From 49dcc96d3f8ce61f5097f3ba01ac491117231c28 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Sat, 21 Mar 2020 12:32:07 -0700 Subject: [PATCH 1/2] uses keys for testing --- tests/JWKTest.php | 198 +++++++++++++++-------------------------- tests/rsa-jwkset.json | 17 ++++ tests/rsa1-private.pem | 27 ++++++ tests/rsa2-private.pem | 27 ++++++ 4 files changed, 143 insertions(+), 126 deletions(-) create mode 100644 tests/rsa-jwkset.json create mode 100644 tests/rsa1-private.pem create mode 100644 tests/rsa2-private.pem diff --git a/tests/JWKTest.php b/tests/JWKTest.php index 4f8fdf65..d09a4d10 100644 --- a/tests/JWKTest.php +++ b/tests/JWKTest.php @@ -5,155 +5,101 @@ class JWKTest extends TestCase { - /* - * For compatibility with PHPUnit 4.8 and PHP < 5.6 - */ - public function setExpectedException($exceptionName, $message = '', $code = NULL) { - if (method_exists($this, 'expectException')) { - $this->expectException($exceptionName); - } else { - parent::setExpectedException($exceptionName, $message, $code); - } + private static $keys; + private static $privKey1; + private static $privKey2; + + public static function setUpBeforeClass() + { + self::$privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem'); + self::$privKey2 = file_get_contents(__DIR__ . '/rsa2-private.pem'); } - public function testDecodeByJWKKeySetTokenExpired() + public function testMissingKty() { - $jsKey = array( - 'kty' => 'RSA', - 'e' => 'AQAB', - 'use' => 'sig', - 'kid' => 's1', - 'n' => 'kWp2zRA23Z3vTL4uoe8kTFptxBVFunIoP4t_8TDYJrOb7D1iZNDXVeEsYKp6ppmrTZDAgd-cNOTKLd4M39WJc5FN0maTAVKJc7NxklDeKc4dMe1BGvTZNG4MpWBo-taKULlYUu0ltYJuLzOjIrTHfarucrGoRWqM0sl3z2-fv9k', + $this->setExpectedException( + 'UnexpectedValueException', + 'JWK must contain a "kty" parameter' ); - $key = JWK::parseKeySet(array('keys' => array($jsKey))); + $badJwk = array('kid' => 'foo'); + $keys = JWK::parseKeySet(array('keys' => array($badJwk))); + } - $header = array( - 'kid' => 's1', - 'alg' => 'RS256', - ); - $payload = array ( - 'scp' => array ('openid', 'email', 'profile', 'aas'), - 'sub' => 'tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0', - 'clm' => array ('!5v8H'), - 'iss' => 'http://130.211.243.114:8080/c2id', - 'exp' => 1441126539, - 'uip' => array('groups' => array('admin', 'audit')), - 'cid' => 'pk-oidc-01', - ); - $signature = 'PvYrnf3k1Z0wgRwCgq0WXKaoIv1hHtzBFO5cGfCs6bl4suc6ilwCWmJqRxGYkU2fNTGyMOt3OUnnBEwl6v5qN6jv7zbkVAVKVvbQLxhHC2nXe3izvoCiVaMEH6hE7VTWwnPbX_qO72mCwTizHTJTZGLOsyXLYM6ctdOMf7sFPTI'; - $msg = sprintf('%s.%s.