Merge pull request #187 from web-token/GMPDepFix

[WIP] Fixes GMP requirement

phpstan.neon

@@ -19,7 +19,6 @@ parameters:
         - '#Parameter \#1 \$value of static method Jose\\Component\\Core\\Util\\BigInteger::createFromGMPResource\(\) expects GMP, resource given\.#'
         - '#Return type \(void\) of method Jose\\Bundle\\JoseFramework\\Routing\\JWKSetLoader::getResolver\(\) should be compatible with return type \(Symfony\\Component\\Config\\Loader\\LoaderResolverInterface\) of method Symfony\\Component\\Config\\Loader\\LoaderInterface::getResolver\(\)#'
         - '#Instanceof between Jose\\Component\\Core\\JWK and Jose\\Component\\Core\\JWK will always evaluate to true\.#'
-        - '#Function openssl_pkey_derive not found\.#'
 includes:
     - vendor/phpstan/phpstan-phpunit/extension.neon
     - vendor/phpstan/phpstan-phpunit/rules.neon

src/Bundle/JoseFramework/DependencyInjection/Source/Signature/SignatureSource.php

@@ -21,7 +21,7 @@
 use Jose\Component\Signature\Algorithm\HMAC;
 use Jose\Component\Signature\Algorithm\HS1;
 use Jose\Component\Signature\Algorithm\None;
-use Jose\Component\Signature\Algorithm\RSA;
+use Jose\Component\Signature\Algorithm\RSAPSS;
 use Jose\Component\Signature\JWSBuilderFactory;
 use Jose\Component\Signature\JWSVerifierFactory;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
@@ -125,7 +125,7 @@ public function getCompilerPasses(): array
     private function getAlgorithmsFiles(): array
     {
         return [
-            RSA::class => 'signature_rsa.php',
+            RSAPSS::class => 'signature_rsa.php',
             ECDSA::class => 'signature_ecdsa.php',
             EdDSA::class => 'signature_eddsa.php',
             HMAC::class => 'signature_hmac.php',

src/Bundle/JoseFramework/Resources/config/Algorithms/signature_rsa.php

@@ -33,15 +33,17 @@
         ->tag('jose.algorithm', ['alias' => 'RS512'])
     ;
 
-    $container->set(Algorithm\PS256::class)
-        ->tag('jose.algorithm', ['alias' => 'PS256'])
-    ;
-
-    $container->set(Algorithm\PS384::class)
-        ->tag('jose.algorithm', ['alias' => 'PS384'])
-    ;
-
-    $container->set(Algorithm\PS512::class)
-        ->tag('jose.algorithm', ['alias' => 'PS512'])
-    ;
+    if (extension_loaded('gmp')) {
+        $container->set(Algorithm\PS256::class)
+            ->tag('jose.algorithm', ['alias' => 'PS256'])
+        ;
+
+        $container->set(Algorithm\PS384::class)
+            ->tag('jose.algorithm', ['alias' => 'PS384'])
+        ;
+
+        $container->set(Algorithm\PS512::class)
+            ->tag('jose.algorithm', ['alias' => 'PS512'])
+        ;
+    }
 };

src/Bundle/JoseFramework/Resources/config/analyzers.php

@@ -11,6 +11,7 @@
  * of the MIT license.  See the LICENSE file for details.
  */
 
+use Jose\Component\Core\Util\Ecc\NistCurve;
 use Jose\Component\KeyManagement\Analyzer;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use ZxcvbnPhp\Zxcvbn;
@@ -37,13 +38,16 @@
     $container->set(Analyzer\OctAnalyzer::class);
     $container->set(Analyzer\MixedKeyTypes::class);
     $container->set(Analyzer\MixedPublicAndPrivateKeys::class);
-    $container->set(Analyzer\ES256KeyAnalyzer::class);
-    $container->set(Analyzer\ES384KeyAnalyzer::class);
-    $container->set(Analyzer\ES512KeyAnalyzer::class);
     $container->set(Analyzer\HS256KeyAnalyzer::class);
     $container->set(Analyzer\HS384KeyAnalyzer::class);
     $container->set(Analyzer\HS512KeyAnalyzer::class);
 
