eddydesigner/conservatorio-tomadini
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

primo commit

Browse Source
This commit is contained in:
Eddy Prosperi
2024-12-17 17:34:10 +01:00
commit e650f8df99
16435 changed files with 2451012 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/AlgorithmAnalyzer.php vendored Normal file
View File

@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class AlgorithmAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('alg')) {
$bag->add(Message::medium('The parameter "alg" should be added.'));
}
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES256KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES256KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES256';
}
protected function getCurveName(): string
{
return 'P-256';
}
protected function getCurve(): Curve
{
return NistCurve::curve256();
}
protected function getKeySize(): int
{
return 256;
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES384KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES384KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES384';
}
protected function getCurveName(): string
{
return 'P-384';
}
protected function getCurve(): Curve
{
return NistCurve::curve384();
}
protected function getKeySize(): int
{
return 384;
}
}

31
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ES512KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\Util\Ecc\Curve;
use Jose\Component\Core\Util\Ecc\NistCurve;
final class ES512KeyAnalyzer extends ESKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'ES512';
}
protected function getCurveName(): string
{
return 'P-521';
}
protected function getCurve(): Curve
{
return NistCurve::curve521();
}
protected function getKeySize(): int
{
return 528;
}
}

66
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ESKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,66 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Brick\Math\BigInteger;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use Jose\Component\Core\Util\Ecc\Curve;
use function is_string;
abstract class ESKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'EC') {
return;
}
if (! $jwk->has('crv')) {
$bag->add(Message::high('Invalid key. The components "crv" is missing.'));
return;
}
if ($jwk->get('crv') !== $this->getCurveName()) {
return;
}
$x = $jwk->get('x');
if (! is_string($x)) {
$bag->add(Message::high('Invalid key. The components "x" shall be a string.'));
return;
}
$x = Base64UrlSafe::decodeNoPadding($x);
$xLength = 8 * mb_strlen($x, '8bit');
$y = $jwk->get('y');
if (! is_string($y)) {
$bag->add(Message::high('Invalid key. The components "y" shall be a string.'));
return;
}
$y = Base64UrlSafe::decodeNoPadding($y);
$yLength = 8 * mb_strlen($y, '8bit');
if ($yLength !== $xLength || $yLength !== $this->getKeySize()) {
$bag->add(
Message::high(sprintf(
'Invalid key. The components "x" and "y" size shall be %d bits.',
$this->getKeySize()
))
);
}
$xBI = BigInteger::fromBase(bin2hex($x), 16);
$yBI = BigInteger::fromBase(bin2hex($y), 16);
if (! $this->getCurve()->contains($xBI, $yBI)) {
$bag->add(Message::high('Invalid key. The point is not on the curve.'));
}
}
abstract protected function getAlgorithmName(): string;
abstract protected function getCurveName(): string;
abstract protected function getCurve(): Curve;
abstract protected function getKeySize(): int;
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS256KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS256KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS256';
}
protected function getMinimumKeySize(): int
{
return 256;
}
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS384KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS384KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS384';
}
protected function getMinimumKeySize(): int
{
return 384;
}
}

18
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HS512KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
final class HS512KeyAnalyzer extends HSKeyAnalyzer
{
protected function getAlgorithmName(): string
{
return 'HS512';
}
protected function getMinimumKeySize(): int
{
return 512;
}
}

42
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/HSKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,42 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_string;
abstract class HSKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
if (! $jwk->has('alg') || $jwk->get('alg') !== $this->getAlgorithmName()) {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
$kLength = 8 * mb_strlen($k, '8bit');
if ($kLength < $this->getMinimumKeySize()) {
$bag->add(
Message::high(sprintf(
'HS512 algorithm requires at least %d bits key length.',
$this->getMinimumKeySize()
))
);
}
}
abstract protected function getAlgorithmName(): string;
abstract protected function getMinimumKeySize(): int;
}

15
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,15 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
interface KeyAnalyzer
{
/**
* This method will analyse the key and add messages to the message bag if needed.
*/
public function analyze(JWK $jwk, MessageBag $bag): void;
}

36
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyAnalyzerManager.php vendored Normal file
View File

@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
class KeyAnalyzerManager
{
/**
* @var KeyAnalyzer[]
*/
private array $analyzers = [];
/**
* Adds a Key Analyzer to the manager.
*/
public function add(KeyAnalyzer $analyzer): void
{
$this->analyzers[] = $analyzer;
}
/**
* This method will analyze the JWK object using all analyzers. It returns a message bag that may contains messages.
*/
public function analyze(JWK $jwk): MessageBag
{
$bag = new MessageBag();
foreach ($this->analyzers as $analyzer) {
$analyzer->analyze($jwk, $bag);
}
return $bag;
}
}

17
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeyIdentifierAnalyzer.php vendored Normal file
View File

@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class KeyIdentifierAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('kid')) {
$bag->add(Message::medium('The parameter "kid" should be added.'));
}
}
}

15
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeysetAnalyzer.php vendored Normal file
View File

@ -0,0 +1,15 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
interface KeysetAnalyzer
{
/**
* This method will analyse the key set and add messages to the message bag if needed.
*/
public function analyze(JWKSet $JWKSet, MessageBag $bag): void;
}

37
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/KeysetAnalyzerManager.php vendored Normal file
View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
class KeysetAnalyzerManager
{
/**
* @var KeysetAnalyzer[]
*/
private array $analyzers = [];
/**
* Adds a Keyset Analyzer to the manager.
*/
public function add(KeysetAnalyzer $analyzer): void
{
$this->analyzers[] = $analyzer;
}
/**
* This method will analyze the JWKSet object using all analyzers. It returns a message bag that may contains
* messages.
*/
public function analyze(JWKSet $jwkset): MessageBag
{
$bag = new MessageBag();
foreach ($this->analyzers as $analyzer) {
$analyzer->analyze($jwkset, $bag);
}
return $bag;
}
}

70
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/Message.php vendored Normal file
View File

