1. 首頁
  2. 問答
  3. JWT計算簽名SHA256withRSA

JWT計算簽名SHA256withRSA

2012-08-05 55 views
3

我試圖JWT計算簽名SHA256withRSA

登錄使用SHA256withRSA(也 稱爲RSASSA-PKCS1-v1_5中-SIGN與SHA-256散列函數)的輸入的UTF-8表示與 從API控制檯獲得的私鑰。輸出將是一個 字節數組。

因此讓我們頁眉和權利要求設置並把它們放到陣列

{"alg":"RS256","typ":"JWT"}. 
{ 
    "iss":"[email protected]account.com", 
    "scope":"https://www.googleapis.com/auth/prediction", 
    "aud":"https://accounts.google.com/o/oauth2/token", 
    "exp":1328554385, 
    "iat":1328550785 
}

就像Service Account: Computing the Signature

JSON網絡簽名(JWS)是指導產生的 力學說明書JWT的簽名。 用於簽名的輸入是以下內容的字節數組

{Base64url編碼頭} {Base64url編碼權利要求集}

所以我建立陣列只是爲了測試該

$seg0 = array(
    "alg" => "RS256", 
    "typ" => "JWT" 
); 
    $seg1 = array(
    "iss" => "[email protected]account.com", 
    "scope" => "https://www.googleapis.com/auth/prediction", 
    "aud" => "https://accounts.google.com/o/oauth2/token", 
    "exp" => 1328554385, 
    "iat" => 1328550785 
); 

    $segs = array(
    json_encode($seg0), 
    stripslashes(json_encode($seg1)) 
); 
    $segments = array(
    rtrim(strtr(base64_encode($segs[0]), '+/', '-_'), '='), 
    rtrim(strtr(base64_encode($segs[1]), '+/', '-_'), '='), 
);

這是它。前兩個數組編碼成功。

Output 
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9 
eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ

我勇往直前,編碼簽名

簽名然後必須Base64url編碼。然後將簽名 與「。」字符連接在輸入字符串的Base64url 表示的末尾。結果是智威湯遜。它應該 是以下幾點:
{Base64url編碼頭} {Base64url編碼聲明組} {Base64url編碼簽名}

$signature = makeSignedJwt($segments); 
    //$signature = makeSignedJwt($segs); 
    echo $signature .'<br /><br />'; 
    $segments[] = rtrim(strtr(base64_encode($signature), '+/', '-_'), '='); 
    echo '<pre>'; print_r($segments); echo '</pre>'; 

function makeSignedJwt($segments) 
{ 
    $data = implode('.', $segments); 
    if (!openssl_sign($data, $signature, privateKey, "sha256")) 
    { 
     exit("Unable to sign data"); 
    } 
    return $signature; 
} 

Output 
    Array 
(
    [0] => eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9 
    [1] => eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ 
    [2] => xFS6iZdJku5RKJ5_XdH3W5A8e9V3wsaFeQhAXoJtuxzW-xvqZq1CdEJJAo60VvK1UFONElVf_pthezEyz-eyWsoRGVZFibUQBaKXLI8eR28eFlaCAKH7bKh820uR7IwuRx4xr8MPmnC8so9u9TEY153gkU6Mz9e--pQPlcLlGY 
)

必須失去了一些東西..

來源

2012-08-05 qpaycm

+0

你好,你的問題在哪裏?你的簽名數據不正確? – 2015-07-07 11:39:08

回答

3

我不確定你的問題是什麼,但以下工作適合我:

//helper function 
function base64url_encode($data) { 
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
} 

//Google's Documentation of Creating a JWT: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests 

//{Base64url encoded JSON header} 
$jwtHeader = base64url_encode(json_encode(array(
    "alg" => "RS256", 
    "typ" => "JWT" 
))); 
//{Base64url encoded JSON claim set} 
$now = time(); 
$jwtClaim = base64url_encode(json_encode(array(
    "iss" => "[email protected]account.com", 
    "scope" => "https://www.googleapis.com/auth/prediction", 
    "aud" => "https://www.googleapis.com/oauth2/v4/token", 
    "exp" => $now + 3600, 
    "iat" => $now 
))); 
//The base string for the signature: {Base64url encoded JSON header}.{Base64url encoded JSON claim set} 
openssl_sign(
    $jwtHeader.".".$jwtClaim, 
    $jwtSig, 
    $your_private_key_from_google_api_console, 
    "sha256WithRSAEncryption" 
); 
$jwtSign = base64url_encode($jwtSig); 

//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature} 
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSig;

來源

2017-04-10 02:06:46

+1

這是一段時間..無論如何,我記得(如果我沒記錯的話)是在google-api php庫的幫助下解決的,但我發現你的答案更可取。謝謝 – qpaycm 2017-07-21 01:03:49

相關問題

 相關問題