Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
90.28% |
65 / 72 |
|
40.00% |
4 / 10 |
CRAP | |
0.00% |
0 / 1 |
| PlatformKeyChainRepository | |
90.28% |
65 / 72 |
|
40.00% |
4 / 10 |
27.67 | |
0.00% |
0 / 1 |
| saveDefaultKeyChain | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| saveKeyChain | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| save | |
94.44% |
17 / 18 |
|
0.00% |
0 / 1 |
5.00 | |||
| getDefaultKeyId | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
| find | |
94.74% |
18 / 19 |
|
0.00% |
0 / 1 |
6.01 | |||
| findAll | |
94.74% |
18 / 19 |
|
0.00% |
0 / 1 |
6.01 | |||
| findByKeySetName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| readKey | |
33.33% |
1 / 3 |
|
0.00% |
0 / 1 |
3.19 | |||
| getFileSystem | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
| findConfiguration | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
3 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * This program is free software; you can redistribute it and/or |
| 5 | * modify it under the terms of the GNU General Public License |
| 6 | * as published by the Free Software Foundation; under version 2 |
| 7 | * of the License (non-upgradable). |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this program; if not, write to the Free Software |
| 16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | * |
| 18 | * Copyright (c) 2020 (original work) Open Assessment Technologies SA; |
| 19 | */ |
| 20 | |
| 21 | declare(strict_types=1); |
| 22 | |
| 23 | namespace oat\taoLti\models\classes\Security\DataAccess\Repository; |
| 24 | |
| 25 | use common_exception_NoImplementation; |
| 26 | use OAT\Library\Lti1p3Core\Security\Key\Key; |
| 27 | use OAT\Library\Lti1p3Core\Security\Key\KeyChain; |
| 28 | use OAT\Library\Lti1p3Core\Security\Key\KeyChainInterface; |
| 29 | use OAT\Library\Lti1p3Core\Security\Key\KeyChainRepositoryInterface; |
| 30 | use oat\oatbox\filesystem\FilesystemException; |
| 31 | use oat\oatbox\filesystem\FilesystemInterface; |
| 32 | use oat\oatbox\filesystem\FileSystemService; |
| 33 | use oat\oatbox\service\ConfigurableService; |
| 34 | use oat\tao\model\security\Business\Domain\Key\Key as TaoKey; |
| 35 | use oat\tao\model\security\Business\Domain\Key\KeyChain as TaoKeyChain; |
| 36 | use oat\tao\model\security\Business\Domain\Key\KeyChainCollection; |
| 37 | use oat\tao\model\security\Business\Domain\Key\KeyChainQuery; |
| 38 | use oat\taoLti\models\classes\Exception\PlatformKeyChainException; |
| 39 | |
| 40 | class PlatformKeyChainRepository extends ConfigurableService implements KeyChainRepositoryInterface |
| 41 | { |
| 42 | public const SERVICE_ID = 'taoLti/PlatformKeyChainRepository'; |
| 43 | public const OPTION_DEFAULT_KEY_ID = 'defaultKeyId'; |
| 44 | public const OPTION_DEFAULT_KEY_ID_VALUE = 'defaultPlatformKeyId'; |
| 45 | public const OPTION_DEFAULT_KEY_NAME = 'defaultKeyName'; |
| 46 | public const OPTION_DEFAULT_KEY_NAME_VALUE = 'defaultPlatformKeyName'; |
| 47 | public const OPTION_DEFAULT_PUBLIC_KEY_PATH = 'defaultPublicKeyPath'; |
| 48 | public const OPTION_DEFAULT_PRIVATE_KEY_PATH = 'defaultPrivateKeyPath'; |
| 49 | public const OPTION_DEFAULT_PRIVATE_KEY_PASSPHRASE = 'defaultPrivateKeyPassphrase'; |
| 50 | public const FILE_SYSTEM_ID = 'ltiKeyChain'; |
| 51 | |
| 52 | |
| 53 | public function saveDefaultKeyChain(KeyChainInterface $keyChain): void |
| 54 | { |
| 55 | $this->save($keyChain, $this->getDefaultKeyId()); |
| 56 | } |
| 57 | |
| 58 | public function saveKeyChain(KeyChainInterface $keyChain): void |
| 59 | { |
| 60 | $this->save($keyChain, $keyChain->getIdentifier()); |
| 61 | } |
| 62 | |
| 63 | protected function save(KeyChainInterface $keyChain, string $identifier): void |
| 64 | { |
| 65 | $configs = $this->findConfiguration($identifier); |
| 66 | |
| 67 | if (empty($configs)) { |
| 68 | throw new PlatformKeyChainException('Impossible to write LTI keys. Configuration not found'); |
| 69 | } |
| 70 | |
| 71 | $publicKeyPath = $configs[self::OPTION_DEFAULT_PUBLIC_KEY_PATH] ?? null; |
| 72 | $privateKeyPath = $configs[self::OPTION_DEFAULT_PRIVATE_KEY_PATH] ?? null; |
| 73 | |
| 74 | if ($publicKeyPath !== null && $privateKeyPath !== null) { |
| 75 | try { |
| 76 | $this->getFileSystem() |
| 77 | ->write( |
| 78 | ltrim($publicKeyPath, DIRECTORY_SEPARATOR), |
| 79 | $keyChain->getPublicKey()->getContent() |
