web-token · unixslayer · Jul 10, 2019 · Jul 10, 2019 · Jul 10, 2019 · Jul 10, 2019
diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php
@@ -0,0 +1,69 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2019 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Bundle\JoseFramework\DependencyInjection\Source\KeyManagement\JWKSource;
+
+use Jose\Bundle\JoseFramework\DependencyInjection\Source\AbstractSource;
+use Jose\Component\KeyManagement\JWKFactory;
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Reference;
+
+class P12 extends AbstractSource implements JWKSource
+{
+    public function createDefinition(ContainerBuilder $container, array $config): Definition
+    {
+        $definition = new Definition(JWK::class);
+        $definition->setFactory([
+            new Reference(JWKFactory::class),
+            'createFromPKCS12CertificateFile',
+        ]);
+        $definition->setArguments([
+            $config['path'],
+            $config['password'],
+            $config['additional_values'],
+        ]);
+        $definition->addTag('jose.jwk');
+
+        return $definition;
+    }
+
+    public function getKey(): string
+    {
+        return 'p12';
+    }
+
+    public function addConfiguration(NodeDefinition $node): void
+    {
+        parent::addConfiguration($node);
+        $node
+            ->children()
+            ->scalarNode('path')
+            ->info('Path of the key file.')
+            ->isRequired()
+            ->end()
+            ->scalarNode('password')
+            ->info('Password used to decrypt the key (optional).')
+            ->defaultNull()
+            ->end()
+            ->arrayNode('additional_values')
+            ->info('Additional values to be added to the key.')
+            ->defaultValue([])
+            ->useAttributeAsKey('key')
+            ->variablePrototype()->end()
+            ->end()
+            ->end()
+        ;
+    }
+}
diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/Signature/SignatureSource.php b/src/Bundle/JoseFramework/DependencyInjection/Source/Signature/SignatureSource.php
@@ -21,7 +21,7 @@
 use Jose\Component\Signature\Algorithm\HMAC;
 use Jose\Component\Signature\Algorithm\HS1;
 use Jose\Component\Signature\Algorithm\None;
-use Jose\Component\Signature\Algorithm\RSA;
+use Jose\Component\Signature\Algorithm\RSAPSS;
 use Jose\Component\Signature\JWSBuilderFactory;
 use Jose\Component\Signature\JWSVerifierFactory;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;

diff --git a/src/Bundle/JoseFramework/Resources/config/Algorithms/signature_rsa.php b/src/Bundle/JoseFramework/Resources/config/Algorithms/signature_rsa.php
@@ -33,15 +33,17 @@
         ->tag('jose.algorithm', ['alias' => 'RS512'])
     ;
 
-    $container->set(Algorithm\PS256::class)
-        ->tag('jose.algorithm', ['alias' => 'PS256'])
-    ;
-
-    $container->set(Algorithm\PS384::class)
-        ->tag('jose.algorithm', ['alias' => 'PS384'])
-    ;
-
-    $container->set(Algorithm\PS512::class)
-        ->tag('jose.algorithm', ['alias' => 'PS512'])
-    ;
+    if (extension_loaded('gmp')) {
+        $container->set(Algorithm\PS256::class)
+            ->tag('jose.algorithm', ['alias' => 'PS256'])
+        ;
+
+        $container->set(Algorithm\PS384::class)
+            ->tag('jose.algorithm', ['alias' => 'PS384'])
+        ;
+
+        $container->set(Algorithm\PS512::class)
+            ->tag('jose.algorithm', ['alias' => 'PS512'])
+        ;
+    }
 };
diff --git a/src/Bundle/JoseFramework/Resources/config/analyzers.php b/src/Bundle/JoseFramework/Resources/config/analyzers.php
@@ -11,6 +11,7 @@
  * of the MIT license.  See the LICENSE file for details.
  */
 
+use Jose\Component\Core\Util\Ecc\NistCurve;
 use Jose\Component\KeyManagement\Analyzer;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use ZxcvbnPhp\Zxcvbn;
@@ -37,13 +38,16 @@
     $container->set(Analyzer\OctAnalyzer::class);
     $container->set(Analyzer\MixedKeyTypes::class);
     $container->set(Analyzer\MixedPublicAndPrivateKeys::class);
-    $container->set(Analyzer\ES256KeyAnalyzer::class);
-    $container->set(Analyzer\ES384KeyAnalyzer::class);
-    $container->set(Analyzer\ES512KeyAnalyzer::class);
     $container->set(Analyzer\HS256KeyAnalyzer::class);
     $container->set(Analyzer\HS384KeyAnalyzer::class);
     $container->set(Analyzer\HS512KeyAnalyzer::class);
 
+    if (class_exists(NistCurve::class)) {
+        $container->set(Analyzer\ES256KeyAnalyzer::class);
+        $container->set(Analyzer\ES384KeyAnalyzer::class);
+        $container->set(Analyzer\ES512KeyAnalyzer::class);
+    }
+
     if (class_exists(Zxcvbn::class)) {
         $container->set(Analyzer\ZxcvbnKeyAnalyzer::class);
     }

diff --git a/src/Bundle/JoseFramework/Resources/config/jwk_sources.php b/src/Bundle/JoseFramework/Resources/config/jwk_sources.php
@@ -22,6 +22,7 @@
     ;
 
