Php JWT使用RSA计算签名SHA256
我正在努力 使用SHA256withRSA对输入的UTF-8表示形式进行签名(同样 称为RSASSA-PKCS1-V1_5-SIGN,带有SHA-256哈希函数),带有 从API控制台获取的私钥。输出将是一个 字节数组 所以,让我们将标题和声明集放入数组中Php JWT使用RSA计算签名SHA256,php,oauth-2.0,Php,Oauth 2.0,我正在努力 使用SHA256withRSA对输入的UTF-8表示形式进行签名(同样 称为RSASSA-PKCS1-V1_5-SIGN,带有SHA-256哈希函数),带有 从API控制台获取的私钥。输出将是一个 字节数组 所以,让我们将标题和声明集放入数组中 {"alg":"RS256","typ":"JWT"}. { "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com", "
{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://accounts.google.com/o/oauth2/token",
"exp":1328554385,
"iat":1328550785
}
就像
JSON Web签名(JWS)是指导
生成JWT签名的机制签名的输入是以下内容的字节数组:
{Base64url编码header}.{Base64url编码claim set}
所以我构建数组就是为了测试它
$seg0 = array(
"alg" => "RS256",
"typ" => "JWT"
);
$seg1 = array(
"iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope" => "https://www.googleapis.com/auth/prediction",
"aud" => "https://accounts.google.com/o/oauth2/token",
"exp" => 1328554385,
"iat" => 1328550785
);
$segs = array(
json_encode($seg0),
stripslashes(json_encode($seg1))
);
$segments = array(
rtrim(strtr(base64_encode($segs[0]), '+/', '-_'), '='),
rtrim(strtr(base64_encode($segs[1]), '+/', '-_'), '='),
);
给你。前2个阵列编码成功
Output
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ
我继续对签名进行编码
然后必须对签名进行Base64url编码。那么签名就是
用“.”字符连接到Base64url的末尾
输入字符串的表示形式。结果就是JWT。它应该
如下所示:{Base64url编码header}.{Base64url编码claim set}.{Base64url编码signature}
$signature=makeSignedJwt($segments);
//$signature=makeSignedJwt($segs);
回显$signature。“
”;
$segments[]=rtrim(strtr(base64_编码($signature),“+/”、“-”、“=”);
回声';打印(段);回声';
函数makeSignedJwt($segments)
{
$data=内爆('.',$segments);
如果(!openssl_sign($data,$signature,privateKey,“sha256”))
{
退出(“无法签署数据”);
}
返回$签名;
}
输出
排列
(
[0]=>eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
[1] =>EYJPC3MIOII3NJZMJY3OTGWNJKTCjVTBGPSBG4xCmQ0BHJIAGC3WVmZ2LncDm2BTC4AjvazgV2ZWxgVYLmDzXj2AwnJb3Vudc5JB20ILCJZY29WzSi6IMH0DHBZO8VD3D3LMDVB2DSZWFMy2F9TL2Fg1Dvc1DhHjLzLjLgLvIISimf1ZcI6I6IMH0DHBZ0VZZZ2Ww2Wz2WzLb2WzLnj2Wj2Wf3VzLnj2Wb9Vj2Lnj2Lnj2Lnj2Lv9V9VzZZZZZZZZZZZZZZZ
[2] =>XFS6Izdjku5RKJ5XDH3W5A8E9V3WSAFEQHAXOJTUXZW-xvqZq1CdEJJAo60VvK1UFONElVf-PTHEYZ-EYWSORGVZFIBUQBAKXLI8ER28EFLACAKH7BKH820UR7IWURX4XR8PMNC8SO9U9TEY153GKU6MZ9E——PQCLLGY
)
我不确定你的问题是什么,但以下几点对我很有用:
你好,你的问题在哪里?你的签名数据不正确吗?已经有一段时间了。。无论如何,根据我的记忆(如果我记得正确的话)是在谷歌api php库的帮助下解决的,但我发现你的答案更可取。谢谢
$signature = makeSignedJwt($segments);
//$signature = makeSignedJwt($segs);
echo $signature .'<br /><br />';
$segments[] = rtrim(strtr(base64_encode($signature), '+/', '-_'), '=');
echo '<pre>'; print_r($segments); echo '</pre>';
function makeSignedJwt($segments)
{
$data = implode('.', $segments);
if (!openssl_sign($data, $signature, privateKey, "sha256"))
{
exit("Unable to sign data");
}
return $signature;
}
Output
Array
(
[0] => eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
[1] => eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ
[2] => xFS6iZdJku5RKJ5_XdH3W5A8e9V3wsaFeQhAXoJtuxzW-xvqZq1CdEJJAo60VvK1UFONElVf_pthezEyz-eyWsoRGVZFibUQBaKXLI8eR28eFlaCAKH7bKh820uR7IwuRx4xr8MPmnC8so9u9TEY153gkU6Mz9e--pQPlcLlGY
)
//helper function
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
//Google's Documentation of Creating a JWT: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests
//{Base64url encoded JSON header}
$jwtHeader = base64url_encode(json_encode(array(
"alg" => "RS256",
"typ" => "JWT"
)));
//{Base64url encoded JSON claim set}
$now = time();
$jwtClaim = base64url_encode(json_encode(array(
"iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope" => "https://www.googleapis.com/auth/prediction",
"aud" => "https://www.googleapis.com/oauth2/v4/token",
"exp" => $now + 3600,
"iat" => $now
)));
//The base string for the signature: {Base64url encoded JSON header}.{Base64url encoded JSON claim set}
openssl_sign(
$jwtHeader.".".$jwtClaim,
$jwtSig,
$your_private_key_from_google_api_console,
"sha256WithRSAEncryption"
);
$jwtSig = base64url_encode($jwtSig);
//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature}
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSig;