From 75160b12821f7f4299cce7f0b69c83c1502ae071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 27 May 2024 13:08:29 +0200 Subject: 2024-02-19 upstream --- .../web-token/jwt-key-mgmt/KeyConverter/ECKey.php | 546 ++++++++++----------- .../jwt-key-mgmt/KeyConverter/KeyConverter.php | 512 +++++++++---------- .../web-token/jwt-key-mgmt/KeyConverter/RSAKey.php | 488 +++++++++--------- 3 files changed, 773 insertions(+), 773 deletions(-) (limited to 'vendor/web-token/jwt-key-mgmt/KeyConverter') diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php index 4ab0090..586a24e 100644 --- a/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/ECKey.php @@ -1,273 +1,273 @@ -loadJWK($data); - } - - /** - * @return ECKey - */ - public static function createFromPEM(string $pem): self - { - $data = self::loadPEM($pem); - - return new self($data); - } - - /** - * @throws \Exception - */ - private static function loadPEM(string $data): array - { - $data = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $data), true); - $asnObject = ASNObject::fromBinary($data); - - if (!$asnObject instanceof Sequence) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - $children = $asnObject->getChildren(); - if (self::isPKCS8($children)) { - $children = self::loadPKCS8($children); - } - - if (4 === \count($children)) { - return self::loadPrivatePEM($children); - } - if (2 === \count($children)) { - return self::loadPublicPEM($children); - } - - throw new \Exception('Unable to load the key.'); - } - - /** - * @param ASNObject[] $children - */ - private static function loadPKCS8(array $children): array - { - $binary = \hex2bin($children[2]->getContent()); - $asnObject = ASNObject::fromBinary($binary); - if (!$asnObject instanceof Sequence) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - return $asnObject->getChildren(); - } - - /** - * @param ASNObject[] $children - */ - private static function loadPublicPEM(array $children): array - { - if (!$children[0] instanceof Sequence) { - throw new \InvalidArgumentException('Unsupported key type.'); - } - - $sub = $children[0]->getChildren(); - if (!$sub[0] instanceof ObjectIdentifier) { - throw new \InvalidArgumentException('Unsupported key type.'); - } - if ('1.2.840.10045.2.1' !== $sub[0]->getContent()) { - throw new \InvalidArgumentException('Unsupported key type.'); - } - if (!$sub[1] instanceof ObjectIdentifier) { - throw new \InvalidArgumentException('Unsupported key type.'); - } - if (!$children[1] instanceof BitString) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - $bits = $children[1]->getContent(); - $bits_length = \mb_strlen($bits, '8bit'); - if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { - throw new \InvalidArgumentException('Unsupported key type'); - } - - $values = ['kty' => 'EC']; - $values['crv'] = self::getCurve($sub[1]->getContent()); - $values['x'] = Base64Url::encode(\hex2bin(\mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'))); - $values['y'] = Base64Url::encode(\hex2bin(\mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'))); - - return $values; - } - - private static function getCurve(string $oid): string - { - $curves = self::getSupportedCurves(); - $curve = \array_search($oid, $curves, true); - if (!\is_string($curve)) { - throw new \InvalidArgumentException('Unsupported OID.'); - } - - return $curve; - } - - private static function getSupportedCurves(): array - { - return [ - 'P-256' => '1.2.840.10045.3.1.7', - 'P-384' => '1.3.132.0.34', - 'P-521' => '1.3.132.0.35', - ]; - } - - private static function verifyVersion(ASNObject $children) - { - if (!$children instanceof Integer || '1' !== $children->getContent()) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - } - - private static function getXAndY(ASNObject $children, ?string &$x, ?string &$y) - { - if (!$children instanceof ExplicitlyTaggedObject || !\is_array($children->getContent())) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - if (!