|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* For the full copyright and license information, please view |
|
5
|
|
|
* the LICENSE file that was distributed with this source code. |
|
6
|
|
|
* |
|
7
|
|
|
* @see https://github.com/ecphp |
|
8
|
|
|
*/ |
|
9
|
|
|
|
|
10
|
|
|
declare(strict_types=1); |
|
11
|
|
|
|
|
12
|
|
|
namespace EcPhp\ApiGwAuthenticationBundle\Service\KeyLoader; |
|
13
|
|
|
|
|
14
|
|
|
use EcPhp\ApiGwAuthenticationBundle\Exception\ApiGwAuthenticationException; |
|
15
|
|
|
use EcPhp\ApiGwAuthenticationBundle\Service\KeyConverter\KeyConverterInterface; |
|
16
|
|
|
use Psr\Http\Client\ClientInterface; |
|
17
|
|
|
use Psr\Http\Message\RequestFactoryInterface; |
|
18
|
|
|
use Throwable; |
|
19
|
|
|
|
|
20
|
|
|
use function array_key_exists; |
|
21
|
|
|
|
|
22
|
|
|
final class JWKSKeyLoader implements KeyLoaderInterface |
|
23
|
|
|
{ |
|
24
|
|
|
private ClientInterface $httpClient; |
|
25
|
|
|
|
|
26
|
|
|
private KeyConverterInterface $keyConverter; |
|
27
|
|
|
|
|
28
|
|
|
private KeyLoaderInterface $keyLoader; |
|
29
|
|
|
|
|
30
|
|
|
private RequestFactoryInterface $requestFactory; |
|
31
|
|
|
|
|
32
|
12 |
|
public function __construct( |
|
33
|
|
|
KeyLoaderInterface $keyLoader, |
|
34
|
|
|
ClientInterface $httpClient, |
|
35
|
|
|
RequestFactoryInterface $requestFactory, |
|
36
|
|
|
KeyConverterInterface $keyConverter |
|
37
|
|
|
) { |
|
38
|
12 |
|
$this->keyLoader = $keyLoader; |
|
39
|
12 |
|
$this->httpClient = $httpClient; |
|
40
|
12 |
|
$this->requestFactory = $requestFactory; |
|
41
|
12 |
|
$this->keyConverter = $keyConverter; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
1 |
|
public function getPassphrase(): string |
|
45
|
|
|
{ |
|
46
|
1 |
|
return $this->keyLoader->getPassphrase(); |
|
|
|
|
|
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
1 |
|
public function getPublicKey(): string |
|
50
|
|
|
{ |
|
51
|
1 |
|
return $this->keyLoader->getPublicKey(); |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
1 |
|
public function getSigningKey(): string |
|
55
|
|
|
{ |
|
56
|
1 |
|
return $this->keyLoader->getSigningKey(); |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
11 |
|
public function loadKey($type): string |
|
60
|
|
|
{ |
|
61
|
|
|
// Todo: Implements for PRIVATE key as well. |
|
62
|
11 |
|
$key = $this->keyLoader->getPublicKey(); |
|
63
|
|
|
|
|
64
|
|
|
try { |
|
65
|
|
|
$response = $this |
|
66
|
11 |
|
->httpClient |
|
67
|
11 |
|
->sendRequest( |
|
68
|
|
|
$this |
|
69
|
11 |
|
->requestFactory |
|
70
|
11 |
|
->createRequest( |
|
71
|
|
|
'GET', |
|
72
|
|
|
$key |
|
73
|
|
|
) |
|
74
|
|
|
); |
|
75
|
7 |
|
} catch (Throwable $e) { |
|
76
|
7 |
|
throw new ApiGwAuthenticationException( |
|
77
|
7 |
|
sprintf('Unable to request uri(%s) for %s key.', $key, $type), |
|
78
|
7 |
|
$e->getCode(), |
|
79
|
|
|
$e |
|
80
|
|
|
); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
4 |
|
if (200 !== $statusCode = $response->getStatusCode()) { |
|
84
|
1 |
|
throw new ApiGwAuthenticationException( |
|
85
|
1 |
|
sprintf('Invalid code(%s) thrown while fetching the %s key at %s.', $statusCode, $type, $key) |
|
86
|
|
|
); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
3 |
|
$jwks = (array) json_decode((string) $response->getBody(), true); |
|
90
|
|
|
|
|
91
|
3 |
|
if (false === array_key_exists('keys', $jwks)) { |
|
92
|
1 |
|
throw new ApiGwAuthenticationException( |
|
93
|
1 |
|
sprintf('Invalid JWKS format of %s key at %s.', $type, $key) |
|
94
|
|
|
); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
2 |
|
if ([] === $jwks['keys']) { |
|
98
|
1 |
|
throw new ApiGwAuthenticationException( |
|
99
|
1 |
|
sprintf('Invalid JWKS format of %s key at %s, keys array is empty.', $type, $key) |
|
100
|
|
|
); |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
1 |
|
return current($this->keyConverter->fromJWKStoPEMS($jwks['keys'])); |
|
104
|
|
|
} |
|
105
|
|
|
} |
|
106
|
|
|
|
ecphp /
api-gw-authentication-bundle
Pol Dellaiera
Loading history...