@ -67,36 +67,7 @@ class PublicKeyTokenProvider implements IProvider {
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER): IToken {
$dbToken = new PublicKeyToken();
$dbToken->setUid($uid);
$dbToken->setLoginName($loginName);
$config = [
'digest_alg' => 'sha512',
'private_key_bits' => 2048,
];
// Generate new key
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey);
// Extract the public key from $res to $pubKey
$publicKey = openssl_pkey_get_details($res);
$publicKey = $publicKey['key'];
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
if (!is_null($password)) {
$dbToken->setPassword($this->encryptPassword($password, $publicKey));
}
$dbToken->setName($name);
$dbToken->setToken($this->hashToken($token));
$dbToken->setType($type);
$dbToken->setRemember($remember);
$dbToken->setLastActivity($this->time->getTime());
$dbToken->setLastCheck($this->time->getTime());
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
$this->mapper->insert($dbToken);
@ -219,6 +190,9 @@ class PublicKeyTokenProvider implements IProvider {
throw new InvalidTokenException();
}
// When changeing passwords all temp tokens are deleted
$this->mapper->deleteTempToken($token);
// Update the password for all tokens
$tokens = $this->mapper->getTokenByUser($token->getUID());
foreach ($tokens as $t) {
@ -226,8 +200,6 @@ class PublicKeyTokenProvider implements IProvider {
$t->setPassword($this->encryptPassword($password, $publicKey));
$this->updateToken($t);
}
//TODO: should we also do this for temp tokens?
}
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
@ -267,11 +239,13 @@ class PublicKeyTokenProvider implements IProvider {
private function encryptPassword(string $password, string $publicKey): string {
openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING);
$encryptedPassword = base64_encode($encryptedPassword);
return $encryptedPassword;
}
private function decryptPassword(string $encryptedPassword, string $privateKey): string {
$encryptedPassword = base64_decode($encryptedPassword);
openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
return $password;
@ -281,4 +255,65 @@ class PublicKeyTokenProvider implements IProvider {
$secret = $this->config->getSystemValue('secret');
return hash('sha512', $token . $secret);
}
/**
* Convert a DefaultToken to a publicKeyToken
* This will also be updated directly in the Database
*/
public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken {
$pkToken = $this->newToken(
$token,
$defaultToken->getUID(),
$defaultToken->getLoginName(),
$password,
$defaultToken->getName(),
$defaultToken->getType(),
$defaultToken->getRemember()
);
$pkToken->setId($defaultToken->getId());
return $this->mapper->update($pkToken);
}
private function newToken(string $token,
string $uid,
string $loginName,
$password,
string $name,
int $type,
int $remember): PublicKeyToken {
$dbToken = new PublicKeyToken();
$dbToken->setUid($uid);
$dbToken->setLoginName($loginName);
$config = [
'digest_alg' => 'sha512',
'private_key_bits' => 2048,
];
// Generate new key
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey);
// Extract the public key from $res to $pubKey
$publicKey = openssl_pkey_get_details($res);
$publicKey = $publicKey['key'];
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
if (!is_null($password)) {
$dbToken->setPassword($this->encryptPassword($password, $publicKey));
}
$dbToken->setName($name);
$dbToken->setToken($this->hashToken($token));
$dbToken->setType($type);
$dbToken->setRemember($remember);
$dbToken->setLastActivity($this->time->getTime());
$dbToken->setLastCheck($this->time->getTime());
return $dbToken;
}
}