1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
/** |
4
|
|
|
* For the full copyright and license information, please view |
5
|
|
|
* the LICENSE file that was distributed with this source code. |
6
|
|
|
* |
7
|
|
|
* @see https://github.com/ecphp |
8
|
|
|
*/ |
9
|
|
|
|
10
|
|
|
declare(strict_types=1); |
11
|
|
|
|
12
|
|
|
namespace EcPhp\ApiGwAuthenticationBundle\Service\KeyLoader; |
13
|
|
|
|
14
|
|
|
use EcPhp\ApiGwAuthenticationBundle\Exception\ApiGwAuthenticationException; |
15
|
|
|
use EcPhp\ApiGwAuthenticationBundle\Service\KeyConverter\KeyConverterInterface; |
16
|
|
|
use Psr\Http\Client\ClientInterface; |
17
|
|
|
use Psr\Http\Message\RequestFactoryInterface; |
18
|
|
|
use Throwable; |
19
|
|
|
|
20
|
|
|
use function array_key_exists; |
21
|
|
|
|
22
|
|
|
final class JWKSKeyLoader implements KeyLoaderInterface |
23
|
|
|
{ |
24
|
|
|
private ClientInterface $httpClient; |
25
|
|
|
|
26
|
|
|
private KeyConverterInterface $keyConverter; |
27
|
|
|
|
28
|
|
|
private KeyLoaderInterface $keyLoader; |
29
|
|
|
|
30
|
|
|
private RequestFactoryInterface $requestFactory; |
31
|
|
|
|
32
|
12 |
|
public function __construct( |
33
|
|
|
KeyLoaderInterface $keyLoader, |
34
|
|
|
ClientInterface $httpClient, |
35
|
|
|
RequestFactoryInterface $requestFactory, |
36
|
|
|
KeyConverterInterface $keyConverter |
37
|
|
|
) { |
38
|
12 |
|
$this->keyLoader = $keyLoader; |
39
|
12 |
|
$this->httpClient = $httpClient; |
40
|
12 |
|
$this->requestFactory = $requestFactory; |
41
|
12 |
|
$this->keyConverter = $keyConverter; |
42
|
|
|
} |
43
|
|
|
|
44
|
1 |
|
public function getPassphrase(): string |
45
|
|
|
{ |
46
|
1 |
|
return $this->keyLoader->getPassphrase(); |
|
|
|
|
47
|
|
|
} |
48
|
|
|
|
49
|
1 |
|
public function getPublicKey(): string |
50
|
|
|
{ |
51
|
1 |
|
return $this->keyLoader->getPublicKey(); |
52
|
|
|
} |
53
|
|
|
|
54
|
1 |
|
public function getSigningKey(): string |
55
|
|
|
{ |
56
|
1 |
|
return $this->keyLoader->getSigningKey(); |
57
|
|
|
} |
58
|
|
|
|
59
|
11 |
|
public function loadKey($type): string |
60
|
|
|
{ |
61
|
|
|
// Todo: Implements for PRIVATE key as well. |
62
|
11 |
|
$key = $this->keyLoader->getPublicKey(); |
63
|
|
|
|
64
|
|
|
try { |
65
|
|
|
$response = $this |
66
|
11 |
|
->httpClient |
67
|
11 |
|
->sendRequest( |
68
|
|
|
$this |
69
|
11 |
|
->requestFactory |
70
|
11 |
|
->createRequest( |
71
|
|
|
'GET', |
72
|
|
|
$key |
73
|
|
|
) |
74
|
|
|
); |
75
|
7 |
|
} catch (Throwable $e) { |
76
|
7 |
|
throw new ApiGwAuthenticationException( |
77
|
7 |
|
sprintf('Unable to request uri(%s) for %s key.', $key, $type), |
78
|
7 |
|
$e->getCode(), |
79
|
|
|
$e |
80
|
|
|
); |
81
|
|
|
} |
82
|
|
|
|
83
|
4 |
|
if (200 !== $statusCode = $response->getStatusCode()) { |
84
|
1 |
|
throw new ApiGwAuthenticationException( |
85
|
1 |
|
sprintf('Invalid code(%s) thrown while fetching the %s key at %s.', $statusCode, $type, $key) |
86
|
|
|
); |
87
|
|
|
} |
88
|
|
|
|
89
|
3 |
|
$jwks = (array) json_decode((string) $response->getBody(), true); |
90
|
|
|
|
91
|
3 |
|
if (false === array_key_exists('keys', $jwks)) { |
92
|
1 |
|
throw new ApiGwAuthenticationException( |
93
|
1 |
|
sprintf('Invalid JWKS format of %s key at %s.', $type, $key) |
94
|
|
|
); |
95
|
|
|
} |
96
|
|
|
|
97
|
2 |
|
if ([] === $jwks['keys']) { |
98
|
1 |
|
throw new ApiGwAuthenticationException( |
99
|
1 |
|
sprintf('Invalid JWKS format of %s key at %s, keys array is empty.', $type, $key) |
100
|
|
|
); |
101
|
|
|
} |
102
|
|
|
|
103
|
1 |
|
return current($this->keyConverter->fromJWKStoPEMS($jwks['keys'])); |
104
|
|
|
} |
105
|
|
|
} |
106
|
|
|
|