oauth2-server/src/CryptKey.php

<?php
/**
 * Cryptography key holder.
 *
 * @author      Julián Gutiérrez <juliangut@gmail.com>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

class CryptKey
{
    const RSA_KEY_PATTERN =
        '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)\R.*(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\R?$/s';

    /**
     * @var string
     */
    protected $keyPath;

    /**
     * @var null|string
     */
    protected $passPhrase;

    /**
     * @param string      $keyPath
     * @param null|string $passPhrase
     * @param bool        $keyPermissionsCheck
     */
    public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)
    {
        if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {
            $keyPath = $this->saveKeyToFile($keyPath);
        }

        if (strpos($keyPath, 'file://') !== 0) {
            $keyPath = 'file://' . $keyPath;
        }

        if (!file_exists($keyPath) || !is_readable($keyPath)) {
            throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
        }

        if ($keyPermissionsCheck === true) {
            // Verify the permissions of the key
            $keyPathPerms = decoct(fileperms($keyPath) & 0777);
            if (in_array($keyPathPerms, ['400', '440', '600', '640', '660'], true) === false) {
                trigger_error(sprintf(
                    'Key file "%s" permissions are not correct, recommend changing to 600 or 660 instead of %s',
                    $keyPath,
                    $keyPathPerms
                ), E_USER_NOTICE);
            }
        }

        $this->keyPath = $keyPath;
        $this->passPhrase = $passPhrase;
    }

    /**
     * @param string $key
     *
     * @throws \RuntimeException
     *
     * @return string
     */
    private function saveKeyToFile($key)
    {
        $tmpDir = sys_get_temp_dir();
        $keyPath = $tmpDir . '/' . sha1($key) . '.key';

        if (file_exists($keyPath)) {
            return 'file://' . $keyPath;
        }

        if (!touch($keyPath)) {
            // @codeCoverageIgnoreStart
            throw new \RuntimeException(sprintf('"%s" key file could not be created', $keyPath));
            // @codeCoverageIgnoreEnd
        }

        if (file_put_contents($keyPath, $key) === false) {
            // @codeCoverageIgnoreStart
            throw new \RuntimeException(sprintf('Unable to write key file to temporary directory "%s"', $tmpDir));
            // @codeCoverageIgnoreEnd
        }

        if (chmod($keyPath, 0600) === false) {
            // @codeCoverageIgnoreStart
            throw new \RuntimeException(sprintf('The key file "%s" file mode could not be changed with chmod to 600', $keyPath));
            // @codeCoverageIgnoreEnd
        }

        return 'file://' . $keyPath;
    }

    /**
     * Retrieve key path.
     *
     * @return string
     */
    public function getKeyPath()
    {
        return $this->keyPath;
    }

    /**
     * Retrieve key pass phrase.
     *
     * @return null|string
     */
    public function getPassPhrase()
    {
        return $this->passPhrase;
    }
}
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`<?php`
			`/**`
			`* Cryptography key holder.`
			`*`
			`* @author Julián Gutiérrez <juliangut@gmail.com>`
			`* @copyright Copyright (c) Alex Bilbie`
			`* @license http://mit-license.org/`
			`*`
			`* @link https://github.com/thephpleague/oauth2-server`
			`*/`
Updated PHPDoc 2016-07-09 04:30:44 +05:30
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`namespace League\OAuth2\Server;`

			`class CryptKey`
			`{`
key file auto-generation from string 2016-07-19 18:31:31 +05:30			`const RSA_KEY_PATTERN =`
In public/private keys, force the header to be on its own line, allow missing \n after the footer 2018-01-04 16:47:31 +05:30			`'/^(-----BEGIN (RSA )?(PUBLIC\|PRIVATE) KEY-----)\R.*(-----END (RSA )?(PUBLIC\|PRIVATE) KEY-----)\R?$/s';`
key file auto-generation from string 2016-07-19 18:31:31 +05:30
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`/**`
			`* @var string`
			`*/`
			`protected $keyPath;`

			`/**`
Updated PHPDoc 2016-07-09 04:30:44 +05:30			`* @var null\|string`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`*/`
			`protected $passPhrase;`

			`/**`
			`* @param string $keyPath`
			`* @param null\|string $passPhrase`
Removed chmod from CryptKey and add toggle to disable checking 2017-08-01 18:29:21 +05:30			`* @param bool $keyPermissionsCheck`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`*/`
Removed chmod from CryptKey and add toggle to disable checking 2017-08-01 18:29:21 +05:30			`public function __construct($keyPath, $passPhrase = null, $keyPermissionsCheck = true)`
handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`{`
key file auto-generation from string 2016-07-19 18:31:31 +05:30			`if (preg_match(self::RSA_KEY_PATTERN, $keyPath)) {`
			`$keyPath = $this->saveKeyToFile($keyPath);`
			`}`

handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`if (strpos($keyPath, 'file://') !== 0) {`
			`$keyPath = 'file://' . $keyPath;`
			`}`