     $container->set(JWKSource\KeyFile::class);
+    $container->set(JWKSource\P12::class);
     $container->set(JWKSource\CertificateFile::class);
     $container->set(JWKSource\Values::class);
     $container->set(JWKSource\Secret::class);

diff --git a/src/Component/Encryption/Serializer/JSONFlattenedSerializer.php b/src/Component/Encryption/Serializer/JSONFlattenedSerializer.php
@@ -88,9 +88,9 @@ public function unserialize(string $input): JWE
         );
     }
 
-    private function checkData(array $data): void
+    private function checkData(?array $data): void
     {
-        if (!isset($data['ciphertext']) || isset($data['recipients'])) {
+        if (null === $data || !isset($data['ciphertext']) || isset($data['recipients'])) {
             throw new InvalidArgumentException('Unsupported input.');
         }
     }

diff --git a/src/Component/Encryption/Serializer/JSONGeneralSerializer.php b/src/Component/Encryption/Serializer/JSONGeneralSerializer.php
@@ -97,9 +97,9 @@ public function unserialize(string $input): JWE
         );
     }
 
-    private function checkData(array $data): void
+    private function checkData(?array $data): void
     {
-        if (!isset($data['ciphertext']) || !isset($data['recipients'])) {
+        if (null === $data || !isset($data['ciphertext']) || !isset($data['recipients'])) {
             throw new InvalidArgumentException('Unsupported input.');
         }
     }

diff --git a/src/Component/KeyManagement/Analyzer/ES256KeyAnalyzer.php b/src/Component/KeyManagement/Analyzer/ES256KeyAnalyzer.php
@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES256KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

diff --git a/src/Component/KeyManagement/Analyzer/ES384KeyAnalyzer.php b/src/Component/KeyManagement/Analyzer/ES384KeyAnalyzer.php
@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES384KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

diff --git a/src/Component/KeyManagement/Analyzer/ES512KeyAnalyzer.php b/src/Component/KeyManagement/Analyzer/ES512KeyAnalyzer.php
@@ -16,9 +16,17 @@
 use Base64Url\Base64Url;
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\Ecc\NistCurve;
+use RuntimeException;
 
 final class ES512KeyAnalyzer implements KeyAnalyzer
 {
+    public function __construct()
+    {
+        if (!class_exists(NistCurve::class)) {
+            throw new RuntimeException('Please install web-token/jwt-util-ecc to use this key analyzer');
+        }
+    }
+
     public function analyze(JWK $jwk, MessageBag $bag): void
     {
         if ('EC' !== $jwk->get('kty')) {

diff --git a/src/Component/KeyManagement/composer.json b/src/Component/KeyManagement/composer.json
@@ -21,7 +21,6 @@
     },
     "require": {
         "ext-openssl": "*",
-        "ext-gmp": "*",
         "psr/http-factory": "^1.0",
         "psr/http-client": "^1.0",
         "web-token/jwt-core": "^2.1",

diff --git a/src/SignatureAlgorithm/Experimental/RS1.php b/src/SignatureAlgorithm/Experimental/RS1.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS1 extends RSA
+final class RS1 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha1';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/PS256.php b/src/SignatureAlgorithm/RSA/PS256.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS256 extends RSA
+final class PS256 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha256';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/PS384.php b/src/SignatureAlgorithm/RSA/PS384.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS384 extends RSA
+final class PS384 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha384';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/PS512.php b/src/SignatureAlgorithm/RSA/PS512.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class PS512 extends RSA
+final class PS512 extends RSAPSS
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha512';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PSS;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/RS256.php b/src/SignatureAlgorithm/RSA/RS256.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS256 extends RSA
+final class RS256 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha256';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/RS384.php b/src/SignatureAlgorithm/RSA/RS384.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS384 extends RSA
+final class RS384 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha384';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/RS512.php b/src/SignatureAlgorithm/RSA/RS512.php
@@ -13,9 +13,7 @@
 
 namespace Jose\Component\Signature\Algorithm;
 
-use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
-
-final class RS512 extends RSA
+final class RS512 extends RSAPKCS1
 {
     public function name(): string
     {
@@ -26,9 +24,4 @@ protected function getAlgorithm(): string
     {
         return 'sha512';
     }
-
-    protected function getSignatureMethod(): int
-    {
-        return JoseRSA::SIGNATURE_PKCS1;
-    }
 }
diff --git a/src/SignatureAlgorithm/RSA/RSA.php b/src/SignatureAlgorithm/RSA/RSA.php
@@ -17,9 +17,20 @@
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\Util\RSAKey;
 use Jose\Component\Signature\Algorithm\Util\RSA as JoseRSA;
+use RuntimeException;
 
+/**
+ * @deprecated Please use either RSAPSS or RSAPKCS1 depending on the padding mode
+ */
 abstract class RSA implements SignatureAlgorithm
 {
+    public function __construct()
+    {
+        if (!\extension_loaded('gmp')) {
+            throw new RuntimeException(static::class.' requires gmp extension');
+        }
+    }
+
     public function allowedKeyTypes(): array
     {
         return ['RSA'];