| 80 | ); |
| 81 | |
| 82 | $this->getFileSystem() |
| 83 | ->write( |
| 84 | ltrim($privateKeyPath, DIRECTORY_SEPARATOR), |
| 85 | $keyChain->getPrivateKey()->getContent() |
| 86 | ); |
| 87 | } catch (\Exception $e) { |
| 88 | throw new PlatformKeyChainException('Impossible to write LTI keys', 0, $e); |
| 89 | } |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | public function getDefaultKeyId(): string |
| 94 | { |
| 95 | $options = $this->getOptions(); |
| 96 | return reset($options)[self::OPTION_DEFAULT_KEY_ID] ?? ''; |
| 97 | } |
| 98 | |
| 99 | public function find(string $identifier): ?KeyChainInterface |
| 100 | { |
| 101 | $configs = $this->findConfiguration($identifier); |
| 102 | |
| 103 | if (empty($configs)) { |
| 104 | return null; |
| 105 | } |
| 106 | |
| 107 | $keyName = $configs[self::OPTION_DEFAULT_KEY_NAME] ?? ''; |
| 108 | $publicKeyPath = $configs[self::OPTION_DEFAULT_PUBLIC_KEY_PATH] ?? null; |
| 109 | $privateKeyPath = $configs[self::OPTION_DEFAULT_PRIVATE_KEY_PATH] ?? null; |
| 110 | $privateKeyPassphrase = $configs[self::OPTION_DEFAULT_PRIVATE_KEY_PASSPHRASE] ?? null; |
| 111 | |
| 112 | if (!$publicKeyPath || !$privateKeyPath) { |
| 113 | throw new PlatformKeyChainException('The key path is not defined'); |
| 114 | } |
| 115 | |
| 116 | $publicKey = $this->readKey($publicKeyPath); |
| 117 | $privateKey = $this->readKey($privateKeyPath); |
| 118 | |
| 119 | if ($publicKey === false || $privateKey === false) { |
| 120 | throw new PlatformKeyChainException('Impossible to read LTI keys'); |
| 121 | } |
| 122 | |
| 123 | return new KeyChain( |
| 124 | $identifier, |
| 125 | $keyName, |
| 126 | new Key($publicKey), |
| 127 | new Key($privateKey, $privateKeyPassphrase) |
| 128 | ); |
| 129 | } |
| 130 | |
| 131 | public function findAll(KeyChainQuery $query): KeyChainCollection |
| 132 | { |
| 133 | $options = $this->getOptions(); |
| 134 | foreach ($options as $configs) { |
| 135 | $defaultKeyId = $configs[self::OPTION_DEFAULT_KEY_ID] ?? null; |
| 136 | $defaultKeyName = $configs[self::OPTION_DEFAULT_KEY_NAME] ?? ''; |
| 137 | $publicKeyPath = $configs[self::OPTION_DEFAULT_PUBLIC_KEY_PATH] ?? null; |
| 138 | $privateKeyPath = $configs[self::OPTION_DEFAULT_PRIVATE_KEY_PATH] ?? null; |
| 139 | $privateKeyPassphrase = $configs[self::OPTION_DEFAULT_PRIVATE_KEY_PASSPHRASE] ?? null; |
| 140 | |
| 141 | if ($defaultKeyId && $publicKeyPath && $privateKeyPath) { |
| 142 | $publicKey = $this->readKey($publicKeyPath); |
| 143 | $privateKey = $this->readKey($privateKeyPath); |
| 144 | |
| 145 | $keyChains[] = new TaoKeyChain( |
| 146 | $defaultKeyId, |
| 147 | $defaultKeyName, |
| 148 | new TaoKey($publicKey), |
| 149 | new TaoKey($privateKey, $privateKeyPassphrase) |
| 150 | ); |
| 151 | } |
| 152 | } |
| 153 | |
| 154 | if (empty($keyChains)) { |
| 155 | throw new PlatformKeyChainException('Impossible to read LTI keys'); |
| 156 | } |
| 157 | |
| 158 | return new KeyChainCollection(...$keyChains); |
| 159 | } |
| 160 | |
| 161 | |
| 162 | /** |
| 163 | * @throws common_exception_NoImplementation |
| 164 | */ |
| 165 | public function findByKeySetName(string $keySetName): array |
| 166 | { |
| 167 | throw new common_exception_NoImplementation(); |
| 168 | } |
| 169 | |
| 170 | private function readKey(string $path): string |
| 171 | { |
| 172 | try { |
| 173 | return $this->getFileSystem()->read($path); |
| 174 | } catch (FilesystemException $e) { |
| 175 | throw new PlatformKeyChainException('Impossible to read LTI keys'); |
| 176 | } |
| 177 | } |
| 178 | |
| 179 | private function getFileSystem(): FilesystemInterface |
| 180 | { |
| 181 | /** @var FileSystemService $fileSystemService */ |
| 182 | $fileSystemService = $this->getServiceLocator() |
| 183 | ->get(FileSystemService::SERVICE_ID); |
| 184 | |
| 185 | return $fileSystemService->getFileSystem(self::FILE_SYSTEM_ID); |
| 186 | } |
| 187 | |
| 188 | /** |
| 189 | * @param string $identifier |
| 190 | * @return array|null |
| 191 | */ |
| 192 | public function findConfiguration(string $identifier): ?array |
| 193 | { |
| 194 | $options = $this->getOptions(); |
| 195 | foreach ($options as $configs) { |
| 196 | if ($configs[self::OPTION_DEFAULT_KEY_ID] === $identifier) { |
| 197 | return $configs; |
| 198 | } |
| 199 | } |
| 200 | |
| 201 | return null; |
| 202 | } |
| 203 | } |