$children->getContent()[0] instanceof BitString) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - $bits = $children->getContent()[0]->getContent(); - $bits_length = \mb_strlen($bits, '8bit'); - - if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { - throw new \InvalidArgumentException('Unsupported key type'); - } - - $x = \mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'); - $y = \mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'); - } - - private static function getD(ASNObject $children): string - { - if (!$children instanceof OctetString) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - return $children->getContent(); - } - - private static function loadPrivatePEM(array $children): array - { - self::verifyVersion($children[0]); - $x = null; - $y = null; - $d = self::getD($children[1]); - self::getXAndY($children[3], $x, $y); - - if (!$children[2] instanceof ExplicitlyTaggedObject || !\is_array($children[2]->getContent())) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - if (!$children[2]->getContent()[0] instanceof ObjectIdentifier) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - $curve = $children[2]->getContent()[0]->getContent(); - - $values = ['kty' => 'EC']; - $values['crv'] = self::getCurve($curve); - $values['d'] = Base64Url::encode(\hex2bin($d)); - $values['x'] = Base64Url::encode(\hex2bin($x)); - $values['y'] = Base64Url::encode(\hex2bin($y)); - - return $values; - } - - /** - * @param ASNObject[] $children - */ - private static function isPKCS8(array $children): bool - { - if (3 !== \count($children)) { - return false; - } - - $classes = [0 => Integer::class, 1 => Sequence::class, 2 => OctetString::class]; - foreach ($classes as $k => $class) { - if (!$children[$k] instanceof $class) { - return false; - } - } - - return true; - } - - /** - * @param ECKey $private - * - * @return ECKey - */ - public static function toPublic(self $private): self - { - $data = $private->toArray(); - if (\array_key_exists('d', $data)) { - unset($data['d']); - } - - return new self($data); - } - - /** - * @return array - */ - public function toArray() - { - return $this->values; - } - - private function loadJWK(array $jwk) - { - $keys = [ - 'kty' => 'The key parameter "kty" is missing.', - 'crv' => 'Curve parameter is missing', - 'x' => 'Point parameters are missing.', - 'y' => 'Point parameters are missing.', - ]; - foreach ($keys as $k => $v) { - if (!\array_key_exists($k, $jwk)) { - throw new \InvalidArgumentException($v); - } - } - - if ('EC' !== $jwk['kty']) { - throw new \InvalidArgumentException('JWK is not an Elliptic Curve key.'); - } - $this->values = $jwk; - } -} +loadJWK($data); + } + + /** + * @return ECKey + */ + public static function createFromPEM(string $pem): self + { + $data = self::loadPEM($pem); + + return new self($data); + } + + /** + * @throws \Exception + */ + private static function loadPEM(string $data): array + { + $data = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $data), true); + $asnObject = ASNObject::fromBinary($data); + + if (!$asnObject instanceof Sequence) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + $children = $asnObject->getChildren(); + if (self::isPKCS8($children)) { + $children = self::loadPKCS8($children); + } + + if (4 === \count($children)) { + return self::loadPrivatePEM($children); + } + if (2 === \count($children)) { + return self::loadPublicPEM($children); + } + + throw new \Exception('Unable to load the key.'); + } + + /** + * @param ASNObject[] $children + */ + private static function loadPKCS8(array $children): array + { + $binary = \hex2bin($children[2]->getContent()); + $asnObject = ASNObject::fromBinary($binary); + if (!$asnObject instanceof Sequence) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return $asnObject->getChildren(); + } + + /** + * @param ASNObject[] $children + */ + private static function loadPublicPEM(array $children): array + { + if (!$children[0] instanceof Sequence) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + + $sub = $children[0]->getChildren(); + if (!$sub[0] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if ('1.2.840.10045.2.1' !== $sub[0]->getContent()) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if (!