Skip to content

Commit

Permalink
feat: phpcbf only v3 bringing gree/jose package within HW sdk
Browse files Browse the repository at this point in the history
  • Loading branch information
fernando committed Jul 18, 2024
1 parent 7c5a492 commit acf57c6
Show file tree
Hide file tree
Showing 6 changed files with 120 additions and 241 deletions.
120 changes: 64 additions & 56 deletions src/Hyperwallet/Util/HyperwalletEncryption.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php

namespace Hyperwallet\Util;

use Hyperwallet\Exception\HyperwalletException;
Expand All @@ -16,7 +17,8 @@
*
* @package Hyperwallet\Util
*/
class HyperwalletEncryption {
class HyperwalletEncryption
{

/**
* String that can be a URL or path to file with client JWK set
Expand Down Expand Up @@ -84,9 +86,14 @@ class HyperwalletEncryption {
* @param array $encryptionMethod JWE encryption method, by default value = A256CBC-HS512
* @param array $jwsExpirationMinutes Minutes when JWS signature is valid, by default value = 5
*/
public function __construct($clientPrivateKeySetLocation, $hyperwalletKeySetLocation,
$encryptionAlgorithm = 'RSA-OAEP-256', $signAlgorithm = 'RS256', $encryptionMethod = 'A256CBC-HS512',
$jwsExpirationMinutes = 5) {
public function __construct(
$clientPrivateKeySetLocation,
$hyperwalletKeySetLocation,
$encryptionAlgorithm = 'RSA-OAEP-256',
$signAlgorithm = 'RS256',
$encryptionMethod = 'A256CBC-HS512',
$jwsExpirationMinutes = 5
) {
$this->clientPrivateKeySetLocation = $clientPrivateKeySetLocation;
$this->hyperwalletKeySetLocation = $hyperwalletKeySetLocation;
$this->encryptionAlgorithm = $encryptionAlgorithm;
Expand All @@ -103,10 +110,9 @@ public function __construct($clientPrivateKeySetLocation, $hyperwalletKeySetLoca
*
* @throws HyperwalletException
*/
public function encrypt($body) {
public function encrypt($body)
{
$privateJwsKey = $this->getPrivateJwsKey();
var_dump($privateJwsKey);
exit;
$jws = new JOSE_JWS(new JOSE_JWT($body));
$jws->header['exp'] = $this->getSignatureExpirationTime();
$jws->header['kid'] = $this->jwsKid;
Expand All @@ -127,7 +133,8 @@ public function encrypt($body) {
*
* @throws HyperwalletException
*/
public function decrypt($body) {
public function decrypt($body)
{
$privateJweKey = $this->getPrivateJweKey();
$jwe = JOSE_JWT::decode($body);
$decryptedBody = $jwe->decrypt($privateJweKey);
Expand All @@ -146,7 +153,8 @@ public function decrypt($body) {
*
* @throws HyperwalletException
*/
private function getPrivateJwsKey() {
private function getPrivateJwsKey()
{
$privateKeyData = $this->getJwk($this->clientPrivateKeySetLocation, $this->signAlgorithm);
$this->jwsKid = $privateKeyData['kid'];
return $this->getPrivateKey($privateKeyData);
Expand All @@ -159,7 +167,8 @@ private function getPrivateJwsKey() {
*
* @throws HyperwalletException
*/
private function getPublicJweKey() {
private function getPublicJweKey()
{
$publicKeyData = $this->getJwk($this->hyperwalletKeySetLocation, $this->encryptionAlgorithm);
$this->jweKid = $publicKeyData['kid'];
return $this->getPublicKey($this->convertPrivateKeyToPublic($publicKeyData));
Expand All @@ -172,7 +181,8 @@ private function getPublicJweKey() {
*
* @throws HyperwalletException
*/
private function getPrivateJweKey() {
private function getPrivateJweKey()
{
$privateKeyData = $this->getJwk($this->clientPrivateKeySetLocation, $this->encryptionAlgorithm);
return $this->getPrivateKey($privateKeyData);
}
Expand All @@ -184,7 +194,8 @@ private function getPrivateJweKey() {
*
* @throws HyperwalletException
*/
private function getPublicJwsKey() {
private function getPublicJwsKey()
{
$publicKeyData = $this->getJwk($this->hyperwalletKeySetLocation, $this->signAlgorithm);
return $this->getPublicKey($this->convertPrivateKeyToPublic($publicKeyData));
}
Expand All @@ -195,32 +206,24 @@ private function getPublicJwsKey() {
* @param array $privateKeyData The JWK key data
* @return RSA
*/
private function getPrivateKey($privateKeyData) {
var_dump($privateKeyData);
$n = $this->keyParamToBigInteger($privateKeyData['n']);
$e = $this->keyParamToBigInteger($privateKeyData['e']);
$d = $this->keyParamToBigInteger($privateKeyData['d']);
$p = $this->keyParamToBigInteger($privateKeyData['p']);
$q = $this->keyParamToBigInteger($privateKeyData['q']);
$qi = $this->keyParamToBigInteger($privateKeyData['qi']);
$dp = $this->keyParamToBigInteger($privateKeyData['dp']);
$dq = $this->keyParamToBigInteger($privateKeyData['dq']);
$primes = array($p, $q);
$exponents = array($dp, $dq);
$coefficients = array($qi, $qi);
array_unshift($primes, "phoney");
unset($primes[0]);
array_unshift($exponents, "phoney");
unset($exponents[0]);
array_unshift($coefficients, "phoney");
unset($coefficients[0]);
private function getPrivateKey($privateKeyData)
{
$pemData = RSA::load([
'e' => $this->keyParamToBigInteger($privateKeyData['e']),
'n' => $this->keyParamToBigInteger($privateKeyData['n']),
'd' => $this->keyParamToBigInteger($privateKeyData['d']),
'p' => $this->keyParamToBigInteger($privateKeyData['p']),
'q' => $this->keyParamToBigInteger($privateKeyData['q']),
'dp' => $this->keyParamToBigInteger($privateKeyData['dp']),
'dq' => $this->keyParamToBigInteger($privateKeyData['dq']),
'qi' => $this->keyParamToBigInteger($privateKeyData['qi']),
]);

