array_merge($header, $head); 209 } 210 $header['alg'] = $alg; 159 211 if ($keyId !== null) { 160 212 $header['kid'] = $keyId; 161 213 } 162 if ( isset($head) && is_array($head) ) { 163 $header = array_merge($head, $header); 164 } 165 $segments = array(); 166 $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); 167 $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); 168 $signing_input = implode('.', $segments); 214 $segments = []; 215 $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($header)); 216 $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($payload)); 217 $signing_input = \implode('.', $segments); 169 218 170 219 $signature = static::sign($signing_input, $key, $alg); 171 220 $segments[] = static::urlsafeB64Encode($signature); 172 221 173 return implode('.', $segments);222 return \implode('.', $segments); 174 223 } 175 224 … … 177 226 * Sign a string with a given key and algorithm. 178 227 * 179 * @param string $msgThe message to sign180 * @param string|resource $key The secret key181 * @param string $alg The signing algorithm.182 * Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'228 * @param string $msg The message to sign 229 * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key. 230 * @param string $alg Supported algorithms are 'EdDSA', 'ES384', 'ES256', 'ES256K', 'HS256', 231 * 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' 183 232 * 184 233 * @return string An encrypted message 185 234 * 186 * @throws DomainException Unsupported algorithm was specified 187 */ 188 public static function sign($msg, $key, $alg = 'HS256') 189 { 235 * @throws DomainException Unsupported algorithm or bad key was specified 236 */ 237 public static function sign( 238 string $msg, 239 $key, 240 string $alg 241 ): string { 190 242 if (empty(static::$supported_algs[$alg])) { 191 243 throw new DomainException('Algorithm not supported'); 192 244 } 193 245 list($function, $algorithm) = static::$supported_algs[$alg]; 194 switch ($function) {246 switch ($function) { 195 247 case 'hash_hmac': 196 return hash_hmac($algorithm, $msg, $key, true); 248 if (!\is_string($key)) { 249 throw new InvalidArgumentException('key must be a string when using hmac'); 250 } 251 return \hash_hmac($algorithm, $msg, $key, true); 197 252 case 'openssl': 198 253 $signature = ''; 199 $success = openssl_sign($msg, $signature, $key, $algorithm); 254 if (!\is_resource($key) && !openssl_pkey_get_private($key)) { 255 throw new DomainException('OpenSSL unable to validate key'); 256 } 257 $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line 200 258 if (!$success) { 201 throw new DomainException("OpenSSL unable to sign data"); 202 } else { 203 return $signature; 204 } 205 } 259 throw new DomainException('OpenSSL unable to sign data'); 260 } 261 if ($alg === 'ES256' || $alg === 'ES256K') { 262 $signature = self::signatureFromDER($signature, 256); 263 } elseif ($alg === 'ES384') { 264 $signature = self::signatureFromDER($signature, 384); 265 } 266 return $signature; 267 case 'sodium_crypto': 268 if (!\function_exists('sodium_crypto_sign_detached')) { 269 throw new DomainException('libsodium is not available'); 270 } 271 if (!\is_string($key)) { 272 throw new InvalidArgumentException('key must be a string when using EdDSA'); 273 } 274 try { 275 // The last non-empty line is used as the key. 276 $lines = array_filter(explode("\n", $key)); 277 $key = base64_decode((string) end($lines)); 278 if (\strlen($key) === 0) { 279 throw new DomainException('Key cannot be empty string'); 280 } 281 return sodium_crypto_sign_detached($msg, $key); 282 } catch (Exception $e) { 283 throw new DomainException($e->getMessage(), 0, $e); 284 } 285 } 286 287 throw new DomainException('Algorithm not supported'); 206 288 } 207 289 … … 210 292 * are symmetric, so we must have a separate verify and sign method. 