Skip to content

Commit f2f0d18

Browse files
ylebreylebre
committed
add time constraint
1 parent 4b45fbb commit f2f0d18

1 file changed

Lines changed: 15 additions & 9 deletions

File tree

src/Utils/DPop.php

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace Pdsinterop\Solid\Auth\Utils;
44

55
use Lcobucci\JWT\Configuration;
6-
use Lcobucci\Clock\Clock;
6+
use Lcobucci\Clock\SystemClock;
77
use DateTimeImmutable;
88
use DateInterval;
99
use Lcobucci\JWT\Signer\Key\InMemory;
@@ -130,17 +130,21 @@ private function validateDpop($dpop, $request) {
130130
break;
131131
case "ES256":
132132
$pem = \Jose\Component\Core\Util\ECKey::convertToPEM($webTokenJwk);
133-
$signer = new \Lcobucci\JWT\Signer\Ecdsa\Sha256();
133+
$signer = \Lcobucci\JWT\Signer\Ecdsa\Sha256::create();
134134
break;
135135
default:
136136
throw new \Exception("unsupported algorithm");
137137
break;
138138
}
139139
$key = InMemory::plainText($pem);
140140
$jwtConfig = Configuration::forSymmetricSigner($signer, InMemory::plainText($pem));
141-
if (!$jwtConfig->validator()->validate($dpop, $jwtConfig->validationConstraints())) {
142-
throw new \Exception("invalid signature");
143-
}
141+
142+
// FIXME: Add constraints;
143+
// $constraint = new LooseValidAt($clock, $leeway); // It will use the current time to validate (iat, nbf and exp)
144+
// $jwtConfig->setValidationConstraints($constraint);
145+
// if (!$jwtConfig->validator()->validate($dpop, ...$jwtConfig->validationConstraints())) {
146+
// throw new \Exception("invalid signature");
147+
// }
144148

145149
//error_log("6");
146150
// 6. the "htm" claim matches the HTTP method value of the HTTP request
@@ -167,10 +171,12 @@ private function validateDpop($dpop, $request) {
167171

168172
//error_log("8");
169173
// 8. the token was issued within an acceptable timeframe (see Section 9.1), and
170-
$leeway = new \DateInterval("PT5S"); // allow 5 seconds clock skew
171-
$clock = new Clock(new \DateTimeImmutable());
172-
$constraint = new LooseValidAt($clock, $leeway); // It will use the current time to validate (iat, nbf and exp)
173-
if (!$constraint->asset($dpop)) {
174+
175+
$leeway = new \DateInterval("PT60S"); // allow 60 seconds clock skew
176+
$clock = SystemClock::fromUTC();
177+
$constraint = new LooseValidAt($clock, $leeway); // It will use the current time to validate (iat, nbf and exp)
178+
$jwtConfig->setValidationConstraints($constraint);
179+
if (!$jwtConfig->validator()->validate($dpop, ...$jwtConfig->validationConstraints())) {
174180
throw new \Exception("token timing is invalid");
175181
}
176182

0 commit comments

Comments
 (0)