From 3c3737cc4fc0962b205dc7054d6775bceec9751a Mon Sep 17 00:00:00 2001
From: Sonia Zorba <sonia.zorba@inaf.it>
Date: Fri, 14 May 2021 18:07:38 +0200
Subject: [PATCH] Automatically generated RSA keypair if it doesn't exist
---
classes/JWKSHandler.php | 2 +-
classes/TokenBuilder.php | 25 +++++++++++++++++++-----
classes/datalayer/mysql/MySQLJWKSDAO.php | 5 ++++-
3 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/classes/JWKSHandler.php b/classes/JWKSHandler.php
index feffd90..34a888d 100644
--- a/classes/JWKSHandler.php
+++ b/classes/JWKSHandler.php
@@ -15,7 +15,7 @@ class JWKSHandler {
$this->locator = $locator;
}
- public function generateKeyPair() {
+ public function generateKeyPair(): RSAKeyPair {
$rsa = new RSA();
diff --git a/classes/TokenBuilder.php b/classes/TokenBuilder.php
index 64ae0f1..a09ea3a 100644
--- a/classes/TokenBuilder.php
+++ b/classes/TokenBuilder.php
@@ -14,7 +14,7 @@ class TokenBuilder {
public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {
- $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+ $keyPair = $this->getNewestKeyPair();
$payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer);
@@ -30,10 +30,14 @@ class TokenBuilder {
'sub' => strval($user->id),
'iat' => intval($tokenData->creationTime),
'exp' => intval($tokenData->expirationTime),
- 'name' => $user->getCompleteName(),
'aud' => $tokenData->clientId
);
+ $name = $user->getCompleteName();
+ if ($name !== null) {
+ $payloadArr['name'] = $name;
+ }
+
if (in_array("email", $tokenData->scope)) {
$payloadArr['email'] = $user->getPrimaryEmail();
}
@@ -55,7 +59,7 @@ class TokenBuilder {
public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {
- $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+ $keyPair = $this->getNewestKeyPair();
$user = $this->locator->getUserDAO()->findUserById($tokenData->userId);
if ($user === null) {
@@ -137,7 +141,7 @@ class TokenBuilder {
$payload['exp'] = $iat + 3600;
}
- $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+ $keyPair = $this->getNewestKeyPair();
return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);
}
@@ -146,7 +150,7 @@ class TokenBuilder {
* @param string $audience target service
*/
public function generateNewToken(string $subject, int $lifespan, string $audience) {
- $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+ $keyPair = $this->getNewestKeyPair();
$iat = time();
$exp = $iat + $lifespan * 3600;
@@ -179,4 +183,15 @@ class TokenBuilder {
throw new \Exception("Unable to find configuration for " . $audience);
}
+ private function getNewestKeyPair(): RSAKeyPair {
+
+ $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
+
+ if ($keyPair === null) {
+ $keyPair = $this->locator->getJWKSHandler()->generateKeyPair();
+ }
+
+ return $keyPair;
+ }
+
}
diff --git a/classes/datalayer/mysql/MySQLJWKSDAO.php b/classes/datalayer/mysql/MySQLJWKSDAO.php
index 8e7a83a..5372482 100644
--- a/classes/datalayer/mysql/MySQLJWKSDAO.php
+++ b/classes/datalayer/mysql/MySQLJWKSDAO.php
@@ -12,13 +12,16 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO {
$dbh = $this->getDBHandler();
- $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg) VALUES (:id, :private_key, :public_key, :alg)";
+ $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg, creation_time) VALUES (:id, :private_key, :public_key, :alg, :creation_time)";
+ $now = time();
+
$stmt = $dbh->prepare($query);
$stmt->bindParam(':id', $keyPair->keyId);
$stmt->bindParam(':private_key', $keyPair->privateKey);
$stmt->bindParam(':public_key', $keyPair->publicKey);
$stmt->bindParam(':alg', $keyPair->alg);
+ $stmt->bindParam(':creation_time', $now);
$stmt->execute();
--
GitLab