2
2
3
3
namespace Drupal \os2web_key ;
4
4
5
+ use Drupal \Core \DependencyInjection \DependencySerializationTrait ;
5
6
use Drupal \Core \Logger \LoggerChannelInterface ;
6
7
use Drupal \key \KeyInterface ;
7
8
use Drupal \os2web_key \Exception \RuntimeException ;
8
9
use Drupal \os2web_key \Plugin \KeyType \CertificateKeyType ;
10
+ use Drupal \os2web_key \Plugin \KeyType \OidcKeyType ;
9
11
use Psr \Log \LoggerAwareTrait ;
10
12
11
13
/**
12
- * Certificate helper.
14
+ * Key helper.
13
15
*/
14
- class CertificateHelper {
16
+ class KeyHelper {
17
+ use DependencySerializationTrait;
15
18
use LoggerAwareTrait;
16
19
17
- protected const FORMAT_PEM = 'pem ' ;
18
- protected const FORMAT_PFX = 'pfx ' ;
19
- protected const CERT = 'cert ' ;
20
- protected const PKEY = 'pkey ' ;
21
-
22
20
public function __construct (
23
21
LoggerChannelInterface $ logger ,
24
22
) {
@@ -31,15 +29,15 @@ public function __construct(
31
29
* @param \Drupal\key\KeyInterface $key
32
30
* The key.
33
31
*
34
- * @return array< string, string>
32
+ * @return array{cert: string, pkey: string}
35
33
* The certificates.
36
34
*/
37
35
public function getCertificates (KeyInterface $ key ): array {
38
- $ contents = $ key ->getKeyValue ();
39
36
$ type = $ key ->getKeyType ();
40
37
if (!($ type instanceof CertificateKeyType)) {
41
- throw new RuntimeException (sprintf ('Invalid key type: %s ' , $ type ::class));
38
+ throw $ this -> createSslRuntimeException (sprintf ('Invalid key type: %s ' , $ type ::class), $ key );
42
39
}
40
+ $ contents = $ key ->getKeyValue ();
43
41
44
42
return $ this ->parseCertificates (
45
43
$ contents ,
@@ -50,9 +48,43 @@ public function getCertificates(KeyInterface $key): array {
50
48
}
51
49
52
50
/**
53
- * Read a certificate.
51
+ * Get OIDC values from a key.
52
+ *
53
+ * @param \Drupal\key\KeyInterface $key
54
+ * The key.
54
55
*
55
- * @return array<string, string>
56
+ * @return array{discovery_url: string, client_id: string, client_secret: string}
57
+ * The OIDC values.
58
+ */
59
+ public function getOidcValues (KeyInterface $ key ): array {
60
+ $ type = $ key ->getKeyType ();
61
+ if (!($ type instanceof OidcKeyType)) {
62
+ throw $ this ->createSslRuntimeException (sprintf ('Invalid key type: %s ' , $ type ::class), $ key );
63
+ }
64
+ $ contents = $ key ->getKeyValue ();
65
+
66
+ try {
67
+ $ values = json_decode ($ contents , TRUE , 512 , JSON_THROW_ON_ERROR );
68
+ foreach ([
69
+ OidcKeyType::DISCOVERY_URL ,
70
+ OidcKeyType::CLIENT_ID ,
71
+ OidcKeyType::CLIENT_SECRET ,
72
+ ] as $ name ) {
73
+ if (!isset ($ values [$ name ])) {
74
+ throw $ this ->createRuntimeException (sprintf ("Missing OIDC value: %s " , $ name ), $ key );
75
+ }
76
+ }
77
+ return $ values ;
78
+ }
79
+ catch (\JsonException $ e ) {
80
+ throw $ this ->createRuntimeException (sprintf ("Cannot get OIDC values: %s " , $ e ->getMessage ()), $ key );
81
+ }
82
+ }
83
+
84
+ /**
85
+ * Parse certificates.
86
+ *
87
+ * @return array{cert: string, pkey: string}
56
88
* The certificates.
