Esempio n. 1
0
 function testRSAOAEP256()
 {
     $cek = base64_decode('VIWbNCxJ6io=');
     $private_set = new KeySet();
     $private_set->add(new RSAKey(array("kty" => "RSA", "kid" => "rsa-oaep-256", "n" => "pylWkxVbGBO7hId_tFNDVW4FaAQ95ZEIcqOlGMwR4j4tt06vRUUGjE49JYonGPus3MPq-kV2lblX6I-_EQrtBJqZLZxDAjLQLzUpxno0GZNeqbVp-FsbzTfea4mc1iaX6EMTD_BSnQnJfYE8sV8pN1H_VvlD-9q7Y5ccx_T21b_xWUQWsfWQe95ahKRPmALvKbQ72hlg-Uj4r7h2bBq4DTLuyI7WbQtlrr5EptCzxeCrBRqqG5EvvMF7jnUd3sxTZbbbbasAIMMFfbQBOlEhOleYo6q2eYWw9NiGJ6VKDz8ChfvLSv3-tlyxU69mglZW1DI4t1UDIxUAdT9OQh48Vw", "e" => "AQAB", "d" => "ZdrVasffertDTky17q2xYJOqbafwAzqtOBUomwR1fTK_7mred0nI5KMjtQUKL7niqZ4jRp4e1Lpbq1QzavIKW_zLizQkzGkj2y_8pXh-2HqoeqYUzQTO2uvI9iOi0gYwF5EPQ23_GLsG8BdYYQeH-LJY8Kjv2L194wAHxHsqEDFpbH1lI7wZHU2RiSen4LCVhO0gW9L_T8Q4JnjfgjU_dTKzu7gdaePzkHCu0_tk_OAyoIno5klVr6UhOm6yQSMb2Y1wL7pyWpsgWVL9oYZBLZ4Nk0TSmYxFWtjCuuhe5nJ1FGbVKIMEAytbfgL35VjHr4LH-_WO6gu07w8AHmzQqQ", "p" => "1P2aw0dPuDqvgyRwZDYJZZ5RGzImMrI5tojzzSqth1J9bPZS-5ycpnlA6EeJRE8umbDLDPq71N6VOWEGyGXzji-3uCsjEmCpTfDgF1a_c84DhoaNnEFkVWCoGvL1PBjk983z1R2AJnNy5uAhavv2f2VclFB2nMpJTk9mMbI5zhs", "q" => "yOqg4qGzpEEqcCvM2pP00VDaYNc2yZx8Vm_epN0bQBy8DYwGParwtXmVPTY0OqGLM9v4uerpRFJJDMkFJF-Pe54psaKIvGZzGinh3RpFyf1_gjj_cnrcSf_3OZHQ3AliBrnToI9h50YuK4BNeMuMXszbm3-9Ktao_qRsEFPhvnU", "dp" => "EO3LVEQhwPnhI2JNEJn-6zXHKos04Aisb6a5AhCnVD8pOvTlKZyMEutGTnAJKAXHJW4Y5YI0VboPUE029cysrBt81cWP9xD5w_kmRpSdiP3R5-pf7RCBggu5sNKozUsJP-z9uW2r1uKMOm-MGG3IbN3Imv0-QD4Pz4qeC8snrws", "dq" => "l_wlSEtaQV6qY8A-bvqNr-mhyLAE2e5ugFSP79byzkTuXLEX535wKFeY9X0TdWbOjqRQOxPg8bXtXKaUJTfEqpayo5V4Kky1tY0JNuCw-mOxGSlU05ztF21x7zLG9CyE4uGfnU3ZmcIVGwMrl70iqnP9jFvNFaLcpARtWsyZcCE", "qi" => "S7gGTh7_fp78PEV4_O21nKSu8Jk6gxLf3LGz3s9FiqZlDT0IZvFDy_DTgl6TgRgRcKChZR7vzX3veGuOs1ZVXZ-gfIW19cvddDgvESm142tBZrbMkVeSNplwhkghLEhJWDUf3JzxTyGNvn-_fL2TogmkaB_iPOtEurZ9ZvRdHJ0"), 'php'));
     $public_set = new KeySet();
     $public_set->add($private_set->getById('rsa-oaep-256')->getPublicKey());
     $headers = array();
     $alg = new RSAES('RSA-OAEP-256');
     $encrypted_key = $alg->encryptKey($cek, $public_set, $headers);
     $new_cek = $alg->decryptKey($encrypted_key, $private_set, $headers);
     $this->assertEquals(base64_encode($cek), base64_encode($new_cek));
 }
Esempio n. 2
0
 protected function getPublicKeySet()
 {
     $private = $this->getPrivateKeySet();
     $set = new KeySet();
     foreach ($private->getKeys() as $key) {
         if ($key instanceof SymmetricKey) {
             $set->add($key);
         } else {
             $set->add($key->getPublicKey());
         }
     }
     return $set;
 }
Esempio n. 3
0
 /**
  * Adds the server's public keys.
