File Editor
Directories:
.. (Back)
Diff
dashboard
rest-api
Files:
Diff.php
IPTraf.php
IPTrafList.php
WFLSPHP52Compatability.php
compat.php
diffResult.php
email_genericAlert.php
email_newIssues.php
email_unlockRequest.php
email_unsubscribeRequest.php
flags.php
live_activity.php
menu_dashboard.php
menu_dashboard_options.php
menu_firewall.php
menu_firewall_blocking.php
menu_firewall_blocking_options.php
menu_firewall_waf.php
menu_firewall_waf_options.php
menu_install.php
menu_options.php
menu_scanner.php
menu_scanner_credentials.php
menu_scanner_options.php
menu_support.php
menu_tools.php
menu_tools_diagnostic.php
menu_tools_importExport.php
menu_tools_livetraffic.php
menu_tools_twoFactor.php
menu_tools_whois.php
menu_wordfence_central.php
sysinfo.php
viewFullActivityLog.php
wf503.php
wfAPI.php
wfActivityReport.php
wfAdminNoticeQueue.php
wfAlerts.php
wfArray.php
wfBrowscap.php
wfBrowscapCache.php
wfBulkCountries.php
wfCache.php
wfCentralAPI.php
wfConfig.php
wfCrawl.php
wfCredentialsController.php
wfCrypt.php
wfCurlInterceptor.php
wfDB.php
wfDashboard.php
wfDateLocalization.php
wfDeactivationOption.php
wfDiagnostic.php
wfDict.php
wfDirectoryIterator.php
wfFileUtils.php
wfHelperBin.php
wfHelperString.php
wfIPWhitelist.php
wfImportExportController.php
wfInvalidPathException.php
wfIpLocation.php
wfIpLocator.php
wfIssues.php
wfJWT.php
wfLicense.php
wfLockedOut.php
wfLog.php
wfMD5BloomFilter.php
wfModuleController.php
wfNotification.php
wfOnboardingController.php
wfPersistenceController.php
wfRESTAPI.php
wfScan.php
wfScanEngine.php
wfScanEntrypoint.php
wfScanFile.php
wfScanFileLink.php
wfScanMonitor.php
wfScanPath.php
wfSchema.php
wfStyle.php
wfSupportController.php
wfUnlockMsg.php
wfUpdateCheck.php
wfUtils.php
wfVersionCheckController.php
wfView.php
wfViewResult.php
wfWebsite.php
wordfenceClass.php
wordfenceConstants.php
wordfenceHash.php
wordfenceScanner.php
wordfenceURLHoover.php
Create New File
Create
Edit File: wfJWT.php
<?php class wfJWT { private $claims; const JWT_TTL = 600; const ISSUER = 600; public static function extractTokenContents($token) { if (!is_string($token)) { throw new InvalidArgumentException('Token is not a string. ' . gettype($token) . ' given.'); } // Verify the token matches the JWT format. if (!preg_match('/^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?$/', $token)) { throw new wfJWTException('Invalid token format.'); } list($header, $body, $signature) = explode('.', $token); // Test that the token is valid and not expired. $decodedHeader = base64_decode($header); if (!(is_string($decodedHeader) && $decodedHeader)) { throw new wfJWTException('Token header is invalid.'); } $header = json_decode($decodedHeader, true); if (!is_array($header)) { throw new wfJWTException('Token header is invalid.'); } $decodedBody = base64_decode($body); if (!(is_string($decodedBody) && $decodedBody)) { throw new wfJWTException('Token body is invalid.'); } $body = json_decode($decodedBody, true); if (!is_array($body)) { throw new wfJWTException('Token body is invalid.'); } return array( 'header' => $header, 'body' => $body, 'signature' => $signature, ); } /** * @param mixed $subject */ public function __construct($subject = null) { $this->claims = $this->getClaimDefaults(); $this->claims['sub'] = $subject; } /** * @return string */ public function encode() { $header = $this->encodeString($this->buildHeader()); $body = $this->encodeString($this->buildBody()); return sprintf('%s.%s.%s', $header, $body, $this->encodeString($this->sign(sprintf('%s.%s', $header, $body)))); } /** * @param string $token * @return array * @throws wfJWTException|InvalidArgumentException */ public function decode($token) { if (!is_string($token)) { throw new InvalidArgumentException('Token is not a string. ' . gettype($token) . ' given.'); } // Verify the token matches the JWT format. if (!preg_match('/^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?$/', $token)) { throw new wfJWTException('Invalid token format.'); } list($header, $body, $signature) = explode('.', $token); // Verify signature matches the supplied payload. if (!$this->verifySignature($this->decodeString($signature), sprintf('%s.%s', $header, $body))) { throw new wfJWTException('Invalid signature.'); } // Test that the token is valid and not expired. $decodedHeader = base64_decode($header); if (!(is_string($decodedHeader) && $decodedHeader)) { throw new wfJWTException('Token header is invalid.'); } $header = json_decode($decodedHeader, true); if (!( is_array($header) && array_key_exists('alg', $header) && $header['alg'] === 'HS256' && $header['typ'] === 'JWT' )) { throw new wfJWTException('Token header is invalid.'); } $decodedBody = base64_decode($body); if (!(is_string($decodedBody) && $decodedBody)) { throw new wfJWTException('Token body is invalid.'); } $body = json_decode($decodedBody, true); if (!( is_array($body) && // Check the token not before now timestamp. array_key_exists('nbf', $body) && is_numeric($body['nbf']) && $body['nbf'] <= time() && // Check the token is not expired. array_key_exists('exp', $body) && is_numeric($body['exp']) && $body['exp'] >= time() && // Check the issuer and audience is ours. $body['iss'] === 'Wordfence ' . WORDFENCE_VERSION && $body['aud'] === 'Wordfence Central' )) { throw new wfJWTException('Token is invalid or expired.'); } return array( 'header' => $header, 'body' => $body, ); } /** * @param string $string * @return string */ public function sign($string) { $salt = wp_salt('auth'); return hash_hmac('sha256', $string, $salt, true); } /** * @param string $signature * @param string $message * @return bool */ public function verifySignature($signature, $message) { return hash_equals($this->sign($message), $signature); } /** * @return string */ public function __toString() { return $this->encode(); } /** * @param string $data * @return string */ public function encodeString($data) { return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); } /** * @param string $data * @return bool|string */ public function decodeString($data) { return base64_decode(strtr($data, '-_', '+/')); } /** * @return mixed|string */ protected function buildHeader() { return '{"alg":"HS256","typ":"JWT"}'; } /** * @return mixed|string */ protected function buildBody() { return json_encode($this->getClaims()); } /** * @return array */ protected function getClaimDefaults() { $now = time(); return array( 'iss' => 'Wordfence ' . WORDFENCE_VERSION, 'aud' => 'Wordfence Central', 'nbf' => $now, 'iat' => $now, 'exp' => $now + self::JWT_TTL, ); } /** * @param array $claims */ public function addClaims($claims) { if (!is_array($claims)) { throw new InvalidArgumentException(__METHOD__ . ' expects argument 1 to be array.'); } $this->setClaims(array_merge($this->getClaims(), $claims)); } /** * @return array */ public function getClaims() { return $this->claims; } /** * @param array $claims */ public function setClaims($claims) { $this->claims = $claims; } } class wfJWTException extends Exception { }
Save Changes
Rename File
Rename