Add and implement jwt config

Author: aganttor

src/AbstractDataStream.php

@@ -20,17 +20,23 @@ abstract class AbstractDataStream implements DataStream
      * @var mixed
      */
     private $data;
+    /**
+     * @var \Hawkbit\DataStream\JwtConfig|null
+     */
+    private $jwtConfig;
 
     /**
      * DataStream constructor.
      *
      * @param $data
+     * @param \Hawkbit\DataStream\JwtConfig|null $jwtConfig
      * @param \Hawkbit\DataStream\Compressor|null $compressor
      */
-    public function __construct($data, Compressor $compressor = null)
+    public function __construct($data, JwtConfig $jwtConfig = null,  Compressor $compressor = null)
     {
         $this->raw = $data;
         $this->compressor = $compressor ?? new DeflateCompressor();
+        $this->jwtConfig = $jwtConfig ?? new JwtConfig();
         $this->data = $this->decorateData($data);
     }
 
@@ -68,4 +74,12 @@ public function getCompressor()
     {
         return $this->compressor;
     }
+
+    /**
+     * @return \Hawkbit\DataStream\JwtConfig|null
+     */
+    public function getJwtConfig()
+    {
+        return $this->jwtConfig;
+    }
 }

src/DataStream.php

@@ -4,23 +4,23 @@
 namespace Hawkbit\DataStream;
 
 
+use Firebase\JWT\JWT;
+
 interface DataStream
 {
 
     const DEFAULT_INPUT = InputStream::class;
     const DEFAULT_OUTPUT = OutputStream::class;
     const MESSAGE_ESCAPE_STRING = "\0";
-    const DEFAULT_SECRET = 'datastream';
-    const DEFAULT_ISSUER = 'datastream';
-    const DEFAULT_ALG = 'HS512';
 
     /**
      * DataStream constructor.
      *
      * @param $data
+     * @param \Hawkbit\DataStream\JwtConfig|null $jwtConfig
      * @param \Hawkbit\DataStream\Compressor|null $compressor
      */
-    public function __construct($data, Compressor $compressor = null);
+    public function __construct($data, JwtConfig $jwtConfig = null, Compressor $compressor = null);
 
     /**
      * get raw data

src/InputStream.php

@@ -19,14 +19,19 @@ class InputStream extends AbstractDataStream implements DataStream
     protected function decorateData($data)
     {
 
+        // load jwt config
+        $config = $this->getJwtConfig();
+
         // compressed jwt
         $compressed = base64_decode($data);
 
         // get inflated jwt
         $jwt = $this->getCompressor()->uncompress($compressed);
+        $secret = $config->getSecret();
+        $alg = $config->getAlg();
 
         // decode data
-        $payload = JWT::decode($jwt, base64_encode(static::DEFAULT_SECRET), [static::DEFAULT_ALG]);
+        $payload = JWT::decode($jwt, $secret, [$alg]);
 
         // return payload data
         // workaround to get always assoc arrays instead of objects

