Loading README.md +3 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,9 @@ Copy the `config-example.yaml` into `config.yaml` and edit it for matching your php exec/generate-keypair.php A cron job for key rotation has to be set up. Once a day rotate the keys using a cron job that calls: php exec/rotate-keys.php ### Logs directory Loading classes/JWKSHandler.php +4 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,10 @@ class JWKSHandler { ]; } public function deleteKeyPair(RSAKeyPair $keyPair): void { $this->locator->getJWKSDAO()->deleteKeyPair($keyPair->keyId); } private function getTagContent(string $publicKeyXML, string $tagname): string { $matches = []; $pattern = "#<\s*?$tagname\b[^>]*>(.*?)</$tagname\b[^>]*>#s"; Loading classes/datalayer/JWKSDAO.php +2 −0 Original line number Diff line number Diff line Loading @@ -17,4 +17,6 @@ interface JWKSDAO { public function insertRSAKeyPair(RSAKeyPair $keyPair): RSAKeyPair; public function getNewestKeyPair(): ?RSAKeyPair; public function deleteKeyPair(string $id): void; } classes/datalayer/mysql/MySQLJWKSDAO.php +13 −2 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { $dbh = $this->getDBHandler(); $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs"; $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs ORDER BY creation_time DESC"; $stmt = $dbh->prepare($query); $stmt->execute(); Loading Loading @@ -94,4 +94,15 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { return $keyPair; } public function deleteKeyPair(string $id): void { $dbh = $this->getDBHandler(); $query = "DELETE FROM rsa_keypairs WHERE id = :id"; $stmt = $dbh->prepare($query); $stmt->bindParam(':id', $id); $stmt->execute(); } } exec/rotate-keys.php 0 → 100644 +17 −0 Original line number Diff line number Diff line <?php chdir(dirname(__FILE__)); include '../include/init.php'; $handler = new \RAP\JWKSHandler($locator); $handler->generateKeyPair(); $dao = $locator->getJWKSDAO(); $keyPairs = $dao->getRSAKeyPairs(); if (count($keyPairs) > 3) { // delete oldest keypair $handler->deleteKeyPair($keyPairs[count($keyPairs) - 1]); } Loading
README.md +3 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,9 @@ Copy the `config-example.yaml` into `config.yaml` and edit it for matching your php exec/generate-keypair.php A cron job for key rotation has to be set up. Once a day rotate the keys using a cron job that calls: php exec/rotate-keys.php ### Logs directory Loading
classes/JWKSHandler.php +4 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,10 @@ class JWKSHandler { ]; } public function deleteKeyPair(RSAKeyPair $keyPair): void { $this->locator->getJWKSDAO()->deleteKeyPair($keyPair->keyId); } private function getTagContent(string $publicKeyXML, string $tagname): string { $matches = []; $pattern = "#<\s*?$tagname\b[^>]*>(.*?)</$tagname\b[^>]*>#s"; Loading
classes/datalayer/JWKSDAO.php +2 −0 Original line number Diff line number Diff line Loading @@ -17,4 +17,6 @@ interface JWKSDAO { public function insertRSAKeyPair(RSAKeyPair $keyPair): RSAKeyPair; public function getNewestKeyPair(): ?RSAKeyPair; public function deleteKeyPair(string $id): void; }
classes/datalayer/mysql/MySQLJWKSDAO.php +13 −2 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { $dbh = $this->getDBHandler(); $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs"; $query = "SELECT id, private_key, public_key, alg, creation_time FROM rsa_keypairs ORDER BY creation_time DESC"; $stmt = $dbh->prepare($query); $stmt->execute(); Loading Loading @@ -94,4 +94,15 @@ class MySQLJWKSDAO extends BaseMySQLDAO implements JWKSDAO { return $keyPair; } public function deleteKeyPair(string $id): void { $dbh = $this->getDBHandler(); $query = "DELETE FROM rsa_keypairs WHERE id = :id"; $stmt = $dbh->prepare($query); $stmt->bindParam(':id', $id); $stmt->execute(); } }
exec/rotate-keys.php 0 → 100644 +17 −0 Original line number Diff line number Diff line <?php chdir(dirname(__FILE__)); include '../include/init.php'; $handler = new \RAP\JWKSHandler($locator); $handler->generateKeyPair(); $dao = $locator->getJWKSDAO(); $keyPairs = $dao->getRSAKeyPairs(); if (count($keyPairs) > 3) { // delete oldest keypair $handler->deleteKeyPair($keyPairs[count($keyPairs) - 1]); }