@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use JsonSerializable;
class Message implements JsonSerializable
{
final public const SEVERITY_LOW = 'low';
final public const SEVERITY_MEDIUM = 'medium';
final public const SEVERITY_HIGH = 'high';
private function __construct(
private readonly string $message,
private readonly string $severity
) {
}
/**
* Creates a message with severity=low.
*/
public static function low(string $message): self
{
return new self($message, self::SEVERITY_LOW);
}
/**
* Creates a message with severity=medium.
*/
public static function medium(string $message): self
{
return new self($message, self::SEVERITY_MEDIUM);
}
/**
* Creates a message with severity=high.
*/
public static function high(string $message): self
{
return new self($message, self::SEVERITY_HIGH);
}
/**
* Returns the message.
*/
public function getMessage(): string
{
return $this->message;
}
/**
* Returns the severity of the message.
*/
public function getSeverity(): string
{
return $this->severity;
}
public function jsonSerialize(): array
{
return [
'message' => $this->message,
'severity' => $this->severity,
];
}
}

53
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MessageBag.php vendored Normal file
View File

@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use ArrayIterator;
use Countable;
use IteratorAggregate;
use JsonSerializable;
use Traversable;
use function count;
class MessageBag implements JsonSerializable, IteratorAggregate, Countable
{
/**
* @var Message[]
*/
private array $messages = [];
/**
* Adds a message to the message bag.
*/
public function add(Message $message): void
{
$this->messages[] = $message;
}
/**
* Returns all messages.
*
* @return Message[]
*/
public function all(): array
{
return $this->messages;
}
public function jsonSerialize(): array
{
return array_values($this->messages);
}
public function count(): int
{
return count($this->messages);
}
public function getIterator(): Traversable
{
return new ArrayIterator($this->messages);
}
}

40
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MixedKeyTypes.php vendored Normal file
View File

@ -0,0 +1,40 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
final class MixedKeyTypes implements KeysetAnalyzer
{
public function analyze(JWKSet $jwkset, MessageBag $bag): void
{
if ($jwkset->count() === 0) {
return;
}
$hasSymmetricKeys = false;
$hasAsymmetricKeys = false;
foreach ($jwkset as $jwk) {
switch ($jwk->get('kty')) {
case 'oct':
$hasSymmetricKeys = true;
break;
case 'OKP':
case 'RSA':
case 'EC':
$hasAsymmetricKeys = true;
break;
}
}
if ($hasAsymmetricKeys && $hasSymmetricKeys) {
$bag->add(Message::medium('This key set mixes symmetric and asymmetric keys.'));
}
}
}

39
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/MixedPublicAndPrivateKeys.php vendored Normal file
View File

@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWKSet;
final class MixedPublicAndPrivateKeys implements KeysetAnalyzer
{
public function analyze(JWKSet $jwkset, MessageBag $bag): void
{
if ($jwkset->count() === 0) {
return;
}
$hasPublicKeys = false;
$hasPrivateKeys = false;
foreach ($jwkset as $jwk) {
switch ($jwk->get('kty')) {
case 'OKP':
case 'RSA':
case 'EC':
if ($jwk->has('d')) {
$hasPrivateKeys = true;
} else {
$hasPublicKeys = true;
}
break;
}
}
if ($hasPrivateKeys && $hasPublicKeys) {
$bag->add(Message::high('This key set mixes public and private keys.'));
}
}
}

23
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/NoneAnalyzer.php vendored Normal file
View File

@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
final class NoneAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'none') {
return;
}
$bag->add(
Message::high(
'This key is a meant to be used with the algorithm "none". This algorithm is not secured and should be used with care.'
)
);
}
}

30
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/OctAnalyzer.php vendored Normal file
View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_string;
final class OctAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
$kLength = 8 * mb_strlen($k, '8bit');
if ($kLength < 128) {
$bag->add(Message::high('The key length is less than 128 bits.'));
}
}
}

64
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/RsaAnalyzer.php vendored Normal file
View File

@ -0,0 +1,64 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use function is_array;
use function is_string;
final class RsaAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'RSA') {
return;
}
$this->checkExponent($jwk, $bag);
$this->checkModulus($jwk, $bag);
}
private function checkExponent(JWK $jwk, MessageBag $bag): void
{
$e = $jwk->get('e');
if (! is_string($e)) {
$bag->add(Message::high('The exponent is not valid.'));
return;
}
$exponent = unpack('l', str_pad(Base64UrlSafe::decodeNoPadding($e), 4, "\0"));
if (! is_array($exponent) || ! isset($exponent[1])) {
throw new InvalidArgumentException('Unable to get the private key');
}
if ($exponent[1] < 65537) {
$bag->add(Message::high('The exponent is too low. It should be at least 65537.'));
}
}
private function checkModulus(JWK $jwk, MessageBag $bag): void
{
$n = $jwk->get('n');
if (! is_string($n)) {
$bag->add(Message::high('The modulus is not valid.'));
return;
}
$n = 8 * mb_strlen(Base64UrlSafe::decodeNoPadding($n), '8bit');
if ($n < 2048) {
$bag->add(Message::high('The key length is less than 2048 bits.'));
}
if ($jwk->has('d') && (! $jwk->has('p') || ! $jwk->has('q') || ! $jwk->has('dp') || ! $jwk->has(
'dq'
) || ! $jwk->has('qi'))) {
$bag->add(
Message::medium(
'The key is a private RSA key, but Chinese Remainder Theorem primes are missing. These primes are not mandatory, but signatures and decryption processes are faster when available.'
)
);
}
}
}

38
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/UsageAnalyzer.php vendored Normal file
View File

@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use function in_array;
final class UsageAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if (! $jwk->has('use')) {
$bag->add(Message::medium('The parameter "use" should be added.'));
} elseif (! in_array($jwk->get('use'), ['sig', 'enc'], true)) {
$bag->add(
Message::high(sprintf(
'The parameter "use" has an unsupported value "%s". Please use "sig" (signature) or "enc" (encryption).',
$jwk->get('use')
))
);
}
if ($jwk->has('key_ops') && ! in_array(
$jwk->get('key_ops'),
['sign', 'verify', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'],
true
)) {
$bag->add(
Message::high(sprintf(
'The parameter "key_ops" has an unsupported value "%s". Please use one of the following values: %s.',
$jwk->get('key_ops'),
implode(', ', ['verify', 'sign', 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])
))
);
}
}
}

