jwt replacement

Author: alshabalin

composer.json

@@ -16,7 +16,6 @@
         "ext-json": "*",
         "google/protobuf": "~3.15.8",
         "grpc/grpc": "^1.35",
-        "lcobucci/jwt": "~4.1.5",
         "phpseclib/phpseclib": "^2.0|^3.0",
         "psr/log": "^1|^2|^3"
     },

src/Iam.php

@@ -3,11 +3,9 @@
 namespace YdbPlatform\Ydb;
 
 use DateTime;
-use Lcobucci\JWT;
 use DateTimeImmutable;
 use Grpc\ChannelCredentials;
 use Psr\Log\LoggerInterface;
-use YdbPlatform\Ydb\Jwt\Signer\Sha256;
 use YdbPlatform\Ydb\Contracts\IamTokenContract;
 
 use function filter_var;
@@ -98,7 +96,7 @@ public function newToken()
         {
             $token = $this->getJwtToken();
             $request_data = [
-                'jwt' => $token->toString(),
+                'jwt' => $token,
             ];
         }
         else
@@ -285,27 +283,18 @@ protected function initConfig()
     }
 
     /**
-     * @return JWT\Token
+     * @return string
      */
     protected function getJwtToken()
     {
         $now = new DateTimeImmutable;
 
-        $key = JWT\Signer\Key\InMemory::plainText($this->config('private_key'));
-
-        $config = JWT\Configuration::forSymmetricSigner(
-            new Sha256,
-            $key
-        );
-
-        $token = $config->builder()
+        $token = (new Jwt\Jwt($this->config('private_key'), $this->config('key_id')))
             ->issuedBy($this->config('service_account_id'))
             ->issuedAt($now)
             ->expiresAt($now->modify('+1 hour'))
             ->permittedFor(static::IAM_TOKEN_API_URL)
-            ->withHeader('typ', 'JWT')
-            ->withHeader('kid', $this->config('key_id'))
-            ->getToken($config->signer(), $config->signingKey());
+            ->getToken();
 
         return $token;
     }

src/Jwt/Jwt.php

@@ -0,0 +1,139 @@
+<?php
+
+namespace YdbPlatform\Ydb\Jwt;
+
+use DateTimeInterface;
+
+use phpseclib\Crypt\RSA as LegacyRSA;
+use phpseclib3\Crypt\RSA;
+use phpseclib3\Crypt\PublicKeyLoader;
+
+class Jwt
+{
+    /**
+     * @var array
+     */
+	protected $header = [
+		'typ' => 'JWT',
+		'alg' => 'PS256',
+	];
+
+    /**
+     * @var array
+     */
+	protected $payload = [];
+
+    /**
+     * @var string
+     */
+	protected $privateKey;
+
+    /**
+     * @param string $privateKey
+     * @param string $keyId
+     */
+	public function __construct($privateKey, $keyId)
+	{
+		$this->privateKey = $privateKey;
+		$this->header['kid'] = $keyId;
+	}
+
+    /**
+     * @param string $value
+     * @return $this
+     */
+	public function issuedBy($value)
+	{
+		$this->payload['iss'] = $value;
+		return $this;
+	}
+
+    /**
+     * @param DateTimeInterface $value
+     * @return $this
+     */
+	public function issuedAt(DateTimeInterface $value)
+	{
+		$this->payload['iat'] = $value->format('U');
+		return $this;
+	}
+
+    /**
+     * @param DateTimeInterface $value
+     * @return $this
+     */
+	public function expiresAt(DateTimeInterface $value)
+	{
+		$this->payload['exp'] = $value->format('U');
+		return $this;
+	}
+
+    /**
+     * @param string $value
+     * @return $this
+     */
+	public function permittedFor($value)
+	{
+		$this->payload['aud'] = $value;
+		return $this;
+	}
+
+    /**
+     * @return string
+     */
+	public function getToken()
+	{
+        $segments = [];
+
+        $segments[] = $this->urlEncode($this->header);
+        $segments[] = $this->urlEncode($this->payload);
+        $segments[] = $this->urlEncode($this->sign(implode('.', $segments)));
+
+        return implode('.', $segments);
+	}
+
+    /**
+     * @param string
+     * @return string
+     */
+	public function sign($input)
+	{
+        if (class_exists(LegacyRSA::class))
+        {
+            $rsa = new LegacyRSA;
+            $rsa->loadKey($this->privateKey);
+            $rsa->setHash('sha256');
+            $rsa->setMGFHash('sha256');
+            $rsa->setSignatureMode(LegacyRSA::SIGNATURE_PSS);
+        }
+        else
+        {
+            $rsa = PublicKeyLoader::load($this->privateKey);
+            $rsa->withPadding(RSA::SIGNATURE_PSS);
+        }
+
+        return $rsa->sign($input);
+	}
+
+    /**
+     * @param array $value
+     * @return string
+     */
+	public function jsonEncode($value)
+	{
+		return json_encode($value, JSON_UNESCAPED_SLASHES);
+	}
+
+    /**
+     * @param string|array $value
+     * @return string
+     */
+	public function urlEncode($value)
+    {
+    	if (is_array($value))
+    	{
+    		$value = $this->jsonEncode($value);
+    	}
+        return str_replace('=', '', strtr(base64_encode($value), '+/', '-_'));
+    }
+}