From 75160b12821f7f4299cce7f0b69c83c1502ae071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 27 May 2024 13:08:29 +0200 Subject: 2024-02-19 upstream --- vendor/web-token/jwt-key-mgmt/JWKFactory.php | 608 +++++++++++++-------------- 1 file changed, 304 insertions(+), 304 deletions(-) (limited to 'vendor/web-token/jwt-key-mgmt/JWKFactory.php') diff --git a/vendor/web-token/jwt-key-mgmt/JWKFactory.php b/vendor/web-token/jwt-key-mgmt/JWKFactory.php index 3748938..1ef40b3 100644 --- a/vendor/web-token/jwt-key-mgmt/JWKFactory.php +++ b/vendor/web-token/jwt-key-mgmt/JWKFactory.php @@ -1,304 +1,304 @@ - $size) { - throw new InvalidArgumentException('Key length is too short. It needs to be at least 512 bits.'); - } - - $key = openssl_pkey_new([ - 'private_key_bits' => $size, - 'private_key_type' => OPENSSL_KEYTYPE_RSA, - ]); - $details = openssl_pkey_get_details($key); - \openssl_free_key($key); - $rsa = RSAKey::createFromKeyDetails($details['rsa']); - $values = \array_merge( - $values, - $rsa->toArray() - ); - - return new JWK($values); - } - - /** - * Creates a EC key with the given curve and additional values. - * - * @param string $curve The curve - * @param array $values values to configure the key - */ - public static function createECKey(string $curve, array $values = []): JWK - { - return ECKey::createECKey($curve, $values); - } - - /** - * Creates a octet key with the given key size and additional values. - * - * @param int $size The key size in bits - * @param array $values values to configure the key - */ - public static function createOctKey(int $size, array $values = []): JWK - { - if (0 !== $size % 8) { - throw new InvalidArgumentException('Invalid key size.'); - } - $values = \array_merge( - $values, - [ - 'kty' => 'oct', - 'k' => Base64Url::encode(\random_bytes($size / 8)), - ] - ); - - return new JWK($values); - } - - /** - * Creates a OKP key with the given curve and additional values. - * - * @param string $curve The curve - * @param array $values values to configure the key - */ - public static function createOKPKey(string $curve, array $values = []): JWK - { - switch ($curve) { - case 'X25519': - $keyPair = \sodium_crypto_box_keypair(); - $secret = \sodium_crypto_box_secretkey($keyPair); - $x = \sodium_crypto_box_publickey($keyPair); - - break; - case 'Ed25519': - $keyPair = \sodium_crypto_sign_keypair(); - $secret = \sodium_crypto_sign_secretkey($keyPair); - $x = \sodium_crypto_sign_publickey($keyPair); - - break; - default: - throw new InvalidArgumentException(\sprintf('Unsupported "%s" curve', $curve)); - } - $secretLength = mb_strlen($secret, '8bit'); - $d = mb_substr($secret, 0, -$secretLength / 2, '8bit'); - - $values = \array_merge( - $values, - [ - 'kty' => 'OKP', - 'crv' => $curve, - 'd' => Base64Url::encode($d), - 'x' => Base64Url::encode($x), - ] - ); - - return new JWK($values); - } - - /** - * Creates a none key with the given additional values. - * Please note that this key type is not pat of any specification. - * It is used to prevent the use of the "none" algorithm with other key types. - * - * @param array $values values to configure the key - */ - public static function createNoneKey(array $values = []): JWK - { - $values = \array_merge( - $values, - [ - 'kty' => 'none', - 'alg' => 'none', - 'use' => 'sig', - ] - ); - - return new JWK($values); - } - - /** - * Creates a key from a Json string. - * - * @return JWK|JWKSet - */ - public static function createFromJsonObject(string $value) - { - $json = \json_decode($value, true); - if (!\is_array($json)) { - throw new InvalidArgumentException('Invalid key or key set.'); - } - - return self::createFromValues($json); - } - - /** - * Creates a key or key set from the given input. - * - * @return JWK|JWKSet - */ - public static function createFromValues(array $values) - { - if (\array_key_exists('keys', $values) && \is_array($values['keys'])) { - return JWKSet::createFromKeyData($values); - } - - return new JWK($values); - } - - /** - * This method create a JWK object using a shared secret. - */ - public static function createFromSecret(string $secret, array $additional_values = []): JWK - { - $values = \array_merge( - $additional_values, - [ - 'kty' => 'oct', - 'k' => Base64Url::encode($secret), - ] - ); - - return new JWK($values); - } - - /** - * This method will try to load a X.509 certificate and convert it into a public key. - */ - public static function createFromCertificateFile(string $file, array $additional_values = []): JWK - { - $values = KeyConverter::loadKeyFromCertificateFile($file); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } - - /** - * Extract a keyfrom a key set identified by the given index . - * - * @param int|string $index - */ - public static function createFromKeySet(JWKSet $jwkset, $index): JWK - { - return $jwkset->get($index); - } - - /** - * This method will try to load a PKCS#12 file and convert it into a public key. - * - * @throws \Exception - */ - public static function createFromPKCS12CertificateFile(string $file, ?string $secret = '', array $additional_values = []): JWK - { - $res = \openssl_pkcs12_read(\file_get_contents($file), $certs, $secret); - if (false === $res || !