/**
*
* @see \CryptoUtil\Crypto\Crypto::sign()
*/
public function sign($data, PrivateKeyInfo $privkey_info, SignatureAlgorithmIdentifier $algo)
{
$this->_checkSignatureAlgoAndKey($algo, $privkey_info->algorithmIdentifier());
$result = openssl_sign($data, $signature, $privkey_info->toPEM(), $this->_algoToDigest($algo));
if (false === $result) {
throw new \RuntimeException("openssl_sign() failed: " . $this->_getLastError());
}
return new Signature($signature);
}
/**
* Initialize private key from PEM.
*
* @param PEM $pem
* @throws \UnexpectedValueException
* @return self
*/
public static function fromPEM(PEM $pem)
{
switch ($pem->type()) {
case PEM::TYPE_RSA_PRIVATE_KEY:
return RSAPrivateKey::fromDER($pem->data());
case PEM::TYPE_EC_PRIVATE_KEY:
return ECPrivateKey::fromDER($pem->data());
case PEM::TYPE_PRIVATE_KEY:
return PrivateKeyInfo::fromDER($pem->data())->privateKey();
}
throw new \UnexpectedValueException("PEM type " . $pem->type() . " is not a valid private key.");
}
/**
*
* @see PrivateKey::fromPEM()
* @param PEM $pem
* @throws \UnexpectedValueException
* @return self
*/
public static function fromPEM(PEM $pem)
{
if ($pem->type() == PEM::TYPE_EC_PRIVATE_KEY) {
return self::fromDER($pem->data());
}
if ($pem->type() != PEM::TYPE_PRIVATE_KEY) {
throw new \UnexpectedValueException("Not a private key.");
}
$pki = PrivateKeyInfo::fromDER($pem->data());
$algo = $pki->algorithmIdentifier();
if ($algo->oid() != AlgorithmIdentifier::OID_EC_PUBLIC_KEY) {
throw new \UnexpectedValueException("Not an elliptic curve key.");
}
$obj = self::fromDER($pki->privateKeyData());
if (!isset($obj->_namedCurve)) {
$obj->_namedCurve = $algo->namedCurve();
}
return $obj;
}
/**
* Convert JWK to PEM.
*
* @return PEM PRIVATE KEY
*/
public function toPEM()
{
$n = $this->modulusParameter()->number()->base10();
$e = $this->exponentParameter()->number()->base10();
$d = $this->privateExponentParameter()->number()->base10();
$p = $this->firstPrimeFactorParameter()->number()->base10();
$q = $this->secondPrimeFactorParameter()->number()->base10();
$dp = $this->firstFactorCRTExponentParameter()->number()->base10();
$dq = $this->secondFactorCRTExponentParameter()->number()->base10();
$qi = $this->firstCRTCoefficientParameter()->number()->base10();
$pk = new RSAPrivateKey($n, $e, $d, $p, $q, $dp, $dq, $qi);
$pki = new PrivateKeyInfo(new RSAEncryptionAlgorithmIdentifier(), $pk->toDER());
return $pki->toPEM();
}
/**
* Initialize from a PrivateKeyInfo object.
*
* @param PrivateKeyInfo $pki PrivateKeyInfo
* @return self
*/
public static function fromPrivateKeyInfo(PrivateKeyInfo $pki)
{
return self::fromPrivateKey($pki->privateKey());
}
/**
* Decrypt PrivateKeyInfo from the encrypted data.
*
* @param string $password
* @param Crypto $crypto
* @return PrivateKeyInfo
*/
public function decryptPrivateKeyInfo($password, Crypto $crypto)
{
try {
$scheme = PBEScheme::fromAlgorithmIdentifier($this->_algo, $crypto);
$data = $scheme->decrypt($this->_data, $password);
return PrivateKeyInfo::fromASN1(Sequence::fromDER($data));
} catch (\RuntimeException $e) {
throw new \RuntimeException("Failed to decrypt private key.", 0, $e);
}
}
/**
*
* @see PrivateKey::fromPEM()
* @param PEM $pem
* @throws \UnexpectedValueException
* @return self
*/
public static function fromPEM(PEM $pem)
{
if ($pem->type() == PEM::TYPE_RSA_PRIVATE_KEY) {
return self::fromDER($pem->data());
}
if ($pem->type() != PEM::TYPE_PRIVATE_KEY) {
throw new \UnexpectedValueException("Invalid PEM type.");
}
$pki = PrivateKeyInfo::fromDER($pem->data());
if ($pki->algorithmIdentifier()->oid() != AlgorithmIdentifier::OID_RSA_ENCRYPTION) {
throw new \UnexpectedValueException("Not an RSA private key.");
}
return self::fromDER($pki->privateKeyData());
}