/**
*
* @see \JWX\JWS\SignatureAlgorithm::computeSignature()
* @throws \LogicException If private key was not provided
* @throws \RuntimeException For generic errors
* @return string
*/
public function computeSignature($data)
{
/**
* NOTE: OpenSSL uses PKCS #1 v1.5 padding by default, so no explicit
* padding is required by sign and verify operations.
*/
if (!isset($this->_privateKey)) {
throw new \LogicException("Private key not set.");
}
$key = openssl_pkey_get_private($this->_privateKey->toPEM()->string());
if (!$key) {
throw new \RuntimeException("openssl_pkey_get_private() failed: " . $this->_getLastOpenSSLError());
}
$result = @openssl_sign($data, $signature, $key, $this->_mdMethod());
if (!$result) {
throw new \RuntimeException("openssl_sign() failed: " . $this->_getLastOpenSSLError());
}
return $signature;
}
/**
* Constructor
*
* @param JWKParameter ...$params
* @throws \UnexpectedValueException If missing required parameter
*/
public function __construct(JWKParameter ...$params)
{
parent::__construct(...$params);
foreach (self::MANAGED_PARAMS as $name) {
if (!$this->has($name)) {
throw new \UnexpectedValueException("Missing '{$name}' parameter.");
}
}
if ($this->keyTypeParameter()->value() != KeyTypeParameter::TYPE_RSA) {
throw new \UnexpectedValueException("Invalid key type.");
}
// cast private exponent to correct class
$key = JWKParameter::PARAM_PRIVATE_EXPONENT;
$this->_parameters[$key] = new PrivateExponentParameter($this->_parameters[$key]->value());
}
