diff --git a/src/AuthorizationServer.php b/src/AuthorizationServer.php index 69c169543..84a0e93a4 100644 --- a/src/AuthorizationServer.php +++ b/src/AuthorizationServer.php @@ -67,7 +67,7 @@ class AuthorizationServer implements EmitterAwareInterface private $scopeRepository; /** - * @var string + * @var string|\Defuse\Crypto\Key */ private $encryptionKey; @@ -83,7 +83,7 @@ class AuthorizationServer implements EmitterAwareInterface * @param AccessTokenRepositoryInterface $accessTokenRepository * @param ScopeRepositoryInterface $scopeRepository * @param CryptKey|string $privateKey - * @param string $encryptionKey + * @param string|\Defuse\Crypto\Key $encryptionKey * @param null|ResponseTypeInterface $responseType */ public function __construct( diff --git a/src/CryptTrait.php b/src/CryptTrait.php index 125a757e1..c8713ff3b 100644 --- a/src/CryptTrait.php +++ b/src/CryptTrait.php @@ -12,11 +12,12 @@ namespace League\OAuth2\Server; use Defuse\Crypto\Crypto; +use Defuse\Crypto\Key; trait CryptTrait { /** - * @var string + * @var string|Key */ protected $encryptionKey; @@ -32,7 +33,11 @@ trait CryptTrait protected function encrypt($unencryptedData) { try { - return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey); + if($this->encryptionKey instanceof Key) { + return Crypto::encrypt($unencryptedData, $this->encryptionKey); + } else { + return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey); + } } catch (\Exception $e) { throw new \LogicException($e->getMessage()); } @@ -50,7 +55,11 @@ protected function encrypt($unencryptedData) protected function decrypt($encryptedData) { try { - return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey); + if($this->encryptionKey instanceof Key) { + return Crypto::decrypt($encryptedData, $this->encryptionKey); + } else { + return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey); + } } catch (\Exception $e) { throw new \LogicException($e->getMessage()); } @@ -59,7 +68,7 @@ protected function decrypt($encryptedData) /** * Set the encryption key * - * @param string $key + * @param string|Key $key */ public function setEncryptionKey($key = null) { diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php index 0e7214359..56f1ee99d 100644 --- a/src/Grant/GrantTypeInterface.php +++ b/src/Grant/GrantTypeInterface.php @@ -136,7 +136,7 @@ public function setPrivateKey(CryptKey $privateKey); /** * Set the encryption key * - * @param string|null $key + * @param string|\Defuse\Crypto\Key|null $key */ public function setEncryptionKey($key = null); } diff --git a/src/ResponseTypes/ResponseTypeInterface.php b/src/ResponseTypes/ResponseTypeInterface.php index 8ac20b8c0..f76eaa6fb 100644 --- a/src/ResponseTypes/ResponseTypeInterface.php +++ b/src/ResponseTypes/ResponseTypeInterface.php @@ -37,7 +37,7 @@ public function generateHttpResponse(ResponseInterface $response); /** * Set the encryption key * - * @param string|null $key + * @param string|\Defuse\Crypto\Key|null $key */ public function setEncryptionKey($key = null); } diff --git a/tests/CryptTraitTest.php b/tests/CryptTraitTest.php index 26427e597..e09545089 100644 --- a/tests/CryptTraitTest.php +++ b/tests/CryptTraitTest.php @@ -2,26 +2,33 @@ namespace LeagueTests\Utils; +use Defuse\Crypto\Key; use LeagueTests\Stubs\CryptTraitStub; use PHPUnit\Framework\TestCase; class CryptTraitTest extends TestCase { - /** - * @var \LeagueTests\Stubs\CryptTraitStub - */ - protected $cryptStub; - - public function setUp() + public function testEncryptDecryptWithPassword() { - $this->cryptStub = new CryptTraitStub; + $cryptStub = new CryptTraitStub(); + $cryptStub->setEncryptionKey(base64_encode(random_bytes(36))); + + return $this->encryptDecrypt($cryptStub); } - public function testEncryptDecrypt() + public function testEncryptDecryptWithKey() { + $cryptStub = new CryptTraitStub(); + $cryptStub->setEncryptionKey(Key::createNewRandomKey()); + + return $this->encryptDecrypt($cryptStub); + } + + protected function encryptDecrypt(CryptTraitStub $cryptStub) { + $payload = 'alex loves whisky'; - $encrypted = $this->cryptStub->doEncrypt($payload); - $plainText = $this->cryptStub->doDecrypt($encrypted); + $encrypted = $cryptStub->doEncrypt($payload); + $plainText = $cryptStub->doDecrypt($encrypted); $this->assertNotEquals($payload, $encrypted); $this->assertEquals($payload, $plainText);