\is_array($certs) || !\array_key_exists('pkey', $certs)) { - throw new RuntimeException('Unable to load the certificates.'); - } - - return self::createFromKey($certs['pkey'], null, $additional_values); - } - - /** - * This method will try to convert a X.509 certificate into a public key. - */ - public static function createFromCertificate(string $certificate, array $additional_values = []): JWK - { - $values = KeyConverter::loadKeyFromCertificate($certificate); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } - - /** - * This method will try to convert a X.509 certificate resource into a public key. - * - * @param resource $res - * - * @throws \Exception - */ - public static function createFromX509Resource($res, array $additional_values = []): JWK - { - $values = KeyConverter::loadKeyFromX509Resource($res); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } - - /** - * This method will try to load and convert a key file into a JWK object. - * If the key is encrypted, the password must be set. - * - * @throws \Exception - */ - public static function createFromKeyFile(string $file, ?string $password = null, array $additional_values = []): JWK - { - $values = KeyConverter::loadFromKeyFile($file, $password); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } - - /** - * This method will try to load and convert a key into a JWK object. - * If the key is encrypted, the password must be set. - * - * @throws \Exception - */ - public static function createFromKey(string $key, ?string $password = null, array $additional_values = []): JWK - { - $values = KeyConverter::loadFromKey($key, $password); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } - - /** - * This method will try to load and convert a X.509 certificate chain into a public key. - * - * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! - * It is mandatory to verify the root CA or intermediate CA are trusted. - * If not done, it may lead to potential security issues. - */ - public static function createFromX5C(array $x5c, array $additional_values = []): JWK - { - $values = KeyConverter::loadFromX5C($x5c); - $values = \array_merge($values, $additional_values); - - return new JWK($values); - } -} + $size) { + throw new InvalidArgumentException('Key length is too short. It needs to be at least 512 bits.'); + } + + $key = openssl_pkey_new([ + 'private_key_bits' => $size, + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + ]); + $details = openssl_pkey_get_details($key); + \openssl_free_key($key); + $rsa = RSAKey::createFromKeyDetails($details['rsa']); + $values = \array_merge( + $values, + $rsa->toArray() + ); + + return new JWK($values); + } + + /** + * Creates a EC key with the given curve and additional values. + * + * @param string $curve The curve + * @param array $values values to configure the key + */ + public static function createECKey(string $curve, array $values = []): JWK + { + return ECKey::createECKey($curve, $values); + } + + /** + * Creates a octet key with the given key size and additional values. + * + * @param int $size The key size in bits + * @param array $values values to configure the key + */ + public static function createOctKey(int $size, array $values = []): JWK + { + if (0 !== $size % 8) { + throw new InvalidArgumentException('Invalid key size.'); + } + $values = \array_merge( + $values, + [ + 'kty' => 'oct', + 'k' => Base64Url::encode(\random_bytes($size / 8)), + ] + ); + + return new JWK($values); + } + + /** + * Creates a OKP key with the given curve and additional values. + * + * @param string $curve The curve + * @param array $values values to configure the key + */ + public static function createOKPKey(string $curve, array $values = []): JWK + { + switch ($curve) { + case 'X25519': + $keyPair = \sodium_crypto_box_keypair(); + $secret = \sodium_crypto_box_secretkey($keyPair); + $x = \sodium_crypto_box_publickey($keyPair); + + break; + case 'Ed25519': + $keyPair = \sodium_crypto_sign_keypair(); + $secret = \sodium_crypto_sign_secretkey($keyPair); + $x = \sodium_crypto_sign_publickey($keyPair); + + break; + default: + throw new