[smarcet]

smarcet · smarcet · commit 665ea87d1e4c · 2019-07-12T20:35:09.000-03:00
* fixed private keys with passwords
diff --git a/src/jwa/cryptographic_algorithms/digital_signatures/rsa/RSA_Algorithm.php b/src/jwa/cryptographic_algorithms/digital_signatures/rsa/RSA_Algorithm.php
@@ -44,9 +44,14 @@ public function sign(PrivateKey $private_key, $message)
         if($this->getMinKeyLen() > $private_key->getBitLength())
             throw new InvalidKeyLengthAlgorithmException(sprintf('min len %s - cur len %s.',$this->getMinKeyLen(), $private_key->getBitLength()));
 
+        if($private_key->hasPassword()){
+            $this->rsa_impl->setPassword($private_key->getPassword());
+        }
+
         $res = $this->rsa_impl->loadKey($private_key->getEncoded());
 
-        if(!$res) throw new InvalidKeyTypeAlgorithmException;
+        if(!$res)
+            throw new InvalidKeyTypeAlgorithmException;
 
         $this->rsa_impl->setHash($this->getHashingAlgorithm());
         $this->rsa_impl->setMGFHash($this->getHashingAlgorithm());
diff --git a/src/jwe/impl/_ContentEncryptionKey.php b/src/jwe/impl/_ContentEncryptionKey.php
@@ -77,4 +77,12 @@ public function getBitLength()
     {
        return ByteUtil::bitLength(strlen($this->value));
     }
+
+    /**
+     * @return string
+     */
+    public function getStrippedEncoded(): string
+    {
+       return $this->getEncoded();
+    }
 }
diff --git a/src/jwk/impl/AsymmetricJWK.php b/src/jwk/impl/AsymmetricJWK.php
@@ -49,7 +49,7 @@ abstract class AsymmetricJWK
     /**
      * @var X509Certificate[]
      */
-    protected $x509_certificates_chain = array();
+    protected $x509_certificates_chain = [];
 
     /**
      * @param array $headers
@@ -66,8 +66,7 @@ protected function __construct(array $headers = array())
 
             // json array
             foreach($headers[PublicJSONWebKeyParameters::X_509CertificateChain] as $x509_pem){
-                array_push($this->x509_certificates_chain, X509CertificateFactory::buildFromPEM($x509_pem));
-
+                $this->x509_certificates_chain[] =  X509CertificateFactory::buildFromPEM($x509_pem);
             }
 
             if($this->checkX509CertMismatch()){
@@ -188,7 +187,7 @@ public function getX509Url()
      */
     protected function checkX509CertMismatch(){
         $x509 = $this->getX509LeafCertificate();
-        return !is_null($x509) && $x509->getPublicKey() !== $this->public_key->getEncoded();
+        return !is_null($x509) && $x509->getPublicKey() !== $this->public_key->getStrippedEncoded();
     }
 
     /**
diff --git a/src/jwk/impl/OctetSequenceJWK.php b/src/jwk/impl/OctetSequenceJWK.php
@@ -48,7 +48,7 @@ protected function __construct(Key $secret, $headers = array())
 
         $this->key = $secret;
 
-        $this->set[OctetSequenceKeysParameters::Key] = new StringOrURI($b64->encode($secret->getEncoded()));
+        $this->set[OctetSequenceKeysParameters::Key] = new StringOrURI($b64->encode($secret->getStrippedEncoded()));
 
     }
 
diff --git a/src/security/Key.php b/src/security/Key.php
@@ -13,7 +13,6 @@
  **/
 
 
-
 /**
  * Interface Key
  * @package security
@@ -30,6 +29,11 @@ public function getAlgorithm();
      */
     public function getEncoded();
 
+    /**
+     * @return string
+     */
+    public function getStrippedEncoded():string;
+
     /**
      * @return string
      */
@@ -39,4 +43,5 @@ public function getFormat();
      * @return int
      */
     public function getBitLength();
+
 }
diff --git a/src/security/KeyWithPassword.php b/src/security/KeyWithPassword.php
@@ -0,0 +1,30 @@
+<?php namespace security;
+/**
+ * Copyright 2019 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+/**
+ * Interface KeyWithPassword
+ * @package security
+ */
+interface KeyWithPassword extends Key
+{
+    /**
+     * @return null|string
+     */
+    public function getPassword():?string;
+
+    /**
+     * @return bool
+     */
+    public function hasPassword():bool;
+}
diff --git a/src/security/PrivateKey.php b/src/security/PrivateKey.php
@@ -13,7 +13,7 @@
  **/
 
 /**
- * Interface PrivateKey
+ * Interface PrivateKeyPrivateKey
  * @package security
  */
 interface PrivateKey extends Key {
diff --git a/src/security/SymmetricSharedKey.php b/src/security/SymmetricSharedKey.php
@@ -68,4 +68,12 @@ public function getSecret()
     {
        return $this->secret;
     }
+
+    /**
+     * @return string
+     */
+    public function getStrippedEncoded(): string
+    {
+        return $this->getEncoded();
+    }
 }
diff --git a/src/security/rsa/RSAFacade.php b/src/security/rsa/RSAFacade.php
@@ -56,7 +56,7 @@ public function buildKeyPair($bits){
         $this->rsa_imp->setPublicKeyFormat(RSA::PUBLIC_FORMAT_PKCS1);
 
