= 128){ //ASN.1 integers with a leading 1 bit are considered negative - add a leading 0 byte to prevent this //ECDSA signature R and S values are always positive $part = "\x00" . $part; } //we can assume the length is 1 byte here - if it were larger than 127, more complex logic would be needed return self::ASN1_INTEGER_TAG . chr(strlen($part)) . $part; } private static function rawSignatureToDer(string $rawSignature) : string{ if(strlen($rawSignature) !== self::SIGNATURE_PART_LENGTH * 2){ throw new JwtException("JWT signature has unexpected length, expected 96, got " . strlen($rawSignature)); } [$rString, $sString] = str_split($rawSignature, self::SIGNATURE_PART_LENGTH); $sequence = self::signaturePartToAsn1($rString) . self::signaturePartToAsn1($sString); //we can assume the length is 1 byte here - if it were larger than 127, more complex logic would be needed return self::ASN1_SEQUENCE_TAG . chr(strlen($sequence)) . $sequence; } private static function signaturePartFromAsn1(BinaryStream $stream) : string{ $prefix = $stream->get(1); if($prefix !== self::ASN1_INTEGER_TAG){ throw new \InvalidArgumentException("Expected an ASN.1 INTEGER tag, got " . bin2hex($prefix)); } //we can assume the length is 1 byte here - if it were larger than 127, more complex logic would be needed $length = $stream->getByte(); if($length > self::SIGNATURE_PART_LENGTH + 1){ //each part may have an extra leading 0 byte to prevent it being interpreted as a negative number throw new \InvalidArgumentException("Expected at most 49 bytes for signature R or S, got $length"); } $part = $stream->get($length); return str_pad(ltrim($part, "\x00"), self::SIGNATURE_PART_LENGTH, "\x00", STR_PAD_LEFT); } private static function rawSignatureFromDer(string $derSignature) : string{ if($derSignature[0] !== self::ASN1_SEQUENCE_TAG){ throw new \InvalidArgumentException("Invalid DER signature, expected ASN.1 SEQUENCE tag, got " . bin2hex($derSignature[0])); } //we can assume the length is 1 byte here - if it were larger than 127, more complex logic would be needed $length = ord($derSignature[1]); $parts = substr($derSignature, 2, $length); if(strlen($parts) !== $length){ throw new \InvalidArgumentException("Invalid DER signature, expected $length sequence bytes, got " . strlen($parts)); } $stream = new BinaryStream($parts); $rRaw = self::signaturePartFromAsn1($stream); $sRaw = self::signaturePartFromAsn1($stream); if(!$stream->feof()){ throw new \InvalidArgumentException("Invalid DER signature, unexpected trailing sequence data"); } return $rRaw . $sRaw; } /** * @throws JwtException */ public static function verify(string $jwt, \OpenSSLAsymmetricKey $signingKey) : bool{ [$header, $body, $signature] = self::split($jwt); $rawSignature = self::b64UrlDecode($signature); $derSignature = self::rawSignatureToDer($rawSignature); $v = openssl_verify( $header . '.' . $body, $derSignature, $signingKey, self::SIGNATURE_ALGORITHM ); switch($v){ case 0: return false; case 1: return true; case -1: throw new JwtException("Error verifying JWT signature: " . openssl_error_string()); default: throw new AssumptionFailedError("openssl_verify() should only return -1, 0 or 1"); } } /** * @phpstan-param array $header * @phpstan-param array $claims */ public static function create(array $header, array $claims, \OpenSSLAsymmetricKey $signingKey) : string{ $jwtBody = JwtUtils::b64UrlEncode(json_encode($header, JSON_THROW_ON_ERROR)) . "." . JwtUtils::b64UrlEncode(json_encode($claims, JSON_THROW_ON_ERROR)); openssl_sign( $jwtBody, $derSignature, $signingKey, self::SIGNATURE_ALGORITHM ); $rawSignature = self::rawSignatureFromDer($derSignature); $jwtSig = self::b64UrlEncode($rawSignature); return "$jwtBody.$jwtSig"; } public static function b64UrlEncode(string $str) : string{ return rtrim(strtr(base64_encode($str), '+/', '-_'), '='); } public static function b64UrlDecode(string $str) : string{ if(($len = strlen($str) % 4) !== 0){ $str .= str_repeat('=', 4 - $len); } $decoded = base64_decode(strtr($str, '-_', '+/'), true); if($decoded === false){ throw new JwtException("Malformed base64url encoded payload could not be decoded"); } return $decoded; } public static function emitDerPublicKey(\OpenSSLAsymmetricKey $opensslKey) : string{ $details = Utils::assumeNotFalse(openssl_pkey_get_details($opensslKey), "Failed to get details from OpenSSL key resource"); /** @var string $pemKey */ $pemKey = $details['key']; if(preg_match("@^-----BEGIN[A-Z\d ]+PUBLIC KEY-----\n([A-Za-z\d+/\n]+)\n-----END[A-Z\d ]+PUBLIC KEY-----\n$@", $pemKey, $matches) === 1){ $derKey = base64_decode(str_replace("\n", "", $matches[1]), true); if($derKey !== false){ return $derKey; } } throw new AssumptionFailedError("OpenSSL resource contains invalid public key"); } public static function parseDerPublicKey(string $derKey) : \OpenSSLAsymmetricKey{ $signingKeyOpenSSL = openssl_pkey_get_public(sprintf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n", base64_encode($derKey))); if($signingKeyOpenSSL === false){ throw new JwtException("OpenSSL failed to parse key: " . openssl_error_string()); } $details = openssl_pkey_get_details($signingKeyOpenSSL); if($details === false){ throw new JwtException("OpenSSL failed to get details from key: " . openssl_error_string()); } if(!isset($details['ec']['curve_name'])){ throw new JwtException("Expected an EC key"); } $curve = $details['ec']['curve_name']; if($curve !== self::BEDROCK_SIGNING_KEY_CURVE_NAME){ throw new JwtException("Key must belong to curve " . self::BEDROCK_SIGNING_KEY_CURVE_NAME . ", got $curve"); } return $signingKeyOpenSSL; } }