57
89
*/
58
90
public function parseCertificates (
@@ -62,17 +94,17 @@ public function parseCertificates(
62
94
?KeyInterface $ key ,
63
95
): array {
64
96
$ certificates = [
65
- self ::CERT => NULL ,
66
- self ::PKEY => NULL ,
97
+ CertificateKeyType ::CERT => NULL ,
98
+ CertificateKeyType ::PKEY => NULL ,
67
99
];
68
100
switch ($ format ) {
69
- case self ::FORMAT_PFX :
101
+ case CertificateKeyType ::FORMAT_PFX :
70
102
if (!openssl_pkcs12_read ($ contents , $ certificates , $ passphrase )) {
71
103
throw $ this ->createSslRuntimeException ('Error reading certificate ' , $ key );
72
104
}
73
105
break ;
74
106
75
- case self ::FORMAT_PEM :
107
+ case CertificateKeyType ::FORMAT_PEM :
76
108
$ certificate = @openssl_x509_read ($ contents );
77
109
if (FALSE === $ certificate ) {
78
110
throw $ this ->createSslRuntimeException ('Error reading certificate ' , $ key );
@@ -90,7 +122,7 @@ public function parseCertificates(
90
122
break ;
91
123
}
92
124
93
- if (!isset ($ certificates [self ::CERT ], $ certificates [self ::PKEY ])) {
125
+ if (!isset ($ certificates [CertificateKeyType ::CERT ], $ certificates [CertificateKeyType ::PKEY ])) {
94
126
throw $ this ->createRuntimeException ("Cannot read certificate parts 'cert' and 'pkey' " , $ key );
95
127
}
96
128
@@ -101,40 +133,30 @@ public function parseCertificates(
101
133
* Create a passwordless certificate.
102
134
*/
103
135
public function createPasswordlessCertificate (array $ certificates , string $ format , ?KeyInterface $ key ): string {
104
- $ cert = $ certificates [self ::CERT ] ?? NULL ;
136
+ $ cert = $ certificates [CertificateKeyType ::CERT ] ?? NULL ;
105
137
if (!isset ($ cert )) {
106
138
throw $ this ->createRuntimeException ('Certificate part "cert" not found ' , $ key );
107
139
}
108
140
109
- $ pkey = $ certificates [self ::PKEY ] ?? NULL ;
141
+ $ pkey = $ certificates [CertificateKeyType ::PKEY ] ?? NULL ;
110
142
if (!isset ($ pkey )) {
111
143
throw $ this ->createRuntimeException ('Certificate part "pkey" not found ' , $ key );
112
144
}
113
145
114
146
$ output = '' ;
115
147
switch ($ format ) {
116
- case self ::FORMAT_PEM :
148
+ case CertificateKeyType ::FORMAT_PEM :
117
149
$ parts = ['' , '' ];
118
150
if (!@openssl_x509_export ($ cert , $ parts [0 ])) {
119
151
throw $ this ->createSslRuntimeException ('Cannot export certificate ' , $ key );
120
152
}
121
153
if (!@openssl_pkey_export ($ pkey , $ parts [1 ])) {
122
154
throw $ this ->createSslRuntimeException ('Cannot export private key ' , $ key );
123
155
}
124
- $ extracerts = $ certificates ['extracerts ' ] ?? NULL ;
125
- if (is_array ($ extracerts )) {
126
- foreach ($ extracerts as $ extracert ) {
127
- $ part = '' ;
128
- if (!@openssl_x509_export ($ extracert , $ part )) {
129
- throw $ this ->createSslRuntimeException ('Cannot export certificate ' , $ key );
130
- }
131
- // $parts[] = $part;
132
- }
133
- }
134
156
$ output = implode ('' , $ parts );
135
157
break ;
136
158
137
- case self ::FORMAT_PFX :
159
+ case CertificateKeyType ::FORMAT_PFX :
138
160
if (!@openssl_pkcs12_export ($ cert , $ output , $ pkey , '' )) {
139
161
throw $ this ->createSslRuntimeException ('Cannot export certificate ' , $ key );
140
162
}
0 commit comments