2016-03-28 20:12:34 +05:30
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Cryptography key holder.
|
|
|
|
*
|
|
|
|
* @author Julián Gutiérrez <juliangut@gmail.com>
|
|
|
|
* @copyright Copyright (c) Alex Bilbie
|
|
|
|
* @license http://mit-license.org/
|
|
|
|
*
|
|
|
|
* @link https://github.com/thephpleague/oauth2-server
|
|
|
|
*/
|
2016-07-09 04:30:44 +05:30
|
|
|
|
2016-03-28 20:12:34 +05:30
|
|
|
namespace League\OAuth2\Server;
|
|
|
|
|
|
|
|
class CryptKey
|
|
|
|
{
|
2016-07-19 18:31:31 +05:30
|
|
|
const RSA_KEY_PATTERN =
|
|
|
|
'/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----\n)(.|\n)+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/';
|
|
|
|
|
2016-03-28 20:12:34 +05:30
|
|
|
/**
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $keyPath;
|
|
|
|
|
|
|
|
/**
|
2016-07-09 04:30:44 +05:30
|
|
|
* @var null|string
|
2016-03-28 20:12:34 +05:30
|
|
|
*/
|
|
|
|
protected $passPhrase;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $keyPath
|
|
|
|
* @param null|string $passPhrase
|
|
|
|
*/
|
|
|
|
public function __construct($keyPath, $passPhrase = null)
|
|
|
|
{
|
2016-07-19 18:31:31 +05:30
|
|
|
if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
|
|
|
|
$keyPath = $this->saveKeyToFile($keyPath);
|
|
|
|
}
|
|
|
|
|
2016-03-28 20:12:34 +05:30
|
|
|
if (strpos($keyPath, 'file://') !== 0) {
|
|
|
|
$keyPath = 'file://' . $keyPath;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!file_exists($keyPath) || !is_readable($keyPath)) {
|
|
|
|
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
|
|
|
|
}
|
|
|
|
|
2017-06-16 21:28:49 +05:30
|
|
|
// Verify the permissions of the key
|
|
|
|
$keyPathPerms = decoct(fileperms($keyPath) & 0777);
|
|
|
|
if ($keyPathPerms !== '600') {
|
|
|
|
// Attempt to correct the permissions
|
|
|
|
if (chmod($keyPath, 0600) === false) {
|
|
|
|
// @codeCoverageIgnoreStart
|
|
|
|
throw new \LogicException(
|
|
|
|
sprintf(
|
|
|
|
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
|
|
|
|
$keyPath,
|
|
|
|
$keyPathPerms
|
|
|
|
)
|
|
|
|
);
|
|
|
|
// @codeCoverageIgnoreEnd
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-28 20:12:34 +05:30
|
|
|
$this->keyPath = $keyPath;
|
|
|
|
$this->passPhrase = $passPhrase;
|
|
|
|
}
|
|
|
|
|
2016-07-19 18:31:31 +05:30
|
|
|
/**
|
|
|
|
* @param string $key
|
|
|
|
*
|
2016-07-19 20:45:36 +05:30
|
|
|
* @throws \RuntimeException
|
|
|
|
*
|
2016-07-19 18:31:31 +05:30
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
private function saveKeyToFile($key)
|
|
|
|
{
|
2017-06-16 21:29:29 +05:30
|
|
|
$tmpDir = sys_get_temp_dir();
|
|
|
|
$keyPath = $tmpDir . '/' . sha1($key) . '.key';
|
2016-07-19 18:31:31 +05:30
|
|
|
|
2016-07-19 18:36:32 +05:30
|
|
|
if (!file_exists($keyPath) && !touch($keyPath)) {
|
2016-07-19 20:45:36 +05:30
|
|
|
// @codeCoverageIgnoreStart
|
2017-07-03 23:58:28 +05:30
|
|
|
throw new \RuntimeException(sprintf('"%s" key file could not be created', $keyPath));
|
2016-07-19 20:45:36 +05:30
|
|
|
// @codeCoverageIgnoreEnd
|
2016-07-19 18:31:31 +05:30
|
|
|
}
|
|
|
|
|
2017-06-16 21:29:29 +05:30
|
|
|
if (file_put_contents($keyPath, $key) === false) {
|
|
|
|
// @codeCoverageIgnoreStart
|
2017-07-03 23:58:28 +05:30
|
|
|
throw new \RuntimeException(sprintf('Unable to write key file to temporary directory "%s"', $tmpDir));
|
2017-06-16 21:29:29 +05:30
|
|
|
// @codeCoverageIgnoreEnd
|
|
|
|
}
|
|
|
|
|
|
|
|
if (chmod($keyPath, 0600) === false) {
|
|
|
|
// @codeCoverageIgnoreStart
|
2017-07-03 23:58:28 +05:30
|
|
|
throw new \RuntimeException(sprintf('The key file "%s" file mode could not be changed with chmod to 600', $keyPath));
|
2017-06-16 21:29:29 +05:30
|
|
|
// @codeCoverageIgnoreEnd
|
|
|
|
}
|
2016-07-19 18:31:31 +05:30
|
|
|
|
|
|
|
return 'file://' . $keyPath;
|
|
|
|
}
|
|
|
|
|
2016-03-28 20:12:34 +05:30
|
|
|
/**
|
|
|
|
* Retrieve key path.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getKeyPath()
|
|
|
|
{
|
|
|
|
return $this->keyPath;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Retrieve key pass phrase.
|
|
|
|
*
|
|
|
|
* @return null|string
|
|
|
|
*/
|
|
|
|
public function getPassPhrase()
|
|
|
|
{
|
|
|
|
return $this->passPhrase;
|
|
|
|
}
|
|
|
|
}
|