211 293 * 212 * @param string $msgThe original message (header and body)213 * @param string $signatureThe original signature214 * @param string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key215 * @param string $algThe algorithm294 * @param string $msg The original message (header and body) 295 * @param string $signature The original signature 296 * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial For Ed*, ES*, HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey 297 * @param string $alg The algorithm 216 298 * 217 299 * @return bool 218 300 * 219 * @throws DomainException Invalid Algorithm or OpenSSL failure 220 */ 221 private static function verify($msg, $signature, $key, $alg) 222 { 301 * @throws DomainException Invalid Algorithm, bad key, or OpenSSL failure 302 */ 303 private static function verify( 304 string $msg, 305 string $signature, 306 $keyMaterial, 307 string $alg 308 ): bool { 223 309 if (empty(static::$supported_algs[$alg])) { 224 310 throw new DomainException('Algorithm not supported'); … … 226 312 227 313 list($function, $algorithm) = static::$supported_algs[$alg]; 228 switch ($function) {314 switch ($function) { 229 315 case 'openssl': 230 $success = openssl_verify($msg, $signature, $key, $algorithm);316 $success = \openssl_verify($msg, $signature, $keyMaterial, $algorithm); // @phpstan-ignore-line 231 317 if ($success === 1) { 232 318 return true; 233 } elseif ($success === 0) { 319 } 320 if ($success === 0) { 234 321 return false; 235 322 } 236 323 // returns 1 on success, 0 on failure, -1 on error. 237 324 throw new DomainException( 238 'OpenSSL error: ' . openssl_error_string()325 'OpenSSL error: ' . \openssl_error_string() 239 326 ); 327 case 'sodium_crypto': 328 if (!\function_exists('sodium_crypto_sign_verify_detached')) { 329 throw new DomainException('libsodium is not available'); 330 } 331 if (!\is_string($keyMaterial)) { 332 throw new InvalidArgumentException('key must be a string when using EdDSA'); 333 } 334 try { 335 // The last non-empty line is used as the key. 336 $lines = array_filter(explode("\n", $keyMaterial)); 337 $key = base64_decode((string) end($lines)); 338 if (\strlen($key) === 0) { 339 throw new DomainException('Key cannot be empty string'); 340 } 341 if (\strlen($signature) === 0) { 342 throw new DomainException('Signature cannot be empty string'); 343 } 344 return sodium_crypto_sign_verify_detached($signature, $msg, $key); 345 } catch (Exception $e) { 346 throw new DomainException($e->getMessage(), 0, $e); 347 } 240 348 case 'hash_hmac': 241 349 default: 242 $hash = hash_hmac($algorithm, $msg, $key, true); 243 if (function_exists('hash_equals')) { 244 return hash_equals($signature, $hash); 245 } 246 $len = min(static::safeStrlen($signature), static::safeStrlen($hash)); 247 248 $status = 0; 249 for ($i = 0; $i < $len; $i++) { 250 $status |= (ord($signature[$i]) ^ ord($hash[$i])); 251 } 252 $status |= (static::safeStrlen($signature) ^ static::safeStrlen($hash)); 253 254 return ($status === 0); 350 if (!\is_string($keyMaterial)) { 351 throw new InvalidArgumentException('key must be a string when using hmac'); 352 } 353 $hash = \hash_hmac($algorithm, $msg, $keyMaterial, true); 354 return self::constantTimeEquals($hash, $signature); 255 355 } 256 356 } … … 261 361 * @param string $input JSON string 262 362 * 263 * @return object Object representation ofJSON string363 * @return mixed The decoded JSON string 264 364 * 265 365 * @throws DomainException Provided string was invalid JSON 266 366 */ 267 public static function jsonDecode($input) 268 { 269 if (version_compare(PHP_VERSION, '5.4.0', '>=') && !(defined('JSON_C_VERSION') && PHP_INT_SIZE > 4)) { 270 /** In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you 271 * to specify that large ints (like Steam Transaction IDs) should be treated as 272 * strings, rather than the PHP default behaviour of converting them to floats. 273 */ 274 $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); 275 } else { 276 /** Not all servers will support that, however, so for older versions we must 277 * manually detect large ints in the JSON string and quote them (thus converting 278 *them to strings) before decoding, hence the preg_replace() call. 279 */ 280 $max_int_length = strlen((string) PHP_INT_MAX) - 1; 281 $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); 282 $obj = json_decode($json_without_bigints); 283 } 284 285 if (function_exists('json_last_error') && $errno = json_last_error()) { 286 static::handleJsonError($errno); 367 public static function jsonDecode(string $input) 368 { 369 $obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING); 370 371 if ($errno = \json_last_error()) { 372 self::handleJsonError($errno); 287 373 } elseif ($obj === null && $input !== 'null') { 288 374 throw new DomainException('Null result with non-null input'); … … 292 378 293 379 /** 294 * Encode a PHP objectinto a JSON string.295 * 296 * @param object|array $input A PHP object orarray297 * 298 * @return string JSON representation of the PHP object orarray380 * Encode a PHP array into a JSON string. 