$sub[1] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unsupported key type.'); + } + if (!$children[1] instanceof BitString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $bits = $children[1]->getContent(); + $bits_length = \mb_strlen($bits, '8bit'); + if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { + throw new \InvalidArgumentException('Unsupported key type'); + } + + $values = ['kty' => 'EC']; + $values['crv'] = self::getCurve($sub[1]->getContent()); + $values['x'] = Base64Url::encode(\hex2bin(\mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'))); + $values['y'] = Base64Url::encode(\hex2bin(\mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'))); + + return $values; + } + + private static function getCurve(string $oid): string + { + $curves = self::getSupportedCurves(); + $curve = \array_search($oid, $curves, true); + if (!\is_string($curve)) { + throw new \InvalidArgumentException('Unsupported OID.'); + } + + return $curve; + } + + private static function getSupportedCurves(): array + { + return [ + 'P-256' => '1.2.840.10045.3.1.7', + 'P-384' => '1.3.132.0.34', + 'P-521' => '1.3.132.0.35', + ]; + } + + private static function verifyVersion(ASNObject $children) + { + if (!$children instanceof Integer || '1' !== $children->getContent()) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + } + + private static function getXAndY(ASNObject $children, ?string &$x, ?string &$y) + { + if (!$children instanceof ExplicitlyTaggedObject || !\is_array($children->getContent())) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + if (!$children->getContent()[0] instanceof BitString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $bits = $children->getContent()[0]->getContent(); + $bits_length = \mb_strlen($bits, '8bit'); + + if ('04' !== \mb_substr($bits, 0, 2, '8bit')) { + throw new \InvalidArgumentException('Unsupported key type'); + } + + $x = \mb_substr($bits, 2, ($bits_length - 2) / 2, '8bit'); + $y = \mb_substr($bits, ($bits_length - 2) / 2 + 2, ($bits_length - 2) / 2, '8bit'); + } + + private static function getD(ASNObject $children): string + { + if (!$children instanceof OctetString) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return $children->getContent(); + } + + private static function loadPrivatePEM(array $children): array + { + self::verifyVersion($children[0]); + $x = null; + $y = null; + $d = self::getD($children[1]); + self::getXAndY($children[3], $x, $y); + + if (!$children[2] instanceof ExplicitlyTaggedObject || !\is_array($children[2]->getContent())) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + if (!$children[2]->getContent()[0] instanceof ObjectIdentifier) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $curve = $children[2]->getContent()[0]->getContent(); + + $values = ['kty' => 'EC']; + $values['crv'] = self::getCurve($curve); + $values['d'] = Base64Url::encode(\hex2bin($d)); + $values['x'] = Base64Url::encode(\hex2bin($x)); + $values['y'] = Base64Url::encode(\hex2bin($y)); + + return $values; + } + + /** + * @param ASNObject[] $children + */ + private static function isPKCS8(array $children): bool + { + if (3 !== \count($children)) { + return false; + } + + $classes = [0 => Integer::class, 1 => Sequence::class, 2 => OctetString::class]; + foreach ($classes as $k => $class) { + if (!$children[$k] instanceof $class) { + return false; + } + } + + return true; + } + + /** + * @param ECKey $private + * + * @return ECKey + */ + public static function toPublic(self $private): self + { + $data = $private->toArray(); + if (\array_key_exists('d', $data)) { + unset($data['d']); + } + + return new self($data); + } + + /** + * @return array + */ + public function toArray() + { + return $this->values; + } + + private function loadJWK(array $jwk) + { + $keys = [ + 'kty' => 'The key parameter "kty" is missing.', + 'crv' => 'Curve parameter is missing', + 'x' => 'Point parameters are missing.', + 'y' => 'Point parameters are missing.', + ]; + foreach ($keys as $k => $v) { + if (!\array_key_exists($k, $jwk)) { + throw new \InvalidArgumentException($v); + } + } + + if ('EC' !