%s', - JWT::urlsafeB64Encode(json_encode($header)), - JWT::urlsafeB64Encode(json_encode($payload)), - $signature + public function testInvalidAlgorithm() + { + $this->setExpectedException( + 'UnexpectedValueException', + 'No supported algorithms found in JWK Set' ); - $this->setExpectedException('Firebase\JWT\ExpiredException'); - - JWT::decode($msg, $key, array('RS256')); + $badJwk = array('kty' => 'BADALG'); + $keys = JWK::parseKeySet(array('keys' => array($badJwk))); } - public function testDecodeByJWKKeySet() + public function testParseJwkKeySet() { - $jsKey = array( - 'kty' => 'RSA', - 'e' => 'AQAB', - 'use' => 'sig', - 'kid' => 's1', - 'n' => 'kWp2zRA23Z3vTL4uoe8kTFptxBVFunIoP4t_8TDYJrOb7D1iZNDXVeEsYKp6ppmrTZDAgd-cNOTKLd4M39WJc5FN0maTAVKJc7NxklDeKc4dMe1BGvTZNG4MpWBo-taKULlYUu0ltYJuLzOjIrTHfarucrGoRWqM0sl3z2-fv9k', + $jwkSet = json_decode( + file_get_contents(__DIR__ . '/rsa-jwkset.json'), + true ); + $keys = JWK::parseKeySet($jwkSet); + $this->assertTrue(is_array($keys)); + $this->assertArrayHasKey('jwk1', $keys); + self::$keys = $keys; + } - $key = JWK::parseKeySet(array('keys' => array($jsKey))); - - $header = array( - 'kid' => 's1', - 'alg' => 'RS256', - ); - $payload = array ( - 'scp' => array ('openid', 'email', 'profile', 'aas'), - 'sub' => 'tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0', - 'clm' => array ('!5v8H'), - 'iss' => 'http://130.211.243.114:8080/c2id', - 'exp' => 1441126539, - 'uip' => array('groups' => array('admin', 'audit')), - 'cid' => 'pk-oidc-01', - ); - $signature = 'PvYrnf3k1Z0wgRwCgq0WXKaoIv1hHtzBFO5cGfCs6bl4suc6ilwCWmJqRxGYkU2fNTGyMOt3OUnnBEwl6v5qN6jv7zbkVAVKVvbQLxhHC2nXe3izvoCiVaMEH6hE7VTWwnPbX_qO72mCwTizHTJTZGLOsyXLYM6ctdOMf7sFPTI'; - $msg = sprintf('%s.%s.%s', - JWT::urlsafeB64Encode(json_encode($header)), - JWT::urlsafeB64Encode(json_encode($payload)), - $signature - ); + /** + * @depends testParseJwkKeySet + */ + public function testDecodeByJwkKeySetTokenExpired() + { + $payload = array('exp' => strtotime('-1 hour')); + $msg = JWT::encode($payload, self::$privKey1, 'RS256', 'jwk1'); $this->setExpectedException('Firebase\JWT\ExpiredException'); - $payload = JWT::decode($msg, $key, array('RS256')); - - $this->assertEquals("tUCYtnfIBPWcrSJf4yBfvN1kww4KGcy3LIPk1GVzsE0", $payload->sub); - $this->assertEquals(1441126539, $payload->exp); + JWT::decode($msg, self::$keys, array('RS256')); } - public function testDecodeByMultiJWKKeySet() + /** + * @depends testParseJwkKeySet + */ + public function testDecodeByJwkKeySet() { - $jsKey1 = array( - 'kty' => 'RSA', - 