Add support for ECDSA

Author: jderusse

Exception/KeyGenerationException.php

@@ -0,0 +1,19 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Exception;
+
+/**
+ * @author Jérémy Derussé <[email protected]>
+ */
+class KeyGenerationException extends AcmeSslException
+{
+}

Exception/KeyPairGenerationException.php

@@ -14,6 +14,6 @@
 /**
  * @author Jérémy Derussé <[email protected]>
  */
-class KeyPairGenerationException extends AcmeSslException
+class KeyPairGenerationException extends KeyGenerationException
 {
 }

Generator/ChainPrivateKeyGenerator.php

@@ -0,0 +1,55 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator;
+
+/**
+ * Generate random RSA private key using OpenSSL.
+ *
+ * @author Jérémy Derussé <[email protected]>
+ */
+class ChainPrivateKeyGenerator implements PrivateKeyGeneratorInterface
+{
+    /** @var PrivateKeyGeneratorInterface[] */
+    private $generators;
+
+    /**
+     * @param PrivateKeyGeneratorInterface[] $generators
+     */
+    public function __construct($generators)
+    {
+        $this->generators = $generators;
+    }
+
+    public function generatePrivateKey(KeyOption $keyOption)
+    {
+        foreach ($this->generators as $generator) {
+            if ($generator->supportsKeyOption($keyOption)) {
+                return $generator->generatePrivateKey($keyOption);
+            }
+        }
+
+        throw new \LogicException(
+            sprintf('Unable to find a generator for a key option of type %s', \get_class($keyOption))
+        );
+    }
+
+    public function supportsKeyOption(KeyOption $keyOption)
+    {
+        foreach ($this->generators as $generator) {
+            if ($generator->supportsKeyOption($keyOption)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

Generator/EcKey/EcKeyGenerator.php

@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\EcKey;
+
+use AcmePhp\Ssl\Exception\KeyGenerationException;
+use AcmePhp\Ssl\Exception\KeyPairGenerationException;
+use AcmePhp\Ssl\Generator\KeyOption;
+use AcmePhp\Ssl\Generator\PrivateKeyGeneratorInterface;
+use AcmePhp\Ssl\PrivateKey;
+use Webmozart\Assert\Assert;
+
+/**
+ * Generate random EC private key using OpenSSL.
+ *
+ * @author Jérémy Derussé <[email protected]>
+ */
+class EcKeyGenerator implements PrivateKeyGeneratorInterface
+{
+    /**
+     * @param EcKeyOption|KeyOption $keyOption
+     */
+    public function generatePrivateKey(KeyOption $keyOption)
+    {
+        Assert::isInstanceOf($keyOption, EcKeyOption::class);
+
+        $resource = openssl_pkey_new(
+            [
+                'private_key_type' => OPENSSL_KEYTYPE_EC,
+                'curve_name' => $keyOption->getCurveName(),
+            ]
+        );
+
+        if (!$resource) {
+            throw new KeyGenerationException(
+                sprintf('OpenSSL key creation failed during generation with error: %s', openssl_error_string())
+            );
+        }
+        if (!openssl_pkey_export($resource, $privateKey)) {
+            throw new KeyPairGenerationException(
+                sprintf('OpenSSL key export failed during generation with error: %s', openssl_error_string())
+            );
+        }
+
+        return new PrivateKey($privateKey);
+    }
+
+    public function supportsKeyOption(KeyOption $keyOption)
+    {
+        return $keyOption instanceof EcKeyOption;
+    }
+}

Generator/EcKey/EcKeyOption.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator\EcKey;
+
+use AcmePhp\Ssl\Generator\KeyOption;
+use Webmozart\Assert\Assert;
+
+class EcKeyOption implements KeyOption
+{
+    /** @var string */
+    private $curveName;
+
+    public function __construct($curveName = 'secp384r1')
+    {
+        Assert::stringNotEmpty($curveName);
+        Assert::oneOf($curveName, openssl_get_curve_names(), 'The given curve %s is not supported. Available curves are: %s');
+
+        $this->curveName = $curveName;
+    }
+
+    /**
+     * @return string
+     */
+    public function getCurveName()
+    {
+        return $this->curveName;
+    }
+}

Generator/KeyOption.php

@@ -0,0 +1,16 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator;
+
+interface KeyOption
+{
+}

Generator/KeyPairGenerator.php

@@ -11,10 +11,12 @@
 
 namespace AcmePhp\Ssl\Generator;
 