$privateKey = RSA::loadPrivateKey($pemData->toString('PKCS1'));

$pemData = (new RSA())->_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients);
$privateKey = new RSA();
$privateKey->loadKey($pemData);
if ($privateKeyData['alg'] == 'RSA-OAEP-256') {
$privateKey->setHash('sha256');
$privateKey->setMGFHash('sha256');
// $privateKey->setHash('sha256');
// $privateKey->setMGFHash('sha256');
}
return $privateKey;
}
Expand All @@ -231,10 +234,8 @@ private function getPrivateKey($privateKeyData) {
* @param string $param base 64 encoded string
* @return BigInteger
*/
private function keyParamToBigInteger($param) {
var_dump(URLSafeBase64::decode($param));
exit;

private function keyParamToBigInteger($param)
{
return new BigInteger('0x' . bin2hex(URLSafeBase64::decode($param)), 16);
}

Expand All @@ -244,12 +245,13 @@ private function keyParamToBigInteger($param) {
* @param array $publicKeyData The JWK key data
* @return RSA
*/
private function getPublicKey($publicKeyData) {
private function getPublicKey($publicKeyData)
{
$publicKeyRaw = new JOSE_JWK($publicKeyData);
$publicKey = $publicKeyRaw->toKey();
if ($publicKeyData['alg'] == 'RSA-OAEP-256') {
$publicKey->setHash('sha256');
$publicKey->setMGFHash('sha256');
// $publicKey->setHash('sha256');
// $publicKey->setMGFHash('sha256');
}
return $publicKey;
}
Expand All @@ -263,8 +265,9 @@ private function getPublicKey($publicKeyData) {
*
* @throws HyperwalletException
*/
private function getJwk($keySetLocation, $alg) {
if (filter_var($keySetLocation, FILTER_VALIDATE_URL) === FALSE) {
private function getJwk($keySetLocation, $alg)
{
if (filter_var($keySetLocation, FILTER_VALIDATE_URL) === false) {
if (!file_exists($keySetLocation)) {
throw new HyperwalletException("Wrong JWK key set location path = " . $keySetLocation);
}
Expand All @@ -281,8 +284,9 @@ private function getJwk($keySetLocation, $alg) {
*
* @throws HyperwalletException
*/
private function findJwkByAlgorithm($jwkSetArray, $alg) {
foreach($jwkSetArray['keys'] as $jwk) {
private function findJwkByAlgorithm($jwkSetArray, $alg)
{
foreach ($jwkSetArray['keys'] as $jwk) {
if ($alg == $jwk['alg']) {
return $jwk;
}
Expand All @@ -296,7 +300,8 @@ private function findJwkByAlgorithm($jwkSetArray, $alg) {
* @param string $jwk JWK key
* @return array
*/
private function convertPrivateKeyToPublic($jwk) {
private function convertPrivateKeyToPublic($jwk)
{
if (isset($jwk['d'])) {
unset($jwk['d']);
}
Expand All @@ -323,7 +328,8 @@ private function convertPrivateKeyToPublic($jwk) {
*
* @return integer
*/
private function getSignatureExpirationTime() {
private function getSignatureExpirationTime()
{
date_default_timezone_set("UTC");
$secondsInMinute = 60;
return time() + $this->jwsExpirationMinutes * $secondsInMinute;
Expand All @@ -336,15 +342,16 @@ private function getSignatureExpirationTime() {
*
* @throws HyperwalletException
*/
public function checkJwsExpiration($header) {
if(!isset($header['exp'])) {
public function checkJwsExpiration($header)
{
if (!isset($header['exp'])) {
throw new HyperwalletException('While trying to verify JWS signature no [exp] header is found');
