“ $ keymaterial必须是字符串,资源或openssmmetrickey”。 Firebase/PHP-JWT解码功能中的错误
continue
I'm using the below php code to retrieve the keys from given google docs url and it's working fine because I can check them on my browser. The code is based on this answer.
<?php
require_once('../vendor/autoload.php');
require_once('../vendor/firebase/php-jwt/src/BeforeValidException.php');
require_once('../vendor/firebase/php-jwt/src/ExpiredException.php');
require_once('../vendor/firebase/php-jwt/src//SignatureInvalidException.php');
use \Firebase\JWT\JWT;
use \Firebase\JWT\Key;
$token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJmaXJlYmFzZS1hZG1pbnNkay04Y25oM0BvcmRlcnMtYXBwLTdiMTYxLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic3ViIjoiZmlyZWJhc2UtYWRtaW5zZGstOGNuaDNAb3JkZXJzLWFwcC03YjE2MS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsImF1ZCI6Im9yZGVycy1hcHAtN2IxNjEiLCJpYXQiOjE2NTU5MjY3NzAsImV4cCI6MTY1NTkzMDM3MCwidWlkIjoxLCJjbGFpbXMiOnsiZnVsbG5hbWUiOiJNYWRzb24ifX0.XVdrqlzKxEexcDwbRzxrPiVXwcV9WHPBjSvYxkO86DmSZXGzt2Fpqe-Vuy3qhDHD5B73vqnKRNxomPil47ig49AGJPmci9o0HeZCt1lr7WVtKyPa4uHudkLor3c3VrhXstfXFnrCo6t9UHDLmAPUjeLbKKA4w1mqygN7KCTMCXbKV7QQgqsVfxu0DdI4npuBWEBj3z0W3vJaXz0R3NvpdMWgrVvBc5YXGn_NB2JQ9HvrLG2U2WYvqKWtIJF5xrDKP48OgU1-DO82dQFu2ouLN0dOjnmbOLU8qlau21rXeCu0zMbJ5C-_5kI5EIsXSs22yYU-BPXsGRhRwRAOo85GSA";
$keys_file = "publicKeys.json"; // the file for the downloaded public keys
$cache_file = "pkeys.cache"; // this file contains the next time the system has to revalidate the keys
/**
* Checks whether new keys should be downloaded, and retrieves them, if needed.
*/
function checkKeys()
{
global $cache_file;
if (file_exists($cache_file)) {
$fp = fopen($cache_file, "r+");
if (flock($fp, LOCK_SH)) {
$contents = fread($fp, filesize($cache_file));
if ($contents > time()) {
flock($fp, LOCK_UN);
} elseif (flock($fp, LOCK_EX)) { // upgrading the lock to exclusive (write)
// here we need to revalidate since another process could've got to the LOCK_EX part before this
if (fread($fp, filesize($cache_file)) <= time()) {
refreshKeys($fp);
}
flock($fp, LOCK_UN);
} else {
throw new \RuntimeException('Cannot refresh keys: file lock upgrade error.');
}
} else {
// you need to handle this by signaling error
throw new \RuntimeException('Cannot refresh keys: file lock error.');
}
fclose($fp);
} else {
refreshKeys();
}
}
/**
* Downloads the public keys and writes them in a file. This also sets the new cache revalidation time.
* @param null $fp the file pointer of the cache time file
*/
function refreshKeys($fp = null)
{
global $keys_file;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
$data = curl_exec($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = trim(substr($data, 0, $header_size));
$raw_keys = trim(substr($data, $header_size));
if (preg_match('/age:[ ]+?(\d+)/i', $headers, $age_matches) === 1) {
$age = $age_matches[1];
if (preg_match('/cache-control:.+?max-age=(\d+)/i', $headers, $max_age_matches) === 1) {
$valid_for = $max_age_matches[1] - $age;
ftruncate($fp, 0);
fwrite($fp, "" . (time() + $valid_for));
fflush($fp);
// $fp will be closed outside, we don't have to
$fp_keys = fopen($keys_file, "w");
if (flock($fp_keys, LOCK_EX)) {
fwrite($fp_keys, $raw_keys);
fflush($fp_keys);
flock($fp_keys, LOCK_UN);
}
fclose($fp_keys);
}
}
}
/**
* Retrieves the downloaded keys.
* This should be called anytime you need the keys (i.e. for decoding / verification).
