Merge pull request #1100 from lcobucci/key_content_at_last

Retrieve `Key` content the very last moment it's needed

src/Signer/Ecdsa.php

@@ -18,7 +18,7 @@ public function __construct(
     final public function sign(string $payload, Key $key): string
     {
         return $this->converter->fromAsn1(
-            $this->createSignature($key->contents(), $key->passphrase(), $payload),
+            $this->createSignature($key, $payload),
             $this->pointLength(),
         );
     }
@@ -28,7 +28,7 @@ final public function verify(string $expected, string $payload, Key $key): bool
         return $this->verifySignature(
             $this->converter->toAsn1($expected, $this->pointLength()),
             $payload,
-            $key->contents(),
+            $key,
         );
     }
 

src/Signer/OpenSSL.php

@@ -5,7 +5,6 @@
 
 use Lcobucci\JWT\Signer;
 use OpenSSLAsymmetricKey;
-use SensitiveParameter;
 
 use function array_key_exists;
 use function assert;
@@ -41,17 +40,14 @@
      * @throws InvalidKeyProvided
      */
     final protected function createSignature(
-        #[SensitiveParameter]
-        string $pem,
-        #[SensitiveParameter]
-        string $passphrase,
+        Key $key,
         string $payload,
     ): string {
-        $key = $this->getPrivateKey($pem, $passphrase);
+        $opensslKey = $this->getPrivateKey($key);
 
         $signature = '';
 
-        if (! openssl_sign($payload, $signature, $key, $this->algorithm())) {
+        if (! openssl_sign($payload, $signature, $opensslKey, $this->algorithm())) {
             throw CannotSignPayload::errorHappened($this->fullOpenSSLErrorString());
         }
 
@@ -60,30 +56,27 @@ final protected function createSignature(
 
     /** @throws CannotSignPayload */
     private function getPrivateKey(
-        #[SensitiveParameter]
-        string $pem,
-        #[SensitiveParameter]
-        string $passphrase,
+        Key $key,
     ): OpenSSLAsymmetricKey {
-        return $this->validateKey(openssl_pkey_get_private($pem, $passphrase));
+        return $this->validateKey(openssl_pkey_get_private($key->contents(), $key->passphrase()));
     }
 
     /** @throws InvalidKeyProvided */
     final protected function verifySignature(
         string $expected,
         string $payload,
-        string $pem,
+        Key $key,
     ): bool {
-        $key    = $this->getPublicKey($pem);
-        $result = openssl_verify($payload, $expected, $key, $this->algorithm());
+        $opensslKey = $this->getPublicKey($key);
+        $result     = openssl_verify($payload, $expected, $opensslKey, $this->algorithm());
 
         return $result === 1;
     }
 
     /** @throws InvalidKeyProvided */
-    private function getPublicKey(string $pem): OpenSSLAsymmetricKey
+    private function getPublicKey(Key $key): OpenSSLAsymmetricKey
     {
-        return $this->validateKey(openssl_pkey_get_public($pem));
+        return $this->validateKey(openssl_pkey_get_public($key->contents()));
     }
 
     /**

src/Signer/Rsa.php

@@ -11,12 +11,12 @@
 
     final public function sign(string $payload, Key $key): string
     {
-        return $this->createSignature($key->contents(), $key->passphrase(), $payload);
+        return $this->createSignature($key, $payload);
     }
 
     final public function verify(string $expected, string $payload, Key $key): bool
     {
-        return $this->verifySignature($expected, $payload, $key->contents());
+        return $this->verifySignature($expected, $payload, $key);
     }
 
     final protected function guardAgainstIncompatibleKey(int $type, int $lengthInBits): void

tests/Signer/Rsa/KeyValidationSigner.php

@@ -27,11 +27,11 @@ public function algorithmId(): string
 
     public function sign(string $payload, Key $key): string
     {
-        return $this->createSignature($key->contents(), $key->passphrase(), $payload);
+        return $this->createSignature($key, $payload);
     }
 
     public function verify(string $expected, string $payload, Key $key): bool
     {
-        return $this->verifySignature($expected, $payload, $key->contents());
+        return $this->verifySignature($expected, $payload, $key);
     }
 }