381 * 382 * @param array<mixed> $input A PHP array 383 * 384 * @return string JSON representation of the PHP array 299 385 * 300 386 * @throws DomainException Provided object could not be encoded to valid JSON 301 387 */ 302 public static function jsonEncode($input) 303 { 304 $json = json_encode($input); 305 if (function_exists('json_last_error') && $errno = json_last_error()) { 306 static::handleJsonError($errno); 307 } elseif ($json === 'null' && $input !== null) { 388 public static function jsonEncode(array $input): string 389 { 390 if (PHP_VERSION_ID >= 50400) { 391 $json = \json_encode($input, \JSON_UNESCAPED_SLASHES); 392 } else { 393 // PHP 5.3 only 394 $json = \json_encode($input); 395 } 396 if ($errno = \json_last_error()) { 397 self::handleJsonError($errno); 398 } elseif ($json === 'null') { 308 399 throw new DomainException('Null result with non-null input'); 309 400 } 401 if ($json === false) { 402 throw new DomainException('Provided object could not be encoded to valid JSON'); 403 } 310 404 return $json; 311 405 } … … 317 411 * 318 412 * @return string A decoded string 319 */ 320 public static function urlsafeB64Decode($input) 321 { 322 $remainder = strlen($input) % 4; 413 * 414 * @throws InvalidArgumentException invalid base64 characters 415 */ 416 public static function urlsafeB64Decode(string $input): string 417 { 418 return \base64_decode(self::convertBase64UrlToBase64($input)); 419 } 420 421 /** 422 * Convert a string in the base64url (URL-safe Base64) encoding to standard base64. 423 * 424 * @param string $input A Base64 encoded string with URL-safe characters (-_ and no padding) 425 * 426 * @return string A Base64 encoded string with standard characters (+/) and padding (=), when 427 * needed. 428 * 429 * @see https://www.rfc-editor.org/rfc/rfc4648 430 */ 431 public static function convertBase64UrlToBase64(string $input): string 432 { 433 $remainder = \strlen($input) % 4; 323 434 if ($remainder) { 324 435 $padlen = 4 - $remainder; 325 $input .= str_repeat('=', $padlen);326 } 327 return base64_decode(strtr($input, '-_', '+/'));436 $input .= \str_repeat('=', $padlen); 437 } 438 return \strtr($input, '-_', '+/'); 328 439 } 329 440 … … 335 446 * @return string The base64 encode of what you passed in 336 447 */ 337 public static function urlsafeB64Encode($input) 338 { 339 return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); 448 public static function urlsafeB64Encode(string $input): string 449 { 450 return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_')); 451 } 452 453 454 /** 455 * Determine if an algorithm has been provided for each Key 456 * 457 * @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray 458 * @param string|null $kid 459 * 460 * @throws UnexpectedValueException 461 * 462 * @return Key 463 */ 464 private static function getKey( 465 $keyOrKeyArray, 466 ?string $kid 467 ): Key { 468 if ($keyOrKeyArray instanceof Key) { 469 return $keyOrKeyArray; 470 } 471 472 if (empty($kid) && $kid !== '0') { 473 throw new UnexpectedValueException('"kid" empty, unable to lookup correct key'); 474 } 475 476 if ($keyOrKeyArray instanceof CachedKeySet) { 477 // Skip "isset" check, as this will automatically refresh if not set 478 return $keyOrKeyArray[$kid]; 479 } 480 481 if (!isset($keyOrKeyArray[$kid])) { 482 throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key'); 483 } 484 485 return $keyOrKeyArray[$kid]; 486 } 487 488 /** 489 * @param string $left The string of known length to compare against 490 * @param string $right The user-supplied string 491 * @return bool 492 */ 493 public static function constantTimeEquals(string $left, string $right): bool 494 { 495 if (\function_exists('hash_equals')) { 496 return \hash_equals($left, $right); 497 } 498 $len = \min(self::safeStrlen($left), self::safeStrlen($right)); 499 500 $status = 0; 501 for ($i = 0; $i < $len; $i++) { 502 $status |= (\ord($left[$i]) ^ \ord($right[$i])); 503 } 504 $status |= (self::safeStrlen($left) ^ self::safeStrlen($right)); 505 506 return ($status === 0); 340 507 } 341 508 … … 345 512 * @param int $errno An error number from json_last_error() 346 513 * 514 * @throws DomainException 515 * 347 516 * @return void 348 517 */ 349 private static function handleJsonError( $errno)350 { 351 $messages = array(518 private static function handleJsonError(int $errno): void 519 { 520 $messages = [ 352 521 JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', 353 522 JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON', … … 355 524 JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', 356 525 JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3 357 );526 ]; 358 527 throw new DomainException( 359 528 isset($messages[$errno]) … … 366 535 * Get the number of bytes in cryptographic strings. 