55
libraries/vendor/web-token/jwt-library/KeyManagement/Analyzer/ZxcvbnKeyAnalyzer.php vendored Normal file
View File

@ -0,0 +1,55 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\Analyzer;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use Throwable;
use ZxcvbnPhp\Zxcvbn;
use function is_string;
final class ZxcvbnKeyAnalyzer implements KeyAnalyzer
{
public function analyze(JWK $jwk, MessageBag $bag): void
{
if ($jwk->get('kty') !== 'oct') {
return;
}
$k = $jwk->get('k');
if (! is_string($k)) {
$bag->add(Message::high('The key is not valid'));
return;
}
$k = Base64UrlSafe::decodeNoPadding($k);
if (! class_exists(Zxcvbn::class)) {
return;
}
$zxcvbn = new Zxcvbn();
try {
$strength = $zxcvbn->passwordStrength($k);
switch (true) {
case $strength['score'] < 3:
$bag->add(
Message::high(
'The octet string is weak and easily guessable. Please change your key as soon as possible.'
)
);
break;
case $strength['score'] === 3:
$bag->add(Message::medium('The octet string is safe, but a longer key is preferable.'));
break;
default:
break;
}
} catch (Throwable) {
$bag->add(Message::medium('The test of the weakness cannot be performed.'));
}
}
}

27
libraries/vendor/web-token/jwt-library/KeyManagement/JKUFactory.php vendored Normal file
View File

@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement;
use Jose\Component\Core\JWKSet;
use Jose\Component\Core\Util\JsonConverter;
use RuntimeException;
use function is_array;
class JKUFactory extends UrlKeySetFactory
{
/**
* This method will try to fetch the url a retrieve the key set. Throws an exception in case of failure.
*/
public function loadFromUrl(string $url, array $header = []): JWKSet
{
$content = $this->getContent($url, $header);
$data = JsonConverter::decode($content);
if (! is_array($data)) {
throw new RuntimeException('Invalid content.');
}
return JWKSet::createFromKeyData($data);
}
}

295
libraries/vendor/web-token/jwt-library/KeyManagement/JWKFactory.php vendored Normal file
View File

@ -0,0 +1,295 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Core\Util\Base64UrlSafe;
use Jose\Component\Core\Util\ECKey;
use Jose\Component\KeyManagement\KeyConverter\KeyConverter;
use Jose\Component\KeyManagement\KeyConverter\RSAKey;
use OpenSSLCertificate;
use RuntimeException;
use Throwable;
use function array_key_exists;
use function extension_loaded;
use function is_array;
use function is_string;
use const JSON_THROW_ON_ERROR;
use const OPENSSL_KEYTYPE_RSA;
/**
* @see \Jose\Tests\Component\KeyManagement\JWKFactoryTest
*/
class JWKFactory
{
/**
* Creates a RSA key with the given key size and additional values.
*
* @param int $size The key size in bits
* @param array<string, mixed> $values values to configure the key
*/
public static function createRSAKey(int $size, array $values = []): JWK
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
if ($size % 8 !== 0) {
throw new InvalidArgumentException('Invalid key size.');
}
if ($size < 512) {
throw new InvalidArgumentException('Key length is too short. It needs to be at least 512 bits.');
}
$key = openssl_pkey_new([
'private_key_bits' => $size,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
]);
if ($key === false) {
throw new InvalidArgumentException('Unable to create the key');
}
$details = openssl_pkey_get_details($key);
if (! is_array($details)) {
throw new InvalidArgumentException('Unable to create the key');
}
$rsa = RSAKey::createFromKeyDetails($details['rsa']);
$values = array_merge($values, $rsa->toArray());
return new JWK($values);
}
/**
* Creates a EC key with the given curve and additional values.
*
* @param string $curve The curve
* @param array<string, mixed> $values values to configure the key
*/
public static function createECKey(string $curve, array $values = []): JWK
{
return ECKey::createECKey($curve, $values);
}
/**
* Creates a octet key with the given key size and additional values.
*
* @param int $size The key size in bits
* @param array<string, mixed> $values values to configure the key
*/
public static function createOctKey(int $size, array $values = []): JWK
{
if ($size % 8 !== 0) {
throw new InvalidArgumentException('Invalid key size.');
}
return self::createFromSecret(random_bytes($size / 8), $values);
}
/**
* Creates a OKP key with the given curve and additional values.
*
* @param string $curve The curve
* @param array<string, mixed> $values values to configure the key
*/
public static function createOKPKey(string $curve, array $values = []): JWK
{
if (! extension_loaded('sodium')) {
throw new RuntimeException('The extension "sodium" is not available. Please install it to use this method');
}
switch ($curve) {
case 'X25519':
$keyPair = sodium_crypto_box_keypair();
$d = sodium_crypto_box_secretkey($keyPair);
$x = sodium_crypto_box_publickey($keyPair);
break;
case 'Ed25519':
$keyPair = sodium_crypto_sign_keypair();
$secret = sodium_crypto_sign_secretkey($keyPair);
$secretLength = mb_strlen($secret, '8bit');
$d = mb_substr($secret, 0, -$secretLength / 2, '8bit');
$x = sodium_crypto_sign_publickey($keyPair);
break;
default:
throw new InvalidArgumentException(sprintf('Unsupported "%s" curve', $curve));
}
$values = [
...$values,
'kty' => 'OKP',
'crv' => $curve,
'd' => Base64UrlSafe::encodeUnpadded($d),
'x' => Base64UrlSafe::encodeUnpadded($x),
];
return new JWK($values);
}
/**
* Creates a none key with the given additional values. Please note that this key type is not pat of any
* specification. It is used to prevent the use of the "none" algorithm with other key types.
*
* @param array<string, mixed> $values values to configure the key
*/
public static function createNoneKey(array $values = []): JWK
{
$values = [
...$values,
'kty' => 'none',
'alg' => 'none',
'use' => 'sig',
];
return new JWK($values);
}
/**
* Creates a key from a Json string.
*/
public static function createFromJsonObject(string $value): JWK|JWKSet
{
$json = json_decode($value, true, 512, JSON_THROW_ON_ERROR);
if (! is_array($json)) {
throw new InvalidArgumentException('Invalid key or key set.');
}
return self::createFromValues($json);
}
/**
* Creates a key or key set from the given input.
*/
public static function createFromValues(array $values): JWK|JWKSet
{
if (array_key_exists('keys', $values) && is_array($values['keys'])) {
return JWKSet::createFromKeyData($values);
}
return new JWK($values);
}
/**
* This method create a JWK object using a shared secret.
*/
public static function createFromSecret(string $secret, array $additional_values = []): JWK
{
$values = array_merge(
$additional_values,
[
'kty' => 'oct',
'k' => Base64UrlSafe::encodeUnpadded($secret),
]
);
return new JWK($values);
}
/**
* This method will try to load a X.509 certificate and convert it into a public key.
*/
public static function createFromCertificateFile(string $file, array $additional_values = []): JWK
{
$values = KeyConverter::loadKeyFromCertificateFile($file);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
/**
* Extract a keyfrom a key set identified by the given index .
*/
public static function createFromKeySet(JWKSet $jwkset, int|string $index): JWK
{
return $jwkset->get($index);
}
/**
* This method will try to load a PKCS#12 file and convert it into a public key.
*/
public static function createFromPKCS12CertificateFile(
string $file,
string $secret = '',
array $additional_values = []
): JWK {
try {
$content = file_get_contents($file);
if (! is_string($content)) {
throw new RuntimeException('Unable to read the file.');
}
openssl_pkcs12_read($content, $certs, $secret);
if (! is_array($certs) || ! array_key_exists('pkey', $certs)) {
throw new RuntimeException('Unable to load the certificates.');
}
return self::createFromKey($certs['pkey'], null, $additional_values);
} catch (Throwable $throwable) {
throw new RuntimeException('Unable to load the certificates.', $throwable->getCode(), $throwable);
}
}
/**
* This method will try to convert a X.509 certificate into a public key.
*/
public static function createFromCertificate(string $certificate, array $additional_values = []): JWK
{
$values = KeyConverter::loadKeyFromCertificate($certificate);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
/**
* This method will try to convert a X.509 certificate resource into a public key.
*/
public static function createFromX509Resource(OpenSSLCertificate $res, array $additional_values = []): JWK
{
$values = KeyConverter::loadKeyFromX509Resource($res);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
/**
* This method will try to load and convert a key file into a JWK object. If the key is encrypted, the password must
* be set.
*/
public static function createFromKeyFile(string $file, ?string $password = null, array $additional_values = []): JWK
{
$values = KeyConverter::loadFromKeyFile($file, $password);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
/**
* This method will try to load and convert a key into a JWK object. If the key is encrypted, the password must be
* set.
*/
public static function createFromKey(string $key, ?string $password = null, array $additional_values = []): JWK
{
$values = KeyConverter::loadFromKey($key, $password);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
/**
* This method will try to load and convert a X.509 certificate chain into a public key.
*
* Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! It is mandatory to verify the
* root CA or intermediate CA are trusted. If not done, it may lead to potential security issues.
*/
public static function createFromX5C(array $x5c, array $additional_values = []): JWK
{
$values = KeyConverter::loadFromX5C($x5c);
$values = array_merge($values, $additional_values);
return new JWK($values);
}
}

