classIlabJwt
{public $TYPE_RESERVED = 0;public $TYPE_JSON = 1;public $TYPE_SYS = 2;public static $enableLog = true;public static $logger = null;public $appName = 'test';public $issuerId = 100400;public $secretKey = '16jmp2';public $aesKey = 'SbYymvfZ8UjEmShxRAB0b1Dtaa0uGjDOOJa/f0Mbuo4=';public functionis_64bit()
{$int = "9223372036854775807";$int = intval($int);if ($int == "9223372036854775807") {/*64bit*/
return 'J';
}elseif ($int == 2147483647) {/*32bit*/
exit('请使用64位的 PHP');
}else{/*error*/
return 'error';
}
}public function getJwt($body)
{$body = json_encode($body, JSON_UNESCAPED_UNICODE); //JSON_UNESCAPED_UNICODE 必须
$header = $this->packHeader();$body = $this->encrypt($body);$base64Header = base64_encode($header);$base64Payload = base64_encode($body);$base64Signature = base64_encode($this->sign($base64Header, $base64Payload));$xjwt = urlencode($base64Header.'.'.$base64Payload.'.'.$base64Signature);return $xjwt;
}public functionpackHeader()
{$header = '';$expiry = round((microtime(true) + 900) * 1000); //900秒过期时间
$header .= pack($this->is_64bit(), $expiry);$type = pack('n', $this->TYPE_JSON);$header .= $type[1];$header .= pack($this->is_64bit(), $this->issuerId);return $header;
}public function encrypt($body)
{$payload = '';//前接8字节随机整数
$randLong = pack($this->is_64bit(), rand(0,PHP_INT_MAX));$payload .= $randLong;$payload .= $body;//补齐为64字节的整数倍
$tempLen = strlen($payload) + 1;$paddingLen = 16 - $tempLen % 16;$padding = str_pad('', $paddingLen + 1, pack('c', $paddingLen));$payload .= $padding;//aes加密
$aesKey = base64_decode($this->aesKey);$iv = substr($aesKey, 0, 16);$payload = openssl_encrypt($payload, 'AES-256-CBC', $aesKey, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);return $payload;
}public function sign($base64Header, $base64Payload)
{$signature = hash_hmac('sha256', $base64Header . '.' . $base64Payload, $this->secretKey, true);return $signature;
}public function getBody($jwt)
{list($base64Header, $base64Payload, $base64Signature) = explode('.', $jwt);$header = base64_decode($base64Header);$payload = base64_decode($base64Payload);$signature = base64_decode($base64Signature);if (!$this->validateSignature($signature, $base64Header, $base64Payload)) {//var_dump('Signature is invalid.');
var_dump('Signature is invalid.');return 'error:Signature is invalid.';
}//header:expiry
$expiry = substr($header, 0, 8);if ($this->isExpired($expiry)) {var_dump('Data is expired.');return 'error:Data is expired.';
}//header:type
$type = substr($header, 8, 1);if (!$this->isValidType($type)) {var_dump('Type is invalid.');return 'error:Type is invalid.';
}//header:issuerid
$issuerId = substr($header, 9);if (!$this->isValidIssuer($issuerId)) {var_dump('Issuer is invalid.');return 'error:Issuer is invalid.';
}//payload
$body = $this->decrypt($payload);if (!$body) {return 'error:The wrong payload';
}//['id' => xxx, 'un' => 'xxx', 'dis' => 'xxx']
return json_decode($body, true);
}public function isExpired($expiry)
{$expiry = unpack($this->is_64bit(), $expiry);$expiry = $expiry[1] / 1000;var_dump('Expiry : ' . date("Y-m-d H:i:s",intval($expiry)));return (time() < $expiry);
}public function isValidType($type)
{$type = unpack('n', "\0" . $type);$type = $type[1];var_dump('Type : ' . $type);return $type === $this->TYPE_JSON;
}public function isValidIssuer($issuerId)
{$issuerId = unpack($this->is_64bit(), $issuerId);$issuerId = $issuerId[1];var_dump('IssuerId : ' . $issuerId);return $issuerId === $this->issuerId;
}public function decrypt($payload)
{$aesKey = base64_decode($this->aesKey);$iv = substr($aesKey, 0, 16);$data = openssl_decrypt($payload, 'AES-256-CBC', $aesKey, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);$dataLen = strlen($data);$paddingLen = unpack('n', "\0" . $data[$dataLen - 1]);$paddingLen = $paddingLen[1];$body = substr($data, 8, - $paddingLen - 1);var_dump('Body : ' . $body);return $body;
}public function validateSignature($signature, $base64Header, $base64Payload)
{$caculatedSignature = $this->sign($base64Header, $base64Payload);var_dump('Caculated signature (base64 code) : ' . base64_encode($caculatedSignature). ', received signature (base64 code) : ' . base64_encode($signature));return (base64_encode($caculatedSignature) === base64_encode($signature));
}public function log($message, $type = 'info', $errno = null, $error = '', $file = null)
{return;
}
}