== $jwk['kty']) { + throw new \InvalidArgumentException('JWK is not an Elliptic Curve key.'); + } + $this->values = $jwk; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php index 17a5428..d683a2c 100644 --- a/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/KeyConverter.php @@ -1,256 +1,256 @@ -toArray(); - case OPENSSL_KEYTYPE_RSA: - $rsa_key = RSAKey::createFromPEM($pem); - $rsa_key->optimize(); - - return $rsa_key->toArray(); - default: - throw new \InvalidArgumentException('Unsupported key type'); - } - } - - /** - * This method modifies the PEM to get 64 char lines and fix bug with old OpenSSL versions. - */ - private static function sanitizePEM(string &$pem) - { - \preg_match_all('#(-.*-)#', $pem, $matches, PREG_PATTERN_ORDER); - $ciphertext = \preg_replace('#-.*-|\r|\n| #', '', $pem); - - $pem = $matches[0][0].PHP_EOL; - $pem .= \chunk_split($ciphertext, 64, PHP_EOL); - $pem .= $matches[0][1].PHP_EOL; - } - - /** - * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! - * It is mandatory to verify the root CA or intermediate CA are trusted. - * If not done, it may lead to potential security issues. - */ - public static function loadFromX5C(array $x5c): array - { - $certificate = null; - $last_issuer = null; - $last_subject = null; - foreach ($x5c as $cert) { - $current_cert = '-----BEGIN CERTIFICATE-----'.PHP_EOL.\chunk_split($cert,64,PHP_EOL).'-----END CERTIFICATE-----'; - $x509 = \openssl_x509_read($current_cert); - if (false === $x509) { - $last_issuer = null; - $last_subject = null; - - break; - } - $parsed = \openssl_x509_parse($x509); - - \openssl_x509_free($x509); - if (false === $parsed) { - $last_issuer = null; - $last_subject = null; - - break; - } - if (null === $last_subject) { - $last_subject = $parsed['subject']; - $last_issuer = $parsed['issuer']; - $certificate = $current_cert; - } else { - if (\json_encode($last_issuer) === \json_encode($parsed['subject'])) { - $last_subject = $parsed['subject']; - $last_issuer = $parsed['issuer']; - } else { - $last_issuer = null; - $last_subject = null; - - break; - } - } - } - - return self::loadKeyFromCertificate($certificate); - } - - /** - * @param string[] $matches - */ - private static function decodePem(string $pem, array $matches, ?string $password = null): string - { - if (null === $password) { - throw new \InvalidArgumentException('Password required for encrypted keys.'); - } - - $iv = \pack('H*', \trim($matches[2])); - $iv_sub = \mb_substr($iv, 0, 8, '8bit'); - $symkey = \pack('H*', \md5($password.$iv_sub)); - $symkey .= \pack('H*', \md5($symkey.$password.$iv_sub)); - $key = \preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $pem); - $ciphertext = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $key), true); - - $decoded = \openssl_decrypt($ciphertext, \mb_strtolower($matches[1]), $symkey, OPENSSL_RAW_DATA, $iv); - if (!\is_string($decoded)) { - throw new \InvalidArgumentException('Incorrect password. Key decryption failed.'); - } - - $number = \preg_match_all('#-{5}.*-{5}#', $pem, $result); - if (2 !== $number) { - throw new \InvalidArgumentException('Unable to load the key'); - } - - $pem = $result[0][0].PHP_EOL; - $pem .= \chunk_split(\base64_encode($decoded), 64); - $pem .= $result[0][1].PHP_EOL; - - return $pem; - } - - private static function convertDerToPem(string $der_data): string - { - $pem = \chunk_split(\base64_encode($der_data), 64, PHP_EOL); - $pem = '-----BEGIN CERTIFICATE-----'.PHP_EOL.$pem.'-----END CERTIFICATE-----'.PHP_EOL; - - return $pem; - } -} +toArray(); + case OPENSSL_KEYTYPE_RSA: + $rsa_key = RSAKey::createFromPEM($pem); + $rsa_key->optimize(); + + return $rsa_key->toArray(); + default: + throw new \InvalidArgumentException('Unsupported key type'); + } + } + + /** + * This method modifies the PEM to get 64 char lines and fix bug with old OpenSSL versions. + */ + private static function sanitizePEM(string &$pem) + { + \preg_match_all('#(-.*-)#', $pem, $matches, PREG_PATTERN_ORDER); + $ciphertext = \preg_replace('#-.*-|\r|\n| #', '', $pem); + + $pem = $matches[0][0].PHP_EOL; + $pem .= \chunk_split($ciphertext, 64, PHP_EOL); + $pem .