120
libraries/vendor/web-token/jwt-library/KeyManagement/KeyConverter/ECKey.php vendored Normal file
View File

@ -0,0 +1,120 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\KeyConverter;
use InvalidArgumentException;
use Jose\Component\Core\Util\Base64UrlSafe;
use SpomkyLabs\Pki\CryptoEncoding\PEM;
use SpomkyLabs\Pki\CryptoTypes\Asymmetric\EC\ECPrivateKey;
use SpomkyLabs\Pki\CryptoTypes\Asymmetric\EC\ECPublicKey;
use Throwable;
use function array_key_exists;
use function is_string;
/**
* @internal
*/
final class ECKey
{
private array $values = [];
private function __construct(array $data)
{
$this->loadJWK($data);
}
public static function createFromPEM(string $pem): self
{
$data = self::loadPEM($pem);
return new self($data);
}
public static function toPublic(self $private): self
{
$data = $private->toArray();
if (array_key_exists('d', $data)) {
unset($data['d']);
}
return new self($data);
}
/**
* @return array
*/
public function toArray()
{
return $this->values;
}
private static function loadPEM(string $data): array
{
$pem = PEM::fromString($data);
try {
$key = ECPrivateKey::fromPEM($pem);
return [
'kty' => 'EC',
'crv' => self::getCurve($key->namedCurve()),
'd' => Base64UrlSafe::encodeUnpadded($key->privateKeyOctets()),
'x' => Base64UrlSafe::encodeUnpadded($key->publicKey()->curvePointOctets()[0]),
'y' => Base64UrlSafe::encodeUnpadded($key->publicKey()->curvePointOctets()[1]),
];
} catch (Throwable) {
}
try {
$key = ECPublicKey::fromPEM($pem);
return [
'kty' => 'EC',
'crv' => self::getCurve($key->namedCurve()),
'x' => Base64UrlSafe::encodeUnpadded($key->curvePointOctets()[0]),
'y' => Base64UrlSafe::encodeUnpadded($key->curvePointOctets()[1]),
];
} catch (Throwable) {
}
throw new InvalidArgumentException('Unable to load the key.');
}
private static function getCurve(string $oid): string
{
$curves = self::getSupportedCurves();
$curve = array_search($oid, $curves, true);
if (! is_string($curve)) {
throw new InvalidArgumentException('Unsupported OID.');
}
return $curve;
}
private static function getSupportedCurves(): array
{
return [
'P-256' => '1.2.840.10045.3.1.7',
'P-384' => '1.3.132.0.34',
'P-521' => '1.3.132.0.35',
];
}
private function loadJWK(array $jwk): void
{
$keys = [
'kty' => 'The key parameter "kty" is missing.',
'crv' => 'Curve parameter is missing',
'x' => 'Point parameters are missing.',
'y' => 'Point parameters are missing.',
];
foreach ($keys as $k => $v) {
if (! array_key_exists($k, $jwk)) {
throw new InvalidArgumentException($v);
}
}
if ($jwk['kty'] !== 'EC') {
throw new InvalidArgumentException('JWK is not an Elliptic Curve key.');
}
$this->values = $jwk;
}
}