+use AcmePhp\Ssl\Exception\KeyGenerationException;
 use AcmePhp\Ssl\Exception\KeyPairGenerationException;
+use AcmePhp\Ssl\Generator\EcKey\EcKeyGenerator;
+use AcmePhp\Ssl\Generator\RsaKey\RsaKeyGenerator;
+use AcmePhp\Ssl\Generator\RsaKey\RsaKeyOption;
 use AcmePhp\Ssl\KeyPair;
-use AcmePhp\Ssl\PrivateKey;
-use AcmePhp\Ssl\PublicKey;
 use Webmozart\Assert\Assert;
 
 /**
@@ -24,58 +26,47 @@
  */
 class KeyPairGenerator
 {
+    private $generator;
+
+    public function __construct(PrivateKeyGeneratorInterface $generator = null)
+    {
+        $this->generator = $generator ?: new ChainPrivateKeyGenerator(
+            [
+                new RsaKeyGenerator(),
+                new EcKeyGenerator(),
+            ]
+        );
+    }
+
     /**
      * Generate KeyPair.
      *
-     * @param int $keySize size of the key
+     * @param KeyOption $keyOption configuration of the key to generate
      *
      * @throws KeyPairGenerationException when OpenSSL failed to generate keys
      *
      * @return KeyPair
      */
-    public function generateKeyPair($keySize = 4096)
+    public function generateKeyPair($keyOption = null)
     {
-        Assert::integer($keySize, __METHOD__.'::$keySize should be an integer. Got: %s');
-
-        $key = openssl_pkey_new(
-            [
-                'private_key_type' => OPENSSL_KEYTYPE_RSA,
-                'private_key_bits' => $keySize,
-            ]
-        );
-
-        if (!$key) {
-            throw new KeyPairGenerationException(
-                sprintf(
-                    'OpenSSL key creation failed during generation with error: %s',
-                    openssl_error_string()
-                )
-            );
+        if (null === $keyOption) {
+            $keyOption = new RsaKeyOption();
         }
-
-        if (!openssl_pkey_export($key, $privateKey)) {
-            throw new KeyPairGenerationException(
-                sprintf(
-                    'OpenSSL key export failed during generation with error: %s',
-                    openssl_error_string()
-                )
-            );
+        if (\is_int($keyOption)) {
+            @trigger_error('Passing a keySize to "generateKeyPair" is deprecated since version 1.1 and will be removed in 2.0. Pass an instance of KeyOption instead', E_USER_DEPRECATED);
+            $keyOption = new RsaKeyOption($keyOption);
         }
+        Assert::isInstanceOf($keyOption, KeyOption::class);
 
-        $details = openssl_pkey_get_details($key);
-
-        if (!\is_array($details)) {
-            throw new KeyPairGenerationException(
-                sprintf(
-                    'OpenSSL key parsing failed during generation with error: %s',
-                    openssl_error_string()
-                )
-            );
+        try {
+            $privateKey = $this->generator->generatePrivateKey($keyOption);
+        } catch (KeyGenerationException $e) {
+            throw new KeyPairGenerationException('Fail to generate a KeyPair with the given options', 0, $e);
         }
 
         return new KeyPair(
-            new PublicKey($details['key']),
-            new PrivateKey($privateKey)
+            $privateKey->getPublicKey(),
+            $privateKey
         );
     }
 }

Generator/PrivateKeyGeneratorInterface.php

@@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of the Acme PHP project.
+ *
+ * (c) Titouan Galopin <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace AcmePhp\Ssl\Generator;
+
+use AcmePhp\Ssl\Exception\KeyGenerationException;
+use AcmePhp\Ssl\PrivateKey;
+
+/**
+ * Generate random private key.
+ *
+ * @author Jérémy Derussé <[email protected]>
+ */
+interface PrivateKeyGeneratorInterface
+{
+    /**
+     * Generate a PrivateKey.
+     *
+     * @param KeyOption $keyOption configuration of the key to generate
+     *
+     * @throws KeyGenerationException when OpenSSL failed to generate keys
+     *
+     * @return PrivateKey
+     */
+    public function generatePrivateKey(KeyOption $keyOption);
+
+    /**
+     * Returns whether the instance is able to generator a private key from the given option.
+     *
+     * @param KeyOption $keyOption configuration of the key to generate
+     *
+     * @return bool
+     */
+    public function supportsKeyOption(KeyOption $keyOption);
+}