= $matches[0][1].PHP_EOL; + } + + /** + * Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! + * It is mandatory to verify the root CA or intermediate CA are trusted. + * If not done, it may lead to potential security issues. + */ + public static function loadFromX5C(array $x5c): array + { + $certificate = null; + $last_issuer = null; + $last_subject = null; + foreach ($x5c as $cert) { + $current_cert = '-----BEGIN CERTIFICATE-----'.PHP_EOL.\chunk_split($cert,64,PHP_EOL).'-----END CERTIFICATE-----'; + $x509 = \openssl_x509_read($current_cert); + if (false === $x509) { + $last_issuer = null; + $last_subject = null; + + break; + } + $parsed = \openssl_x509_parse($x509); + + \openssl_x509_free($x509); + if (false === $parsed) { + $last_issuer = null; + $last_subject = null; + + break; + } + if (null === $last_subject) { + $last_subject = $parsed['subject']; + $last_issuer = $parsed['issuer']; + $certificate = $current_cert; + } else { + if (\json_encode($last_issuer) === \json_encode($parsed['subject'])) { + $last_subject = $parsed['subject']; + $last_issuer = $parsed['issuer']; + } else { + $last_issuer = null; + $last_subject = null; + + break; + } + } + } + + return self::loadKeyFromCertificate($certificate); + } + + /** + * @param string[] $matches + */ + private static function decodePem(string $pem, array $matches, ?string $password = null): string + { + if (null === $password) { + throw new \InvalidArgumentException('Password required for encrypted keys.'); + } + + $iv = \pack('H*', \trim($matches[2])); + $iv_sub = \mb_substr($iv, 0, 8, '8bit'); + $symkey = \pack('H*', \md5($password.$iv_sub)); + $symkey .= \pack('H*', \md5($symkey.$password.$iv_sub)); + $key = \preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $pem); + $ciphertext = \base64_decode(\preg_replace('#-.*-|\r|\n#', '', $key), true); + + $decoded = \openssl_decrypt($ciphertext, \mb_strtolower($matches[1]), $symkey, OPENSSL_RAW_DATA, $iv); + if (!\is_string($decoded)) { + throw new \InvalidArgumentException('Incorrect password. Key decryption failed.'); + } + + $number = \preg_match_all('#-{5}.*-{5}#', $pem, $result); + if (2 !== $number) { + throw new \InvalidArgumentException('Unable to load the key'); + } + + $pem = $result[0][0].PHP_EOL; + $pem .= \chunk_split(\base64_encode($decoded), 64); + $pem .= $result[0][1].PHP_EOL; + + return $pem; + } + + private static function convertDerToPem(string $der_data): string + { + $pem = \chunk_split(\base64_encode($der_data), 64, PHP_EOL); + $pem = '-----BEGIN CERTIFICATE-----'.PHP_EOL.$pem.'-----END CERTIFICATE-----'.PHP_EOL; + + return $pem; + } +} diff --git a/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php b/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php index f76b5d4..146ec53 100644 --- a/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php +++ b/vendor/web-token/jwt-key-mgmt/KeyConverter/RSAKey.php @@ -1,244 +1,244 @@ -loadJWK($data); - } - - /** - * @return RSAKey - */ - public static function createFromKeyDetails(array $details): self - { - $values = ['kty' => 'RSA']; - $keys = [ - 'n' => 'n', - 'e' => 'e', - 'd' => 'd', - 'p' => 'p', - 'q' => 'q', - 'dp' => 'dmp1', - 'dq' => 'dmq1', - 'qi' => 'iqmp', - ]; - foreach ($details as $key => $value) { - if (\in_array($key, $keys, true)) { - $value = Base64Url::encode($value); - $values[\array_search($key, $keys, true)] = $value; - } - } - - return new self($values); - } - - /** - * @return RSAKey - */ - public static function createFromPEM(string $pem): self - { - $res = \openssl_pkey_get_private($pem); - if (false === $res) { - $res = \openssl_pkey_get_public($pem); - } - if (false === $res) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - $details = \openssl_pkey_get_details($res); - \openssl_free_key($res); - if (!\array_key_exists('rsa', $details)) { - throw new \InvalidArgumentException('Unable to load the key.'); - } - - return self::createFromKeyDetails($details['rsa']); - } - - /** - * @return RSAKey - */ - public static function createFromJWK(JWK $jwk): self - { - return new self($jwk->all()); - } - - public function isPublic(): bool - { - return !