Skip to content
Snippets Groups Projects
Commit 3c3737cc authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Automatically generated RSA keypair if it doesn't exist

parent 71d3ed2f
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
classes/JWKSHandler.php
+ 1
1
View file @ 3c3737cc
...@@ -15,7 +15,7 @@ class JWKSHandler { ...@@ -15,7 +15,7 @@ class JWKSHandler {
$this->locator = $locator; $this->locator = $locator;
} }
public function generateKeyPair() { public function generateKeyPair(): RSAKeyPair {
$rsa = new RSA(); $rsa = new RSA();
......
classes/TokenBuilder.php
+ 20
5
View file @ 3c3737cc
...@@ -14,7 +14,7 @@ class TokenBuilder { ...@@ -14,7 +14,7 @@ class TokenBuilder {
public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string { public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $keyPair = $this->getNewestKeyPair();
$payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer); $payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer);
...@@ -30,10 +30,14 @@ class TokenBuilder { ...@@ -30,10 +30,14 @@ class TokenBuilder {
'sub' => strval($user->id), 'sub' => strval($user->id),
'iat' => intval($tokenData->creationTime), 'iat' => intval($tokenData->creationTime),
'exp' => intval($tokenData->expirationTime), 'exp' => intval($tokenData->expirationTime),
'name' => $user->getCompleteName(),
'aud' => $tokenData->clientId 'aud' => $tokenData->clientId
); );
$name = $user->getCompleteName();
if ($name !== null) {
$payloadArr['name'] = $name;
}
if (in_array("email", $tokenData->scope)) { if (in_array("email", $tokenData->scope)) {
$payloadArr['email'] = $user->getPrimaryEmail(); $payloadArr['email'] = $user->getPrimaryEmail();
} }
...@@ -55,7 +59,7 @@ class TokenBuilder { ...@@ -55,7 +59,7 @@ class TokenBuilder {
public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string { public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $keyPair = $this->getNewestKeyPair();
$user = $this->locator->getUserDAO()->findUserById($tokenData->userId); $user = $this->locator->getUserDAO()->findUserById($tokenData->userId);
if ($user === null) { if ($user === null) {
...@@ -137,7 +141,7 @@ class TokenBuilder { ...@@ -137,7 +141,7 @@ class TokenBuilder {
$payload['exp'] = $iat + 3600; $payload['exp'] = $iat + 3600;
} }
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $keyPair = $this->getNewestKeyPair();
return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId); return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);
} }
...@@ -146,7 +150,7 @@ class TokenBuilder { ...@@ -146,7 +150,7 @@ class TokenBuilder {
* @param string $audience target service * @param string $audience target service
*/ */
public function generateNewToken(string $subject, int $lifespan, string $audience) { public function generateNewToken(string $subject, int $lifespan, string $audience) {
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair(); $keyPair = $this->getNewestKeyPair();
$iat = time(); $iat = time();
$exp = $iat + $lifespan * 3600; $exp = $iat + $lifespan * 3600;
...@@ -179,4 +183,15 @@ class TokenBuilder { ...@@ -179,4 +183,15 @@ class TokenBuilder {
throw new \Exception("Unable to find configuration for " . $audience); throw new \Exception("Unable to find configuration for " . $audience);
} }
private function getNewestKeyPair(): RSAKeyPair {
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
if ($keyPair === null) {
$keyPair = $this->locator->getJWKSHandler()->generateKeyPair();
}
return $keyPair;
}
} }
classes/datalayer/mysql/MySQLJWKSDAO.php
+ 4
1
View file @ 3c3737cc
...@@ -12,13 +12,16 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { ...@@ -12,13 +12,16 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO {
$dbh = $this->getDBHandler(); $dbh = $this->getDBHandler();
$query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg) VALUES (:id, :private_key, :public_key, :alg)"; $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg, creation_time) VALUES (:id, :private_key, :public_key, :alg, :creation_time)";
$now = time();
$stmt = $dbh->prepare($query); $stmt = $dbh->prepare($query);
$stmt->bindParam(':id', $keyPair->keyId); $stmt->bindParam(':id', $keyPair->keyId);
$stmt->bindParam(':private_key', $keyPair->privateKey); $stmt->bindParam(':private_key', $keyPair->privateKey);
$stmt->bindParam(':public_key', $keyPair->publicKey); $stmt->bindParam(':public_key', $keyPair->publicKey);
$stmt->bindParam(':alg', $keyPair->alg); $stmt->bindParam(':alg', $keyPair->alg);
$stmt->bindParam(':creation_time', $now);
$stmt->execute(); $stmt->execute();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment