‪TYPO3CMS  ‪main
JwtTrait.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Security;
19 
20 use Firebase\JWT\JWT;
21 use Firebase\JWT\Key;
22 
31 trait ‪JwtTrait
32 {
33  private static function ‪getDefaultSigningAlgorithm(): string
34  {
35  return 'HS256';
36  }
37 
38  private static function ‪createSigningKeyFromEncryptionKey(string $pepper = self::class): Key
39  {
40  if ($pepper === '') {
41  $pepper = self::class;
42  }
43  $encryptionKey = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] ?? '';
44  $keyMaterial = hash('sha256', $encryptionKey) . '/' . $pepper;
45  return new Key($keyMaterial, self::getDefaultSigningAlgorithm());
46  }
47 
48  private static function ‪createSigningSecret(‪SigningSecretInterface $secret, string $pepper = self::class): Key
49  {
50  if ($pepper === '') {
51  $pepper = self::class;
52  }
53  $keyMaterial = $secret->‪getSigningSecret() . '/' . $pepper;
54  return new Key($keyMaterial, self::getDefaultSigningAlgorithm());
55  }
56 
57  private static function ‪encodeHashSignedJwt(array $payload, Key $key, SecretIdentifier ‪$identifier = null): string
58  {
59  $keyId = ‪$identifier !== null ? json_encode(‪$identifier) : null;
60  return JWT::encode($payload, $key->getKeyMaterial(), self::getDefaultSigningAlgorithm(), $keyId);
61  }
62 
63  private static function ‪decodeJwt(string $jwt, Key $key, bool $associative = false): \stdClass|array
64  {
65  $payload = JWT::decode($jwt, $key);
66  return $associative ? json_decode(json_encode($payload), true) : $payload;
67  }
68 
69  private static function ‪decodeJwtHeader(string $jwt, string $property): mixed
70  {
71  $parts = explode('.', $jwt);
72  if (count($parts) !== 3) {
73  return null;
74  }
75  $headerRaw = JWT::urlsafeB64Decode($parts[0]);
76  if (($header = JWT::jsonDecode($headerRaw)) === null) {
77  return null;
78  }
79  return $header->{$property} ?? null;
80  }
81 }
‪TYPO3\CMS\Core\Security\JwtTrait\decodeJwtHeader
‪static decodeJwtHeader(string $jwt, string $property)
Definition: JwtTrait.php:69
‪TYPO3\CMS\Core\Security\JwtTrait\decodeJwt
‪static decodeJwt(string $jwt, Key $key, bool $associative=false)
Definition: JwtTrait.php:63
‪TYPO3\CMS\Core\Security\JwtTrait\getDefaultSigningAlgorithm
‪static getDefaultSigningAlgorithm()
Definition: JwtTrait.php:33
‪TYPO3\CMS\Core\Security\JwtTrait
Definition: JwtTrait.php:32
‪TYPO3\CMS\Core\Security\SigningSecretInterface
Definition: SigningSecretInterface.php:26
‪TYPO3\CMS\Core\Security\SigningSecretInterface\getSigningSecret
‪getSigningSecret()
‪TYPO3\CMS\Core\Security\JwtTrait\encodeHashSignedJwt
‪static encodeHashSignedJwt(array $payload, Key $key, SecretIdentifier $identifier=null)
Definition: JwtTrait.php:57
‪TYPO3\CMS\Core\Security\JwtTrait\createSigningSecret
‪static createSigningSecret(SigningSecretInterface $secret, string $pepper=self::class)
Definition: JwtTrait.php:48
‪TYPO3\CMS\Core\Security\JwtTrait\createSigningKeyFromEncryptionKey
‪static createSigningKeyFromEncryptionKey(string $pepper=self::class)
Definition: JwtTrait.php:38
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Security
Definition: BlockSerializationTrait.php:18
‪TYPO3\CMS\Webhooks\Message\$identifier
‪identifier readonly string $identifier
Definition: FileAddedMessage.php:37