419
libraries/vendor/web-token/jwt-library/KeyManagement/KeyConverter/KeyConverter.php vendored Normal file
View File

@ -0,0 +1,419 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\KeyConverter;
use Brick\Math\BigInteger;
use InvalidArgumentException;
use Jose\Component\Core\Util\Base64UrlSafe;
use OpenSSLCertificate;
use ParagonIE\Sodium\Core\Ed25519;
use RuntimeException;
use SpomkyLabs\Pki\CryptoEncoding\PEM;
use SpomkyLabs\Pki\CryptoTypes\AlgorithmIdentifier\AlgorithmIdentifier;
use SpomkyLabs\Pki\CryptoTypes\Asymmetric\PrivateKey;
use SpomkyLabs\Pki\CryptoTypes\Asymmetric\PublicKey;
use SpomkyLabs\Pki\CryptoTypes\Asymmetric\RSA\RSASSAPSSPrivateKey;
use Throwable;
use function array_key_exists;
use function assert;
use function count;
use function extension_loaded;
use function in_array;
use function is_array;
use function is_string;
use const E_ERROR;
use const E_PARSE;
use const OPENSSL_KEYTYPE_EC;
use const OPENSSL_KEYTYPE_RSA;
use const OPENSSL_RAW_DATA;
use const PREG_PATTERN_ORDER;
/**
* @internal
*/
final class KeyConverter
{
public static function loadKeyFromCertificateFile(string $file): array
{
if (! file_exists($file)) {
throw new InvalidArgumentException(sprintf('File "%s" does not exist.', $file));
}
$content = file_get_contents($file);
if (! is_string($content)) {
throw new InvalidArgumentException(sprintf('File "%s" cannot be read.', $file));
}
return self::loadKeyFromCertificate($content);
}
public static function loadKeyFromCertificate(string $certificate): array
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
$errorReporting = error_reporting(E_ERROR | E_PARSE);
try {
$res = openssl_x509_read($certificate);
if ($res === false) {
throw new InvalidArgumentException('Unable to load the certificate.');
}
} catch (Throwable) {
$certificate = self::convertDerToPem($certificate);
$res = openssl_x509_read($certificate);
} finally {
error_reporting($errorReporting);
}
if ($res === false) {
throw new InvalidArgumentException('Unable to load the certificate.');
}
return self::loadKeyFromX509Resource($res);
}
public static function loadKeyFromX509Resource(OpenSSLCertificate $res): array
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
$key = openssl_pkey_get_public($res);
if ($key === false) {
throw new InvalidArgumentException('Unable to load the certificate.');
}
$details = openssl_pkey_get_details($key);
if (! is_array($details)) {
throw new InvalidArgumentException('Unable to load the certificate');
}
if (isset($details['key'])) {
$values = self::loadKeyFromPEM($details['key']);
openssl_x509_export($res, $out);
$x5c = preg_replace('#-.*-#', '', (string) $out);
$x5c = preg_replace('~\R~', '', (string) $x5c);
if (! is_string($x5c)) {
throw new InvalidArgumentException('Unable to load the certificate');
}
$x5c = trim($x5c);
$x5tsha1 = openssl_x509_fingerprint($res, 'sha1', true);
$x5tsha256 = openssl_x509_fingerprint($res, 'sha256', true);
if (! is_string($x5tsha1) || ! is_string($x5tsha256)) {
throw new InvalidArgumentException('Unable to compute the certificate fingerprint');
}
$values['x5c'] = [$x5c];
$values['x5t'] = Base64UrlSafe::encodeUnpadded($x5tsha1);
$values['x5t#256'] = Base64UrlSafe::encodeUnpadded($x5tsha256);
return $values;
}
throw new InvalidArgumentException('Unable to load the certificate');
}
public static function loadFromKeyFile(string $file, ?string $password = null): array
{
$content = file_get_contents($file);
if (! is_string($content)) {
throw new InvalidArgumentException('Unable to load the key from the file.');
}
return self::loadFromKey($content, $password);
}
public static function loadFromKey(string $key, ?string $password = null): array
{
try {
return self::loadKeyFromDER($key, $password);
} catch (Throwable) {
return self::loadKeyFromPEM($key, $password);
}
}
/**
* Be careful! The certificate chain is loaded, but it is NOT VERIFIED by any mean! It is mandatory to verify the
* root CA or intermediate CA are trusted. If not done, it may lead to potential security issues.
*/
public static function loadFromX5C(array $x5c): array
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
if (count($x5c) === 0) {
throw new InvalidArgumentException('The certificate chain is empty');
}
foreach ($x5c as $id => $cert) {
$x5c[$id] = '-----BEGIN CERTIFICATE-----' . "\n" . chunk_split(
(string) $cert,
64,
"\n"
) . '-----END CERTIFICATE-----';
$x509 = openssl_x509_read($x5c[$id]);
if ($x509 === false) {
throw new InvalidArgumentException('Unable to load the certificate chain');
}
$parsed = openssl_x509_parse($x509);
if ($parsed === false) {
throw new InvalidArgumentException('Unable to load the certificate chain');
}
}
return self::loadKeyFromCertificate(reset($x5c));
}
private static function loadKeyFromDER(string $der, ?string $password = null): array
{
$pem = self::convertDerToPem($der);
return self::loadKeyFromPEM($pem, $password);
}
private static function loadKeyFromPEM(string $pem, ?string $password = null): array
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
if (preg_match('#DEK-Info: (.+),(.+)#', $pem, $matches) === 1) {
$pem = self::decodePem($pem, $matches, $password);
}
if (preg_match('#BEGIN ENCRYPTED PRIVATE KEY(.+)(.+)#', $pem) === 1) {
$decrypted = openssl_pkey_get_private($pem, $password);
if ($decrypted === false) {
throw new InvalidArgumentException('Unable to decrypt the key.');
}
openssl_pkey_export($decrypted, $pem);
}
self::sanitizePEM($pem);
$res = openssl_pkey_get_private($pem);
if ($res === false) {
$res = openssl_pkey_get_public($pem);
}
if ($res === false) {
throw new InvalidArgumentException('Unable to load the key.');
}
$details = openssl_pkey_get_details($res);
if (! is_array($details) || ! array_key_exists('type', $details)) {
throw new InvalidArgumentException('Unable to get details of the key');
}
return match ($details['type']) {
OPENSSL_KEYTYPE_EC => self::tryToLoadECKey($pem),
OPENSSL_KEYTYPE_RSA => RSAKey::createFromPEM($pem)->toArray(),
-1 => self::tryToLoadOtherKeyTypes($pem),
default => throw new InvalidArgumentException('Unsupported key type'),
