add class SeedDMS_JwtToken

inc/inc.Utils.php

@@ -951,6 +951,67 @@ class SeedDMS_CSRF { /* {{{ */
 	} /* }}} */
 } /* }}} */
 
+/**
+ * Class to represent a jwt token
+ *
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @author     Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  2016 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+class SeedDMS_JwtToken { /* {{{ */
+	protected $jwtsecret;
+
+	public function __construct($jwtsecret = '') { /* {{{ */
+		$this->jwtsecret = $jwtsecret;
+	} /* }}} */
+
+	public function jwtEncode($payload) { /* {{{ */
+		$header = [
+				"alg" => "HS256",
+				"typ" => "JWT"
+		];
+		$encHeader = self::base64UrlEncode(json_encode($header));
+		$encPayload = self::base64UrlEncode(json_encode($payload));
+		$hash = self::base64UrlEncode(self::calculateHash($encHeader, $encPayload));
+
+		return "$encHeader.$encPayload.$hash";
+	} /* }}} */
+
+	public function jwtDecode($token) { /* {{{ */
+		if (!$this->jwtsecret) return "";
+
+		$split = explode(".", $token);
+		if (count($split) != 3) return "";
+
+		$hash = self::base64UrlEncode(self::calculateHash($split[0], $split[1]));
+
+		if (strcmp($hash, $split[2]) != 0) return "";
+		return self::base64UrlDecode($split[1]);
+	} /* }}} */
+
+	protected function calculateHash($encHeader, $encPayload) { /* {{{ */
+		return hash_hmac("sha256", "$encHeader.$encPayload", $this->jwtsecret, true);
+	} /* }}} */
+
+	protected function base64UrlEncode($str) { /* {{{ */
+		return str_replace("/", "_", str_replace("+", "-", trim(base64_encode($str), "=")));
+	} /* }}} */
+
+	protected function base64UrlDecode($payload) { /* {{{ */
+		$b64 = str_replace("_", "/", str_replace("-", "+", $payload));
+		switch (strlen($b64) % 4) {
+			case 2:
+				$b64 = $b64 . "=="; break;
+			case 3:
+				$b64 = $b64 . "="; break;
+		}
+		return base64_decode($b64);
+	} /* }}} */
+} /* }}} */
+
 class SeedDMS_FolderTree { /* {{{ */
 
 	public function __construct($folder, $callback) { /* {{{ */