src/JwtConfig.php

@@ -0,0 +1,164 @@
+<?php
+
+
+namespace Hawkbit\DataStream;
+
+
+final class JwtConfig
+{
+
+    const DEFAULT_SECRET = 'datastream';
+    const DEFAULT_ISSUER = 'datastream';
+    const DEFAULT_ALG = 'HS512';
+    const DEFAULT_NOT_BEFORE = 0;
+    const DEFAULT_EXPIRE_AT = 60;
+
+    /**
+     * @var string
+     */
+    private $issuer = self::DEFAULT_ISSUER;
+
+    /**
+     * @var string
+     */
+    private $secret = self::DEFAULT_SECRET;
+
+    /**
+     * @var string
+     */
+    private $alg = self::DEFAULT_ALG;
+    /**
+     * @var int
+     */
+    private $notBefore = self::DEFAULT_NOT_BEFORE;
+    /**
+     * @var int
+     */
+    private $expireAt = self::DEFAULT_EXPIRE_AT;
+
+    /**
+     * @return string
+     */
+    public function getIssuer(): string
+    {
+        return $this->issuer;
+    }
+
+    /**
+     * @param string $issuer
+     *
+     * @return JwtConfig
+     */
+    public function setIssuer(string $issuer): JwtConfig
+    {
+        $this->issuer = $issuer;
+        return $this;
+    }
+
+    /**
+     * Extract the key, which is coming from the config file.
+     *
+     * Best suggestion is the key to be a binary string and
+     * store it in encoded in a config file.
+     *
+     * Can be generated with base64_encode(openssl_random_pseudo_bytes(64));
+     *
+     * keep it secure! You'll need the exact key to verify the
+     * token later.
+     *
+     * @return string
+     */
+    public function getSecret(): string
+    {
+        return base64_encode($this->secret);
+    }
+
+    /**
+     * @param string $secret
+     *
+     * @return JwtConfig
+     */
+    public function setSecret(string $secret): JwtConfig
+    {
+        $this->secret = $secret;
+        return $this;
+    }
+
+    /**
+     * Algorithm used to sign the token
+     *
+     * @see https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3
+     *
+     * @return string
+     */
+    public function getAlg(): string
+    {
+        return $this->alg;
+    }
+
+    /**
+     * @param string $alg
+     *
+     * @return JwtConfig
+     */
+    public function setAlg(string $alg): JwtConfig
+    {
+        $this->alg = $alg;
+        return $this;
+    }
+
+    /**
+     * @return int
+     */
+    public function getNotBefore(): int
+    {
+        return $this->getIssuedAt() + $this->notBefore;
+    }
+
+    /**
+     * @param int $notBefore
+     *
+     * @return JwtConfig
+     */
+    public function setNotBefore(int $notBefore): JwtConfig
+    {
+        $this->notBefore = $notBefore;
+        return $this;
+    }
+
+    /**
+     * @return int
+     */
+    public function getExpireAt(): int
+    {
+        return $this->getIssuedAt() + $this->expireAt;
+    }
+
+    /**
+     * @param int $expireAt
+     *
+     * @return JwtConfig
+     */
+    public function setExpireAt(int $expireAt): JwtConfig
+    {
+        $this->expireAt = $expireAt;
+        return $this;
+    }
+
+    /**
+     * @return int
+     */
+    public function getIssuedAt(): int
+    {
+        return time();
+    }
+
+    /**
+     * @return string
+     */
+    public function getTokenId(): string
+    {
+        return base64_encode(random_bytes(32));
+    }
+
+}

src/OutputStream.php

@@ -18,63 +18,35 @@ class OutputStream extends AbstractDataStream
      */
     protected function decorateData($data)
     {
-        // build message
-        $tokenId = base64_encode(random_bytes(32));
-        $issuedAt = time();
+        // load config
+        $config = $this->getJwtConfig();
 
-        // gte $issuedAt
-        $notBefore = $issuedAt;
-
-        // Adding 60 seconds
-        $expire = $notBefore + 120;
-
-        // Retrieve the server name from config file
-        $issuer = static::DEFAULT_ISSUER;
-
-        /*
-         * Create the token as an array
-         */
+        // Create the token as an array
         $payload = [
-            'iat' => $issuedAt,
+            'iat' => $config->getIssuedAt(),
             // Issued at: time when the token was generated
-            'jti' => $tokenId,
+            'jti' => $config->getTokenId(),
             // Json Token Id: an unique identifier for the token
-            'iss' => $issuer,
+            'iss' => $config->getIssuer(),
             // Issuer
-            'nbf' => $notBefore,
+            'nbf' => $config->getNotBefore(),
             // Not before
-            'exp' => $expire,
+            'exp' => $config->getExpireAt(),
             // Expire
             'data' => $data
         ];
 
-        /*
-         * Extract the key, which is coming from the config file.
-         *
-         * Best suggestion is the key to be a binary string and
-         * store it in encoded in a config file.
-         *
-         * Can be generated with base64_encode(openssl_random_pseudo_bytes(64));
-         *
-         * keep it secure! You'll need the exact key to verify the
-         * token later.
-         */
-        $secretKey = base64_encode(static::DEFAULT_SECRET);
-
         /*
          * Encode the array to a JWT string.
          * Second parameter is the key to encode the token.
          *
          * The output string can be validated at http://jwt.io/
          */
-        $jwt = JWT::encode($payload, // Data to be encoded in the JWT
-            $secretKey, // The signing key
-            static::DEFAULT_ALG // Algorithm used to sign the token, see https://tools.ietf
-        //.org/html/draft-ietf-jose-json-web-algorithms-40#section-3
+        $jwt = JWT::encode($payload,
+            $config->getSecret(),
+            $config->getAlg()
         );
 
-        var_dump($jwt);
-
         // compress jwt
         $compressed = $this->getCompressor()->compress($jwt);