};
}
/**
* This method tries to load Ed448, X488, Ed25519 and X25519 keys.
*/
private static function tryToLoadECKey(string $input): array
{
try {
return ECKey::createFromPEM($input)->toArray();
} catch (Throwable) {
}
try {
return self::tryToLoadOtherKeyTypes($input);
} catch (Throwable) {
}
throw new InvalidArgumentException('Unable to load the key.');
}
/**
* This method tries to load Ed448, X488, Ed25519 and X25519 keys.
*/
private static function tryToLoadOtherKeyTypes(string $input): array
{
$pem = PEM::fromString($input);
return match ($pem->type()) {
PEM::TYPE_PUBLIC_KEY => self::loadPublicKey($pem),
PEM::TYPE_PRIVATE_KEY => self::loadPrivateKey($pem),
default => throw new InvalidArgumentException('Unsupported key type'),
};
}
/**
* @return array<string, mixed>
*/
private static function loadPrivateKey(PEM $pem): array
{
try {
$key = PrivateKey::fromPEM($pem);
switch ($key->algorithmIdentifier()->oid()) {
case AlgorithmIdentifier::OID_RSASSA_PSS_ENCRYPTION:
assert($key instanceof RSASSAPSSPrivateKey);
return [
'kty' => 'RSA',
'n' => self::convertDecimalToBas64Url($key->modulus()),
'e' => self::convertDecimalToBas64Url($key->publicExponent()),
'd' => self::convertDecimalToBas64Url($key->privateExponent()),
'dp' => self::convertDecimalToBas64Url($key->exponent1()),
'dq' => self::convertDecimalToBas64Url($key->exponent2()),
'p' => self::convertDecimalToBas64Url($key->prime1()),
'q' => self::convertDecimalToBas64Url($key->prime2()),
'qi' => self::convertDecimalToBas64Url($key->coefficient()),
];
case AlgorithmIdentifier::OID_ED25519:
case AlgorithmIdentifier::OID_ED448:
case AlgorithmIdentifier::OID_X25519:
case AlgorithmIdentifier::OID_X448:
$curve = self::getCurve($key->algorithmIdentifier()->oid());
$values = [
'kty' => 'OKP',
'crv' => $curve,
'd' => Base64UrlSafe::encodeUnpadded($key->privateKeyData()),
];
return self::populatePoints($key, $values);
default:
throw new InvalidArgumentException('Unsupported key type');
}
} catch (Throwable $e) {
throw new InvalidArgumentException('Unable to load the key.', 0, $e);
}
}
/**
* @return array<string, mixed>
*/
private static function loadPublicKey(PEM $pem): array
{
$key = PublicKey::fromPEM($pem);
switch ($key->algorithmIdentifier()->oid()) {
case AlgorithmIdentifier::OID_ED25519:
case AlgorithmIdentifier::OID_ED448:
case AlgorithmIdentifier::OID_X25519:
case AlgorithmIdentifier::OID_X448:
$curve = self::getCurve($key->algorithmIdentifier()->oid());
self::checkType($curve);
return [
'kty' => 'OKP',
'crv' => $curve,
'x' => Base64UrlSafe::encodeUnpadded((string) $key->subjectPublicKey()),
];
default:
throw new InvalidArgumentException('Unsupported key type');
}
}
private static function convertDecimalToBas64Url(string $decimal): string
{
return Base64UrlSafe::encodeUnpadded(BigInteger::fromBase($decimal, 10)->toBytes());
}
/**
* @param array<string, mixed> $values
* @return array<string, mixed>
*/
private static function populatePoints(PrivateKey $key, array $values): array
{
$crv = $values['crv'] ?? null;
assert(is_string($crv), 'Unsupported key type.');
$x = self::getPublicKey($key, $crv);
if ($x !== null) {
$values['x'] = Base64UrlSafe::encodeUnpadded($x);
}
return $values;
}
private static function getPublicKey(PrivateKey $key, string $crv): ?string
{
switch ($crv) {
case 'Ed25519':
return Ed25519::publickey_from_secretkey($key->privateKeyData());
case 'X25519':
if (extension_loaded('sodium')) {
return sodium_crypto_scalarmult_base($key->privateKeyData());
}
// no break
default:
return null;
}
}
private static function checkType(string $curve): void
{
$curves = ['Ed448ph', 'Ed25519ph', 'Ed448', 'Ed25519', 'X448', 'X25519'];
in_array($curve, $curves, true) || throw new InvalidArgumentException('Unsupported key type.');
}
/**
* This method modifies the PEM to get 64 char lines and fix bug with old OpenSSL versions.
*/
private static function getCurve(string $oid): string
{
return match ($oid) {
'1.3.101.115' => 'Ed448ph',
'1.3.101.114' => 'Ed25519ph',
'1.3.101.113' => 'Ed448',
'1.3.101.112' => 'Ed25519',
'1.3.101.111' => 'X448',
'1.3.101.110' => 'X25519',
default => throw new InvalidArgumentException('Unsupported key type.'),
};
}
/**
* This method modifies the PEM to get 64 char lines and fix bug with old OpenSSL versions.
*/
private static function sanitizePEM(string &$pem): void
{
$number = preg_match_all('#(-.*-)#', $pem, $matches, PREG_PATTERN_ORDER);
if ($number !== 2) {
throw new InvalidArgumentException('Unable to load the key');
}
$ciphertext = preg_replace('#-.*-|\r|\n| #', '', $pem);
$pem = $matches[0][0] . "\n";
$pem .= chunk_split($ciphertext ?? '', 64, "\n");
$pem .= $matches[0][1] . "\n";
}
/**
* @param string[] $matches
*/
private static function decodePem(string $pem, array $matches, ?string $password = null): string
{
if ($password === null) {
throw new InvalidArgumentException('Password required for encrypted keys.');
}
$iv = pack('H*', trim($matches[2]));
$iv_sub = mb_substr($iv, 0, 8, '8bit');
$symkey = pack('H*', md5($password . $iv_sub));
$symkey .= pack('H*', md5($symkey . $password . $iv_sub));
$key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $pem);
$ciphertext = base64_decode(preg_replace('#-.*-|\r|\n#', '', $key ?? '') ?? '', true);
if (! is_string($ciphertext)) {
throw new InvalidArgumentException('Unable to encode the data.');
}
$decoded = openssl_decrypt($ciphertext, mb_strtolower($matches[1]), $symkey, OPENSSL_RAW_DATA, $iv);
if ($decoded === false) {
throw new RuntimeException('Unable to decrypt the key');
}
$number = preg_match_all('#-{5}.*-{5}#', $pem, $result);
if ($number !== 2) {
throw new InvalidArgumentException('Unable to load the key');
}
$pem = $result[0][0] . "\n";
$pem .= chunk_split(base64_encode($decoded), 64);
return $pem . ($result[0][1] . "\n");
}
private static function convertDerToPem(string $der_data): string
{
$pem = chunk_split(base64_encode($der_data), 64, "\n");
return '-----BEGIN CERTIFICATE-----' . "\n" . $pem . '-----END CERTIFICATE-----' . "\n";
}
}

