first commit
This commit is contained in:
@@ -0,0 +1,116 @@
|
||||
<?php
|
||||
/**
|
||||
* @package akeebabackup
|
||||
* @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
|
||||
* @license GNU General Public License version 3, or later
|
||||
*/
|
||||
|
||||
/** @noinspection PhpIllegalPsrClassPathInspection */
|
||||
|
||||
namespace Lcobucci\JWT\Signer;
|
||||
|
||||
use InvalidArgumentException;
|
||||
use function is_resource;
|
||||
use function openssl_error_string;
|
||||
use function openssl_free_key;
|
||||
use function openssl_pkey_get_details;
|
||||
use function openssl_pkey_get_private;
|
||||
use function openssl_pkey_get_public;
|
||||
use function openssl_sign;
|
||||
use function openssl_verify;
|
||||
|
||||
abstract class OpenSSL extends BaseSigner
|
||||
{
|
||||
public function createHash($payload, Key $key)
|
||||
{
|
||||
$privateKey = $this->getPrivateKey($key->getContent(), $key->getPassphrase());
|
||||
|
||||
try {
|
||||
$signature = '';
|
||||
|
||||
if (! openssl_sign($payload, $signature, $privateKey, $this->getAlgorithm())) {
|
||||
throw CannotSignPayload::errorHappened(openssl_error_string());
|
||||
}
|
||||
|
||||
return $signature;
|
||||
} finally {
|
||||
@openssl_free_key($privateKey);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $pem
|
||||
* @param string $passphrase
|
||||
*
|
||||
* @return resource
|
||||
*/
|
||||
private function getPrivateKey($pem, $passphrase)
|
||||
{
|
||||
$privateKey = openssl_pkey_get_private($pem, $passphrase);
|
||||
$this->validateKey($privateKey);
|
||||
|
||||
return $privateKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $expected
|
||||
* @param $payload
|
||||
* @param $key
|
||||
* @return bool
|
||||
*/
|
||||
public function doVerify($expected, $payload, Key $key)
|
||||
{
|
||||
$publicKey = $this->getPublicKey($key->getContent());
|
||||
$result = openssl_verify($payload, $expected, $publicKey, $this->getAlgorithm());
|
||||
openssl_free_key($publicKey);
|
||||
|
||||
return $result === 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $pem
|
||||
*
|
||||
* @return resource
|
||||
*/
|
||||
private function getPublicKey($pem)
|
||||
{
|
||||
$publicKey = openssl_pkey_get_public($pem);
|
||||
$this->validateKey($publicKey);
|
||||
|
||||
return $publicKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Raises an exception when the key type is not the expected type
|
||||
*
|
||||
* @param resource|bool $key
|
||||
*
|
||||
* @throws InvalidArgumentException
|
||||
*/
|
||||
private function validateKey($key)
|
||||
{
|
||||
if (! is_resource($key) && !is_object($key)) {
|
||||
throw InvalidKeyProvided::cannotBeParsed(openssl_error_string());
|
||||
}
|
||||
|
||||
$details = openssl_pkey_get_details($key);
|
||||
|
||||
if (! isset($details['key']) || $details['type'] !== $this->getKeyType()) {
|
||||
throw InvalidKeyProvided::incompatibleKey();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the type of key to be used to create/verify the signature (using OpenSSL constants)
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
abstract public function getKeyType();
|
||||
|
||||
/**
|
||||
* Returns which algorithm to be used to create/verify the signature (using OpenSSL constants)
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
abstract public function getAlgorithm();
|
||||
}
|
||||
Reference in New Issue
Block a user