         $list = $this->rsa_imp->createKey($bits);
-        return new KeyPair( new _RSAPublicKeyPEMFornat($list['publickey']), new _RSAPrivateKeyPEMFornat($list['privatekey']));
+        return new KeyPair( new _RSAPublicKeyPEMFormat($list['publickey']), new _RSAPrivateKeyPEMFormat($list['privatekey']));
     }
 
     /**
@@ -66,7 +66,7 @@ public function buildKeyPair($bits){
      */
     public function buildPublicKey(BigInteger $n, BigInteger $e){
         $public_key_pem = $this->rsa_imp->_convertPublicKey($n, $e);
-        return new _RSAPublicKeyPEMFornat($public_key_pem);
+        return new _RSAPublicKeyPEMFormat($public_key_pem);
     }
 
     /**
@@ -78,7 +78,7 @@ public function buildMinimalPrivateKey(\Math_BigInteger $n, \Math_BigInteger $d)
         $this->rsa_imp->modulus = $n;
         $this->rsa_imp->exponent = $d;
         $private_key_pem = $this->rsa_imp->_getPrivatePublicKey();
-        return new _RSAPrivateKeyPEMFornat($private_key_pem);
+        return new _RSAPrivateKeyPEMFormat($private_key_pem);
     }
 
     /**
@@ -109,7 +109,7 @@ public function buildPrivateKey(BigInteger $n,
             array($dp, $dq),
             array($qi, $qi)
         );
-        return new _RSAPrivateKeyPEMFornat($private_key_pem);
+        return new _RSAPrivateKeyPEMFormat($private_key_pem);
     }
 
     /**
@@ -119,7 +119,7 @@ public function buildPrivateKey(BigInteger $n,
      * @throws RSABadPEMFormat
      */
     public function buildPrivateKeyFromPEM($private_key_pem, $password = null){
-       return new _RSAPrivateKeyPEMFornat($private_key_pem, $password);
+       return new _RSAPrivateKeyPEMFormat($private_key_pem, $password);
     }
 
     /**
@@ -128,7 +128,7 @@ public function buildPrivateKeyFromPEM($private_key_pem, $password = null){
      * @throws RSABadPEMFormat
      */
     public function buildPublicKeyFromPEM($public_key_pem){
-        return new _RSAPublicKeyPEMFornat($public_key_pem);
+        return new _RSAPublicKeyPEMFormat($public_key_pem);
     }
 
 }
diff --git a/src/security/rsa/RSAPrivateKey.php b/src/security/rsa/RSAPrivateKey.php
@@ -11,13 +11,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+use security\KeyWithPassword;
 use security\PrivateKey;
 use phpseclib\Math\BigInteger;
 /**
  * Interface RSAPrivateKey
  * @package security\rsa
  */
-interface RSAPrivateKey extends RSAPublicKey, PrivateKey {
+interface RSAPrivateKey extends RSAPublicKey, PrivateKey, KeyWithPassword {
 
     /**
      * The "d" (private exponent)
diff --git a/src/security/rsa/_AbstractRSAKeyPEMFormat.php b/src/security/rsa/_AbstractRSAKeyPEMFormat.php
@@ -15,10 +15,10 @@
 use phpseclib\Crypt\RSA;
 use phpseclib\Math\BigInteger;
 /**
- * Class _AbstractRSAKeyPEMFornat
+ * Class _AbstractRSAKeyPEMFormat
  * @package security\rsa
  */
-abstract class _AbstractRSAKeyPEMFornat {
+abstract class _AbstractRSAKeyPEMFormat {
 
     /**
      * @var string
@@ -35,6 +35,25 @@ abstract class _AbstractRSAKeyPEMFornat {
      */
     protected $n;
 
+    /**
+     * @var string
+     */
+    protected $password;
+
+    /**
+     * @return null|string
+     */
+    public function getPassword():?string{
+        return $this->password;
+    }
+
+    /**
+     * @return bool
+     */
+    public function hasPassword():bool{
+        return !empty($this->password);
+    }
+
     /**
      * @param string $pem_format
      * @param string $password
@@ -45,8 +64,10 @@ public function __construct($pem_format, $password = null){
         $this->pem_format = $pem_format;
         $this->rsa_imp    = new RSA();
 
-        if(!empty($password))
-            $this->rsa_imp->setPassword($password);
+        if(!empty($password)) {
+            $this->password = trim($password);
+            $this->rsa_imp->setPassword($this->password);
+        }
 
