Open notdodo opened 8 years ago
Hi Edoardo, this seems a problem with the key itself -- can you share some test keys? Can you run your code with the example key in this repo?
On Mon, Apr 11, 2016 at 2:16 PM, Edoardo Rosa notifications@github.com wrote:
Hi! I'm using your library to with PHP 7.0.5 on archlinux with nginx (1.8.1) I've created my private and public keys with a rugby script
require 'json/jwt'
private_key = OpenSSL::PKey::EC.new 'secp521r1' private_key.generate_key
open 'private.key', 'w' do |io| io.write private_key.to_pem end
public_key = OpenSSL::PKey::EC.new private_key public_key.private_key = nil
open 'public.key', 'w' do |io| io.write public_key.to_pem end
and then I wrapped your sample code in a class
require DIR . '/../vendor/autoload.php';use Namshi\JOSE\SimpleJWS;class JWTAuth { private $privateKey; private $publicKey; private $alg = 'ES512'; private $jws; public function __construct() { $this->publicKey = "/usr/share/nginx/html/embedded/config/public.key"; $this->privateKey = "/usr/share/nginx/html/embedded/config/private.key"; $this->jws = new SimpleJWS(array( 'alg' => $this->alg)); // payload could be the username $this->jws->setPayload(array( 'uid' => 'embedded16')); $this->jws->sign(file_get_contents($this->privateKey)); setcookie('sessionID', $this->jws->getTokenString()); } public function isValid() : bool { print_r($this->jws->getPayload()); return $this->jws->isValid(file_get_contents($this->publicKey), $this->alg); }}
The cookie is setted but I run into this error:
Fatal error: Uncaught RuntimeException: Unknown error during verification. in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php:43 Stack trace: #0 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/JWS.php(159): Namshi\JOSE\Signer\OpenSSL\PublicKey->verify('-----BEGIN PUBL...', '', 'eyJhbGciOiJFUzU...') #1 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/SimpleJWS.php(54): Namshi\JOSE\JWS->verify('-----BEGIN PUBL...', 'ES512') #2 /usr/share/nginx/html/embedded/phplibs/JWS.php(27): Namshi\JOSE\SimpleJWS->isValid('-----BEGIN PUBL...', 'ES512') #3 /usr/share/nginx/html/embedded/index.php(16): JWTAuth->isValid() #4 {main} thrown in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php on line 43
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/namshi/jose/issues/93
Nadalin Alessandro http://www.linkedin.com/in/alessandronadalin www.odino.org www.twitter.com/odino
my keys (only for testing purpose):
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBpnH7gjL2mp2Yg2yxKGwDXnX8T8stO1JGuCkXc3myZbAnQ1rvczdk
9NuuxodWTpH0coUteqtSOccOrKs6DEgD6vegBwYFK4EEACOhgYkDgYYABAAUhvqp
j3xPjgUMh91cLv3wDk+T9qjU7QoeYL5lEgX64sHafKGs9auYN3qwgfzlXXxxnkiJ
lzRxWXjwC853KirNNADrZhvw4r0nfrSyJbNfFZsDqhTHQHz+sF+H8PNT4AezJacX
uEDwHmHawl7oZ0gplRzwJFnG+5db9bWcAmW9AYSmog==
-----END EC PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFIb6qY98T44FDIfdXC798A5Pk/ao
1O0KHmC+ZRIF+uLB2nyhrPWrmDd6sIH85V18cZ5IiZc0cVl48AvOdyoqzTQA62Yb
8OK9J360siWzXxWbA6oUx0B8/rBfh/DzU+AHsyWnF7hA8B5h2sJe6GdIKZUc8CRZ
xvuXW/W1nAJlvQGEpqI=
-----END PUBLIC KEY-----
Same result with your sample es512 keys.
I forgot to mention my main.php and I used composer to install JOSE
$j = new JWTAuth();
echo ($j->isValid())? "OK": "Invalid";
Same problem here with your ES256 sample keys
could you try with the latest master? @tdhsmith just sent a patch to make the error more user-friendly :)
Hi! I'm using your library with PHP 7.0.5 on archlinux with nginx (1.8.1) I've created my private and public keys with a ruby script
and then I wrapped your sample code in a class
The cookie is setted but I run into this error:
EDIT: the payload is correctly printed