  *
  * @return KeySetBuilder
  */
 function addServerPublicKeys()
 {
     $f3 = Base::instance();
     $config = $f3->get('config');
     if (isset($config['public_jwks_file'])) {
         $server_jwks = new KeySet();
         $server_jwks->load(file_get_contents($config['public_jwks_file']));
         $this->set->addAll($server_jwks);
     }
     return $this;
 }
Esempio n. 4
0
 /**
  * Detects the format of key data and returns a key object.
  *
  * The supported formats are:
  *
  * - `php` - JSON web key formatted as a PHP associative array
  * - `json` - JSON web key
  * - `pem` - the public or private key encoded in PEM (base64 encoded DER) format
  * - `jwe` - Encrypted JSON web key
  *
  * @param string $data the key data
  * @param string $format the format
  * @param string $password the password, if the key is password protected
  * @param string $alg the algorithm, if the key is password protected
  * @return Key the key object
  * @throws KeyException if an error occurs in reading the data
  */
 public static function create($data, $format = null, $password = null, $alg = 'PBES2-HS256+A128KW')
 {
     // 1. Detect format
     if ($format == null || $format == 'auto') {
         if (is_array($data)) {
             $format = 'php';
         } elseif (json_decode($data, true) != null) {
             $format = 'json';
         } elseif (substr_count($data, '.') == 5) {
             $format = 'jwe';
         } elseif (preg_match('/-----([^-:]+)-----/', $data)) {
             $format = 'pem';
         }
     }
     if ($format == null || $format == 'auto') {
         throw new KeyException('Cannot detect key format');
     }
     // 2. Decode JSON
     if ($format == 'json') {
         $json = json_decode($data, true);
         if (isset($json['ciphertext'])) {
             $format = 'jwe';
         } else {
             $data = $json;
             $format = 'php';
         }
     }
     // 3. JWE
     if ($format == 'jwe') {
         if ($password == null) {
             throw new KeyException('No password for encrypted key');
         } else {
             $keys = KeySet::createFromSecret($password, 'bin');
             try {
                 $jwe = JWE::decrypt($data, $keys, $alg, isset($data['ciphertext']) ? JWE::JSON_FORMAT : JWE::COMPACT_FORMAT);
                 $data = json_decode($jwe->getPlaintext());
                 $format = 'php';
             } catch (CryptException $e) {
                 throw new KeyException('Cannot decrypt key', 0, $e);
             }
         }
     }
     // 4. PHP/JSON
     if ($format == 'php') {
         if ($data != null && isset($data['kty'])) {
             if (isset(self::$jwk_kty_map[$data['kty']])) {
                 return new self::$jwk_kty_map[$data['kty']]($data, 'php');
             }
         }
     }
     // 4. PEM
     if ($format == 'pem') {
         if (preg_match(Key::PEM_PUBLIC, $data, $matches)) {
             $der = base64_decode($matches[1]);
             if ($der === FALSE) {
                 throw new KeyException('Cannot read PEM key');
             }
             $offset = 0;
             $offset += ASN1::readDER($der, $offset, $value);
             // SEQUENCE
             $offset += ASN1::readDER($der, $offset, $value);
             // SEQUENCE
             $offset += ASN1::readDER($der, $offset, $algorithm);
             // OBJECT IDENTIFIER - AlgorithmIdentifier
             $oid = ASN1::decodeOID($algorithm);
             if (isset(self::$oid_map[$oid])) {
                 return new self::$oid_map[$oid]($data, 'pem');
             }
         } else {
             foreach (self::$pem_map as $regex => $cls) {
                 if (preg_match($regex, $data)) {
                     return new $cls($data, 'pem');
                 }
             }
         }
     }
     // 5. Symmetric key
     if ($format == 'base64url' || $format == 'base64' || $format == 'bin') {
         return new SymmetricKey($data, $format);
     }
     return null;
 }
Esempio n. 5
0
 /**
  * Displays the JSON web key for this installation.
