You are here

class JwtRsKeyType in JSON Web Token Authentication (JWT) 8

Same name and namespace in other branches
  1. 8.0 src/Plugin/KeyType/JwtRsKeyType.php \Drupal\jwt\Plugin\KeyType\JwtRsKeyType

Defines a key type for JWT RSA Signatures.

Plugin annotation


@KeyType(
  id = "jwt_rs",
  label = @Translation("JWT RSA Key"),
  description = @Translation("A key type used for JWT RSA signature algorithms."),
  group = "privatekey",
  key_value = {
    "plugin" = "textarea_field"
  }
)

Hierarchy

Expanded class hierarchy of JwtRsKeyType

File

src/Plugin/KeyType/JwtRsKeyType.php, line 22

Namespace

Drupal\jwt\Plugin\KeyType
View source
class JwtRsKeyType extends KeyTypeBase implements KeyPluginFormInterface {

  /**
   * {@inheritdoc}
   */
  public function defaultConfiguration() {
    return [
      'algorithm' => 'RS256',
    ];
  }

  /**
   * {@inheritdoc}
   */
  public function buildConfigurationForm(array $form, FormStateInterface $form_state) {
    $algorithm_options = [
      'RS256' => $this
        ->t('RSASSA-PKCS1-v1_5 using SHA-256 (RS256)'),
    ];
    $algorithm = $this
      ->getConfiguration()['algorithm'];
    $form['algorithm'] = [
      '#type' => 'select',
      '#title' => $this
        ->t('JWT Algorithm'),
      '#description' => $this
        ->t('The JWT Algorithm to use with this key.'),
      '#options' => $algorithm_options,
      '#default_value' => $algorithm,
      '#required' => TRUE,
    ];
    return $form;
  }

  /**
   * {@inheritdoc}
   */
  public function validateConfigurationForm(array &$form, FormStateInterface $form_state) {
  }

  /**
   * {@inheritdoc}
   */
  public function submitConfigurationForm(array &$form, FormStateInterface $form_state) {
    $this
      ->setConfiguration($form_state
      ->getValues());
  }

  /**
   * {@inheritdoc}
   */
  public static function generateKeyValue(array $configuration) {
    $algorithm_keysize = self::getAlgorithmKeysize();
    $algorithm = $configuration['algorithm'];
    if (empty($algorithm) || !isset($algorithm_keysize[$algorithm])) {
      $algorithm = 'RS256';
    }
    $key_resource = openssl_pkey_new([
      'private_key_bits' => $algorithm_keysize[$algorithm],
      'private_key_type' => OPENSSL_KEYTYPE_RSA,
    ]);
    $key_string = '';
    openssl_pkey_export($key_resource, $key_string);
    openssl_pkey_free($key_resource);
    return $key_string;
  }

  /**
   * {@inheritdoc}
   */
  public function validateKeyValue(array $form, FormStateInterface $form_state, $key_value) {
    if (!$form_state
      ->getValue('algorithm')) {
      return;
    }

    // Validate the key.
    $algorithm = $form_state
      ->getValue('algorithm');
    if (strpos($key_value, '-----BEGIN PUBLIC KEY-----') !== FALSE) {
      $key_resource = openssl_pkey_get_public($key_value);
    }
    else {
      $key_resource = openssl_pkey_get_private($key_value);
    }
    if ($key_resource === FALSE) {
      $form_state
        ->setErrorByName('key_type', $this
        ->t('Invalid Key.'));
      return;
    }
    $key_details = openssl_pkey_get_details($key_resource);
    if ($key_details === FALSE) {
      $form_state
        ->setErrorByName('key_type', $this
        ->t('Unable to get key details.'));
      return;
    }
    $required_bits = self::getAlgorithmKeysize()[$algorithm];
    if ($key_details['bits'] < $required_bits) {
      $form_state
        ->setErrorByName('key_type', $this
        ->t('Key size (%size bits) is too small for algorithm chosen. Algorithm requires a minimum of %required bits.', [
        '%size' => $key_details['bits'],
        '%required' => $required_bits,
      ]));
    }
    if ($key_details['type'] != OPENSSL_KEYTYPE_RSA) {
      $form_state
        ->setErrorByName('key_type', $this
        ->t('Key must be RSA.'));
    }
    openssl_pkey_free($key_resource);
  }

  /**
   * Get keysizes for the various algorithms.
   *
   * @return array
   *   An array key keysizes.
   */
  protected static function getAlgorithmKeysize() {
    return [
      'RS256' => 2048,
    ];
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
JwtRsKeyType::buildConfigurationForm public function Form constructor. Overrides PluginFormInterface::buildConfigurationForm
JwtRsKeyType::defaultConfiguration public function Gets default configuration for this plugin. Overrides KeyPluginBase::defaultConfiguration
JwtRsKeyType::generateKeyValue public static function Generate a key value of this type using the submitted configuration. Overrides KeyTypeInterface::generateKeyValue
JwtRsKeyType::getAlgorithmKeysize protected static function Get keysizes for the various algorithms.
JwtRsKeyType::submitConfigurationForm public function Form submission handler. Overrides PluginFormInterface::submitConfigurationForm
JwtRsKeyType::validateConfigurationForm public function Form validation handler. Overrides PluginFormInterface::validateConfigurationForm
JwtRsKeyType::validateKeyValue public function Allows the Key Type plugin to validate the key value. Overrides KeyTypeInterface::validateKeyValue
KeyPluginBase::calculateDependencies public function Calculates dependencies for the configured plugin. Overrides DependentPluginInterface::calculateDependencies
KeyPluginBase::create public static function Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface::create 1
KeyPluginBase::getConfiguration public function Gets this plugin's configuration. Overrides ConfigurableInterface::getConfiguration
KeyPluginBase::getPluginType public function Returns the type of plugin. Overrides KeyPluginInterface::getPluginType
KeyPluginBase::setConfiguration public function Sets the configuration for this plugin instance. Overrides ConfigurableInterface::setConfiguration
KeyPluginBase::__construct public function Constructs a \Drupal\Component\Plugin\PluginBase object. Overrides PluginBase::__construct
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
PluginBase::$configuration protected property Configuration information passed into the plugin. 1
PluginBase::$pluginDefinition protected property The plugin implementation definition. 1
PluginBase::$pluginId protected property The plugin_id.
PluginBase::DERIVATIVE_SEPARATOR constant A string which is used to separate base plugin IDs from the derivative ID.
PluginBase::getBaseId public function Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface::getBaseId
PluginBase::getDerivativeId public function Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface::getDerivativeId
PluginBase::getPluginDefinition public function Gets the definition of the plugin implementation. Overrides PluginInspectionInterface::getPluginDefinition 3
PluginBase::getPluginId public function Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface::getPluginId
PluginBase::isConfigurable public function Determines if the plugin is configurable.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.