233
libraries/vendor/web-token/jwt-library/KeyManagement/KeyConverter/RSAKey.php vendored Normal file
View File

@ -0,0 +1,233 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement\KeyConverter;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\Base64UrlSafe;
use Jose\Component\Core\Util\BigInteger;
use RuntimeException;
use function array_key_exists;
use function extension_loaded;
use function in_array;
use function is_array;
/**
* @internal
*/
final class RSAKey
{
private array $values = [];
private function __construct(array $data)
{
$this->loadJWK($data);
}
public static function createFromKeyDetails(array $details): self
{
$values = [
'kty' => 'RSA',
];
$keys = [
'n' => 'n',
'e' => 'e',
'd' => 'd',
'p' => 'p',
'q' => 'q',
'dp' => 'dmp1',
'dq' => 'dmq1',
'qi' => 'iqmp',
];
foreach ($details as $key => $value) {
if (in_array($key, $keys, true)) {
$value = Base64UrlSafe::encodeUnpadded($value);
$values[array_search($key, $keys, true)] = $value;
}
}
return new self($values);
}
public static function createFromPEM(string $pem): self
{
if (! extension_loaded('openssl')) {
throw new RuntimeException('Please install the OpenSSL extension');
}
$res = openssl_pkey_get_private($pem);
if ($res === false) {
$res = openssl_pkey_get_public($pem);
}
if ($res === false) {
throw new InvalidArgumentException('Unable to load the key.');
}
$details = openssl_pkey_get_details($res);
if (! is_array($details) || ! isset($details['rsa'])) {
throw new InvalidArgumentException('Unable to load the key.');
}
return self::createFromKeyDetails($details['rsa']);
}
public static function createFromJWK(JWK $jwk): self
{
return new self($jwk->all());
}
public function isPublic(): bool
{
return ! array_key_exists('d', $this->values);
}
public static function toPublic(self $private): self
{
$data = $private->toArray();
$keys = ['p', 'd', 'q', 'dp', 'dq', 'qi'];
foreach ($keys as $key) {
if (array_key_exists($key, $data)) {
unset($data[$key]);
}
}
return new self($data);
}
public function toArray(): array
{
return $this->values;
}
public function toJwk(): JWK
{
return new JWK($this->values);
}
/**
* This method will try to add Chinese Remainder Theorem (CRT) parameters. With those primes, the decryption process
* is really fast.
*/
public function optimize(): void
{
if (array_key_exists('d', $this->values)) {
$this->populateCRT();
}
}
private function loadJWK(array $jwk): void
{
if (! array_key_exists('kty', $jwk)) {
throw new InvalidArgumentException('The key parameter "kty" is missing.');
}
if ($jwk['kty'] !== 'RSA') {
throw new InvalidArgumentException('The JWK is not a RSA key.');
}
$this->values = $jwk;
}
/**
* This method adds Chinese Remainder Theorem (CRT) parameters if primes 'p' and 'q' are available. If 'p' and 'q'
* are missing, they are computed and added to the key data.
*/
private function populateCRT(): void
{
if (! array_key_exists('p', $this->values) && ! array_key_exists('q', $this->values)) {
$d = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['d']));
$e = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['e']));
$n = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['n']));
[$p, $q] = $this->findPrimeFactors($d, $e, $n);
$this->values['p'] = Base64UrlSafe::encodeUnpadded($p->toBytes());
$this->values['q'] = Base64UrlSafe::encodeUnpadded($q->toBytes());
}
if (array_key_exists('dp', $this->values) && array_key_exists('dq', $this->values) && array_key_exists(
'qi',
$this->values
)) {
return;
}
$one = BigInteger::createFromDecimal(1);
$d = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['d']));
$p = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['p']));
$q = BigInteger::createFromBinaryString(Base64UrlSafe::decodeNoPadding($this->values['q']));
$this->values['dp'] = Base64UrlSafe::encodeUnpadded($d->mod($p->subtract($one))->toBytes());
$this->values['dq'] = Base64UrlSafe::encodeUnpadded($d->mod($q->subtract($one))->toBytes());
$this->values['qi'] = Base64UrlSafe::encodeUnpadded($q->modInverse($p)->toBytes());
}
/**
* @return BigInteger[]
*/
private function findPrimeFactors(BigInteger $d, BigInteger $e, BigInteger $n): array
{
$zero = BigInteger::createFromDecimal(0);
$one = BigInteger::createFromDecimal(1);
$two = BigInteger::createFromDecimal(2);
$k = $d->multiply($e)
->subtract($one);
if ($k->isEven()) {
$r = $k;
$t = $zero;
do {
$r = $r->divide($two);
$t = $t->add($one);
} while ($r->isEven());
$found = false;
$y = null;
for ($i = 1; $i <= 100; ++$i) {
$g = BigInteger::random($n->subtract($one));
$y = $g->modPow($r, $n);
if ($y->equals($one) || $y->equals($n->subtract($one))) {
continue;
}
for ($j = $one; $j->lowerThan($t->subtract($one)); $j = $j->add($one)) {
$x = $y->modPow($two, $n);
if ($x->equals($one)) {
$found = true;
break;
}
if ($x->equals($n->subtract($one))) {
continue;
}
$y = $x;
}
$x = $y->modPow($two, $n);
if ($x->equals($one)) {
$found = true;
break;
}
}
if ($y === null) {
throw new InvalidArgumentException('Unable to find prime factors.');
}
if ($found === true) {
$p = $y->subtract($one)
->gcd($n);
$q = $n->divide($p);
return [$p, $q];
}
}
throw new InvalidArgumentException('Unable to find prime factors.');
}
}