'e' => 'AQAB', - 'use' => 'sig', - 'kid' => 'CXup', - 'n' => 'hrwD-lc-IwzwidCANmy4qsiZk11yp9kHykOuP0yOnwi36VomYTQVEzZXgh2sDJpGgAutdQudgwLoV8tVSsTG9SQHgJjH9Pd_9V4Ab6PANyZNG6DSeiq1QfiFlEP6Obt0JbRB3W7X2vkxOVaNoWrYskZodxU2V0ogeVL_LkcCGAyNu2jdx3j0DjJatNVk7ystNxb9RfHhJGgpiIkO5S3QiSIVhbBKaJHcZHPF1vq9g0JMGuUCI-OTSVg6XBkTLEGw1C_R73WD_oVEBfdXbXnLukoLHBS11p3OxU7f4rfxA_f_72_UwmWGJnsqS3iahbms3FkvqoL9x_Vj3GhuJSf97Q', - ); - $jsKey2 = array( - 'kty' => 'EC', - 'use' => 'sig', - 'crv' => 'P-256', - 'kid' => 'yGvt', - 'x' => 'pvgdqM3RCshljmuCF1D2Ez1w5ei5k7-bpimWLPNeEHI', - 'y' => 'JSmUhbUTqiFclVLEdw6dz038F7Whw4URobjXbAReDuM', - ); - $jsKey3 = array( - 'kty' => 'EC', - 'use' => 'sig', - 'crv' => 'P-384', - 'kid' => '9nHY', - 'x' => 'JPKhjhE0Bj579Mgj3Cn3ERGA8fKVYoGOaV9BPKhtnEobphf8w4GSeigMesL-038W', - 'y' => 'UbJa1QRX7fo9LxSlh7FOH5ABT5lEtiQeQUcX9BW0bpJFlEVGqwec80tYLdOIl59M', - ); - $jsKey4 = array( - 'kty' => 'EC', - 'use' => 'sig', - 'crv' => 'P-521', - 'kid' => 'tVzS', - 'x' => 'AZgkRHlIyNQJlPIwTWdHqouw41k9dS3GJO04BDEnJnd_Dd1owlCn9SMXA-JuXINn4slwbG4wcECbctXb2cvdGtmn', - 'y' => 'AdBC6N9lpupzfzcIY3JLIuc8y8MnzV-ItmzHQcC5lYWMTbuM9NU_FlvINeVo8g6i4YZms2xFB-B0VVdaoF9kUswC', - ); + $payload = array('sub' => 'foo', 'exp' => strtotime('+10 seconds')); + $msg = JWT::encode($payload, self::$privKey1, 'RS256', 'jwk1'); - $key = JWK::parseKeySet(array('keys' => array($jsKey1, $jsKey2, $jsKey3, $jsKey4))); + $result = JWT::decode($msg, self::$keys, array('RS256')); - $header = array( - 'kid' => 'CXup', - 'alg' => 'RS256', - ); - $payload = array( - 'sub' => 'f8b67cc46030777efd8bce6c1bfe29c6c0f818ec', - 'scp' => array('openid', 'name', 'profile', 'picture', 'email', 'rs-pk-main', 'rs-pk-so', 'rs-pk-issue', 'rs-pk-web'), - 'clm' => array('!5v8H'), - 'iss' => 'https://id.projectkit.net/authenticate', - 'exp' => 1492228336, - 'iat' => 1491364336, - 'cid' => 'cid-pk-web', - ); - $signature = 'KW1K-72bMtiNwvyYBgffG6VaG6I59cELGYQR8M2q7HA8dmzliu6QREJrqyPtwW_rDJZbsD3eylvkRinK9tlsMXCOfEJbxLdAC9b4LKOsnsbuXXwsJHWkFG0a7osdW0ZpXJDoMFlO1aosxRGMkaqhf1wIkvQ5PM_EB08LJv7oz64Antn5bYaoajwgvJRl7ChatRDn9Sx5UIElKD1BK4Uw5WdrZwBlWdWZVNCSFhy4F6SdZvi3OBlXzluDwq61RC-pl2iivilJNljYWVrthHDS1xdtaVz4oteHW13-IS7NNEz6PVnzo5nyoPWMAB4JlRnxcfOFTTUqOA2mX5Csg0UpdQ'; - $msg = sprintf('%s.%s.