-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/test phpseclib 3 #133
Open
fernandocoronatomf
wants to merge
4
commits into
hyperwallet:support/SDK-V3
Choose a base branch
from
CoverGenius:feature/test-phpseclib-3
base: support/SDK-V3
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,24 @@ | ||
<?php | ||
|
||
namespace Hyperwallet\Util; | ||
use GuzzleHttp\Client; | ||
use GuzzleHttp\Exception\BadResponseException; | ||
use GuzzleHttp\Exception\ConnectException; | ||
use GuzzleHttp\UriTemplate\UriTemplate; | ||
use Hyperwallet\Exception\HyperwalletApiException; | ||
|
||
use Hyperwallet\Exception\HyperwalletException; | ||
use Hyperwallet\Model\BaseModel; | ||
use Hyperwallet\Response\ErrorResponse; | ||
use Composer\Autoload\ClassLoader; | ||
use phpseclib\Crypt\RSA; | ||
use phpseclib\Math\BigInteger; | ||
use phpseclib\Crypt\Hash; | ||
use JOSE_URLSafeBase64; | ||
use JOSE_JWS; | ||
use JOSE_JWE; | ||
use JOSE_JWK; | ||
use JOSE_JWT; | ||
use phpseclib3\Crypt\RSA; | ||
use phpseclib3\Math\BigInteger; | ||
use Services\Jose\URLSafeBase64; | ||
use Services\Jose\JOSE_JWS; | ||
use Services\Jose\JOSE_JWE; | ||
use Services\Jose\JOSE_JWK; | ||
use Services\Jose\JOSE_JWT; | ||
|
||
/** | ||
* The encryption service for Hyperwallet client's requests/responses | ||
* | ||
* @package Hyperwallet\Util | ||
*/ | ||
class HyperwalletEncryption { | ||
class HyperwalletEncryption | ||
{ | ||
|
||
/** | ||
* String that can be a URL or path to file with client JWK set | ||
|
@@ -91,16 +86,20 @@ class HyperwalletEncryption { | |
* @param array $encryptionMethod JWE encryption method, by default value = A256CBC-HS512 | ||
* @param array $jwsExpirationMinutes Minutes when JWS signature is valid, by default value = 5 | ||
*/ | ||
public function __construct($clientPrivateKeySetLocation, $hyperwalletKeySetLocation, | ||
$encryptionAlgorithm = 'RSA-OAEP-256', $signAlgorithm = 'RS256', $encryptionMethod = 'A256CBC-HS512', | ||
$jwsExpirationMinutes = 5) { | ||
public function __construct( | ||
$clientPrivateKeySetLocation, | ||
$hyperwalletKeySetLocation, | ||
$encryptionAlgorithm = 'RSA-OAEP-256', | ||
$signAlgorithm = 'RS256', | ||
$encryptionMethod = 'A256CBC-HS512', | ||
$jwsExpirationMinutes = 5 | ||
) { | ||
$this->clientPrivateKeySetLocation = $clientPrivateKeySetLocation; | ||
$this->hyperwalletKeySetLocation = $hyperwalletKeySetLocation; | ||
$this->encryptionAlgorithm = $encryptionAlgorithm; | ||
$this->signAlgorithm = $signAlgorithm; | ||
$this->encryptionMethod = $encryptionMethod; | ||
$this->jwsExpirationMinutes = $jwsExpirationMinutes; | ||
file_put_contents($this->getVendorPath() . "/gree/jose/src/JOSE/JWE.php", file_get_contents(__DIR__ . "/../../JWE")); | ||
} | ||
|
||
/** | ||
|
@@ -111,7 +110,8 @@ public function __construct($clientPrivateKeySetLocation, $hyperwalletKeySetLoca | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
public function encrypt($body) { | ||
public function encrypt($body) | ||
{ | ||
$privateJwsKey = $this->getPrivateJwsKey(); | ||
$jws = new JOSE_JWS(new JOSE_JWT($body)); | ||
$jws->header['exp'] = $this->getSignatureExpirationTime(); | ||
|
@@ -133,7 +133,8 @@ public function encrypt($body) { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
public function decrypt($body) { | ||
public function decrypt($body) | ||
{ | ||
$privateJweKey = $this->getPrivateJweKey(); | ||
$jwe = JOSE_JWT::decode($body); | ||
$decryptedBody = $jwe->decrypt($privateJweKey); | ||
|
@@ -152,7 +153,8 @@ public function decrypt($body) { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function getPrivateJwsKey() { | ||
private function getPrivateJwsKey() | ||
{ | ||
$privateKeyData = $this->getJwk($this->clientPrivateKeySetLocation, $this->signAlgorithm); | ||
$this->jwsKid = $privateKeyData['kid']; | ||
return $this->getPrivateKey($privateKeyData); | ||
|
@@ -165,7 +167,8 @@ private function getPrivateJwsKey() { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function getPublicJweKey() { | ||
private function getPublicJweKey() | ||
{ | ||
$publicKeyData = $this->getJwk($this->hyperwalletKeySetLocation, $this->encryptionAlgorithm); | ||
$this->jweKid = $publicKeyData['kid']; | ||