}
$exp = $header['exp'];
if(!is_numeric($exp)) {
if (!is_numeric($exp)) {
throw new HyperwalletException('Wrong value in [exp] header of JWS signature, must be integer');
}
if((int)time() > (int)$exp) {
if ((int)time() > (int)$exp) {
throw new HyperwalletException('JWS signature has expired, checked by [exp] JWS header');
}
}
Expand All @@ -356,10 +363,11 @@ public function checkJwsExpiration($header) {
*
* @throws HyperwalletException
*/
public function getVendorPath() {
public function getVendorPath()
{
$reflector = new \ReflectionClass(ClassLoader::class);
$vendorPath = preg_replace('/^(.*)\/composer\/ClassLoader\.php$/', '$1', $reflector->getFileName() );
if($vendorPath && is_dir($vendorPath)) {
$vendorPath = preg_replace('/^(.*)\/composer\/ClassLoader\.php$/', '$1', $reflector->getFileName());
if ($vendorPath && is_dir($vendorPath)) {
return $vendorPath . '/';
}
throw new HyperwalletException('Failed to find a vendor path');
Expand Down
12 changes: 6 additions & 6 deletions src/Services/Jose/JOSE_JWE.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,10 +82,8 @@ private function rsa($public_or_private_key, $padding_mode) {
} else if ($public_or_private_key instanceof RSA) {
$rsa = $public_or_private_key;
} else {
$rsa = new RSA();
$rsa->loadKey($public_or_private_key);

}
$rsa->setEncryptionMode($padding_mode);
return $rsa;
}

Expand All @@ -96,7 +94,7 @@ private function cipher() {
throw new UnexpectedAlgorithm('Algorithm not supported');
case 'A128CBC-HS256':
case 'A256CBC-HS512':
$cipher = new AES(AES::MODE_CBC);
$cipher = new AES('cbc');
break;
default:
throw new UnexpectedAlgorithm('Unknown algorithm');
Expand All @@ -108,7 +106,7 @@ private function cipher() {
break;
case 'A256GCM':
case 'A256CBC-HS512':
$cipher->setBlockLength(256);
// $cipher->setBlockLength(256);
break;
default:
throw new UnexpectedAlgorithm('Unknown algorithm');
Expand All @@ -128,7 +126,7 @@ private function generateIv() {
break;
case 'A256GCM':
case 'A256CBC-HS512':
$this->iv = $this->generateRandomBytes(256 / 8);
$this->iv = $this->generateRandomBytes(128 / 8);
break;
default:
throw new UnexpectedAlgorithm('Unknown algorithm');
Expand Down Expand Up @@ -161,6 +159,7 @@ private function encryptContentEncryptionKey($public_key_or_secret) {
$this->jwe_encrypted_key = $rsa->encrypt($this->content_encryption_key);
break;
case 'RSA-OAEP':
case 'RSA-OAEP-256':
$rsa = $this->rsa($public_key_or_secret, RSA::ENCRYPTION_OAEP);
$this->jwe_encrypted_key = $rsa->encrypt($this->content_encryption_key);
break;
Expand Down Expand Up @@ -189,6 +188,7 @@ private function decryptContentEncryptionKey($private_key_or_secret) {
$rsa = $this->rsa($private_key_or_secret, RSA::ENCRYPTION_PKCS1);
$this->content_encryption_key = $rsa->decrypt($this->jwe_encrypted_key);
break;
case 'RSA-OAEP-256':
case 'RSA-OAEP':
$rsa = $this->rsa($private_key_or_secret, RSA::ENCRYPTION_OAEP);
$this->content_encryption_key = $rsa->decrypt($this->jwe_encrypted_key);
Expand Down
Loading

0 comments on commit acf57c6

Please sign in to comment.