🛀 cleanup

Author: codemasher

examples/example.php

@@ -16,8 +16,6 @@
 
 require_once __DIR__.'/../vendor/autoload.php';
 
-$algo = 'ES256';
-
 // key examples from: https://datatracker.ietf.org/doc/html/rfc7515#appendix-A
 $privateJWK = '{
 	"kty":"EC",
@@ -46,14 +44,11 @@
 // ...or PEM
 $jwk = new ECKey(privateKey: $privatePEM, publicKey: $publicPEM);
 // invoke the signature algorithm
-$jwa = new ECDSA(jwk: $jwk, algo: $algo);
+$jwa = new ECDSA(jwk: $jwk, algo: ECDSA::ALGO_ES256);
 // invoke the signature
 $jws = new JWS($jwa);
 // encode and sign (requires private key
 $jwt = $jws->encode(['foo' => 'bar']);
 var_dump($jwt);
 // decode and verify (requires public key)
 var_dump($jws->decode($jwt));
-
-#var_dump((new ECKey)->publicKeyToPEM(Util::jsonDecode($privateJWK)));
-#var_dump((new ECKey)->pemToPrivateJWK($privatePEM));

src/Algorithms/Signature/ECDSA.php

@@ -12,7 +12,6 @@
 namespace chillerlan\JOSE\Algorithms\Signature;
 
 use chillerlan\JOSE\Algorithms\OpenSSLAbstract;
-use chillerlan\JOSE\Key\JWK;
 use InvalidArgumentException;
 use function dechex;
 use function hexdec;
@@ -36,21 +35,33 @@
  */
 final class ECDSA extends OpenSSLAbstract implements SignatureAlgorithm{
 
+	public const ALGO_ES256  = 'ES256';
+	public const ALGO_ES256K = 'ES256K';
+	public const ALGO_ES384  = 'ES384';
+	public const ALGO_ES512  = 'ES512';
+
 	public const SUPPORTED_ALGOS = [
-		'ES256'  => OPENSSL_ALGO_SHA256,
-		'ES256K' => OPENSSL_ALGO_SHA256,
-		'ES384'  => OPENSSL_ALGO_SHA384,
-		'ES512'  => OPENSSL_ALGO_SHA512,
+		self::ALGO_ES256  => OPENSSL_ALGO_SHA256,
+		self::ALGO_ES256K => OPENSSL_ALGO_SHA256,
+		self::ALGO_ES384  => OPENSSL_ALGO_SHA384,
+		self::ALGO_ES512  => OPENSSL_ALGO_SHA512,
 	];
 
-	private const META = [
-		'ES256'  => [256, 64, 'P-256'],
-		'ES256K' => [256, 64, 'P-256K'],
-		'ES384'  => [384, 96, 'P-384'],
-		'ES512'  => [521, 132, 'P-521'],
+	protected const KEYTYPE = OPENSSL_KEYTYPE_EC;
+
+	private const KEY_LENGTH   = [
+		self::ALGO_ES256  => 256,
+		self::ALGO_ES256K => 256,
+		self::ALGO_ES384  => 384,
+		self::ALGO_ES512  => 521,
 	];
 
-	protected const KEYTYPE = OPENSSL_KEYTYPE_EC;
+	private const OCTET_LENGTH = [
+		self::ALGO_ES256  => 64,
+		self::ALGO_ES256K => 64,
+		self::ALGO_ES384  => 96,
+		self::ALGO_ES512  => 132,
+	];
 
 	private const BYTE_SIZE = 2;
 
@@ -60,16 +71,6 @@ final class ECDSA extends OpenSSLAbstract implements SignatureAlgorithm{
 	private const ASN1_BIG_INTEGER_LIMIT = '7f';
 	private const ASN1_NEGATIVE_INTEGER  = '00';
 
-	private int $keyLength;
-	private int $signaturePartLength;
-#	private string $crv;
-
-	public function __construct(JWK $jwk, string $algo, string|null $passphrase = null){
-		parent::__construct($jwk, $algo, $passphrase);
-
-		[$this->keyLength, $this->signaturePartLength, /* $this->crv */] = self::META[$this->algo];
-	}
-
 	public function sign(string $message):string{
 		return $this->fromAsn1($this->signMessage($message));
 	}
@@ -79,18 +80,18 @@ public function verify(string $message, string $signature):bool{
 	}
 
 	protected function checkKeyLength(int $bits):bool{
-		return $bits === $this->keyLength;
+		return $bits === self::KEY_LENGTH[$this->algo];
 	}
 
 	private function toAsn1(string $signature):string{
 		$signature = sodium_bin2hex($signature);
 
-		if($this->octetLength($signature) !== $this->signaturePartLength){
+		if($this->octetLength($signature) !== self::OCTET_LENGTH[$this->algo]){
 			throw new InvalidArgumentException('Invalid signature length.');
 		}
 
-		$pointR  = $this->preparePositiveInteger(substr($signature, 0, $this->signaturePartLength));
-		$pointS  = $this->preparePositiveInteger(substr($signature, $this->signaturePartLength));
+		$pointR  = $this->preparePositiveInteger(substr($signature, 0, self::OCTET_LENGTH[$this->algo]));
+		$pointS  = $this->preparePositiveInteger(substr($signature, self::OCTET_LENGTH[$this->algo]));
 		$lengthR = $this->octetLength($pointR);
 		$lengthS = $this->octetLength($pointS);
 
@@ -114,26 +115,6 @@ private function toAsn1(string $signature):string{
 		);
 	}
 