return $this->getPublicKey($this->convertPrivateKeyToPublic($publicKeyData)); | ||
|
@@ -178,7 +181,8 @@ private function getPublicJweKey() { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function getPrivateJweKey() { | ||
private function getPrivateJweKey() | ||
{ | ||
$privateKeyData = $this->getJwk($this->clientPrivateKeySetLocation, $this->encryptionAlgorithm); | ||
return $this->getPrivateKey($privateKeyData); | ||
} | ||
|
@@ -190,7 +194,8 @@ private function getPrivateJweKey() { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function getPublicJwsKey() { | ||
private function getPublicJwsKey() | ||
{ | ||
$publicKeyData = $this->getJwk($this->hyperwalletKeySetLocation, $this->signAlgorithm); | ||
return $this->getPublicKey($this->convertPrivateKeyToPublic($publicKeyData)); | ||
} | ||
|
@@ -201,31 +206,24 @@ private function getPublicJwsKey() { | |
* @param array $privateKeyData The JWK key data | ||
* @return RSA | ||
*/ | ||
private function getPrivateKey($privateKeyData) { | ||
$n = $this->keyParamToBigInteger($privateKeyData['n']); | ||
$e = $this->keyParamToBigInteger($privateKeyData['e']); | ||
$d = $this->keyParamToBigInteger($privateKeyData['d']); | ||
$p = $this->keyParamToBigInteger($privateKeyData['p']); | ||
$q = $this->keyParamToBigInteger($privateKeyData['q']); | ||
$qi = $this->keyParamToBigInteger($privateKeyData['qi']); | ||
$dp = $this->keyParamToBigInteger($privateKeyData['dp']); | ||
$dq = $this->keyParamToBigInteger($privateKeyData['dq']); | ||
$primes = array($p, $q); | ||
$exponents = array($dp, $dq); | ||
$coefficients = array($qi, $qi); | ||
array_unshift($primes, "phoney"); | ||
unset($primes[0]); | ||
array_unshift($exponents, "phoney"); | ||
unset($exponents[0]); | ||
array_unshift($coefficients, "phoney"); | ||
unset($coefficients[0]); | ||
private function getPrivateKey($privateKeyData) | ||
{ | ||
$pemData = RSA::load([ | ||
'e' => $this->keyParamToBigInteger($privateKeyData['e']), | ||
'n' => $this->keyParamToBigInteger($privateKeyData['n']), | ||
'd' => $this->keyParamToBigInteger($privateKeyData['d']), | ||
'p' => $this->keyParamToBigInteger($privateKeyData['p']), | ||
'q' => $this->keyParamToBigInteger($privateKeyData['q']), | ||
'dp' => $this->keyParamToBigInteger($privateKeyData['dp']), | ||
'dq' => $this->keyParamToBigInteger($privateKeyData['dq']), | ||
'qi' => $this->keyParamToBigInteger($privateKeyData['qi']), | ||
]); | ||
|
||
$privateKey = RSA::loadPrivateKey($pemData->toString('PKCS1')); | ||
|
||
$pemData = (new RSA())->_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients); | ||
$privateKey = new RSA(); | ||
$privateKey->loadKey($pemData); | ||
if ($privateKeyData['alg'] == 'RSA-OAEP-256') { | ||
$privateKey->setHash('sha256'); | ||
$privateKey->setMGFHash('sha256'); | ||
// $privateKey->setHash('sha256'); | ||
// $privateKey->setMGFHash('sha256'); | ||
} | ||
return $privateKey; | ||
} | ||
|
@@ -236,8 +234,9 @@ private function getPrivateKey($privateKeyData) { | |
* @param string $param base 64 encoded string | ||
* @return BigInteger | ||
*/ | ||
private function keyParamToBigInteger($param) { | ||
return new BigInteger('0x' . bin2hex(JOSE_URLSafeBase64::decode($param)), 16); | ||
private function keyParamToBigInteger($param) | ||
{ | ||
return new BigInteger('0x' . bin2hex(URLSafeBase64::decode($param)), 16); | ||
} | ||
|
||
/** | ||
|
@@ -246,12 +245,13 @@ private function keyParamToBigInteger($param) { | |
* @param array $publicKeyData The JWK key data | ||
* @return RSA | ||
*/ | ||
private function getPublicKey($publicKeyData) { | ||
private function getPublicKey($publicKeyData) | ||
{ | ||
$publicKeyRaw = new JOSE_JWK($publicKeyData); | ||
$publicKey = $publicKeyRaw->toKey(); | ||
if ($publicKeyData['alg'] == 'RSA-OAEP-256') { | ||
$publicKey->setHash('sha256'); | ||
$publicKey->setMGFHash('sha256'); | ||
// $publicKey->setHash('sha256'); | ||
// $publicKey->setMGFHash('sha256'); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ditto |
||
} | ||
return $publicKey; | ||
} | ||
|
@@ -265,8 +265,9 @@ private function getPublicKey($publicKeyData) { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function getJwk($keySetLocation, $alg) { | ||