  */
 public function jwks()
 {
     $config = $this->f3->get('config');
     if (!isset($config['public_jwks_file'])) {
         $this->f3->status(404);
         $this->fatalError($this->t('No web key file found.'));
     }
     $set = new KeySet();
     $set->load(file_get_contents($config['public_jwks_file']));
     if (!$set->isPublic()) {
         $this->f3->status(401);
         $this->fatalError($this->t('Web key file not public.'));
     }
     header('Content-Type: application/jwk-set+json');
     header('Content-Disposition: inline; filename=jwks.json');
     print $set->toJWKS();
 }
Esempio n. 6
0
 protected function getKeySet($password)
 {
     return \SimpleJWT\Keys\KeySet::createFromSecret($password, 'bin');
 }
Esempio n. 7
0
 /**
  * Convenience function for creating a `KeySet` from a single symmetric
  * key.
  *
  * @param string $secret the secret
  * @param string $format the format of the secret - see {@link SymmetricKey::__create()}
  * for further details
  * @return KeySet the created key set
  */
 public static function createFromSecret($secret, $format = 'bin')
 {
     $set = new KeySet();
     $key = new SymmetricKey($secret, $format);
     $set->add($key);
     return $set;
 }
Esempio n. 8
0
 public function execute(InputInterface $input, OutputInterface $output)
 {
     parent::execute($input, $output);
     $key_file = $input->getArgument('key_file');
     if (!file_exists($key_file)) {
         $output->writeln('File not found: ' . $key_file);
         return 1;
     }
     $jwks_file = $input->getArgument('jwks_file');
     if (file_exists($jwks_file)) {
         $set = $this->loadKeySet(file_get_contents($jwks_file));
     } else {
         if ($input->getOption('create')) {
             $set = new KeySet();
         } else {
             $output->writeln('File not found: ' . $jwks_file);
             return 1;
         }
     }
     try {
         $key = KeyFactory::create(file_get_contents($key_file), $input->getOption('format'));
     } catch (KeyException $e) {
         $output->writeln($e->getMessage());
         return 2;
     }
     if ($key == null) {
         $output->writeln('Key format or type not recognised');
         return 2;
     }
     if ($input->getOption('id')) {
         $key->setKeyId($input->getOption('id'));
     }
     if ($input->getOption('use')) {
         $key->setUse($input->getOption('use'));
     }
     if ($input->getOption('ops')) {
         $key->setOperations($input->getOption('ops'));
     }
     try {
         $set->add($key);
     } catch (KeyException $e) {
         $output->writeln($e->getMessage());
         return 2;
     }
     $output->writeln('Added key: ' . $key->getKeyId());
     file_put_contents($jwks_file, $this->saveKeySet($set));
 }
Esempio n. 9
0
 private function getKeySetFromPassword($password, $headers)
 {
     $salt = $headers['alg'] . "" . Util::base64url_decode($headers['p2s']);
     $hash = hash_pbkdf2($this->hash_alg, $password, $salt, $headers['p2c'], $this->getAESKWKeySize() / 8, true);
     $keys = new KeySet();
     $keys->add(new SymmetricKey($hash, 'bin'));
     return $keys;
 }
Esempio n. 10
0
 /**
  * Returns a key as a JSON web key.
  *
  * If `$password` is null or if the key is a public key, an unencrypted JSON
  * structure is returned.
  *
  * If `$password` is not null and the key is a private key, a JWE is created
  * using PBES2 key encryption.
  *
  * @param string $password the password
  * @return string the key set
  */
 public function toJWK($password = null)
 {
     $json = json_encode($this->data);
     if ($password == null || $this->isPublic()) {
         return $json;
     }
     $keys = KeySet::createFromSecret($password, 'bin');
     $headers = array('alg' => 'PBES2-HS256+A128KW', 'enc' => 'A128CBC-HS256', 'cty' => 'jwk+json');
     $jwe = new JWE($headers, $json);
     return $jwe->encrypt($keys);
 }
Esempio n. 11
0
 protected function getKeySet($kek)
 {
     return \SimpleJWT\Keys\KeySet::createFromSecret($kek, 'bin');
 }