\array_key_exists('d', $this->values); - } - - /** - * @param RSAKey $private - * - * @return RSAKey - */ - public static function toPublic(self $private): self - { - $data = $private->toArray(); - $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi']; - foreach ($keys as $key) { - if (\array_key_exists($key, $data)) { - unset($data[$key]); - } - } - - return new self($data); - } - - public function toArray(): array - { - return $this->values; - } - - private function loadJWK(array $jwk) - { - if (!\array_key_exists('kty', $jwk)) { - throw new \InvalidArgumentException('The key parameter "kty" is missing.'); - } - if ('RSA' !== $jwk['kty']) { - throw new \InvalidArgumentException('The JWK is not a RSA key.'); - } - - $this->values = $jwk; - } - - public function toJwk(): JWK - { - return new JWK($this->values); - } - - /** - * This method will try to add Chinese Remainder Theorem (CRT) parameters. - * With those primes, the decryption process is really fast. - */ - public function optimize() - { - if (\array_key_exists('d', $this->values)) { - $this->populateCRT(); - } - } - - /** - * This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available. - */ - private function populateCRT() - { - if (!\array_key_exists('p', $this->values) && !\array_key_exists('q', $this->values)) { - $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); - $e = BigInteger::createFromBinaryString(Base64Url::decode($this->values['e'])); - $n = BigInteger::createFromBinaryString(Base64Url::decode($this->values['n'])); - - list($p, $q) = $this->findPrimeFactors($d, $e, $n); - $this->values['p'] = Base64Url::encode($p->toBytes()); - $this->values['q'] = Base64Url::encode($q->toBytes()); - } - - if (\array_key_exists('dp', $this->values) && \array_key_exists('dq', $this->values) && \array_key_exists('qi', $this->values)) { - return; - } - - $one = BigInteger::createFromDecimal(1); - $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); - $p = BigInteger::createFromBinaryString(Base64Url::decode($this->values['p'])); - $q = BigInteger::createFromBinaryString(Base64Url::decode($this->values['q'])); - - $this->values['dp'] = Base64Url::encode($d->mod($p->subtract($one))->toBytes()); - $this->values['dq'] = Base64Url::encode($d->mod($q->subtract($one))->toBytes()); - $this->values['qi'] = Base64Url::encode($q->modInverse($p)->toBytes()); - } - - /** - * @return BigInteger[] - */ - private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array - { - $zero = BigInteger::createFromDecimal(0); - $one = BigInteger::createFromDecimal(1); - $two = BigInteger::createFromDecimal(2); - - $k = $d->multiply($e)->subtract($one); - - if ($k->isEven()) { - $r = $k; - $t = $zero; - - do { - $r = $r->divide($two); - $t = $t->add($one); - } while ($r->isEven()); - - $found = false; - $y = null; - - for ($i = 1; $i <= 100; ++$i) { - $g = BigInteger::random($n->subtract($one)); - $y = $g->modPow($r, $n); - - if ($y->equals($one) || $y->equals($n->subtract($one))) { - continue; - } - - for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) { - $x = $y->modPow($two, $n); - - if ($x->equals($one)) { - $found = true; - - break; - } - - if ($x->equals($n->subtract($one))) { - continue; - } - - $y = $x; - } - - $x = $y->modPow($two, $n); - if ($x->equals($one)) { - $found = true; - - break; - } - } - - if (true === $found) { - $p = $y->subtract($one)->gcd($n); - $q = $n->divide($p); - - return [$p, $q]; - } - } - - throw new \InvalidArgumentException('Unable to find prime factors.'); - } -} +loadJWK($data); + } + + /** + * @return RSAKey + */ + public static function createFromKeyDetails(array $details): self + { + $values = ['kty' => 'RSA']; + $keys = [ + 'n' => 'n', + 'e' => 'e', + 'd' => 'd', + 'p' => 'p', + 'q' => 'q', + 'dp' => 'dmp1', + 'dq' => 'dmq1', + 'qi' => 'iqmp', + ]; + foreach ($details as $key => $value) { + if (\in_array($key, $keys, true)) { + $value = Base64Url::encode($value); + $values[\array_search($key, $keys, true)] = $value; + } + } + + return new self($values); + } + + /** + * @return RSAKey + */ + public static function createFromPEM(string $pem): self + { + $res = \openssl_pkey_get_private($pem); + if (false === $res) { + $res = \openssl_pkey_get_public($pem); + } + if (false === $res) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + $details = \openssl_pkey_get_details($res); + \openssl_free_key($res); + if (!