df/d22/KeyRotatingSigner_8php_source.html

 <?php

 declare(strict_types=1);

 namespace ILIAS\FileDelivery\Token\Signer;

 use ILIAS\FileDelivery\Token\Signer\Key\Signing\SigningKeyGenerator;
 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation;
 use ILIAS\FileDelivery\Token\Signer\Salt\Salt;
 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey;

 final class KeyRotatingSigner
 {
     private SecretKey $current_secret_key;

     public function __construct(
         private SecretKeyRotation $key_rotation,
         private Signer $signer,
         private SigningKeyGenerator $signing_key_generator,
     ) {
         $this->current_secret_key = $key_rotation->getCurrentKey();
     }

     public function sign(string $signable_payload, Salt $salt): string
     {
         return $this->signer->sign(
             $signable_payload,
             $this->signing_key_generator->generate(
                 $this->current_secret_key,
                 $salt
             )
         );
     }

     public function verify(
         string $data,
         string $signature,
         int $validity,
         Salt $salt
     ): bool {
         foreach ($this->key_rotation->getAllKeys() as $secret_key) {
             $signing_key = $this->signing_key_generator->generate($secret_key, $salt);
             if ($this->signer->verify(
                 $data,
                 $signature,
                 $validity,
                 $signing_key
             )) {
                 return true;
             }
         }
         return false;
     }
 }
ILIAS\FileDelivery\Token\Signer

$data
$data
Definition: ltiregistration.php:29

SigningKeyGenerator

SecretKeyRotation

ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\sign
sign(string $signable_payload, Salt $salt)
Definition: KeyRotatingSigner.php:43

ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\__construct
__construct(private SecretKeyRotation $key_rotation, private Signer $signer, private SigningKeyGenerator $signing_key_generator,)
Definition: KeyRotatingSigner.php:35

ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey
Signatures are secured by the secret_key.
Definition: SecretKey.php:39

ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation\getCurrentKey
getCurrentKey()
Definition: SecretKeyRotation.php:65

ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner
Definition: KeyRotatingSigner.php:31

ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\verify
verify(string $data, string $signature, int $validity, Salt $salt)
Definition: KeyRotatingSigner.php:54

ILIAS\FileDelivery\Token\Signer\Salt\Salt
The salt is combined with the secret key to derive a unique key for distinguishing different contexts...
Definition: Salt.php:37

ILIAS\FileDelivery\Token\Signer\Signer
Definition: Signer.php:28

ILIAS\FileDelivery\Token\Signer\Key\Signing\SigningKeyGenerator
Definition: SigningKeyGenerator.php:31

SecretKey

ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\$current_secret_key
SecretKey $current_secret_key
Definition: KeyRotatingSigner.php:33

Salt

ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation
Key rotation can provide an extra layer of mitigation against an attacker discovering a secret key...
Definition: SecretKeyRotation.php:41