ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
KeyRotatingSigner.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
22
27
32{
34
35 public function __construct(
36 private SecretKeyRotation $key_rotation,
37 private Signer $signer,
38 private SigningKeyGenerator $signing_key_generator,
39 ) {
40 $this->current_secret_key = $key_rotation->getCurrentKey();
41 }
42
43 public function sign(string $signable_payload, Salt $salt): string
44 {
45 return $this->signer->sign(
46 $signable_payload,
47 $this->signing_key_generator->generate(
48 $this->current_secret_key,
49 $salt
50 )
51 );
52 }
53
54 public function verify(
55 string $data,
56 string $signature,
57 int $validity,
58 Salt $salt
59 ): bool {
60 foreach ($this->key_rotation->getAllKeys() as $secret_key) {
61 $signing_key = $this->signing_key_generator->generate($secret_key, $salt);
62 if ($this->signer->verify(
63 $data,
64 $signature,
65 $validity,
66 $signing_key
67 )) {
68 return true;
69 }
70 }
71 return false;
72 }
73}
__construct(private SecretKeyRotation $key_rotation, private Signer $signer, private SigningKeyGenerator $signing_key_generator,)
verify(string $data, string $signature, int $validity, Salt $salt)
sign(string $signable_payload, Salt $salt)
Key rotation can provide an extra layer of mitigation against an attacker discovering a secret key.
Signatures are secured by the secret_key.
Definition: SecretKey.php:40
The salt is combined with the secret key to derive a unique key for distinguishing different contexts...
Definition: Salt.php:38