-	private function octetLength(string $data):int{
-		return intdiv(strlen($data), self::BYTE_SIZE);
-	}
-
-	private function preparePositiveInteger(string $data):string{
-
-		if(substr($data, 0, self::BYTE_SIZE) > self::ASN1_BIG_INTEGER_LIMIT){
-			return self::ASN1_NEGATIVE_INTEGER.$data;
-		}
-
-		while(
-			str_starts_with($data, self::ASN1_NEGATIVE_INTEGER)
-			&& substr($data, 2, self::BYTE_SIZE) <= self::ASN1_BIG_INTEGER_LIMIT
-		){
-			$data = substr($data, 2);
-		}
-
-		return $data;
-	}
-
 	private function fromAsn1(string $signature):string{
 		$message  = sodium_bin2hex($signature);
 		$position = 0;
@@ -150,8 +131,8 @@ private function fromAsn1(string $signature):string{
 		$pointS = $this->retrievePositiveInteger($message, $position);
 
 		return sodium_hex2bin(
-			str_pad($pointR, $this->signaturePartLength, '0', STR_PAD_LEFT).
-			str_pad($pointS, $this->signaturePartLength, '0', STR_PAD_LEFT),
+			str_pad($pointR, self::OCTET_LENGTH[$this->algo], '0', STR_PAD_LEFT).
+			str_pad($pointS, self::OCTET_LENGTH[$this->algo], '0', STR_PAD_LEFT),
 		);
 	}
 
@@ -162,6 +143,26 @@ private function readAsn1Content(string $message, int &$position, int $length):s
 		return $content;
 	}
 
+	private function octetLength(string $data):int{
+		return intdiv(strlen($data), self::BYTE_SIZE);
+	}
+
+	private function preparePositiveInteger(string $data):string{
+
+		if(substr($data, 0, self::BYTE_SIZE) > self::ASN1_BIG_INTEGER_LIMIT){
+			return self::ASN1_NEGATIVE_INTEGER.$data;
+		}
+
+		while(
+			str_starts_with($data, self::ASN1_NEGATIVE_INTEGER)
+			&& substr($data, 2, self::BYTE_SIZE) <= self::ASN1_BIG_INTEGER_LIMIT
+		){
+			$data = substr($data, 2);
+		}
+
+		return $data;
+	}
+
 	private function retrievePositiveInteger(string $message, int &$position):string{
 
 		if($this->readAsn1Content($message, $position, self::BYTE_SIZE) !== self::ASN1_INTEGER){

src/Algorithms/Signature/EdDSA.php

@@ -22,7 +22,11 @@
  */
 final class EdDSA extends JWAAbstract implements SignatureAlgorithm{
 
-	public const SUPPORTED_ALGOS = ['EdDSA' => 'Ed25519'];
+	public const ALGO_EDDSA = 'EdDSA';
+
+	public const SUPPORTED_ALGOS = [
+		self::ALGO_EDDSA => 'Ed25519',
+	];
 
 	public function sign(string $message):string{
 		return sodium_crypto_sign_detached($message, $this->jwk->getPrivateKey());

src/Algorithms/Signature/HMAC.php

@@ -26,16 +26,20 @@
  */
 final class HMAC extends JWAAbstract implements SignatureAlgorithm{
 
+	public const ALGO_HS256 = 'HS256';
+	public const ALGO_HS384 = 'HS384';
+	public const ALGO_HS512 = 'HS512';
+
 	public const SUPPORTED_ALGOS = [
-		'HS256' => 'SHA256', // required
-		'HS384' => 'SHA384',
-		'HS512' => 'SHA512',
+		self::ALGO_HS256 => 'SHA256', // required
+		self::ALGO_HS384 => 'SHA384',
+		self::ALGO_HS512 => 'SHA512',
 	];
 
 	private const MIN_KEYLENGTH = [
-		'HS256' => 256,
-		'HS384' => 384,
-		'HS512' => 512,
+		self::ALGO_HS256 => 256,
+		self::ALGO_HS384 => 384,
+		self::ALGO_HS512 => 512,
 	];
 
 	public function sign(string $message):string{
@@ -57,11 +61,11 @@ private function getHmacKey():string{
 			$key = $this->jwk->getPrivateKey();
 		}
 		catch(Throwable){
-			$key = $this->jwk->getPublicKey();
+			$key = $this->jwk->getPublicKey(); // @codeCoverageIgnore
 		}
 
 		if((strlen($key) * 8) < $this::MIN_KEYLENGTH[$this->algo]){
-			throw new RuntimeException('the given key is too short');
+			throw new RuntimeException('the given key is too short'); // @codeCoverageIgnore
 		}
 
 		return $key;

src/Algorithms/Signature/RSA.php

@@ -25,10 +25,14 @@
  */
 final class RSA extends OpenSSLAbstract implements SignatureAlgorithm{
 
+	public const ALGO_RS256 = 'RS256';
+	public const ALGO_RS384 = 'RS384';
+	public const ALGO_RS512 = 'RS512';
+
 	public const SUPPORTED_ALGOS = [
-		'RS256' => OPENSSL_ALGO_SHA256,
-		'RS384' => OPENSSL_ALGO_SHA384,
-		'RS512' => OPENSSL_ALGO_SHA512,
+		self::ALGO_RS256 => OPENSSL_ALGO_SHA256,
+		self::ALGO_RS384 => OPENSSL_ALGO_SHA384,
+		self::ALGO_RS512 => OPENSSL_ALGO_SHA512,
 	];
 
 	protected const KEYTYPE = OPENSSL_KEYTYPE_RSA;