|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace JWX\JWS\Algorithm; |
|
4
|
|
|
|
|
5
|
|
|
use JWX\JWK\Feature\AsymmetricPrivateKey; |
|
6
|
|
|
use JWX\JWK\Feature\AsymmetricPublicKey; |
|
7
|
|
|
use JWX\JWS\SignatureAlgorithm; |
|
8
|
|
|
|
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* Base class for algorithms employing asymmetric signature computation |
|
12
|
|
|
* using OpenSSL extension. |
|
13
|
|
|
*/ |
|
14
|
|
|
abstract class OpenSSLSignatureAlgorithm implements SignatureAlgorithm |
|
15
|
|
|
{ |
|
16
|
|
|
/** |
|
17
|
|
|
* Public key. |
|
18
|
|
|
* |
|
19
|
|
|
* @var AsymmetricPublicKey $_publicKey |
|
20
|
|
|
*/ |
|
21
|
|
|
protected $_publicKey; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Private key. |
|
25
|
|
|
* |
|
26
|
|
|
* @var AsymmetricPrivateKey|null $_privateKey |
|
27
|
|
|
*/ |
|
28
|
|
|
protected $_privateKey; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* Get the message digest method name supported by OpenSSL. |
|
32
|
|
|
* |
|
33
|
|
|
* @return string |
|
34
|
|
|
*/ |
|
35
|
|
|
abstract protected function _mdMethod(); |
|
36
|
|
|
|
|
37
|
12 |
|
public function computeSignature($data) { |
|
38
|
|
|
/** |
|
39
|
|
|
* NOTE: OpenSSL uses PKCS #1 v1.5 padding by default, so no explicit |
|
40
|
|
|
* padding is required by sign and verify operations. |
|
41
|
|
|
*/ |
|
42
|
12 |
|
if (!isset($this->_privateKey)) { |
|
43
|
1 |
|
throw new \LogicException("Private key not set."); |
|
44
|
|
|
} |
|
45
|
11 |
|
$key = openssl_pkey_get_private($this->_privateKey->toPEM()->string()); |
|
46
|
11 |
|
if (!$key) { |
|
47
|
1 |
|
throw new \RuntimeException( |
|
48
|
|
|
"openssl_pkey_get_private() failed: " . |
|
49
|
1 |
|
$this->_getLastOpenSSLError()); |
|
50
|
|
|
} |
|
51
|
10 |
|
$result = @openssl_sign($data, $signature, $key, $this->_mdMethod()); |
|
52
|
10 |
|
if (!$result) { |
|
53
|
1 |
|
throw new \RuntimeException( |
|
54
|
1 |
|
"openssl_sign() failed: " . $this->_getLastOpenSSLError()); |
|
55
|
|
|
} |
|
56
|
9 |
|
return $signature; |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
10 |
|
public function validateSignature($data, $signature) { |
|
60
|
10 |
|
$key = openssl_pkey_get_public($this->_publicKey->toPEM()->string()); |
|
61
|
10 |
|
if (!$key) { |
|
62
|
1 |
|
throw new \RuntimeException( |
|
63
|
|
|
"openssl_pkey_get_public() failed: " . |
|
64
|
1 |
|
$this->_getLastOpenSSLError()); |
|
65
|
|
|
} |
|
66
|
9 |
|
$result = @openssl_verify($data, $signature, $key, $this->_mdMethod()); |
|
67
|
9 |
|
if (false === $result || -1 == $result) { |
|
68
|
1 |
|
throw new \RuntimeException( |
|
69
|
1 |
|
"openssl_verify() failed: " . $this->_getLastOpenSSLError()); |
|
70
|
|
|
} |
|
71
|
8 |
|
return $result == 1; |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* Get the last OpenSSL error message. |
|
76
|
|
|
* |
|
77
|
|
|
* @return string|null |
|
78
|
|
|
*/ |
|
79
|
4 |
View Code Duplication |
protected function _getLastOpenSSLError() { |
|
|
|
|
|
|
80
|
4 |
|
$msg = null; |
|
81
|
4 |
|
while (false !== ($err = openssl_error_string())) { |
|
82
|
4 |
|
$msg = $err; |
|
83
|
4 |
|
} |
|
84
|
4 |
|
return $msg; |
|
85
|
|
|
} |
|
86
|
|
|
} |
|
87
|
|
|
|
sop /
jwx
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.