| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 |
- <?php
- namespace Lcobucci\JWT\Signer;
- use InvalidArgumentException;
- use function is_resource;
- use function openssl_error_string;
- use function openssl_free_key;
- use function openssl_pkey_get_details;
- use function openssl_pkey_get_private;
- use function openssl_pkey_get_public;
- use function openssl_sign;
- use function openssl_verify;
- abstract class OpenSSL extends BaseSigner
- {
- public function createHash($payload, Key $key)
- {
- $privateKey = $this->getPrivateKey($key->getContent(), $key->getPassphrase());
- try {
- $signature = '';
- if (! openssl_sign($payload, $signature, $privateKey, $this->getAlgorithm())) {
- throw CannotSignPayload::errorHappened(openssl_error_string());
- }
- return $signature;
- } finally {
- openssl_free_key($privateKey);
- }
- }
- /**
- * @param string $pem
- * @param string $passphrase
- *
- * @return resource
- */
- private function getPrivateKey($pem, $passphrase)
- {
- $privateKey = openssl_pkey_get_private($pem, $passphrase);
- $this->validateKey($privateKey);
- return $privateKey;
- }
- /**
- * @param $expected
- * @param $payload
- * @param $key
- * @return bool
- */
- public function doVerify($expected, $payload, Key $key)
- {
- $publicKey = $this->getPublicKey($key->getContent());
- $result = openssl_verify($payload, $expected, $publicKey, $this->getAlgorithm());
- openssl_free_key($publicKey);
- return $result === 1;
- }
- /**
- * @param string $pem
- *
- * @return resource
- */
- private function getPublicKey($pem)
- {
- $publicKey = openssl_pkey_get_public($pem);
- $this->validateKey($publicKey);
- return $publicKey;
- }
- /**
- * Raises an exception when the key type is not the expected type
- *
- * @param resource|bool $key
- *
- * @throws InvalidArgumentException
- */
- private function validateKey($key)
- {
- if (! is_resource($key)) {
- throw InvalidKeyProvided::cannotBeParsed(openssl_error_string());
- }
- $details = openssl_pkey_get_details($key);
- if (! isset($details['key']) || $details['type'] !== $this->getKeyType()) {
- throw InvalidKeyProvided::incompatibleKey();
- }
- }
- /**
- * Returns the type of key to be used to create/verify the signature (using OpenSSL constants)
- *
- * @internal
- */
- abstract public function getKeyType();
- /**
- * Returns which algorithm to be used to create/verify the signature (using OpenSSL constants)
- *
- * @internal
- */
- abstract public function getAlgorithm();
- }
|