add more tests

Author: bshaffer

src/JWK.php

@@ -103,6 +103,27 @@ public static function parseKey(array $jwk)
                     );
                 }
                 return new Key($publicKey, $jwk['alg']);
+            case 'EC':
+                if (isset($jwk['d'])) {
+                    // The key is actually a private key
+                    throw new UnexpectedValueException('Key data must be for a public key');
+                }
+
+                if (empty($jwk['crv'])) {
+                    throw new UnexpectedValueException('crv not set');
+                }
+
+                if (!isset(self::$curves[$jwk['crv']])) {
+                    throw new DomainException('Unrecognised or unsupported EC curve');
+                }
+
+                if (empty($jwk['x']) || empty($jwk['y'])) {
+                    throw new UnexpectedValueException('x and y not set');
+                }
+
+                $oid = self::$curves[$jwk['crv']];
+                $publicKey = self::oidToPem($oid, $jwk['x'], $jwk['y']);
+                return new Key($publicKey, $jwk['alg']);
             default:
                 // Currently only RSA is supported
                 break;
@@ -175,4 +196,84 @@ private static function encodeLength($length)
 
         return \pack('Ca*', 0x80 | \strlen($temp), $temp);
     }
+
+    /**
+     * Encodes a string into a DER-encoded OID.
+     *
+     * @param   string $oid the OID string
+     * @return  string the binary DER-encoded OID
+     */
+    private static function encodeOID($oid)
+    {
+        $octets = explode('.', $oid);
+
+        // Get the first octet
+        $oid = chr(array_shift($octets) * 40 + array_shift($octets));
+
+        // Iterate over subsequent octets
+        foreach ($octets as $octet) {
+            if ($octet == 0) {
+                $oid .= chr(0x00);
+                continue;
+            }
+            $bin = '';
+
+            while ($octet) {
+                $bin .= chr(0x80 | ($octet & 0x7f));
+                $octet >>= 7;
+            }
+            $bin[0] = $bin[0] & chr(0x7f);
+
+            // Convert to big endian if necessary
+            if (pack('V', 65534) == pack('L', 65534)) {
+                $oid .= strrev($bin);
+            } else {
+                $oid .= $bin;
+            }
+        }
+
+        return $oid;
+    }
+
+    private static $oid = '1.2.840.10045.2.1';
+    private static $asn1ObjectIdentifier = 0x06;
+    private static $asn1Integer = 0x02;
+    private static $asn1Sequence = 0x10;
+    private static $asn1BitString = 0x03;
+
+    private static $curves = [
+        'P-256' => '1.2.840.10045.3.1.7', // Len: 64
+        // 'P-384' => '1.3.132.0.34', // Len: 96 (not yet supported)
+        // 'P-521' => '1.3.132.0.35', // Len: 132 (not supported)
+    ];
+
+    private static function oidToPem($oid, $x, $y)
+    {
+        $pem =
+            JWT::encodeDER(
+                self::$asn1Sequence,
+                JWT::encodeDER(
+                    self::$asn1Sequence,
+                    JWT::encodeDER(
+                        self::$asn1ObjectIdentifier,
+                        self::encodeOID(self::$oid)
+                    )
+                    . JWT::encodeDER(
+                        self::$asn1ObjectIdentifier,
+                        self::encodeOID($oid)
+                    )
+                ) .
+                JWT::encodeDER(
+                    self::$asn1BitString,
+                    chr(0x00) . chr(0x04)
+                    . JWT::urlsafeB64Decode($x)
+                    . JWT::urlsafeB64Decode($y)
+                )
+            );
+
+        return sprintf(
+            "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n",
+            wordwrap(base64_encode($pem), 64, "\n", true)
+        );
+    }
 }

tests/CachedKeySetTest.php

@@ -138,6 +138,97 @@ public function testCachedKeyIdRefresh()
         $this->assertEquals('bar', $cachedKeySet['bar']->getAlgorithm());
     }
 
