14
14
namespace Jose \Component \KeyManagement ;
15
15
16
16
use Base64Url \Base64Url ;
17
+ use InvalidArgumentException ;
17
18
use Jose \Component \Core \JWK ;
18
19
use Jose \Component \Core \JWKSet ;
19
- use Jose \Component \Core \Util \Ecc \NistCurve ;
20
+ use Jose \Component \Core \Util \Ecc \Curve ;
21
+ use Jose \Component \Core \Util \ECKey ;
20
22
use Jose \Component \KeyManagement \KeyConverter \KeyConverter ;
21
23
use Jose \Component \KeyManagement \KeyConverter \RSAKey ;
24
+ use function openssl_pkey_get_details ;
25
+ use function openssl_pkey_new ;
26
+ use RuntimeException ;
22
27
23
28
class JWKFactory
24
29
{
@@ -31,18 +36,18 @@ class JWKFactory
31
36
public static function createRSAKey (int $ size , array $ values = []): JWK
32
37
{
33
38
if (0 !== $ size % 8 ) {
34
- throw new \ InvalidArgumentException ('Invalid key size. ' );
39
+ throw new InvalidArgumentException ('Invalid key size. ' );
35
40
}
36
41
37
42
if (512 > $ size ) {
38
- throw new \ InvalidArgumentException ('Key length is too short. It needs to be at least 512 bits. ' );
43
+ throw new InvalidArgumentException ('Key length is too short. It needs to be at least 512 bits. ' );
39
44
}
40
45
41
- $ key = \ openssl_pkey_new ([
46
+ $ key = openssl_pkey_new ([
42
47
'private_key_bits ' => $ size ,
43
48
'private_key_type ' => OPENSSL_KEYTYPE_RSA ,
44
49
]);
45
- $ details = \ openssl_pkey_get_details ($ key );
50
+ $ details = openssl_pkey_get_details ($ key );
46
51
\openssl_free_key ($ key );
47
52
$ rsa = RSAKey::createFromKeyDetails ($ details ['rsa ' ]);
48
53
$ values = \array_merge (
@@ -61,82 +66,7 @@ public static function createRSAKey(int $size, array $values = []): JWK
61
66
*/
62
67
public static function createECKey (string $ curve , array $ values = []): JWK
63
68
{
64
- try {
65
- $ jwk = self ::createECKeyUsingOpenSSL ($ curve );
66
- } catch (\Exception $ e ) {
67
- $ jwk = self ::createECKeyUsingPurePhp ($ curve );
68
- }
69
- $ values = \array_merge ($ values , $ jwk );
70
-
71
- return JWK ::create ($ values );
72
- }
73
-
74
- private static function createECKeyUsingPurePhp (string $ curve ): array
75
- {
76
- switch ($ curve ) {
77
- case 'P-256 ' :
78
- $ nistCurve = NistCurve::curve256 ();
79
-
80
- break ;
81
- case 'P-384 ' :
82
- $ nistCurve = NistCurve::curve384 ();
83
-
84
- break ;
85
- case 'P-521 ' :
86
- $ nistCurve = NistCurve::curve521 ();
87
-
88
- break ;
89
- default :
90
- throw new \InvalidArgumentException (\sprintf ('The curve "%s" is not supported. ' , $ curve ));
91
- }
92
-
93
- $ privateKey = $ nistCurve ->createPrivateKey ();
94
- $ publicKey = $ nistCurve ->createPublicKey ($ privateKey );
95
-
96
- return [
97
- 'kty ' => 'EC ' ,
98
- 'crv ' => $ curve ,
99
- 'd ' => Base64Url::encode (\gmp_export ($ privateKey ->getSecret ())),
100
- 'x ' => Base64Url::encode (\gmp_export ($ publicKey ->getPoint ()->getX ())),
101
- 'y ' => Base64Url::encode (\gmp_export ($ publicKey ->getPoint ()->getY ())),
102
- ];
103
- }
104
-
105
- private static function createECKeyUsingOpenSSL (string $ curve ): array
106
- {
107
- $ key = \openssl_pkey_new ([
108
- 'curve_name ' => self ::getOpensslCurveName ($ curve ),
109
- 'private_key_type ' => OPENSSL_KEYTYPE_EC ,
110
- ]);
111
- $ res = \openssl_pkey_export ($ key , $ out );
112
- if (false === $ res ) {
113
- throw new \RuntimeException ('Unable to create the key ' );
114
- }
115
- $ res = \openssl_pkey_get_private ($ out );
116
-
117
- $ details = \openssl_pkey_get_details ($ res );
118
-
119
- return [
120
- 'kty ' => 'EC ' ,
121
- 'crv ' => $ curve ,
122
- 'x ' => Base64Url::encode ($ details ['ec ' ]['x ' ]),
123
- 'y ' => Base64Url::encode ($ details ['ec ' ]['y ' ]),
124
- 'd ' => Base64Url::encode ($ details ['ec ' ]['d ' ]),
125
- ];
126
- }
127
-
128
- private static function getOpensslCurveName (string $ curve ): string
129
- {
130
- switch ($ curve ) {
131
- case 'P-256 ' :
132
- return 'prime256v1 ' ;
133
- case 'P-384 ' :
134
- return 'secp384r1 ' ;
135
- case 'P-521 ' :
136
- return 'secp521r1 ' ;
137
- default :
138
- throw new \InvalidArgumentException (\sprintf ('The curve "%s" is not supported. ' , $ curve ));
139
- }
69
+ return ECKey::createECKey ($ curve , $ values );
140
70
}
141
71
142
72
/**
@@ -148,7 +78,7 @@ private static function getOpensslCurveName(string $curve): string
148
78
public static function createOctKey (int $ size , array $ values = []): JWK
149
79
{
150
80
if (0 !== $ size % 8 ) {
151
- throw new \ InvalidArgumentException ('Invalid key size. ' );
81
+ throw new InvalidArgumentException ('Invalid key size. ' );
152
82
}
153
83
$ values = \array_merge (
154
84
$ values ,
@@ -183,7 +113,7 @@ public static function createOKPKey(string $curve, array $values = []): JWK
183
113
184
114
break ;
185
115
default :
186
- throw new \ InvalidArgumentException (\sprintf ('Unsupported "%s" curve ' , $ curve ));
116
+ throw new InvalidArgumentException (\sprintf ('Unsupported "%s" curve ' , $ curve ));
187
117
}
188
118
$ secretLength = mb_strlen ($ secret , '8bit ' );
189
119
$ d = mb_substr ($ secret , 0 , -$ secretLength / 2 , '8bit ' );
@@ -231,7 +161,7 @@ public static function createFromJsonObject(string $value)
231
161
{
232
162
$ json = \json_decode ($ value , true );
233
163
if (!\is_array ($ json )) {
234
- throw new \ InvalidArgumentException ('Invalid key or key set. ' );
164
+ throw new InvalidArgumentException ('Invalid key or key set. ' );
235
165
}
236
166
237
167
return self ::createFromValues ($ json );
@@ -297,7 +227,7 @@ public static function createFromPKCS12CertificateFile(string $file, ?string $se
297
227
{
298
228
$ res = \openssl_pkcs12_read (\file_get_contents ($ file ), $ certs , $ secret );
299
229
if (false === $ res || !\is_array ($ certs ) || !\array_key_exists ('pkey ' , $ certs )) {
300
- throw new \ RuntimeException ('Unable to load the certificates. ' );
230
+ throw new RuntimeException ('Unable to load the certificates. ' );
301
231
}
302
232
303
233
return self ::createFromKey ($ certs ['pkey ' ], null , $ additional_values );
0 commit comments