ILIAS  trunk Revision v11.0_alpha-1723-g8e69f309bab
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
KeyRotatingSigner.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 namespace ILIAS\FileDelivery\Token\Signer;
22 
23 use ILIAS\FileDelivery\Token\Signer\Key\Signing\SigningKeyGenerator;
24 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation;
25 use ILIAS\FileDelivery\Token\Signer\Salt\Salt;
26 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey;
27 
31 final class KeyRotatingSigner
32 {
33  private SecretKey $current_secret_key;
34 
35  public function __construct(
36  private SecretKeyRotation $key_rotation,
37  private Signer $signer,
38  private SigningKeyGenerator $signing_key_generator,
39  ) {
40  $this->current_secret_key = $key_rotation->getCurrentKey();
41  }
42 
43  public function sign(string $signable_payload, Salt $salt): string
44  {
45  return $this->signer->sign(
46  $signable_payload,
47  $this->signing_key_generator->generate(
48  $this->current_secret_key,
49  $salt
50  )
51  );
52  }
53 
54  public function verify(
55  string $data,
56  string $signature,
57  int $validity,
58  Salt $salt
59  ): bool {
60  foreach ($this->key_rotation->getAllKeys() as $secret_key) {
61  $signing_key = $this->signing_key_generator->generate($secret_key, $salt);
62  if ($this->signer->verify(
63  $data,
64  $signature,
65  $validity,
66  $signing_key
67  )) {
68  return true;
69  }
70  }
71  return false;
72  }
73 }
ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\sign
sign(string $signable_payload, Salt $salt)
Definition: KeyRotatingSigner.php:43
ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\__construct
__construct(private SecretKeyRotation $key_rotation, private Signer $signer, private SigningKeyGenerator $signing_key_generator,)
Definition: KeyRotatingSigner.php:35
ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey
Signatures are secured by the secret_key.
Definition: SecretKey.php:39
ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner\verify
verify(string $data, string $signature, int $validity, Salt $salt)
Definition: KeyRotatingSigner.php:54
ILIAS\FileDelivery\Token\Signer\Salt\Salt
The salt is combined with the secret key to derive a unique key for distinguishing different contexts...
Definition: Salt.php:37
ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation
Key rotation can provide an extra layer of mitigation against an attacker discovering a secret key...
Definition: SecretKeyRotation.php:41