Skip to content

Commit 48c31cd

Browse files
committed
Renamed and improved helper
1 parent a8ee48e commit 48c31cd

File tree

4 files changed

+77
-49
lines changed

4 files changed

+77
-49
lines changed

README.md

Lines changed: 15 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,29 +27,32 @@ $form['key'] => [
2727
];
2828
```
2929

30-
The [`CertificateHelper`](https://github.com/OS2web/os2web_key/blob/main/src/CertificateHelper.php) can be used to get
30+
The [`KeyHelper`](https://github.com/OS2web/os2web_key/blob/main/src/KeyHelper.php) can be used to get
3131
the actual certificates (parts):
3232

3333
``` php
3434
<?php
3535

36-
use Drupal\os2web_key\CertificateHelper;
36+
use Drupal\os2web_key\KeyHelper;
3737
use Drupal\key\KeyRepositoryInterface;
3838

3939
// Use dependency injection for this.
4040
/** @var KeyRepositoryInterface $repository */
4141
$repository = \Drupal::service('key.repository');
42-
/** @var CertificateHelper $helper */
43-
$helper = \Drupal::service(CertificateHelper::class);
42+
/** @var KeyHelper $helper */
43+
$helper = \Drupal::service(KeyHelper::class);
4444

4545
// Use `drush key:list` to list your keys.
4646
$key = $repository->getKey('my_key');
47+
[
48+
// Passwordless certificate.
49+
CertificateKeyType::CERT => $certificate,
50+
CertificateKeyType::PKEY => $privateKey,
51+
] = $helper->getCertificates($key);
4752

48-
// Get the actual passwordless certificates.
49-
$certificates = $helper->getCertificates($key);
5053
```
5154

52-
**Note**: The parsed certificates have no password.
55+
**Note**: The parsed certificate has no password.
5356

5457
### OpenID Connect (OIDC)
5558

@@ -77,10 +80,11 @@ use Drupal\os2web_key\Plugin\KeyType\OidcKeyType;
7780
$repository = \Drupal::service('key.repository');
7881

7982
$key = $repository->getKey('openid_connect_ad');
80-
$values = json_decode($key->getKeyValue(), TRUE, 512, JSON_THROW_ON_ERROR);
81-
$discoveryUrl = $values[OidcKeyType::DISCOVERY_URL];
82-
$clientId = $values[OidcKeyType::CLIENT_ID];
83-
$clientSecret = $values[OidcKeyType::CLIENT_SECRET];
83+
[
84+
OidcKeyType::DISCOVERY_URL => $discoveryUrl,
85+
OidcKeyType::CLIENT_ID => $clientId,
86+
OidcKeyType::CLIENT_SECRET => $clientSecret,
87+
] = $helper->getOidcValues($key);
8488
```
8589

8690
See [the Key Developer Guide](https://www.drupal.org/docs/contributed-modules/key/developer-guide) for details and more

os2web_key.services.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,6 @@ services:
33
parent: logger.channel_base
44
arguments: [ 'os2web_key' ]
55

6-
Drupal\os2web_key\CertificateHelper:
6+
Drupal\os2web_key\KeyHelper:
77
arguments:
88
- '@logger.channel.os2web_key'

src/CertificateHelper.php renamed to src/KeyHelper.php

Lines changed: 53 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -2,23 +2,21 @@
22

33
namespace Drupal\os2web_key;
44

5+
use Drupal\Core\DependencyInjection\DependencySerializationTrait;
56
use Drupal\Core\Logger\LoggerChannelInterface;
67
use Drupal\key\KeyInterface;
78
use Drupal\os2web_key\Exception\RuntimeException;
89
use Drupal\os2web_key\Plugin\KeyType\CertificateKeyType;
10+
use Drupal\os2web_key\Plugin\KeyType\OidcKeyType;
911
use Psr\Log\LoggerAwareTrait;
1012

1113
/**
12-
* Certificate helper.
14+
* Key helper.
1315
*/
14-
class CertificateHelper {
16+
class KeyHelper {
17+
use DependencySerializationTrait;
1518
use LoggerAwareTrait;
1619