367 536 * 368 * @param string 537 * @param string $str 369 538 * 370 539 * @return int 371 540 */ 372 private static function safeStrlen($str) 373 { 374 if (function_exists('mb_strlen')) { 375 return mb_strlen($str, '8bit'); 376 } 377 return strlen($str); 541 private static function safeStrlen(string $str): int 542 { 543 if (\function_exists('mb_strlen')) { 544 return \mb_strlen($str, '8bit'); 545 } 546 return \strlen($str); 547 } 548 549 /** 550 * Convert an ECDSA signature to an ASN.1 DER sequence 551 * 552 * @param string $sig The ECDSA signature to convert 553 * @return string The encoded DER object 554 */ 555 private static function signatureToDER(string $sig): string 556 { 557 // Separate the signature into r-value and s-value 558 $length = max(1, (int) (\strlen($sig) / 2)); 559 list($r, $s) = \str_split($sig, $length); 560 561 // Trim leading zeros 562 $r = \ltrim($r, "\x00"); 563 $s = \ltrim($s, "\x00"); 564 565 // Convert r-value and s-value from unsigned big-endian integers to 566 // signed two's complement 567 if (\ord($r[0]) > 0x7f) { 568 $r = "\x00" . $r; 569 } 570 if (\ord($s[0]) > 0x7f) { 571 $s = "\x00" . $s; 572 } 573 574 return self::encodeDER( 575 self::ASN1_SEQUENCE, 576 self::encodeDER(self::ASN1_INTEGER, $r) . 577 self::encodeDER(self::ASN1_INTEGER, $s) 578 ); 579 } 580 581 /** 582 * Encodes a value into a DER object. 583 * 584 * @param int $type DER tag 585 * @param string $value the value to encode 586 * 587 * @return string the encoded object 588 */ 589 private static function encodeDER(int $type, string $value): string 590 { 591 $tag_header = 0; 592 if ($type === self::ASN1_SEQUENCE) { 593 $tag_header |= 0x20; 594 } 595 596 // Type 597 $der = \chr($tag_header | $type); 598 599 // Length 600 $der .= \chr(\strlen($value)); 601 602 return $der . $value; 603 } 604 605 /** 606 * Encodes signature from a DER object. 607 * 608 * @param string $der binary signature in DER format 609 * @param int $keySize the number of bits in the key 610 * 611 * @return string the signature 612 */ 613 private static function signatureFromDER(string $der, int $keySize): string 614 { 615 // OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE 616 list($offset, $_) = self::readDER($der); 617 list($offset, $r) = self::readDER($der, $offset); 618 list($offset, $s) = self::readDER($der, $offset); 619 620 // Convert r-value and s-value from signed two's compliment to unsigned 621 // big-endian integers 622 $r = \ltrim($r, "\x00"); 623 $s = \ltrim($s, "\x00"); 624 625 // Pad out r and s so that they are $keySize bits long 626 $r = \str_pad($r, $keySize / 8, "\x00", STR_PAD_LEFT); 627 $s = \str_pad($s, $keySize / 8, "\x00", STR_PAD_LEFT); 628 629 return $r . $s; 630 } 631 632 /** 633 * Reads binary DER-encoded data and decodes into a single object 634 * 635 * @param string $der the binary data in DER format 636 * @param int $offset the offset of the data stream containing the object 637 * to decode 638 * 639 * @return array{int, string|null} the new offset and the decoded object 640 */ 641 private static function readDER(string $der, int $offset = 0): array 642 { 643 $pos = $offset; 644 $size = \strlen($der); 645 $constructed = (\ord($der[$pos]) >> 5) & 0x01; 646 $type = \ord($der[$pos++]) & 0x1f; 647 648 // Length 649 $len = \ord($der[$pos++]); 650 if ($len & 0x80) { 651 $n = $len & 0x1f; 652 $len = 0; 653 while ($n-- && $pos < $size) { 654 $len = ($len << 8) | \ord($der[$pos++]); 655 } 656 } 657 658 // Value 659 if ($type === self::ASN1_BIT_STRING) { 660 $pos++; // Skip the first contents octet (padding indicator) 661 $data = \substr($der, $pos, $len - 1); 662 $pos += $len - 1; 663 } elseif (!$constructed) { 664 $data = \substr($der, $pos, $len); 665 $pos += $len; 666 } else { 667 $data = null; 668 } 669 670 return [$pos, $data]; 378 671 } 379 672 } -
ce21-suite/trunk/vendor/firebase/php-jwt/src/SignatureInvalidException.php
r3093629 r3093637 1 1 <?php 2 2 3 namespace Firebase\JWT; 3 4 4 5 class SignatureInvalidException extends \UnexpectedValueException 5 6 { 6 7 7 }
Note: See TracChangeset
for help on using the changeset viewer.