-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathAbstractSigner.php
More file actions
122 lines (100 loc) · 3.13 KB
/
AbstractSigner.php
File metadata and controls
122 lines (100 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
declare(strict_types=1);
namespace SimpleSAML\XMLSecurity\Alg\Signature;
use SimpleSAML\Assert\Assert;
use SimpleSAML\XMLSecurity\Backend;
use SimpleSAML\XMLSecurity\Backend\SignatureBackend;
use SimpleSAML\XMLSecurity\Exception\UnsupportedAlgorithmException;
use SimpleSAML\XMLSecurity\Key\KeyInterface;
/**
* An abstract class that implements a generic digital signature algorithm.
*
* @package simplesamlphp/xml-security
*/
abstract class AbstractSigner implements SignatureAlgorithmInterface
{
protected const string DEFAULT_BACKEND = Backend\OpenSSL::class;
/** @var \SimpleSAML\XMLSecurity\Backend\SignatureBackend */
protected SignatureBackend $backend;
/**
* Build a signature algorithm.
*
* Extend this class to implement your own signers.
*
* WARNING: remember to adjust the type of the key to the one that works with your algorithm!
*
* @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The signing key.
* @param string $algId The identifier of this algorithm.
* @param string $digest The identifier of the digest algorithm to use.
*/
public function __construct(
#[\SensitiveParameter]
private KeyInterface $key,
protected string $algId,
protected string $digest,
) {
Assert::oneOf(
$algId,
static::getSupportedAlgorithms(),
sprintf('Unsupported algorithm for %s', static::class),
UnsupportedAlgorithmException::class,
);
/** @var \SimpleSAML\XMLSecurity\Backend\SignatureBackend $backend */
$backend = new (static::DEFAULT_BACKEND)();
$this->setBackend($backend);
$this->backend->setDigestAlg($digest);
}
/**
*/
public function getAlgorithmId(): string
{
return $this->algId;
}
/**
*/
public function getDigest(): string
{
return $this->digest;
}
/**
* @return \SimpleSAML\XMLSecurity\Key\KeyInterface
*/
public function getKey(): KeyInterface
{
return $this->key;
}
/**
* @inheritDoc
*/
public function setBackend(?SignatureBackend $backend): void
{
if ($backend === null) {
return;
}
$this->backend = $backend;
$this->backend->setDigestAlg($this->digest);
}
/**
* Sign a given plaintext with the current algorithm and key.
*
* @param string $plaintext The plaintext to sign.
*
* @return string The (binary) signature corresponding to the given plaintext.
*/
final public function sign(string $plaintext): string
{
return $this->backend->sign($this->key, $plaintext);
}
/**
* Verify a signature with the current algorithm and key.
*
* @param string $plaintext The original signed text.
* @param string $signature The (binary) signature to verify.
*
* @return boolean True if the signature can be verified, false otherwise.
*/
final public function verify(string $plaintext, string $signature): bool
{
return $this->backend->verify($this->key, $plaintext, $signature);
}
}