|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* @link http://www.yiiframework.com/
|
|
|
|
|
* @copyright Copyright (c) 2008 Yii Software LLC
|
|
|
|
|
* @license http://www.yiiframework.com/license/
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace yii\authclient\signature;
|
|
|
|
|
|
|
|
|
|
use yii\base\InvalidConfigException;
|
|
|
|
|
use yii\base\NotSupportedException;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* RsaSha1 represents 'RSA-SHA1' signature method.
|
|
|
|
|
*
|
|
|
|
|
* Note: This class require PHP "OpenSSL" extension({@link http://php.net/manual/en/book.openssl.php}).
|
|
|
|
|
*
|
|
|
|
|
* @property string $privateCertificate Private key certificate content.
|
|
|
|
|
* @property string $publicCertificate Public key certificate content.
|
|
|
|
|
*
|
|
|
|
|
* @author Paul Klimov <klimov.paul@gmail.com>
|
|
|
|
|
* @since 2.0
|
|
|
|
|
*/
|
|
|
|
|
class RsaSha1 extends BaseMethod
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @var string OpenSSL private key certificate content.
|
|
|
|
|
* This value can be fetched from file specified by {@link privateCertificateFile}.
|
|
|
|
|
*/
|
|
|
|
|
protected $_privateCertificate;
|
|
|
|
|
/**
|
|
|
|
|
* @var string OpenSSL public key certificate content.
|
|
|
|
|
* This value can be fetched from file specified by {@link publicCertificateFile}.
|
|
|
|
|
*/
|
|
|
|
|
protected $_publicCertificate;
|
|
|
|
|
/**
|
|
|
|
|
* @var string path to the file, which holds private key certificate.
|
|
|
|
|
*/
|
|
|
|
|
public $privateCertificateFile = '';
|
|
|
|
|
/**
|
|
|
|
|
* @var string path to the file, which holds public key certificate.
|
|
|
|
|
*/
|
|
|
|
|
public $publicCertificateFile = '';
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function init()
|
|
|
|
|
{
|
|
|
|
|
if (!function_exists('openssl_sign')) {
|
|
|
|
|
throw new NotSupportedException('PHP "OpenSSL" extension is required.');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param string $publicCertificate public key certificate content.
|
|
|
|
|
*/
|
|
|
|
|
public function setPublicCertificate($publicCertificate)
|
|
|
|
|
{
|
|
|
|
|
$this->_publicCertificate = $publicCertificate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return string public key certificate content.
|
|
|
|
|
*/
|
|
|
|
|
public function getPublicCertificate()
|
|
|
|
|
{
|
|
|
|
|
if ($this->_publicCertificate === null) {
|
|
|
|
|
$this->_publicCertificate = $this->initPublicCertificate();
|
|
|
|
|
}
|
|
|
|
|
return $this->_publicCertificate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param string $privateCertificate private key certificate content.
|
|
|
|
|
*/
|
|
|
|
|
public function setPrivateCertificate($privateCertificate)
|
|
|
|
|
{
|
|
|
|
|
$this->_privateCertificate = $privateCertificate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return string private key certificate content.
|
|
|
|
|
*/
|
|
|
|
|
public function getPrivateCertificate()
|
|
|
|
|
{
|
|
|
|
|
if ($this->_privateCertificate === null) {
|
|
|
|
|
$this->_privateCertificate = $this->initPrivateCertificate();
|
|
|
|
|
}
|
|
|
|
|
return $this->_privateCertificate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function getName()
|
|
|
|
|
{
|
|
|
|
|
return 'RSA-SHA1';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates initial value for {@link publicCertificate}.
|
|
|
|
|
* This method will attempt to fetch the certificate value from {@link publicCertificateFile} file.
|
|
|
|
|
* @throws InvalidConfigException on failure.
|
|
|
|
|
* @return string public certificate content.
|
|
|
|
|
*/
|
|
|
|
|
protected function initPublicCertificate()
|
|
|
|
|
{
|
|
|
|
|
if (!empty($this->publicCertificateFile)) {
|
|
|
|
|
if (!file_exists($this->publicCertificateFile)) {
|
|
|
|
|
throw new InvalidConfigException("Public certificate file '{$this->publicCertificateFile}' does not exist!");
|
|
|
|
|
}
|
|
|
|
|
return file_get_contents($this->publicCertificateFile);
|
|
|
|
|
} else {
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates initial value for {@link privateCertificate}.
|
|
|
|
|
* This method will attempt to fetch the certificate value from {@link privateCertificateFile} file.
|
|
|
|
|
* @throws InvalidConfigException on failure.
|
|
|
|
|
* @return string private certificate content.
|
|
|
|
|
*/
|
|
|
|
|
protected function initPrivateCertificate()
|
|
|
|
|
{
|
|
|
|
|
if (!empty($this->privateCertificateFile)) {
|
|
|
|
|
if (!file_exists($this->privateCertificateFile)) {
|
|
|
|
|
throw new InvalidConfigException("Private certificate file '{$this->privateCertificateFile}' does not exist!");
|
|
|
|
|
}
|
|
|
|
|
return file_get_contents($this->privateCertificateFile);
|
|
|
|
|
} else {
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function generateSignature($baseString, $key)
|
|
|
|
|
{
|
|
|
|
|
$privateCertificateContent = $this->getPrivateCertificate();
|
|
|
|
|
// Pull the private key ID from the certificate
|
|
|
|
|
$privateKeyId = openssl_pkey_get_private($privateCertificateContent);
|
|
|
|
|
// Sign using the key
|
|
|
|
|
openssl_sign($baseString, $signature, $privateKeyId);
|
|
|
|
|
// Release the key resource
|
|
|
|
|
openssl_free_key($privateKeyId);
|
|
|
|
|
return base64_encode($signature);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritdoc
|
|
|
|
|
*/
|
|
|
|
|
public function verify($signature, $baseString, $key)
|
|
|
|
|
{
|
|
|
|
|
$decodedSignature = base64_decode($signature);
|
|
|
|
|
// Fetch the public key cert based on the request
|
|
|
|
|
$publicCertificate = $this->getPublicCertificate();
|
|
|
|
|
// Pull the public key ID from the certificate
|
|
|
|
|
$publicKeyId = openssl_pkey_get_public($publicCertificate);
|
|
|
|
|
// Check the computed signature against the one passed in the query
|
|
|
|
|
$verificationResult = openssl_verify($baseString, $decodedSignature, $publicKeyId);
|
|
|
|
|
// Release the key resource
|
|
|
|
|
openssl_free_key($publicKeyId);
|
|
|
|
|
return ($verificationResult == 1);
|
|
|
|
|
}
|
|
|
|
|
}
|
