The start of something beautiful
This commit is contained in:
+90
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader;
|
||||
|
||||
/**
|
||||
* Abstract class for key loaders.
|
||||
*
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
abstract class AbstractKeyLoader implements KeyLoaderInterface
|
||||
{
|
||||
private ?string $signingKey;
|
||||
private ?string $publicKey;
|
||||
private ?string $passphrase;
|
||||
private array $additionalPublicKeys;
|
||||
|
||||
public function __construct(?string $signingKey = null, ?string $publicKey = null, ?string $passphrase = null, array $additionalPublicKeys = [])
|
||||
{
|
||||
$this->signingKey = $signingKey;
|
||||
$this->publicKey = $publicKey;
|
||||
$this->passphrase = $passphrase;
|
||||
$this->additionalPublicKeys = $additionalPublicKeys;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getPassphrase(): ?string
|
||||
{
|
||||
return $this->passphrase;
|
||||
}
|
||||
|
||||
public function getSigningKey(): ?string
|
||||
{
|
||||
return $this->signingKey && is_file($this->signingKey) ? $this->readKey(self::TYPE_PRIVATE) : $this->signingKey;
|
||||
}
|
||||
|
||||
public function getPublicKey(): ?string
|
||||
{
|
||||
return $this->publicKey && is_file($this->publicKey) ? $this->readKey(self::TYPE_PUBLIC) : $this->publicKey;
|
||||
}
|
||||
|
||||
public function getAdditionalPublicKeys(): array
|
||||
{
|
||||
$contents = [];
|
||||
|
||||
foreach ($this->additionalPublicKeys as $key) {
|
||||
if (!$key || !is_file($key) || !is_readable($key)) {
|
||||
throw new \RuntimeException(sprintf('Additional public key "%s" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.additional_public_keys" configuration key?', $key));
|
||||
}
|
||||
|
||||
$rawKey = @file_get_contents($key);
|
||||
|
||||
if (false === $rawKey) {
|
||||
// Try invalidating the realpath cache
|
||||
clearstatcache(true, $key);
|
||||
$rawKey = file_get_contents($key);
|
||||
}
|
||||
$contents[] = $rawKey;
|
||||
}
|
||||
|
||||
return $contents;
|
||||
}
|
||||
|
||||
private function readKey($type): ?string
|
||||
{
|
||||
$isPublic = self::TYPE_PUBLIC === $type;
|
||||
$key = $isPublic ? $this->publicKey : $this->signingKey;
|
||||
|
||||
if (!$key || !is_file($key) || !is_readable($key)) {
|
||||
if ($isPublic) {
|
||||
return null;
|
||||
}
|
||||
|
||||
throw new \RuntimeException(sprintf('Signature key "%s" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.signature_key" configuration key?', $key));
|
||||
}
|
||||
|
||||
$rawKey = @file_get_contents($key);
|
||||
|
||||
if (false === $rawKey) {
|
||||
// Try invalidating the realpath cache
|
||||
clearstatcache(true, $key);
|
||||
$rawKey = file_get_contents($key);
|
||||
}
|
||||
|
||||
return $rawKey;
|
||||
}
|
||||
}
|
||||
+16
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader;
|
||||
|
||||
/**
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
interface KeyDumperInterface
|
||||
{
|
||||
/**
|
||||
* Dumps a key to be shared between parties.
|
||||
*
|
||||
* @return resource|string
|
||||
*/
|
||||
public function dumpKey();
|
||||
}
|
||||
+31
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader;
|
||||
|
||||
/**
|
||||
* Interface for classes that are able to load crypto keys.
|
||||
*
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
interface KeyLoaderInterface
|
||||
{
|
||||
public const TYPE_PUBLIC = 'public';
|
||||
public const TYPE_PRIVATE = 'private';
|
||||
|
||||
/**
|
||||
* Loads a key from a given type (public or private).
|
||||
*
|
||||
* @param resource|string|null $type
|
||||
*
|
||||
* @return resource|string|null
|
||||
*/
|
||||
public function loadKey($type);
|
||||
|
||||
public function getPassphrase(): ?string;
|
||||
|
||||
public function getSigningKey(): ?string;
|
||||
|
||||
public function getPublicKey(): ?string;
|
||||
|
||||
public function getAdditionalPublicKeys(): array;
|
||||
}
|
||||
@@ -0,0 +1,52 @@
|
||||
<?php
|
||||
|
||||
namespace Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader;
|
||||
|
||||
/**
|
||||
* Reads crypto keys.
|
||||
*
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
class RawKeyLoader extends AbstractKeyLoader implements KeyDumperInterface
|
||||
{
|
||||
/**
|
||||
* @param string $type
|
||||
*
|
||||
* @return string
|
||||
*
|
||||
* @throws \RuntimeException If the key cannot be read
|
||||
*/
|
||||
public function loadKey($type)
|
||||
{
|
||||
if (!in_array($type, [self::TYPE_PUBLIC, self::TYPE_PRIVATE])) {
|
||||
throw new \InvalidArgumentException(sprintf('The key type must be "public" or "private", "%s" given.', $type));
|
||||
}
|
||||
|
||||
if (self::TYPE_PUBLIC === $type) {
|
||||
return $this->dumpKey();
|
||||
}
|
||||
|
||||
return $this->getSigningKey();
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function dumpKey()
|
||||
{
|
||||
if ($publicKey = $this->getPublicKey()) {
|
||||
return $publicKey;
|
||||
}
|
||||
|
||||
$signingKey = $this->getSigningKey();
|
||||
|
||||
// no public key provided, compute it from signing key
|
||||
try {
|
||||
$publicKey = openssl_pkey_get_details(openssl_pkey_get_private($signingKey, $this->getPassphrase()))['key'];
|
||||
} catch (\Throwable $e) {
|
||||
throw new \RuntimeException('Secret key either does not exist, is not readable or is invalid. Did you correctly set the "lexik_jwt_authentication.secret_key" config option?');
|
||||
}
|
||||
|
||||
return $publicKey;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user