+    public function testCacheItemWithExpiresAfter()
+    {
+        $expiresAfter = 10;
+        $cacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
+        $cacheItem->isHit()
+            ->shouldBeCalledOnce()
+            ->willReturn(false);
+        $cacheItem->set(Argument::any())
+            ->shouldBeCalledOnce();
+        $cacheItem->expiresAfter($expiresAfter)
+            ->shouldBeCalledOnce();
+
+        $cache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
+        $cache->getItem($this->testJwkUriKey)
+            ->shouldBeCalledOnce()
+            ->willReturn($cacheItem->reveal());
+        $cache->save(Argument::any())
+            ->shouldBeCalledOnce();
+
+        $cachedKeySet = new CachedKeySet(
+            $this->testJwkUri,
+            $this->getMockHttpClient($this->testJwk1),
+            $this->getMockHttpFactory(),
+            $cache->reveal(),
+            $expiresAfter
+        );
+        $this->assertInstanceOf('Firebase\JWT\Key', $cachedKeySet['foo']);
+        $this->assertEquals('foo', $cachedKeySet['foo']->getAlgorithm());
+    }
+
+    public function testJwtVerify()
+    {
+        $privKey1 = file_get_contents(__DIR__ . '/data/rsa1-private.pem');
+        $payload = array('sub' => 'foo', 'exp' => strtotime('+10 seconds'));
+        $msg = JWT::encode($payload, $privKey1, 'RS256', 'jwk1');
+
+        $cacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
+        $cacheItem->isHit()
+            ->willReturn(true);
+        $cacheItem->get()
+            ->willReturn(JWK::parseKeySet(
+                json_decode(file_get_contents(__DIR__ . '/data/rsa-jwkset.json'), true)
+            ));
+
+        $cache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
+        $cache->getItem($this->testJwkUriKey)
+            ->willReturn($cacheItem->reveal());
+
+        $cachedKeySet = new CachedKeySet(
+            $this->testJwkUri,
+            $this->prophesize('Psr\Http\Client\ClientInterface')->reveal(),
+            $this->prophesize('Psr\Http\Message\RequestFactoryInterface')->reveal(),
+            $cache->reveal()
+        );
+
+        $result = JWT::decode($msg, $cachedKeySet);
+
+        $this->assertEquals("foo", $result->sub);
+    }
+
+    /**
+     * @dataProvider provideFullIntegration
+     */
+    public function testFullIntegration($jwkUri, $kid)
+    {
+        if (!class_exists(TestMemoryCacheItemPool::class)) {
+            $this->markTestSkipped('Use phpunit-system.xml.dist to run this tests');
+        }
+
+        $cache = new TestMemoryCacheItemPool();
+        $http = new \GuzzleHttp\Client();
+        $factory = new \GuzzleHttp\Psr7\HttpFactory();
+
+        $cachedKeySet = new CachedKeySet(
+            $jwkUri,
+            $http,
+            $factory,
+            $cache
+        );
+
+        $this->assertArrayHasKey($kid, $cachedKeySet);
+    }
+
+    public function provideFullIntegration()
+    {
+        return [
+            [$this->googleRsaUri, '182e450a35a2081faa1d9ae1d2d75a0f23d91df8'],
+            // [$this->googleEcUri, 'LYyP2g']
+        ];
+    }
+
     private function getMockHttpClient($testJwk)
     {
         $body = $this->prophesize('Psr\Http\Message\StreamInterface');
@@ -188,56 +279,6 @@ private function getMockEmptyCache()
         return $cache->reveal();
     }
 
-    public function testCacheItemWithExpiresAfter()
-    {
-        $expiresAfter = 10;
-        $cacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
-        $cacheItem->isHit()
-            ->shouldBeCalledOnce()
-            ->willReturn(false);
-        $cacheItem->set(Argument::any())
-            ->shouldBeCalledOnce();
-        $cacheItem->expiresAfter($expiresAfter)
-            ->shouldBeCalledOnce();
-
-        $cache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
-        $cache->getItem($this->testJwkUriKey)
-            ->shouldBeCalledOnce()
-            ->willReturn($cacheItem->reveal());
-        $cache->save(Argument::any())
-            ->shouldBeCalledOnce();
-
-        $cachedKeySet = new CachedKeySet(
-            $this->testJwkUri,
-            $this->getMockHttpClient($this->testJwk1),
-            $this->getMockHttpFactory(),
-            $cache->reveal(),
-            $expiresAfter
-        );
-        $this->assertInstanceOf('Firebase\JWT\Key', $cachedKeySet['foo']);
-        $this->assertEquals('foo', $cachedKeySet['foo']->getAlgorithm());
-    }
-
-    public function testFullIntegration()
-    {
-        if (!class_exists(TestMemoryCacheItemPool::class)) {
-            $this->markTestSkipped('Use phpunit-system.xml.dist to run this tests');
-        }
-
-        $cache = new TestMemoryCacheItemPool();
-        $http = new \GuzzleHttp\Client();
-        $factory = new \GuzzleHttp\Psr7\HttpFactory();
-
-        $cachedKeySet = new CachedKeySet(
-            $this->googleRsaUri,
-            $http,
-            $factory,
-            $cache
-        );
-
-        $this->assertArrayHasKey('182e450a35a2081faa1d9ae1d2d75a0f23d91df8', $cachedKeySet);
-    }
-
     /*
      * For compatibility with PHPUnit 4.8 and PHP < 5.6
      */