			`if (!file_exists($keyPath) \|\| !is_readable($keyPath)) {`
			`throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));`
			`}`

Removed chmod from CryptKey and add toggle to disable checking 2017-08-01 18:29:21 +05:30			`if ($keyPermissionsCheck === true) {`
			`// Verify the permissions of the key`
			`$keyPathPerms = decoct(fileperms($keyPath) & 0777);`
Allow 640 as key file permisions 2018-06-21 20:32:01 +05:30			`if (in_array($keyPathPerms, ['400', '440', '600', '640', '660'], true) === false) {`
Removed chmod from CryptKey and add toggle to disable checking 2017-08-01 18:29:21 +05:30			`trigger_error(sprintf(`
Update CryptKey.php Change the error message to reflect that the server will also accept 440 and 400 as a valid file permission 2018-02-12 03:42:55 +05:30			`'Key file "%s" permissions are not correct, recommend changing to 600 or 660 instead of %s',`
Removed chmod from CryptKey and add toggle to disable checking 2017-08-01 18:29:21 +05:30			`$keyPath,`
			`$keyPathPerms`
			`), E_USER_NOTICE);`
Ensure the server is the exclusive owner of the key 2017-06-16 21:28:49 +05:30			`}`
			`}`

handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`$this->keyPath = $keyPath;`
			`$this->passPhrase = $passPhrase;`
			`}`

key file auto-generation from string 2016-07-19 18:31:31 +05:30			`/**`
			`* @param string $key`
			`*`
CryptKey tests 2016-07-19 20:45:36 +05:30			`* @throws \RuntimeException`
			`*`
key file auto-generation from string 2016-07-19 18:31:31 +05:30			`* @return string`
			`*/`
			`private function saveKeyToFile($key)`
			`{`
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-06-16 21:29:29 +05:30			`$tmpDir = sys_get_temp_dir();`
			`$keyPath = $tmpDir . '/' . sha1($key) . '.key';`
key file auto-generation from string 2016-07-19 18:31:31 +05:30
Do not create key file if it already exists and it is the same 2018-01-29 15:35:10 +05:30			`if (file_exists($keyPath)) {`
			`return 'file://' . $keyPath;`
			`}`

			`if (!touch($keyPath)) {`
CryptKey tests 2016-07-19 20:45:36 +05:30			`// @codeCoverageIgnoreStart`
Fix missing sprintf 2017-07-03 23:58:28 +05:30			`throw new \RuntimeException(sprintf('"%s" key file could not be created', $keyPath));`
CryptKey tests 2016-07-19 20:45:36 +05:30			`// @codeCoverageIgnoreEnd`
key file auto-generation from string 2016-07-19 18:31:31 +05:30			`}`

Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-06-16 21:29:29 +05:30			`if (file_put_contents($keyPath, $key) === false) {`
			`// @codeCoverageIgnoreStart`
Fix missing sprintf 2017-07-03 23:58:28 +05:30			`throw new \RuntimeException(sprintf('Unable to write key file to temporary directory "%s"', $tmpDir));`
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-06-16 21:29:29 +05:30			`// @codeCoverageIgnoreEnd`
			`}`

			`if (chmod($keyPath, 0600) === false) {`
			`// @codeCoverageIgnoreStart`
Fix missing sprintf 2017-07-03 23:58:28 +05:30			`throw new \RuntimeException(sprintf('The key file "%s" file mode could not be changed with chmod to 600', $keyPath));`
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-06-16 21:29:29 +05:30			`// @codeCoverageIgnoreEnd`
			`}`
key file auto-generation from string 2016-07-19 18:31:31 +05:30
			`return 'file://' . $keyPath;`
			`}`

handle RSA key passphrase 2016-03-28 20:12:34 +05:30			`/**`
			`* Retrieve key path.`
			`*`
			`* @return string`
			`*/`
			`public function getKeyPath()`
			`{`
			`return $this->keyPath;`
			`}`

			`/**`
			`* Retrieve key pass phrase.`
			`*`
			`* @return null\|string`
			`*/`
			`public function getPassPhrase()`
			`{`
			`return $this->passPhrase;`
			`}`
			`}`