mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Extract public key from private pem file at runtime
This commit is contained in:
ErickSkrauch
@ -8,8 +8,6 @@ use Lcobucci\JWT\Signer\Key;
|
||||
|
||||
interface AlgorithmInterface {
|
||||
|
||||
public function getAlgorithmId(): string;
|
||||
|
||||
public function getSigner(): Signer;
|
||||
|
||||
public function getPrivateKey(): Key;
|
||||
|
||||
@ -7,68 +7,45 @@ use Lcobucci\JWT\Signer;
|
||||
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
|
||||
use Lcobucci\JWT\Signer\Key;
|
||||
|
||||
class ES256 implements AlgorithmInterface {
|
||||
final class ES256 implements AlgorithmInterface {
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $privateKey;
|
||||
private string $privateKeyPath;
|
||||
|
||||
/**
|
||||
* @var string|null
|
||||
*/
|
||||
private $privateKeyPass;
|
||||
private ?string $privateKeyPass;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $publicKey;
|
||||
private ?Key $privateKey = null;
|
||||
|
||||
/**
|
||||
* @var Key|null
|
||||
*/
|
||||
private $loadedPrivateKey;
|
||||
private ?Key $publicKey = null;
|
||||
|
||||
/**
|
||||
* @var Key|null
|
||||
*/
|
||||
private $loadedPublicKey;
|
||||
private Sha256 $signer;
|
||||
|
||||
/**
|
||||
* TODO: document arguments
|
||||
*
|
||||
* @param string $privateKey
|
||||
* @param string|null $privateKeyPass
|
||||
* @param string $publicKey
|
||||
*/
|
||||
public function __construct(string $privateKey, ?string $privateKeyPass, string $publicKey) {
|
||||
$this->privateKey = $privateKey;
|
||||
public function __construct(string $privateKeyPath, ?string $privateKeyPass = null) {
|
||||
$this->privateKeyPath = $privateKeyPath;
|
||||
$this->privateKeyPass = $privateKeyPass;
|
||||
$this->publicKey = $publicKey;
|
||||
}
|
||||
|
||||
public function getAlgorithmId(): string {
|
||||
return 'ES256';
|
||||
$this->signer = new Sha256();
|
||||
}
|
||||
|
||||
public function getSigner(): Signer {
|
||||
return new Sha256();
|
||||
return $this->signer;
|
||||
}
|
||||
|
||||
public function getPrivateKey(): Key {
|
||||
if ($this->loadedPrivateKey === null) {
|
||||
$this->loadedPrivateKey = new Key($this->privateKey, $this->privateKeyPass);
|
||||
if ($this->privateKey === null) {
|
||||
$this->privateKey = new Key($this->privateKeyPath, $this->privateKeyPass);
|
||||
}
|
||||
|
||||
return $this->loadedPrivateKey;
|
||||
return $this->privateKey;
|
||||
}
|
||||
|
||||
public function getPublicKey(): Key {
|
||||
if ($this->loadedPublicKey === null) {
|
||||
$this->loadedPublicKey = new Key($this->publicKey);
|
||||
if ($this->publicKey === null) {
|
||||
$privateKey = $this->getPrivateKey();
|
||||
$privateKeyOpenSSL = openssl_pkey_get_private($privateKey->getContent(), $privateKey->getPassphrase() ?? '');
|
||||
$publicPem = openssl_pkey_get_details($privateKeyOpenSSL)['key'];
|
||||
$this->publicKey = new Key($publicPem);
|
||||
}
|
||||
|
||||
return $this->loadedPublicKey;
|
||||
return $this->publicKey;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -23,10 +23,6 @@ class HS256 implements AlgorithmInterface {
|
||||
$this->key = $key;
|
||||
}
|
||||
|
||||
public function getAlgorithmId(): string {
|
||||
return 'HS256';
|
||||
}
|
||||
|
||||
public function getSigner(): Signer {
|
||||
return new Sha256();
|
||||
}
|
||||
|
||||
@ -6,21 +6,24 @@ namespace api\components\Tokens;
|
||||
use api\components\Tokens\Algorithms\AlgorithmInterface;
|
||||
use Webmozart\Assert\Assert;
|
||||
|
||||
class AlgorithmsManager {
|
||||
final class AlgorithmsManager {
|
||||
|
||||
/**
|
||||
* @var AlgorithmInterface[]
|
||||
*/
|
||||
private $algorithms = [];
|
||||
private array $algorithms = [];
|
||||
|
||||
/**
|
||||
* @param AlgorithmInterface[] $algorithms
|
||||
*/
|
||||
public function __construct(array $algorithms = []) {
|
||||
array_map([$this, 'add'], $algorithms);
|
||||
}
|
||||
|
||||
public function add(AlgorithmInterface $algorithm): self {
|
||||
$id = $algorithm->getAlgorithmId();
|
||||
$id = $algorithm->getSigner()->getAlgorithmId();
|
||||
Assert::keyNotExists($this->algorithms, $id, 'passed algorithm is already exists');
|
||||
$this->algorithms[$algorithm->getSigner()->getAlgorithmId()] = $algorithm;
|
||||
$this->algorithms[$id] = $algorithm;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
@ -25,11 +25,6 @@ class Component extends BaseComponent {
|
||||
*/
|
||||
public $hmacKey;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
public $publicKeyPath;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
@ -45,16 +40,12 @@ class Component extends BaseComponent {
|
||||
*/
|
||||
public $encryptionKey;
|
||||
|
||||
/**
|
||||
* @var AlgorithmsManager|null
|
||||
*/
|
||||
private $algorithmManager;
|
||||
private ?AlgorithmsManager $algorithmManager = null;
|
||||
|
||||
public function init(): void {
|
||||
parent::init();
|
||||
Assert::notEmpty($this->hmacKey, 'hmacKey must be set');
|
||||
Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set');
|
||||
Assert::notEmpty($this->publicKeyPath, 'publicKeyPath must be set');
|
||||
Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set');
|
||||
}
|
||||
|
||||
@ -131,11 +122,7 @@ class Component extends BaseComponent {
|
||||
if ($this->algorithmManager === null) {
|
||||
$this->algorithmManager = new AlgorithmsManager([
|
||||
new Algorithms\HS256($this->hmacKey),
|
||||
new Algorithms\ES256(
|
||||
"file://{$this->privateKeyPath}",
|
||||
$this->privateKeyPass,
|
||||
"file://{$this->publicKeyPath}"
|
||||
),
|
||||
new Algorithms\ES256("file://{$this->privateKeyPath}", $this->privateKeyPass),
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user