Add interval argument for rotatable key set (#292)

* Fix RotatableJWKSet to rotate keys at interval * Minor fixes and cleanup * Change BaseJWKSet from trait to abstract class and minor fixes. * Fix style issues and leftover debug code
Spomky-Labs · Oct 6, 2017 · 744e7ca · 744e7ca
1 parent 66ab874
commit 744e7ca
Show file tree

Hide file tree

Showing 16 changed files with 281 additions and 39 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+/vendor
+
+phpunit.xml
+composer.lock
diff --git a/examples/NestedTokens.php b/examples/NestedTokens.php
@@ -72,4 +72,3 @@
         'zip' => 'DEF',
     ]
 );
-var_dump($jwe);
diff --git a/src/Factory/JWKFactory.php b/src/Factory/JWKFactory.php
@@ -60,9 +60,9 @@ public static function createStorableKey($filename, array $parameters)
     /**
      * {@inheritdoc}
      */
-    public static function createRotatableKeySet($filename, array $parameters, $nb_keys)
+    public static function createRotatableKeySet($filename, array $parameters, $nb_keys, $interval = null)
     {
-        return new RotatableJWKSet($filename, $parameters, $nb_keys);
+        return new RotatableJWKSet($filename, $parameters, $nb_keys, $interval);
     }
 
     /**

diff --git a/src/Factory/JWKFactoryInterface.php b/src/Factory/JWKFactoryInterface.php
@@ -40,13 +40,14 @@ public static function createKeySets(array $jwksets = []);
     public static function createStorableKeySet($filename, array $parameters, $nb_keys);
 
     /**
-     * @param string $filename
-     * @param array  $parameters
-     * @param int    $nb_keys
+     * @param string   $filename
+     * @param array    $parameters
+     * @param int      $nb_keys
+     * @param int|null $interval
      *
      * @return \Jose\Object\JWKSetInterface
      */
-    public static function createRotatableKeySet($filename, array $parameters, $nb_keys);
+    public static function createRotatableKeySet($filename, array $parameters, $nb_keys, $interval = null);
 
     /**
      * @param string $filename

diff --git a/src/Object/BaseJWKSet.php b/src/Object/BaseJWKSet.php
@@ -16,7 +16,7 @@
 /**
  * Class BaseJWKSet.
  */
-trait BaseJWKSet
+abstract class BaseJWKSet
 {
     /**
      * @var int
@@ -172,7 +172,8 @@ public function selectKey($type, $algorithm = null, array $restrictions = [])
         Assertion::nullOrString($algorithm);
 
         $result = [];
-        foreach ($this->getKeys() as $key) {
+        $keys = $this->getKeys();
+        foreach ($keys as $key) {
             $ind = 0;
 
             // Check usage

diff --git a/src/Object/DownloadedJWKSet.php b/src/Object/DownloadedJWKSet.php
@@ -17,9 +17,8 @@
 /**
  * Class DownloadedJWKSet.
  */
-abstract class DownloadedJWKSet implements JWKSetInterface
+abstract class DownloadedJWKSet extends BaseJWKSet implements JWKSetInterface
 {
-    use BaseJWKSet;
     use JWKSetPEM;
 
     /**
@@ -78,6 +77,14 @@ public function addKey(JWKInterface $key)
         //Not available
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function prependKey(JWKInterface $key)
+    {
+        //Not available
+    }
+
     /**
      * {@inheritdoc}
      */

diff --git a/src/Object/JWKSet.php b/src/Object/JWKSet.php
@@ -14,9 +14,8 @@
 /**
  * Class JWKSet.
  */
-final class JWKSet implements JWKSetInterface
+final class JWKSet extends BaseJWKSet implements JWKSetInterface
 {
-    use BaseJWKSet;
     use JWKSetPEM;
 
     /**
@@ -49,12 +48,20 @@ public function addKey(JWKInterface $key)
         $this->keys[] = $key;
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function prependKey(JWKInterface $key)
+    {
+        array_unshift($this->keys, $key);
+    }
+
     /**
      * {@inheritdoc}
      */
     public function removeKey($key)
     {
-        if (isset($this->keys[$key])) {
+        if (array_key_exists($key, $this->keys)) {
             unset($this->keys[$key]);
         }
     }

diff --git a/src/Object/JWKSetInterface.php b/src/Object/JWKSetInterface.php
@@ -14,14 +14,18 @@
 interface JWKSetInterface extends \Countable, \Iterator, \JsonSerializable, \ArrayAccess
 {
     /**
-     * @param $index
+     * Get key from set at index.
+     *
+     * @param int $index
      *
      * @return \Jose\Object\JWKInterface
      */
     public function getKey($index);
 
     /**
-     * @param $index
+     * Check if set has key at index.
+     *
+     * @param int $index
      *
      * @return bool
      */
@@ -37,10 +41,17 @@ public function getKeys();
     /**
      * Add key in the key set.
      *
-     * @param \Jose\Object\JWKInterface A key to store in the key set
+     * @param \Jose\Object\JWKInterface $key A key to store in the key set
      */
     public function addKey(JWKInterface $key);
 