         $res = $this->rsa_imp->loadKey($this->pem_format, RSA::PRIVATE_FORMAT_PKCS1);
 
diff --git a/src/security/rsa/_RSAPrivateKeyPEMFormat.php b/src/security/rsa/_RSAPrivateKeyPEMFormat.php
@@ -18,8 +18,8 @@
  * Class _RSAPrivateKeyPEMFornat
  * @package security\rsa
  */
-final class _RSAPrivateKeyPEMFornat
-    extends _RSAPublicKeyPEMFornat
+final class _RSAPrivateKeyPEMFormat
+    extends _RSAPublicKeyPEMFormat
     implements RSAPrivateKey {
 
     /**
@@ -55,11 +55,7 @@ public function getPrivateExponent()
      */
     public function getEncoded()
     {
-        $pem = $this->rsa_imp->getPrivateKey(RSA::PUBLIC_FORMAT_PKCS1);
-        $pem = preg_replace('/\-+BEGIN RSA PRIVATE KEY\-+/','',$pem);
-        $pem = preg_replace('/\-+END RSA PRIVATE KEY\-+/','',$pem);
-        $pem = str_replace( array("\n","\r","\t"), '', trim($pem));
-        return $pem;
+        return $this->rsa_imp->getPrivateKey(RSA::PRIVATE_FORMAT_PKCS1);
     }
 
     /**
@@ -70,4 +66,15 @@ public function getFormat()
         return 'PKCS1';
     }
 
+    /**
+     * @return string
+     */
+    public function getStrippedEncoded(): string
+    {
+        $pem = preg_replace('/\-+BEGIN RSA PRIVATE KEY\-+/','',$this->getEncoded());
+        $pem = preg_replace('/\-+END RSA PRIVATE KEY\-+/','',$pem);
+        $pem = str_replace( array("\n","\r","\t"), '', trim($pem));
+        return $pem;
+    }
+
 }
diff --git a/src/security/rsa/_RSAPublicKeyPEMFormat.php b/src/security/rsa/_RSAPublicKeyPEMFormat.php
@@ -18,8 +18,8 @@
  * Class _RSAPublicKeyPEMFornat
  * @package security\rsa
  */
-class _RSAPublicKeyPEMFornat
-    extends _AbstractRSAKeyPEMFornat
+class _RSAPublicKeyPEMFormat
+    extends _AbstractRSAKeyPEMFormat
     implements RSAPublicKey {
 
     /**
@@ -59,11 +59,7 @@ public function getAlgorithm()
      */
     public function getEncoded()
     {
-        $pem = $this->rsa_imp->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
-        $pem = preg_replace('/\-+BEGIN PUBLIC KEY\-+/','',$pem);
-        $pem = preg_replace('/\-+END PUBLIC KEY\-+/','',$pem);
-        $pem = str_replace( array("\n","\r","\t"), '', trim($pem));
-        return $pem;
+        return $this->rsa_imp->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
     }
 
     /**
@@ -81,4 +77,15 @@ public function getBitLength()
     {
         return $this->rsa_imp->getSize();
     }
+
+    /**
+     * @return string
+     */
+    public function getStrippedEncoded(): string
+    {
+        $pem = preg_replace('/\-+BEGIN PUBLIC KEY\-+/','', $this->getEncoded());
+        $pem = preg_replace('/\-+END PUBLIC KEY\-+/','',$pem);
+        $pem = str_replace( array("\n","\r","\t"), '', trim($pem));
+        return $pem;
+    }
 }
diff --git a/tests/JsonWebSignatureTest.php b/tests/JsonWebSignatureTest.php
diff --git a/tests/TestKeys.php b/tests/TestKeys.php

Original file line number	Diff line number	Diff line change
`@@ -77,4 +77,12 @@ public function getBitLength()`
`77`	`77`	`{`
`78`	`78`	`return ByteUtil::bitLength(strlen($this->value));`
`79`	`79`	`}`
	`80`	`+`
	`81`	`+ /**`
	`82`	`+ * @return string`
	`83`	`+ */`
	`84`	`+ public function getStrippedEncoded(): string`
	`85`	`+ {`
	`86`	`+ return $this->getEncoded();`
	`87`	`+ }`
`80`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ protected function __construct(Key $secret, $headers = array())`
`48`	`48`
`49`	`49`	`$this->key = $secret;`
`50`	`50`
`51`		`- $this->set[OctetSequenceKeysParameters::Key] = new StringOrURI($b64->encode($secret->getEncoded()));`
	`51`	`+ $this->set[OctetSequenceKeysParameters::Key] = new StringOrURI($b64->encode($secret->getStrippedEncoded()));`
`52`	`52`
`53`	`53`	`}`
`54`	`54`
Original file line number	Diff line number	Diff line change
`@@ -68,4 +68,12 @@ public function getSecret()`
`68`	`68`	`{`
`69`	`69`	`return $this->secret;`
`70`	`70`	`}`
	`71`	`+`
	`72`	`+ /**`
	`73`	`+ * @return string`
	`74`	`+ */`
	`75`	`+ public function getStrippedEncoded(): string`
	`76`	`+ {`
	`77`	`+ return $this->getEncoded();`
	`78`	`+ }`
`71`	`79`	`}`