* @return null|string
*/
function getKeys()
{
global $keys_file;
$fp = fopen($keys_file, "r");
$keys = null;
if (flock($fp, LOCK_SH)) {
$keys = fread($fp, filesize($keys_file));
flock($fp, LOCK_UN);
}
fclose($fp);
return $keys;
}
checkKeys();
$pKeys_raw = getKeys();
// echo json_encode($pKeys_raw); exit;
if ($pKeys_raw) {
$pkeys = json_decode($pKeys_raw, true);
// $decodejwt = JWT::decode($token, $pkeys, ["RS256"]);
$decodejwt = JWT::decode($token, new Key($pkeys, "RS256"));
$decoded_array = (array) $decodejwt;
echo "Decode:\n" . print_r($decoded_array, true) . "\n";
} else {
echo "empty";
}
These are the keys from google api:
{
"1aef569f52414e9f4a7104b6d071f066dfeed677":
"-----BEGIN CERTIFICATE-----
\nMIIDHDCCAgSgAwIBAgIIQ8idkMV5aoQwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
\nAwwmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjIw
\nNjA0MDkzODQyWhcNMjIwNjIwMjE1MzQyWjAxMS8wLQYDVQQDDCZzZWN1cmV0b2tl
\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
\nggEPADCCAQoCggEBAM9SHVisixHJe5omHxC4iUIdPoKmODvIkVWt4VgJQk4XNUn3
\nm8J1JRIVfIuNCLFiwvQUKu2Gb8e4pQQY0DAuTeno3NY+HLvb6dgq04tXWWo44IHQ
\n8t6IZoctzI9Vz41Vi/te9sk0fU5mMSX2zkQPmN4eSkwA9Vxcm1I1C+9m2njM6+Fy
\nrGfA5PPpFCKEU3rvWNalS/oOHQK9oG9ch4QXDm6ax6wgPXdxCMTm/oX58h+0d4F0
\n0iO20NEHFbjT5C+B4S+d4HOYVfY3tJOmtVBHxMNGe4N5LamsLQIqDRoQId14oT/A
\nYrFvp1RYLkkNXfiShmkHtgH9iutDi6as5LIzLgUCAwEAAaM4MDYwDAYDVR0TAQH/
\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
\nKoZIhvcNAQEFBQADggEBAJjhWc3AO86f/5SFontdVUrRC+C7c+u9EyE8WMnEX5eK
\nU05vEiqqi22MR+Cv3SaB1gC/koKt7gGWKR+n7yRCdRHQALK0gSpIb6K4aSJR3qKW
\naR0TrXSisRVEHwMXVWAXMHM+jCHsFCDf4EJlm2CJMLODKNdwOsRdxG0No6sB7I92
\nattm8pJ2+qL+Q/Pe7NwTMd5PlEHxebJZFDAE5+F6QeO7hRPftA6B/PT+lTSRmdbS
\nRIJgAJmUFO5rSmcIsrcyCCrI9IbwKyA7qP8jKQ30ROHJyR10smTRYAIvpXhZbPm2
\nPxgtkJNN0GCVv7fLEnpWzF4+6nUe73sbdzLPdXIdL6A=
\n-----END CERTIFICATE-----\n",
"f90fb1ae048a548fb681ad6092b0b869ea467ac6":
"-----BEGIN CERTIFICATE-----
\nMIIDHTCCAgWgAwIBAgIJAI5jwaS/+yl0MA0GCSqGSIb3DQEBBQUAMDExLzAtBgNV
\nBAMMJnNlY3VyZXRva2VuLnN5c3RlbS5nc2VydmljZWFjY291bnQuY29tMB4XDTIy
\nMDYxMjA5Mzg0NVoXDTIyMDYyODIxNTM0NVowMTEvMC0GA1UEAwwmc2VjdXJldG9r
\nZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
\nA4IBDwAwggEKAoIBAQC/UMsDz3GlGlDZsDYq7//fjP3x4hKdPVygGADdA2OK2akz
\n7it/Wk80fowrE46PhnG/NJ4aU6MHteJDBfeVAn5kN5K9Ljl9YgqsNbfcDIWf5nhU
\nUktVFvuPiyotrrGxOPmuRskEPDAZsZc6jfujkTB+fRLnYYUOOXYAsp7EiC7txQoo
\nezKSv+HoPpF2HCke+Mb8fk6ar2ZjvAPEtO+1jKuk3fA40B/i4ywmf0YOAywC7tSS
\nENIgJfmOaFVQO9gkDcUqiQXKMbs91602eHTSmsv8K0fUGzx/TqxbBApAxMNSsoTI
\nQe5zZvNY18ZdGtz5z+BE1Y/2Tu/M5NwAgVJaUDsXAgMBAAGjODA2MAwGA1UdEwEB
\n/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMA0G
\nCSqGSIb3DQEBBQUAA4IBAQAjXtjKN4RPPNEVTDAWcOuao7kiD+8zjzz25aXz+32d
\nUawyBF602j3Q2hPIfLBp2Zja7crigzKHBXF7bixLkleKkSb/0HLwoNPH4AiPneJn
\njSVyvcOGQ4x4ktDwlYWQZJM8hGkurvf6IUf4uJf5wEyMM1qNDxlGdkXqe1L8Ub0x
\nIKvywHeCbjdySMoSC2+6fYxqnhVlmxBhsOfdvW6SxuyUWpkMpY/Q4KekTCU7NPpQ
\nF7hAypfuLYiEv/EJd0tSa6HLLQ10jP0042bqCJXWNmYF/zh1clGjlm3G96y89EjX
\nVAGeFTGwUgzF5WQCMFa9wx+8Ch1zEAxLREoQmbIkFCSs
\n-----END CERTIFICATE-----\n"
}
I'm trying to decode the token generated with my private key and my google service account email but it's returning the error below:
"$keyMaterial must be a string, resource, or OpenSSLAsymmetricKey"
Am I missing something? I've read some others answers and I have checked server time and it's ok so I couldn't find what's wrong.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论