17-
protected const FORMAT_PEM = 'pem';
18-
protected const FORMAT_PFX = 'pfx';
19-
protected const CERT = 'cert';
20-
protected const PKEY = 'pkey';
21-
2220
public function __construct(
2321
LoggerChannelInterface $logger,
2422
) {
@@ -31,15 +29,15 @@ public function __construct(
3129
* @param \Drupal\key\KeyInterface $key
3230
* The key.
3331
*
34-
* @return array<string, string>
32+
* @return array{cert: string, pkey: string}
3533
* The certificates.
3634
*/
3735
public function getCertificates(KeyInterface $key): array {
38-
$contents = $key->getKeyValue();
3936
$type = $key->getKeyType();
4037
if (!($type instanceof CertificateKeyType)) {
41-
throw new RuntimeException(sprintf('Invalid key type: %s', $type::class));
38+
throw $this->createSslRuntimeException(sprintf('Invalid key type: %s', $type::class), $key);
4239
}
40+
$contents = $key->getKeyValue();
4341

4442
return $this->parseCertificates(
4543
$contents,
@@ -50,9 +48,43 @@ public function getCertificates(KeyInterface $key): array {
5048
}
5149

5250
/**
53-
* Read a certificate.
51+
* Get OIDC values from a key.
52+
*
53+
* @param \Drupal\key\KeyInterface $key
54+
* The key.
5455
*
55-
* @return array<string, string>
56+
* @return array{discovery_url: string, client_id: string, client_secret: string}
57+
* The OIDC values.
58+
*/
59+
public function getOidcValues(KeyInterface $key): array {
60+
$type = $key->getKeyType();
61+
if (!($type instanceof OidcKeyType)) {
62+
throw $this->createSslRuntimeException(sprintf('Invalid key type: %s', $type::class), $key);
63+
}
64+
$contents = $key->getKeyValue();
65+
66+
try {
67+
$values = json_decode($contents, TRUE, 512, JSON_THROW_ON_ERROR);
68+
foreach ([
69+
OidcKeyType::DISCOVERY_URL,
70+
OidcKeyType::CLIENT_ID,
71+
OidcKeyType::CLIENT_SECRET,
72+
] as $name) {
73+
if (!isset($values[$name])) {
74+
throw $this->createRuntimeException(sprintf("Missing OIDC value: %s", $name), $key);
75+
}
76+
}
77+
return $values;
78+
}
79+
catch (\JsonException $e) {
80+
throw $this->createRuntimeException(sprintf("Cannot get OIDC values: %s", $e->getMessage()), $key);
81+
}
82+
}
83+
84+
/**
85+
* Parse certificates.
86+
*
87+
* @return array{cert: string, pkey: string}
5688
* The certificates.
5789
*/
5890
public function parseCertificates(
@@ -62,17 +94,17 @@ public function parseCertificates(
6294
?KeyInterface $key,
6395
): array {
6496
$certificates = [
65-
self::CERT => NULL,
66-
self::PKEY => NULL,
97+
CertificateKeyType::CERT => NULL,
98+
CertificateKeyType::PKEY => NULL,
6799
];
68100
switch ($format) {
69-
case self::FORMAT_PFX:
101+
case CertificateKeyType::FORMAT_PFX:
70102
if (!openssl_pkcs12_read($contents, $certificates, $passphrase)) {
71103
throw $this->createSslRuntimeException('Error reading certificate', $key);
72104
}
73105
break;
74106

75-
case self::FORMAT_PEM:
107+
case CertificateKeyType::FORMAT_PEM:
76108
$certificate = @openssl_x509_read($contents);
77109
if (FALSE === $certificate) {
78110
throw $this->createSslRuntimeException('Error reading certificate', $key);
@@ -90,7 +122,7 @@ public function parseCertificates(
90122
break;
91123
}
92124

93-
if (!isset($certificates[self::CERT], $certificates[self::PKEY])) {
125+
if (!isset($certificates[CertificateKeyType::CERT], $certificates[CertificateKeyType::PKEY])) {
94126
throw $this->createRuntimeException("Cannot read certificate parts 'cert' and 'pkey'", $key);
95127
}
96128