if (filter_var($keySetLocation, FILTER_VALIDATE_URL) === FALSE) { | ||
private function getJwk($keySetLocation, $alg) | ||
{ | ||
if (filter_var($keySetLocation, FILTER_VALIDATE_URL) === false) { | ||
if (!file_exists($keySetLocation)) { | ||
throw new HyperwalletException("Wrong JWK key set location path = " . $keySetLocation); | ||
} | ||
|
@@ -283,8 +284,9 @@ private function getJwk($keySetLocation, $alg) { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
private function findJwkByAlgorithm($jwkSetArray, $alg) { | ||
foreach($jwkSetArray['keys'] as $jwk) { | ||
private function findJwkByAlgorithm($jwkSetArray, $alg) | ||
{ | ||
foreach ($jwkSetArray['keys'] as $jwk) { | ||
if ($alg == $jwk['alg']) { | ||
return $jwk; | ||
} | ||
|
@@ -298,7 +300,8 @@ private function findJwkByAlgorithm($jwkSetArray, $alg) { | |
* @param string $jwk JWK key | ||
* @return array | ||
*/ | ||
private function convertPrivateKeyToPublic($jwk) { | ||
private function convertPrivateKeyToPublic($jwk) | ||
{ | ||
if (isset($jwk['d'])) { | ||
unset($jwk['d']); | ||
} | ||
|
@@ -325,7 +328,8 @@ private function convertPrivateKeyToPublic($jwk) { | |
* | ||
* @return integer | ||
*/ | ||
private function getSignatureExpirationTime() { | ||
private function getSignatureExpirationTime() | ||
{ | ||
date_default_timezone_set("UTC"); | ||
$secondsInMinute = 60; | ||
return time() + $this->jwsExpirationMinutes * $secondsInMinute; | ||
|
@@ -338,15 +342,16 @@ private function getSignatureExpirationTime() { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
public function checkJwsExpiration($header) { | ||
if(!isset($header['exp'])) { | ||
public function checkJwsExpiration($header) | ||
{ | ||
if (!isset($header['exp'])) { | ||
throw new HyperwalletException('While trying to verify JWS signature no [exp] header is found'); | ||
} | ||
$exp = $header['exp']; | ||
if(!is_numeric($exp)) { | ||
if (!is_numeric($exp)) { | ||
throw new HyperwalletException('Wrong value in [exp] header of JWS signature, must be integer'); | ||
} | ||
if((int)time() > (int)$exp) { | ||
if ((int)time() > (int)$exp) { | ||
throw new HyperwalletException('JWS signature has expired, checked by [exp] JWS header'); | ||
} | ||
} | ||
|
@@ -358,10 +363,11 @@ public function checkJwsExpiration($header) { | |
* | ||
* @throws HyperwalletException | ||
*/ | ||
public function getVendorPath() { | ||
public function getVendorPath() | ||
{ | ||
$reflector = new \ReflectionClass(ClassLoader::class); | ||
$vendorPath = preg_replace('/^(.*)\/composer\/ClassLoader\.php$/', '$1', $reflector->getFileName() ); | ||
if($vendorPath && is_dir($vendorPath)) { | ||
$vendorPath = preg_replace('/^(.*)\/composer\/ClassLoader\.php$/', '$1', $reflector->getFileName()); | ||
if ($vendorPath && is_dir($vendorPath)) { | ||
return $vendorPath . '/'; | ||
} | ||
throw new HyperwalletException('Failed to find a vendor path'); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<?php | ||
|
||
namespace Services\Jose; | ||
|
||
class Exception extends \Exception | ||
{ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<?php | ||
|
||
namespace Services\Jose\Exception; | ||
|
||
use Services\Jose\Exception; | ||
|
||
class DecryptionFailed extends Exception | ||
{ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<?php | ||
|
||
namespace Services\Jose\Exception; | ||
|
||
use Services\Jose\Exception; | ||
|
||
class EncryptionFailed extends Exception | ||
{ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<?php | ||
|
||
namespace Services\Jose\Exception; | ||
|
||
use Services\Jose\Exception; | ||
|
||
class InvalidFormat extends Exception | ||
{ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<?php | ||
|
||
namespace Services\Jose\Exception; | ||
|
||
use Services\Jose\Exception; | ||
|
||
class UnexpectedAlgorithm extends Exception | ||
{ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<?php | ||
|
||
namespace Services\Jose\Exception; | ||
|
||
use Services\Jose\Exception; | ||
|
||
class VerificationFailed extends Exception | ||
{ | ||
|
||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
phpseclib v3 $privateKey is now a PrivateKey object and not RSA object, it changed completely so i am not sure if i should remove this or not.