PHP Classes

File: src/Types/SecretPW.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   PASERK PHP   src/Types/SecretPW.php   Download  
File: src/Types/SecretPW.php
Role: Class source
Content type: text/plain
Description: Class source
Class: PASERK PHP
Extend PASETO to wrap and serialize keys
Author: By
Last change:
Date: 1 year ago
Size: 3,461 bytes
 

Contents

Class file image Download
<?php
declare(strict_types=1);
namespace
ParagonIE\Paserk\Types;

use
ParagonIE\HiddenString\HiddenString;
use
ParagonIE\Paserk\{
   
ConstraintTrait,
   
Operations\PBKW,
   
PaserkException,
   
PaserkTypeInterface,
   
Util
};
use
ParagonIE\Paseto\{
   
Exception\InvalidVersionException,
   
KeyInterface,
   
Keys\AsymmetricSecretKey,
   
ProtocolCollection,
   
ProtocolInterface
};
use
SodiumException;
use function
   
array_key_exists,
   
explode;

/**
 * Class SecretPW
 * @package ParagonIE\Paserk\Types
 */
class SecretPW implements PaserkTypeInterface
{
    use
ConstraintTrait;

   
/** @var array<string, string> */
   
protected array $localCache = [];

   
/** @var array $options */
   
protected array $options = [];

   
/** @var HiddenString $password */
   
protected HiddenString $password;

   
/**
     * SecretPW constructor.
     * @param HiddenString $password
     * @param array $options
     *
     * @param ProtocolInterface ...$version
     * @throws InvalidVersionException
     */
   
public function __construct(
       
HiddenString $password,
        array
$options = [],
       
ProtocolInterface ...$version
   
) {
       
$this->password = $password;
       
$this->options = $options;
       
$this->localCache = [];
        if (
count($version) > 0) {
           
$this->collection = new ProtocolCollection(...$version);
        } else {
           
$this->collection = ProtocolCollection::v4();
        }
    }

   
/**
     * Decode a PASERK string into a PASETO secret key
     *
     * @param string $paserk
     * @return KeyInterface
     *
     * @throws PaserkException
     */
   
public function decode(string $paserk): KeyInterface
   
{
       
$pieces = explode('.', $paserk);
       
$header = $pieces[0];
       
$version = Util::getPasetoVersion($header);
       
$this->throwIfInvalidProtocol($version);
       
/// @SPEC DETAIL: Algorithm Lucidity

       
$pbkw = PBKW::forVersion($version);

        return
$pbkw->secretPwUnwrap($paserk, $this->password);
    }

   
/**
     * Encode a PASETO secret key into a PASERK string
     *
     * @param KeyInterface $key
     * @return string
     *
     * @throws InvalidVersionException
     * @throws PaserkException
     */
   
public function encode(KeyInterface $key): string
   
{
        if (!(
$key instanceof AsymmetricSecretKey)) {
            throw new
PaserkException('Only asymmetric secret keys are allowed here');
        }
       
$this->throwIfInvalidProtocol($key->getProtocol());
       
/// @SPEC DETAIL: Algorithm Lucidity

       
$secretId = (new SecretType($key->getProtocol()))->encode($key);
        if (!
array_key_exists($secretId, $this->localCache)) {
           
$this->localCache[$secretId] = PBKW::forVersion($key->getProtocol())
                ->
secretPwWrap($key, $this->password, $this->options);
        }
        return
$this->localCache[$secretId];
    }

   
/**
     * @return string
     */
   
public static function getTypeLabel(): string
   
{
        return
'secret-pw';
    }

   
/**
     * Get the sid PASERK for the PASERK representation of this secret key.
     *
     * @param KeyInterface $key
     * @return string
     *
     * @throws InvalidVersionException
     * @throws PaserkException
     * @throws SodiumException
     */
   
public function id(KeyInterface $key): string
   
{
        return
Sid::encode(
           
$key->getProtocol(),
           
$this->encode($key)
        );
    }
}