\array_key_exists('rsa', $details)) { + throw new \InvalidArgumentException('Unable to load the key.'); + } + + return self::createFromKeyDetails($details['rsa']); + } + + /** + * @return RSAKey + */ + public static function createFromJWK(JWK $jwk): self + { + return new self($jwk->all()); + } + + public function isPublic(): bool + { + return !\array_key_exists('d', $this->values); + } + + /** + * @param RSAKey $private + * + * @return RSAKey + */ + public static function toPublic(self $private): self + { + $data = $private->toArray(); + $keys = ['p', 'd', 'q', 'dp', 'dq', 'qi']; + foreach ($keys as $key) { + if (\array_key_exists($key, $data)) { + unset($data[$key]); + } + } + + return new self($data); + } + + public function toArray(): array + { + return $this->values; + } + + private function loadJWK(array $jwk) + { + if (!\array_key_exists('kty', $jwk)) { + throw new \InvalidArgumentException('The key parameter "kty" is missing.'); + } + if ('RSA' !== $jwk['kty']) { + throw new \InvalidArgumentException('The JWK is not a RSA key.'); + } + + $this->values = $jwk; + } + + public function toJwk(): JWK + { + return new JWK($this->values); + } + + /** + * This method will try to add Chinese Remainder Theorem (CRT) parameters. + * With those primes, the decryption process is really fast. + */ + public function optimize() + { + if (\array_key_exists('d', $this->values)) { + $this->populateCRT(); + } + } + + /** + * This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available. + */ + private function populateCRT() + { + if (!\array_key_exists('p', $this->values) && !\array_key_exists('q', $this->values)) { + $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); + $e = BigInteger::createFromBinaryString(Base64Url::decode($this->values['e'])); + $n = BigInteger::createFromBinaryString(Base64Url::decode($this->values['n'])); + + list($p, $q) = $this->findPrimeFactors($d, $e, $n); + $this->values['p'] = Base64Url::encode($p->toBytes()); + $this->values['q'] = Base64Url::encode($q->toBytes()); + } + + if (\array_key_exists('dp', $this->values) && \array_key_exists('dq', $this->values) && \array_key_exists('qi', $this->values)) { + return; + } + + $one = BigInteger::createFromDecimal(1); + $d = BigInteger::createFromBinaryString(Base64Url::decode($this->values['d'])); + $p = BigInteger::createFromBinaryString(Base64Url::decode($this->values['p'])); + $q = BigInteger::createFromBinaryString(Base64Url::decode($this->values['q'])); + + $this->values['dp'] = Base64Url::encode($d->mod($p->subtract($one))->toBytes()); + $this->values['dq'] = Base64Url::encode($d->mod($q->subtract($one))->toBytes()); + $this->values['qi'] = Base64Url::encode($q->modInverse($p)->toBytes()); + } + + /** + * @return BigInteger[] + */ + private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array + { + $zero = BigInteger::createFromDecimal(0); + $one = BigInteger::createFromDecimal(1); + $two = BigInteger::createFromDecimal(2); + + $k = $d->multiply($e)->subtract($one); + + if ($k->isEven()) { + $r = $k; + $t = $zero; + + do { + $r = $r->divide($two); + $t = $t->add($one); + } while ($r->isEven()); + + $found = false; + $y = null; + + for ($i = 1; $i <= 100; ++$i) { + $g = BigInteger::random($n->subtract($one)); + $y = $g->modPow($r, $n); + + if ($y->equals($one) || $y->equals($n->subtract($one))) { + continue; + } + + for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) { + $x = $y->modPow($two, $n); + + if ($x->equals($one)) { + $found = true; + + break; + } + + if ($x->equals($n->subtract($one))) { + continue; + } + + $y = $x; + } + + $x = $y->modPow($two, $n); + if ($x->equals($one)) { + $found = true; + + break; + } + } + + if (true === $found) { + $p = $y->subtract($one)->gcd($n); + $q = $n->divide($p); + + return [$p, $q]; + } + } + + throw new \InvalidArgumentException('Unable to find prime factors.'); + } +} -- cgit v1.2.3