+    if (class_exists(NistCurve::class)) {
+        $container->set(Analyzer\ES256KeyAnalyzer::class);
+        $container->set(Analyzer\ES384KeyAnalyzer::class);
+        $container->set(Analyzer\ES512KeyAnalyzer::class);
+    }
+
     if (class_exists(Zxcvbn::class)) {
         $container->set(Analyzer\ZxcvbnKeyAnalyzer::class);
     }

src/Component/Encryption/Serializer/JSONFlattenedSerializer.php

@@ -90,7 +90,7 @@ public function unserialize(string $input): JWE
 
     private function checkData(?array $data): void
     {
-        if ($data === null || !isset($data['ciphertext']) || isset($data['recipients'])) {
+        if (null === $data || !isset($data['ciphertext']) || isset($data['recipients'])) {
             throw new InvalidArgumentException('Unsupported input.');
         }
     }

src/Component/Encryption/Serializer/JSONGeneralSerializer.php

@@ -99,7 +99,7 @@ public function unserialize(string $input): JWE
 
     private function checkData(?array $data): void
     {
-        if ($data === null || !isset($data['ciphertext']) || !isset($data['recipients'])) {
+        if (null === $data || !isset($data['ciphertext']) || !isset($data['recipients'])) {
             throw new InvalidArgumentException('Unsupported input.');
         }
     }

src/Component/KeyManagement/Analyzer/ES256KeyAnalyzer.php

@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES256KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

src/Component/KeyManagement/Analyzer/ES384KeyAnalyzer.php

@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES384KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

src/Component/KeyManagement/Analyzer/ES512KeyAnalyzer.php

@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES512KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

src/Component/KeyManagement/composer.json

@@ -21,11 +21,9 @@
     },
     "require": {
         "ext-openssl": "*",
-        "ext-gmp": "*",
         "psr/http-factory": "^1.0",
         "psr/http-client": "^1.0",
-        "web-token/jwt-core": "^2.0",
-        "web-token/jwt-util-ecc": "^2.0"
+        "web-token/jwt-core": "^2.0"
     },
     "require-dev": {
         "php-http/message-factory": "^1.0",
@@ -34,6 +32,7 @@
         "phpunit/phpunit": "^8.0"
     },
     "suggest": {
+        "web-token/jwt-util-ecc": "To use EC key analyzers.",
         "php-http/message-factory": "To enable JKU/X5U support.",
         "php-http/httplug": "To enable JKU/X5U support."
     },

src/Ecc/composer.json

@@ -20,6 +20,7 @@
         }
     },
     "require": {
+        "ext-gmp": "*",
         "thecodingmachine/safe": "^0.1.14"
     },
     "require-dev": {

src/SignatureAlgorithm/ECDSA/composer.json

@@ -20,8 +20,7 @@
         }
     },
     "require": {
-        "web-token/jwt-signature": "^2.0",
-        "web-token/jwt-util-ecc": "^2.0"
+        "web-token/jwt-signature": "^2.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^8.0"

src/SignatureAlgorithm/Experimental/RS1.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS1 extends RSA
+final class RS1 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha1';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }

src/SignatureAlgorithm/RSA/PS256.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS256 extends RSA
+final class PS256 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha256';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }

src/SignatureAlgorithm/RSA/PS384.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS384 extends RSA
+final class PS384 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha384';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }

src/SignatureAlgorithm/RSA/PS512.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS512 extends RSA
+final class PS512 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha512';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }

src/SignatureAlgorithm/RSA/RS256.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS256 extends RSA
+final class RS256 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha256';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }

src/SignatureAlgorithm/RSA/RS384.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS384 extends RSA
+final class RS384 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha384';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }

src/SignatureAlgorithm/RSA/RS512.php

@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS512 extends RSA
+final class RS512 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha512';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }

src/SignatureAlgorithm/RSA/RSA.php

@@ -17,9 +17,20 @@
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\RSAKey;
 use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
+use RuntimeException;
 
+/**
+ * @deprecated Please use either RSAPSS or RSAPKCS1 depending on the padding mode
+ */
 abstract class RSA implements SignatureAlgorithm
 {
+    public function __construct()
+    {
+        if (!\extension_loaded('gmp')) {
+            throw new RuntimeException(static::class.' requires gmp extension');
+        }
+    }
+
     public function allowedKeyTypes(): array
     {
         return ['RSA'];