Automatically generated RSA keypair if it doesn't exist

3c3737cc · Sonia Zorba · 71d3ed2f · 3c3737cc · 3c3737cc · 3c3737cc
Commit 3c3737cc authored May 14, 2021 by Sonia Zorba
--- a/classes/JWKSHandler.php
+++ b/classes/JWKSHandler.php
@@ -15,7 +15,7 @@ class JWKSHandler {
        $this->locator = $locator;
    }

-    public function generateKeyPair() {
+    public function generateKeyPair(): RSAKeyPair {

        $rsa = new RSA();


--- a/classes/TokenBuilder.php
+++ b/classes/TokenBuilder.php
@@ -14,7 +14,7 @@ class TokenBuilder {

    public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {

-        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+        $keyPair = $this->getNewestKeyPair();

        $payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer);

@@ -30,10 +30,14 @@ class TokenBuilder {
            'sub' => strval($user->id),
            'iat' => intval($tokenData->creationTime),
            'exp' => intval($tokenData->expirationTime),
-            'name' => $user->getCompleteName(),
            'aud' => $tokenData->clientId
        );

+        $name = $user->getCompleteName();
+        if ($name !== null) {
+            $payloadArr['name'] = $name;
+        }
+
        if (in_array("email", $tokenData->scope)) {
            $payloadArr['email'] = $user->getPrimaryEmail();
        }
@@ -55,7 +59,7 @@ class TokenBuilder {

    public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {

-        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+        $keyPair = $this->getNewestKeyPair();

        $user = $this->locator->getUserDAO()->findUserById($tokenData->userId);
        if ($user === null) {
@@ -137,7 +141,7 @@ class TokenBuilder {
            $payload['exp'] = $iat + 3600;
        }

-        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+        $keyPair = $this->getNewestKeyPair();
        return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);
    }

@@ -146,7 +150,7 @@ class TokenBuilder {
     * @param string $audience target service
     */
    public function generateNewToken(string $subject, int $lifespan, string $audience) {
-        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+        $keyPair = $this->getNewestKeyPair();

        $iat = time();
        $exp = $iat + $lifespan * 3600;
@@ -179,4 +183,15 @@ class TokenBuilder {
        throw new \Exception("Unable to find configuration for " . $audience);
    }

+    private function getNewestKeyPair(): RSAKeyPair {
+
+        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+
+        if ($keyPair === null) {
+            $keyPair = $this->locator->getJWKSHandler()->generateKeyPair();
+        }
+
+        return $keyPair;
+    }
+
 }
--- a/classes/datalayer/mysql/MySQLJWKSDAO.php
+++ b/classes/datalayer/mysql/MySQLJWKSDAO.php
@@ -12,13 +12,16 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO {

        $dbh = $this->getDBHandler();

-        $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg) VALUES (:id, :private_key, :public_key, :alg)";
+        $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg, creation_time) VALUES (:id, :private_key, :public_key, :alg, :creation_time)";
+
+        $now = time();
        
        $stmt = $dbh->prepare($query);
        $stmt->bindParam(':id', $keyPair->keyId);
        $stmt->bindParam(':private_key', $keyPair->privateKey);
        $stmt->bindParam(':public_key', $keyPair->publicKey);
        $stmt->bindParam(':alg', $keyPair->alg);
+        $stmt->bindParam(':creation_time', $now);

        $stmt->execute();