Commit 3c3737cc authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Automatically generated RSA keypair if it doesn't exist

parent 71d3ed2f

classes/JWKSHandler.php

+1 −1
Original line number Original line Diff line number Diff line
@@ -15,7 +15,7 @@ class JWKSHandler { 
        $this->locator = $locator;

        $this->locator = $locator;

    }

    }





    public function generateKeyPair() {

    public function generateKeyPair(): RSAKeyPair {





        $rsa = new RSA();

        $rsa = new RSA();

classes/TokenBuilder.php

+20 −5
Original line number Original line Diff line number Diff line
@@ -14,7 +14,7 @@ class TokenBuilder { 




    public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {

    public function getIdToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {





        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();

        $keyPair = $this->getNewestKeyPair();





        $payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer);

        $payload = $this->createIdTokenPayloadArray($tokenData, $jwtCustomizer);
@@ -30,10 +30,14 @@ class TokenBuilder { 
            'sub' => strval($user->id),

            'sub' => strval($user->id),

            'iat' => intval($tokenData->creationTime),

            'iat' => intval($tokenData->creationTime),

            'exp' => intval($tokenData->expirationTime),

            'exp' => intval($tokenData->expirationTime),

            'name' => $user->getCompleteName(),

            'aud' => $tokenData->clientId

            'aud' => $tokenData->clientId

        );

        );





        $name = $user->getCompleteName();

        if ($name !== null) {

            $payloadArr['name'] = $name;

        }



        if (in_array("email", $tokenData->scope)) {

        if (in_array("email", $tokenData->scope)) {

            $payloadArr['email'] = $user->getPrimaryEmail();

            $payloadArr['email'] = $user->getPrimaryEmail();

        }

        }
@@ -55,7 +59,7 @@ class TokenBuilder { 




    public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {

    public function getAccessToken(AccessTokenData $tokenData, \Closure $jwtCustomizer = null): string {





        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();

        $keyPair = $this->getNewestKeyPair();





        $user = $this->locator->getUserDAO()->findUserById($tokenData->userId);

        $user = $this->locator->getUserDAO()->findUserById($tokenData->userId);

        if ($user === null) {

        if ($user === null) {
@@ -137,7 +141,7 @@ class TokenBuilder { 
            $payload['exp'] = $iat + 3600;

            $payload['exp'] = $iat + 3600;

        }

        }





        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();

        $keyPair = $this->getNewestKeyPair();

        return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);

        return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);

    }

    }
@@ -146,7 +150,7 @@ class TokenBuilder { 
     * @param string $audience target service

     * @param string $audience target service

     */

     */

    public function generateNewToken(string $subject, int $lifespan, string $audience) {

    public function generateNewToken(string $subject, int $lifespan, string $audience) {

        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();

        $keyPair = $this->getNewestKeyPair();





        $iat = time();

        $iat = time();

        $exp = $iat + $lifespan * 3600;

        $exp = $iat + $lifespan * 3600;
@@ -179,4 +183,15 @@ class TokenBuilder { 
        throw new \Exception("Unable to find configuration for " . $audience);

        throw new \Exception("Unable to find configuration for " . $audience);

    }

    }





    private function getNewestKeyPair(): RSAKeyPair {



        $keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();



        if ($keyPair === null) {

            $keyPair = $this->locator->getJWKSHandler()->generateKeyPair();

        }



        return $keyPair;

    }



}
 
}

classes/datalayer/mysql/MySQLJWKSDAO.php

+4 −1
Original line number Original line Diff line number Diff line
@@ -12,13 +12,16 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { 




        $dbh = $this->getDBHandler();

        $dbh = $this->getDBHandler();





        $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg) VALUES (:id, :private_key, :public_key, :alg)";

        $query = "INSERT INTO rsa_keypairs(id, private_key, public_key, alg, creation_time) VALUES (:id, :private_key, :public_key, :alg, :creation_time)";



        $now = time();

        

        

        $stmt = $dbh->prepare($query);

        $stmt = $dbh->prepare($query);

        $stmt->bindParam(':id', $keyPair->keyId);

        $stmt->bindParam(':id', $keyPair->keyId);

        $stmt->bindParam(':private_key', $keyPair->privateKey);

        $stmt->bindParam(':private_key', $keyPair->privateKey);

        $stmt->bindParam(':public_key', $keyPair->publicKey);

        $stmt->bindParam(':public_key', $keyPair->publicKey);

        $stmt->bindParam(':alg', $keyPair->alg);

        $stmt->bindParam(':alg', $keyPair->alg);

        $stmt->bindParam(':creation_time', $now);





        $stmt->execute();

        $stmt->execute();