InvalidArgumentException(\sprintf('Unsupported "%s" curve', $curve)); + } + $secretLength = mb_strlen($secret, '8bit'); + $d = mb_substr($secret, 0, -$secretLength / 2, '8bit'); + + $values = \array_merge( + $values, + [ + 'kty' => 'OKP', + 'crv' => $curve, + 'd' => Base64Url::encode($d), + 'x' => Base64Url::encode($x), + ] + ); + + return new JWK($values); + } + + /** + * Creates a none key with the given additional values. + * Please note that this key type is not pat of any specification. + * It is used to prevent the use of the "none" algorithm with other key types. + * + * @param array $values values to configure the key + */ + public static function createNoneKey(array $values = []): JWK + { + $values = \array_merge( + $values, + [ + 'kty' => 'none', + 'alg' => 'none', + 'use' => 'sig', + ] + ); + + return new JWK($values); + } + + /** + * Creates a key from a Json string. + * + * @return JWK|JWKSet + */ + public static function createFromJsonObject(string $value) + { + $json = \json_decode($value, true); + if (!\is_array($json)) { + throw new InvalidArgumentException('Invalid key or key set.'); + } + + return self::createFromValues($json); + } + + /** + * Creates a key or key set from the given input. + * + * @return JWK|JWKSet + */ + public static function createFromValues(array $values) + { + if (\array_key_exists('keys', $values) && \is_array($values['keys'])) { + return JWKSet::createFromKeyData($values); + } + + return new JWK($values); + } + + /** + * This method create a JWK object using a shared secret. + */ + public static function createFromSecret(string $secret, array $additional_values = []): JWK + { + $values = \array_merge( + $additional_values, + [ + 'kty' => 'oct', + 'k' => Base64Url::encode($secret), + ] + ); + + return new JWK($values); + } + + /** + * This method will try to load a X.509 certificate and convert it into a public key. + */ + public static function createFromCertificateFile(string $file, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromCertificateFile($file); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * Extract a keyfrom a key set identified by the given index . + * + * @param int|string $index + */ + public static function createFromKeySet(JWKSet $jwkset, $index): JWK + { + return $jwkset->get($index); + } + + /** + * This method will try to load a PKCS#12 file and convert it into a public key. + * + * @throws \Exception + */ + public static function createFromPKCS12CertificateFile(string $file, ?string $secret = '', array $additional_values = []): JWK + { + $res = \openssl_pkcs12_read(\file_get_contents($file), $certs, $secret); + if (false === $res || !\is_array($certs) || !\array_key_exists('pkey', $certs)) { + throw new RuntimeException('Unable to load the certificates.'); + } + + return self::createFromKey($certs['pkey'], null, $additional_values); + } + + /** + * This method will try to convert a X.509 certificate into a public key. + */ + public static function createFromCertificate(string $certificate, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromCertificate($certificate); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to convert a X.509 certificate resource into a public key. + * + * @param resource $res + * + * @throws \Exception + */ + public static function createFromX509Resource($res, array $additional_values = []): JWK + { + $values = KeyConverter::loadKeyFromX509Resource($res); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a key file into a JWK object. + * If the key is encrypted, the password must be set. + * + * @throws \Exception + */ + public static function createFromKeyFile(string $file, ?string $password = null, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromKeyFile($file, $password); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a key into a JWK object. + * If the key is encrypted, the password must be set. + * + * @throws \Exception + */ + public static function createFromKey(string $key, ?string $password = null, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromKey($key, $password); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } + + /** + * This method will try to load and convert a X.509 certificate chain into a public key. + * + * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! + * It is mandatory to verify the root CA or intermediate CA are trusted. + * If not done, it may lead to potential security issues. + */ + public static function createFromX5C(array $x5c, array $additional_values = []): JWK + { + $values = KeyConverter::loadFromX5C($x5c); + $values = \array_merge($values, $additional_values); + + return new JWK($values); + } +} -- cgit v1.2.3