+    /**
+     * Prepend key to the set.
+     *
+     * @param \Jose\Object\JWKInterface $key A key to store in the key set
+     */
+    public function prependKey(JWKInterface $key);
+
     /**
      * Remove key from the key set.
      *

diff --git a/src/Object/JWKSets.php b/src/Object/JWKSets.php
@@ -16,9 +16,8 @@
 /**
  * Class JWKSets.
  */
-final class JWKSets implements JWKSetsInterface
+final class JWKSets extends BaseJWKSet implements JWKSetsInterface
 {
-    use BaseJWKSet;
     use JWKSetPEM;
 
     /**
@@ -71,6 +70,14 @@ public function addKey(JWKInterface $key)
         //Not available
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function prependKey(JWKInterface $key)
+    {
+        //Not available
+    }
+
     /**
      * {@inheritdoc}
      */

diff --git a/src/Object/PublicJWKSet.php b/src/Object/PublicJWKSet.php
@@ -14,9 +14,8 @@
 /**
  * Class PublicJWKSet.
  */
-final class PublicJWKSet implements JWKSetInterface
+final class PublicJWKSet extends BaseJWKSet implements JWKSetInterface
 {
-    use BaseJWKSet;
     use JWKSetPEM;
 
     /**
@@ -59,6 +58,14 @@ public function addKey(JWKInterface $key)
         $this->jwkset->addKey($key);
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function prependKey(JWKInterface $key)
+    {
+        $this->jwkset->prependKey($key);
+    }
+
     /**
      * {@inheritdoc}
      */

diff --git a/src/Object/RotatableJWKSet.php b/src/Object/RotatableJWKSet.php
@@ -14,24 +14,71 @@
 /**
  * Class RotatableJWKSet.
  */
-final class RotatableJWKSet extends StorableJWKSet implements RotatableInterface, JWKSetInterface
+final class RotatableJWKSet extends StorableJWKSet implements RotatableInterface
 {
+    /**
+     * Interval at which keys should be rotated.
+     *
+     * @var int|null
+     */
+    private $interval;
+
+    /**
+     * RotatableJWKSet constructor.
+     *
+     * @param string   $filename
+     * @param array    $parameters
+     * @param int      $nb_keys
+     * @param int|null $interval
+     */
+    public function __construct($filename, array $parameters, $nb_keys, $interval = null)
+    {
+        parent::__construct($filename, $parameters, $nb_keys);
+
+        $this->interval = $interval;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getJWKSet()
+    {
+        // Check if we need to rotate keys upon every interaction with the underlying JWK set
+        $this->rotateIfNeeded();
+
+        return parent::getJWKSet();
+    }
+
     /**
      * {@inheritdoc}
      */
     public function rotate()
     {
-        $this->loadObjectIfNeeded();
-        $jwkset = $this->getObject();
-
-        $keys = $jwkset->getKeys();
-        unset($keys[count($keys) - 1]);
-        $jwkset = new JWKSet();
-        $jwkset->addKey($this->createJWK());
-        foreach ($keys as $key) {
-            $jwkset->addKey($key);
-        }
-        $this->setObject($jwkset);
+        $jwkset = parent::getJWKSet();
+
+        // Remove last key in set
+        $jwkset->removeKey($jwkset->countKeys() - 1);
+
+        // Prepend new key to set
+        $jwkset->prependKey($this->createJWK());
+
+        // Save new key set
         $this->saveObject($jwkset);
     }
+
+    /**
+     * Rotate key set if last modification time is due.
+     */
+    private function rotateIfNeeded()
+    {
+        if (isset($this->interval) && $this->interval >= 0) {
+            $modificationTime = $this->getLastModificationTime();
+
+            if (null === $modificationTime) {
+                $this->regen();
+            } elseif (($modificationTime + $this->interval) < time()) {
+                $this->rotate();
+            }
+        }
+    }
 }
diff --git a/src/Object/Storable.php b/src/Object/Storable.php
@@ -137,9 +137,13 @@ abstract protected function createObjectFromFileContent(array $file_content);
      */
     public function getLastModificationTime()
     {
+        clearstatcache(null, $this->getFilename());
+
         if (file_exists($this->getFilename())) {
             return filemtime($this->getFilename());
         }
+
+        return null;
     }
 
     /**

diff --git a/src/Object/StorableJWK.php b/src/Object/StorableJWK.php
@@ -27,7 +27,7 @@ class StorableJWK implements StorableInterface, JWKInterface
     protected $parameters;
 
     /**
-     * RotatableJWK constructor.
+     * StorableJWK constructor.
      *
      * @param string $filename
      * @param array  $parameters

diff --git a/src/Object/StorableJWKSet.php b/src/Object/StorableJWKSet.php
@@ -153,6 +153,14 @@ public function addKey(JWKInterface $key)
         // Not available
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function prependKey(JWKInterface $key)
+    {
+        //Not available
+    }
+
     /**
      * {@inheritdoc}
      */
-Original file line number
+Diff line change
@@ Expand Up / @@ -72,4 +72,3 @@ @@
             'zip' => 'DEF',
         ]
     );
-    var_dump($jwe);