113
libraries/vendor/web-token/jwt-library/KeyManagement/UrlKeySetFactory.php vendored Normal file
View File

@ -0,0 +1,113 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement;
use Psr\Cache\CacheItemPoolInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use RuntimeException;
use Symfony\Component\Cache\Adapter\NullAdapter;
use Symfony\Contracts\HttpClient\HttpClientInterface;
use function assert;
/**
* @see \Jose\Tests\Component\KeyManagement\UrlKeySetFactoryTest
*/
abstract class UrlKeySetFactory
{
private CacheItemPoolInterface $cacheItemPool;
private int $expiresAfter = 3600;
public function __construct(
private readonly ClientInterface|HttpClientInterface $client,
private readonly null|RequestFactoryInterface $requestFactory = null
) {
if ($this->client instanceof ClientInterface) {
trigger_deprecation(
'web-token/jwt-library',
'3.3',
'Using "%s" with an instance of "%s" is deprecated, use "%s" instead.',
self::class,
ClientInterface::class,
HttpClientInterface::class
);
}
if (! $this->client instanceof HttpClientInterface && $this->requestFactory === null) {
throw new RuntimeException(sprintf(
'The request factory must be provided when using an instance of "%s" as client.',
ClientInterface::class
));
}
$this->cacheItemPool = new NullAdapter();
}
public function enabledCache(CacheItemPoolInterface $cacheItemPool, int $expiresAfter = 3600): void
{
$this->cacheItemPool = $cacheItemPool;
$this->expiresAfter = $expiresAfter;
}
/**
* @param array<string, string|string[]> $header
*/
protected function getContent(string $url, array $header = []): string
{
$cacheKey = hash('xxh128', $url);
$item = $this->cacheItemPool->getItem($cacheKey);
if ($item->isHit()) {
return $item->get();
}
$content = $this->client instanceof HttpClientInterface ? $this->sendSymfonyRequest(
$url,
$header
) : $this->sendPsrRequest($url, $header);
$item = $this->cacheItemPool->getItem($cacheKey);
$item->expiresAfter($this->expiresAfter);
$item->set($content);
$this->cacheItemPool->save($item);
return $content;
}
/**
* @param array<string, string|string[]> $header
*/
private function sendSymfonyRequest(string $url, array $header = []): string
{
assert($this->client instanceof HttpClientInterface);
$response = $this->client->request('GET', $url, [
'headers' => $header,
]);
if ($response->getStatusCode() >= 400) {
throw new RuntimeException('Unable to get the key set.', $response->getStatusCode());
}
return $response->getContent();
}
/**
* @param array<string, string|string[]> $header
*/
private function sendPsrRequest(string $url, array $header = []): string
{
assert($this->client instanceof ClientInterface);
assert($this->requestFactory instanceof RequestFactoryInterface);
$request = $this->requestFactory->createRequest('GET', $url);
foreach ($header as $k => $v) {
$request = $request->withHeader($k, $v);
}
$response = $this->client->sendRequest($request);
if ($response->getStatusCode() >= 400) {
throw new RuntimeException('Unable to get the key set.', $response->getStatusCode());
}
return $response->getBody()
->getContents();
}
}

44
libraries/vendor/web-token/jwt-library/KeyManagement/X5UFactory.php vendored Normal file
View File

@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace Jose\Component\KeyManagement;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\KeyManagement\KeyConverter\KeyConverter;
use RuntimeException;
use function is_array;
use function is_string;
class X5UFactory extends UrlKeySetFactory
{
/**
* This method will try to fetch the url a retrieve the key set. Throws an exception in case of failure.
*/
public function loadFromUrl(string $url, array $header = []): JWKSet
{
$content = $this->getContent($url, $header);
$data = JsonConverter::decode($content);
if (! is_array($data)) {
throw new RuntimeException('Invalid content.');
}
$keys = [];
foreach ($data as $kid => $cert) {
if (mb_strpos((string) $cert, '-----BEGIN CERTIFICATE-----') === false) {
$cert = '-----BEGIN CERTIFICATE-----' . "\n" . $cert . "\n" . '-----END CERTIFICATE-----';
}
$jwk = KeyConverter::loadKeyFromCertificate($cert);
if (is_string($kid)) {
$jwk['kid'] = $kid;
$keys[$kid] = new JWK($jwk);
} else {
$keys[] = new JWK($jwk);
}
}
return new JWKSet($keys);
}
}