@@ -101,40 +133,30 @@ public function parseCertificates(
101133
* Create a passwordless certificate.
102134
*/
103135
public function createPasswordlessCertificate(array $certificates, string $format, ?KeyInterface $key): string {
104-
$cert = $certificates[self::CERT] ?? NULL;
136+
$cert = $certificates[CertificateKeyType::CERT] ?? NULL;
105137
if (!isset($cert)) {
106138
throw $this->createRuntimeException('Certificate part "cert" not found', $key);
107139
}
108140

109-
$pkey = $certificates[self::PKEY] ?? NULL;
141+
$pkey = $certificates[CertificateKeyType::PKEY] ?? NULL;
110142
if (!isset($pkey)) {
111143
throw $this->createRuntimeException('Certificate part "pkey" not found', $key);
112144
}
113145

114146
$output = '';
115147
switch ($format) {
116-
case self::FORMAT_PEM:
148+
case CertificateKeyType::FORMAT_PEM:
117149
$parts = ['', ''];
118150
if (!@openssl_x509_export($cert, $parts[0])) {
119151
throw $this->createSslRuntimeException('Cannot export certificate', $key);
120152
}
121153
if (!@openssl_pkey_export($pkey, $parts[1])) {
122154
throw $this->createSslRuntimeException('Cannot export private key', $key);
123155
}
124-
$extracerts = $certificates['extracerts'] ?? NULL;
125-
if (is_array($extracerts)) {
126-
foreach ($extracerts as $extracert) {
127-
$part = '';
128-
if (!@openssl_x509_export($extracert, $part)) {
129-
throw $this->createSslRuntimeException('Cannot export certificate', $key);
130-
}
131-
// $parts[] = $part;
132-
}
133-
}
134156
$output = implode('', $parts);
135157
break;
136158

137-
case self::FORMAT_PFX:
159+
case CertificateKeyType::FORMAT_PFX:
138160
if (!@openssl_pkcs12_export($cert, $output, $pkey, '')) {
139161
throw $this->createSslRuntimeException('Cannot export certificate', $key);
140162
}

src/Plugin/KeyType/CertificateKeyType.php

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
use Drupal\Core\Form\FormStateInterface;
88
use Drupal\key\Plugin\KeyPluginFormInterface;
99
use Drupal\key\Plugin\KeyTypeBase;
10-
use Drupal\os2web_key\CertificateHelper;
1110
use Drupal\os2web_key\Exception\RuntimeException;
11+
use Drupal\os2web_key\KeyHelper;
1212
use Symfony\Component\DependencyInjection\ContainerInterface;
1313

1414
/**
@@ -27,21 +27,23 @@
2727
class CertificateKeyType extends KeyTypeBase implements KeyPluginFormInterface {
2828
use DependencySerializationTrait;
2929

30+
public const FORMAT_PEM = 'pem';
31+
public const FORMAT_PFX = 'pfx';
32+
public const CERT = 'cert';
33+
public const PKEY = 'pkey';
34+
3035
private const PASSPHRASE = 'passphrase';
3136
private const INPUT_FORMAT = 'input_format';
3237
private const OUTPUT_FORMAT = 'output_format';
3338

34-
private const FORMAT_PEM = 'pem';
35-
private const FORMAT_PFX = 'pfx';
36-
3739
/**
3840
* Constructor.
3941
*/
4042
public function __construct(
4143
array $configuration,
4244
$plugin_id,
4345
$plugin_definition,
44-
private readonly CertificateHelper $certificateHelper,
46+
private readonly KeyHelper $certificateHelper,
4547
) {
4648
parent::__construct($configuration, $plugin_id, $plugin_definition);
4749
}
@@ -54,7 +56,7 @@ public static function create(ContainerInterface $container, array $configuratio
5456
$configuration,
5557
$plugin_id,
5658
$plugin_definition,
57-
$container->get(CertificateHelper::class)
59+
$container->get(KeyHelper::class)
5860
);
5961
}
6062

0 commit comments

Comments
 (0)