%s', - JWT::urlsafeB64Encode(json_encode($header)), - JWT::urlsafeB64Encode(json_encode($payload)), - $signature - ); + $this->assertEquals("foo", $result->sub); + } - $this->setExpectedException('Firebase\JWT\ExpiredException'); + /** + * @depends testParseJwkKeySet + */ + public function testDecodeByMultiJwkKeySet() + { + $payload = array('sub' => 'bar', 'exp' => strtotime('+10 seconds')); + $msg = JWT::encode($payload, self::$privKey2, 'RS256', 'jwk2'); - $payload = JWT::decode($msg, $key, array('RS256')); + $result = JWT::decode($msg, self::$keys, array('RS256')); - $this->assertEquals("f8b67cc46030777efd8bce6c1bfe29c6c0f818ec", $payload->sub); - $this->assertEquals(1492228336, $payload->exp); + $this->assertEquals("bar", $result->sub); + } + + /* + * For compatibility with PHPUnit 4.8 and PHP < 5.6 + */ + public function setExpectedException($exceptionName, $message = '', $code = NULL) + { + if (method_exists($this, 'expectException')) { + $this->expectException($exceptionName); + if ($message) { + $this->expectExceptionMessage($message); + } + } else { + parent::setExpectedException($exceptionName, $message, $code); + } } } diff --git a/tests/rsa-jwkset.json b/tests/rsa-jwkset.json new file mode 100644 index 00000000..0059f8cc --- /dev/null +++ b/tests/rsa-jwkset.json @@ -0,0 +1,17 @@ +{ + "keys": [ + { + "kty": "RSA", + "e": "AQAB", + "kid": "jwk1", + "n": "0Ttga33B1yX4w77NbpKyNYDNSVCo8j-RlZaZ9tI-KfkV1d-tfsvI9ZPAheP11FoN52ceBaY5ltelHW-IKwCfyT0orLdsxLgowaXki9woF1Azvcg2JVxQLv9aVjjAvy3CZFIG_EeN7J3nsyCXGnu1yMEbnvkWxA88__Q6HQ2K9wqfApkQ0LNlsK0YHz_sfjHNvRKxnbAJk7D5fUhZunPZXOPHXFgA5SvLvMaNIXduMKJh4OMfuoLdJowXJAR9j31Mqz_is4FMhm_9Mq7vZZ-uF09htRvIR8tRY28oJuW1gKWyg7cQQpnjHgFyG3XLXWAeXclWqyh_LfjyHQjrYhyeFw" + + }, + { + "kty": "RSA", + "e": "AQAB", + "kid": "jwk2", + "n": "pXi2o6AnNhwL30MaK_nuDHi2fxZHVen7Xwk0bjLGlHYpq3mSvXm2HBA-zR41vQCbHkYGsDpsyDhIXLBDTbSa7ue7D1ZqYdv5YLIS33zdX9GtUHfFHc6zYgXAU9ziWeyTzVn7icAbjxqcgT2xKNuGK7Zf2ZJ053rr-dxjAE-SjX4SG0WWUhwPjxlr1etF7mEurhHweuSdZYl36g39o9BtTBVfS87io2MwdIRsnL3w8ulgXRVRWjv-vvcuhMS_y6zGbzOC55Yr23sb4h2PSll32bgyglEIsGgHqjOdyjuUzl0t6jh86DHzbu9h-u1iihX8EI8t7CBbizbPPyHQygp-rQ" + } + ] +} \ No newline at end of file diff --git a/tests/rsa1-private.pem b/tests/rsa1-private.pem new file mode 100644 index 00000000..b194b5b4 --- /dev/null +++ b/tests/rsa1-private.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0Ttga33B1yX4w77NbpKyNYDNSVCo8j+RlZaZ9tI+KfkV1d+t +fsvI9ZPAheP11FoN52ceBaY5ltelHW+IKwCfyT0orLdsxLgowaXki9woF1Azvcg2 +JVxQLv9aVjjAvy3CZFIG/EeN7J3nsyCXGnu1yMEbnvkWxA88//Q6HQ2K9wqfApkQ +0LNlsK0YHz/sfjHNvRKxnbAJk7D5fUhZunPZXOPHXFgA5SvLvMaNIXduMKJh4OMf +uoLdJowXJAR9j31Mqz/is4FMhm/9Mq7vZZ+uF09htRvIR8tRY28oJuW1gKWyg7cQ +QpnjHgFyG3XLXWAeXclWqyh/LfjyHQjrYhyeFwIDAQABAoIBAHMqdJsWAGEVNIVB ++792HYNXnydQr32PwemNmLeD59WglgU/9jZJoxaROjI4VLKK0wZg+uRvJ1nA3tCB ++Hh7Anh5Im9XExaAq2ZTkqXtC2AxtBktH6iW1EfaI/Y7jNRuMoaXo+Ku3A62p7cw +JBvepiOXL0Xko0RNguz7mBUvxCLPhYhzn7qCbM8uXLcjsXq/YhWQwQmtMqv0sd3W +Hy+8Jb2c18sqDeZIBne4dWD6qPClPEOsrq9gPTkl0DjbT27oVc2u1p4HMNm5BJIh +u3rMSxnZHUd7Axj1FgyLIOHl63UhaiaA1aPe/fLiVIGOA1jBZrpbnjgqDy9Uxyn6 +eydbiwECgYEA9mtRydz22idyUOlBCDXk+vdGBvFAucNYaNNUAXUJ2wfPmdGgFCA7 +g5eQG8JC6J/FU+2AfIuz6LGr7SxMBYcsWGjFAzGqs/sJib+zzN1dPUSRn4uJNFit +51yQzPgBqHS6S/XBi6YAODeZDl9jiPl3FxxucqLY5NstqZFXbE0SjIECgYEA2V3r +7xnRAK1krY1+zkPof4kcBmjqOXjnl/oRxlXP65lEXmyNJwm/ulOIko9mElWRs8CG +AxSWKaab9Gk6lc8MHjVRbuW52RGLGKq1mp6ENr4d3IBOfrNsTvD3gtNEN1JFLeF1 +jIbSsrbi2txr7VZ06Irac0C/ytro0QDOUoXkvpcCgYA8O0EzmToRWsD7e/g0XJAK +s/Q+8CtE/LWYccc/z+7HxeH9lBqPsM07Pgmwb0xRdfQSrqPQTYl9ICiJAWHXnBG/ +zmQRgstZ0MulCuGU+qq2thLuL3oq/F4NhjeykhA9r8J1nK1hSAMXuqdDtxcqPOfa +E03/4UQotFY181uuEiytgQKBgHQT+gjHqptH/XnJFCymiySAXdz2bg6fCF5aht95 +t/1C7gXWxlJQnHiuX0KVHZcw5wwtBePjPIWlmaceAtE5rmj7ZC9qsqK/AZ78mtql +SEnLoTq9si1rN624dRUCKW25m4Py4MlYvm/9xovGJkSqZOhCLoJZ05JK8QWb/pKH +Oi6lAoGBAOUN6ICpMQvzMGPgIbgS0H/gvRTnpAEs59vdgrkhlCII4tzfgvBQlVae +hRcdM6GTMq5pekBPKu45eanIzwVc88P6coT4qiWYKk2jYoLBa0UV3xEAuqBMymrj +X4nLcSbZtO0tcDGMfMpWF2JGYOEJQNetPozL/ICGVFyIO8yzXm8U +-----END RSA PRIVATE KEY----- diff --git a/tests/rsa2-private.pem b/tests/rsa2-private.pem new file mode 100644 index 00000000..74380869 --- /dev/null +++ b/tests/rsa2-private.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApXi2o6AnNhwL30MaK/nuDHi2fxZHVen7Xwk0bjLGlHYpq3mS +vXm2HBA+zR41vQCbHkYGsDpsyDhIXLBDTbSa7ue7D1ZqYdv5YLIS33zdX9GtUHfF +Hc6zYgXAU9ziWeyTzVn7icAbjxqcgT2xKNuGK7Zf2ZJ053rr+dxjAE+SjX4SG0WW +UhwPjxlr1etF7mEurhHweuSdZYl36g39o9BtTBVfS87io2MwdIRsnL3w8ulgXRVR +Wjv+vvcuhMS/y6zGbzOC55Yr23sb4h2PSll32bgyglEIsGgHqjOdyjuUzl0t6jh8 +6DHzbu9h+u1iihX8EI8t7CBbizbPPyHQygp+rQIDAQABAoIBACF25kj1LLjutx/x +7CsUoqX3C8Fr+gVQCrxPmkDnF+4Sb570OU8EfGX0ix7kiy2sH7LhqpydVD6x00Cb +jSD785F5YAVcDqu31xlNKi/0irjEKO7rKfw7P2AFlb3gIA7bn5CaMBrNtUUdtqUU +mu2OZ/YTLhNMYUQnQe4IOiVn8lWW5D4Kje/RlLRRdGn8voXaD5BnOwZNXAxjdXqM +RxyXRG74tLKyfe3W8xTL8uhlKCNHjsdtUg9IZdnKT7I3DJPobpqgC3fUuC/IbfGf +MPK1aiu067/3DdgonC2ZWqFeKLJqtUa7z0pSQaZeDa1iiUuRivfqKYEBovFre6ni +1qHkp8ECgYEA089VnKc74NRGVbIs0VtQGprNhkl47eBq6jhTlG3hfaFF4VuDiZiu +wT8enlbhlbDb/gM0CDr9tkfDs7R4exNnhSVvn2PT8b1mhonOAeE466y/4YBA0d9x +gj0wF2vjH/bsVNBe6MBrIx12R2tBKTZ7tbCzgJRszSZqkrK7sljTlaUCgYEAx/54 +G3Yd3ULqGIG/JA7w/QEYitgjwAUSJ+eLU+iqlIjo/njAJwJ/kixqaI3Jzcl+kYmp +yNIXNNaJUz8c0M/QsuqvQjLnHkF0FOZUrdyVseU2mSbI6DhAGsPJEtAOep/61vyz +uJSu0z34gQ6bNrKdqfkA7XIQRNJ1r0qQXrVLRmkCgYB2/UYaIDTaREZTBCp7XnHs +0ERfiUz/TZCijgweGXCQ1BXe2TtXBEhAVcZMq4BFSLr9wyzq5sD7Muu1O9BnS+pe ++T3w6/L4Hi/HqwjpM253r2+ILjW78Wvh/5/RuJE6tsvjhb+bv+UwL+/vhUhw76Ol +2WOt+zP4N/ms+e3J7m7G5QKBgQCmasN65nC3WyT8u4pX8O7rOOw5LN2ivRV8ixnO ++r5m1v46MjSCwXtyIO9yjPmt+csOQ+U6LEgPOa4PzWanAyaAmvS3OzBCZui3M2qn +OfR+kWM7UaDAS35cRyqcMvC5bUIHf0P1hhNryBdvHL5fZ4X2mDMDYnTTL+WptXwo +sucucQKBgAGHzi5+ZRwffhpZiYVR/lA6zvqyekAncJZwGe2UVDL0axTumX1NPdin +2mOnVuvKVvJkisyKTIQzFk6ClQEyiArO4+t7zhUbg5Crh8q6nObRo2R2NcP8o0Iq +BRIwPgaG/WlEvZ6zqlHQ0qH7WoL4HnRG5uyLOuzRIkjasYmZdfR8 +-----END RSA PRIVATE KEY----- From f55e4a1121bde42841f790af3273da7518fb05db Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Sat, 21 Mar 2020 12:54:07 -0700 Subject: [PATCH 2/2] fixes tests for php 7.2+ --- tests/JWKTest.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tests/JWKTest.php b/tests/JWKTest.php index d09a4d10..d02534f1 100644 --- a/tests/JWKTest.php +++ b/tests/JWKTest.php @@ -9,12 +9,6 @@ class JWKTest extends TestCase private static $privKey1; private static $privKey2; - public static function setUpBeforeClass() - { - self::$privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem'); - self::$privKey2 = file_get_contents(__DIR__ . '/rsa2-private.pem'); - } - public function testMissingKty() { $this->setExpectedException( @@ -54,8 +48,9 @@ public function testParseJwkKeySet() */ public function testDecodeByJwkKeySetTokenExpired() { + $privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem'); $payload = array('exp' => strtotime('-1 hour')); - $msg = JWT::encode($payload, self::$privKey1, 'RS256', 'jwk1'); + $msg = JWT::encode($payload, $privKey1, 'RS256', 'jwk1'); $this->setExpectedException('Firebase\JWT\ExpiredException'); @@ -67,8 +62,9 @@ public function testDecodeByJwkKeySetTokenExpired() */ public function testDecodeByJwkKeySet() { + $privKey1 = file_get_contents(__DIR__ . '/rsa1-private.pem'); $payload = array('sub' => 'foo', 'exp' => strtotime('+10 seconds')); - $msg = JWT::encode($payload, self::$privKey1, 'RS256', 'jwk1'); + $msg = JWT::encode($payload, $privKey1, 'RS256', 'jwk1'); $result = JWT::decode($msg, self::$keys, array('RS256')); @@ -80,8 +76,9 @@ public function testDecodeByJwkKeySet() */ public function testDecodeByMultiJwkKeySet() { + $privKey2 = file_get_contents(__DIR__ . '/rsa2-private.pem'); $payload = array('sub' => 'bar', 'exp' => strtotime('+10 seconds')); - $msg = JWT::encode($payload, self::$privKey2, 'RS256', 'jwk2'); + $msg = JWT::encode($payload, $privKey2, 'RS256', 'jwk2'); $result = JWT::decode($msg, self::$keys, array('RS256'));