[Summary view] [Print] [Text view]

   1  <?php
   2  namespace Lcobucci\JWT\Signer;
   3  
   4  use InvalidArgumentException;
   5  use function is_resource;
   6  use function openssl_error_string;
   7  use function openssl_free_key;
   8  use function openssl_pkey_get_details;
   9  use function openssl_pkey_get_private;
  10  use function openssl_pkey_get_public;
  11  use function openssl_sign;
  12  use function openssl_verify;
  13  
  14  abstract class OpenSSL extends BaseSigner
  15  {
  16      public function createHash($payload, Key $key)
  17      {
  18          $privateKey = $this->getPrivateKey($key->getContent(), $key->getPassphrase());
  19  
  20          try {
  21              $signature = '';
  22  
  23              if (! openssl_sign($payload, $signature, $privateKey, $this->getAlgorithm())) {
  24                  throw CannotSignPayload::errorHappened(openssl_error_string());
  25              }
  26  
  27              return $signature;
  28          } finally {
  29              openssl_free_key($privateKey);
  30          }
  31      }
  32  
  33      /**
  34       * @param string $pem
  35       * @param string $passphrase
  36       *
  37       * @return resource
  38       */
  39      private function getPrivateKey($pem, $passphrase)
  40      {
  41          $privateKey = openssl_pkey_get_private($pem, $passphrase);
  42          $this->validateKey($privateKey);
  43  
  44          return $privateKey;
  45      }
  46  
  47      /**
  48       * @param $expected
  49       * @param $payload
  50       * @param $key
  51       * @return bool
  52       */
  53      public function doVerify($expected, $payload, Key $key)
  54      {
  55          $publicKey = $this->getPublicKey($key->getContent());
  56          $result    = openssl_verify($payload, $expected, $publicKey, $this->getAlgorithm());
  57          openssl_free_key($publicKey);
  58  
  59          return $result === 1;
  60      }
  61  
  62      /**
  63       * @param string $pem
  64       *
  65       * @return resource
  66       */
  67      private function getPublicKey($pem)
  68      {
  69          $publicKey = openssl_pkey_get_public($pem);
  70          $this->validateKey($publicKey);
  71  
  72          return $publicKey;
  73      }
  74  
  75      /**
  76       * Raises an exception when the key type is not the expected type
  77       *
  78       * @param resource|bool $key
  79       *
  80       * @throws InvalidArgumentException
  81       */
  82      private function validateKey($key)
  83      {
  84          if (! is_resource($key)) {
  85              throw InvalidKeyProvided::cannotBeParsed(openssl_error_string());
  86          }
  87  
  88          $details = openssl_pkey_get_details($key);
  89  
  90          if (! isset($details['key']) || $details['type'] !== $this->getKeyType()) {
  91              throw InvalidKeyProvided::incompatibleKey();
  92          }
  93      }
  94  
  95      /**
  96       * Returns the type of key to be used to create/verify the signature (using OpenSSL constants)
  97       *
  98       * @internal
  99       */
 100      abstract public function getKeyType();
 101  
 102      /**
 103       * Returns which algorithm to be used to create/verify the signature (using OpenSSL constants)
 104       *
 105       * @internal
 106       */
 107      abstract public function getAlgorithm();
 108  }