From d224076e09b8161da439dc44e43ebef4690d36c4 Mon Sep 17 00:00:00 2001
From: SunMar <marijn@suninet.org>
Date: Mon, 20 Nov 2017 07:42:09 +0100
Subject: [PATCH] Allow CryptTrait to accept a \Defuse\Crypto\Key as encryption
 key #812

---
 src/AuthorizationServer.php                 |  4 +--
 src/CryptTrait.php                          | 17 ++++++++++---
 src/Grant/GrantTypeInterface.php            |  2 +-
 src/ResponseTypes/ResponseTypeInterface.php |  2 +-
 tests/CryptTraitTest.php                    | 27 +++++++++++++--------
 5 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/src/AuthorizationServer.php b/src/AuthorizationServer.php
index 69c169543..84a0e93a4 100644
--- a/src/AuthorizationServer.php
+++ b/src/AuthorizationServer.php
@@ -67,7 +67,7 @@ class AuthorizationServer implements EmitterAwareInterface
     private $scopeRepository;
 
     /**
-     * @var string
+     * @var string|\Defuse\Crypto\Key
      */
     private $encryptionKey;
 
@@ -83,7 +83,7 @@ class AuthorizationServer implements EmitterAwareInterface
      * @param AccessTokenRepositoryInterface $accessTokenRepository
      * @param ScopeRepositoryInterface       $scopeRepository
      * @param CryptKey|string                $privateKey
-     * @param string                         $encryptionKey
+     * @param string|\Defuse\Crypto\Key      $encryptionKey
      * @param null|ResponseTypeInterface     $responseType
      */
     public function __construct(
diff --git a/src/CryptTrait.php b/src/CryptTrait.php
index 125a757e1..c8713ff3b 100644
--- a/src/CryptTrait.php
+++ b/src/CryptTrait.php
@@ -12,11 +12,12 @@
 namespace League\OAuth2\Server;
 
 use Defuse\Crypto\Crypto;
+use Defuse\Crypto\Key;
 
 trait CryptTrait
 {
     /**
-     * @var string
+     * @var string|Key
      */
     protected $encryptionKey;
 
@@ -32,7 +33,11 @@ trait CryptTrait
     protected function encrypt($unencryptedData)
     {
         try {
-            return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
+            if($this->encryptionKey instanceof Key) {
+                return Crypto::encrypt($unencryptedData, $this->encryptionKey);
+            } else {
+                return Crypto::encryptWithPassword($unencryptedData, $this->encryptionKey);
+            }
         } catch (\Exception $e) {
             throw new \LogicException($e->getMessage());
         }
@@ -50,7 +55,11 @@ protected function encrypt($unencryptedData)
     protected function decrypt($encryptedData)
     {
         try {
-            return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
+            if($this->encryptionKey instanceof Key) {
+                return Crypto::decrypt($encryptedData, $this->encryptionKey);
+            } else {
+                return Crypto::decryptWithPassword($encryptedData, $this->encryptionKey);
+            }
         } catch (\Exception $e) {
             throw new \LogicException($e->getMessage());
         }
@@ -59,7 +68,7 @@ protected function decrypt($encryptedData)
     /**
      * Set the encryption key
      *
-     * @param string $key
+     * @param string|Key $key
      */
     public function setEncryptionKey($key = null)
     {
diff --git a/src/Grant/GrantTypeInterface.php b/src/Grant/GrantTypeInterface.php
index 0e7214359..56f1ee99d 100644
--- a/src/Grant/GrantTypeInterface.php
+++ b/src/Grant/GrantTypeInterface.php
@@ -136,7 +136,7 @@ public function setPrivateKey(CryptKey $privateKey);
     /**
      * Set the encryption key
      *
-     * @param string|null $key
+     * @param string|\Defuse\Crypto\Key|null $key
      */
     public function setEncryptionKey($key = null);
 }
diff --git a/src/ResponseTypes/ResponseTypeInterface.php b/src/ResponseTypes/ResponseTypeInterface.php
index 8ac20b8c0..f76eaa6fb 100644
--- a/src/ResponseTypes/ResponseTypeInterface.php
+++ b/src/ResponseTypes/ResponseTypeInterface.php
@@ -37,7 +37,7 @@ public function generateHttpResponse(ResponseInterface $response);
     /**
      * Set the encryption key
      *
-     * @param string|null $key
+     * @param string|\Defuse\Crypto\Key|null $key
      */
     public function setEncryptionKey($key = null);
 }
diff --git a/tests/CryptTraitTest.php b/tests/CryptTraitTest.php
index 26427e597..e09545089 100644
--- a/tests/CryptTraitTest.php
+++ b/tests/CryptTraitTest.php
@@ -2,26 +2,33 @@
 
 namespace LeagueTests\Utils;
 
+use Defuse\Crypto\Key;
 use LeagueTests\Stubs\CryptTraitStub;
 use PHPUnit\Framework\TestCase;
 
 class CryptTraitTest extends TestCase
 {
-    /**
-     * @var \LeagueTests\Stubs\CryptTraitStub
-     */
-    protected $cryptStub;
-
-    public function setUp()
+    public function testEncryptDecryptWithPassword()
     {
-        $this->cryptStub = new CryptTraitStub;
+        $cryptStub = new CryptTraitStub();
+        $cryptStub->setEncryptionKey(base64_encode(random_bytes(36)));
+
+        return $this->encryptDecrypt($cryptStub);
     }
 
-    public function testEncryptDecrypt()
+    public function testEncryptDecryptWithKey()
     {
+        $cryptStub = new CryptTraitStub();
+        $cryptStub->setEncryptionKey(Key::createNewRandomKey());
+
+        return $this->encryptDecrypt($cryptStub);
+    }
+
+    protected function encryptDecrypt(CryptTraitStub $cryptStub) {
+
         $payload = 'alex loves whisky';
-        $encrypted = $this->cryptStub->doEncrypt($payload);
-        $plainText = $this->cryptStub->doDecrypt($encrypted);
+        $encrypted = $cryptStub->doEncrypt($payload);
+        $plainText = $cryptStub->doDecrypt($encrypted);
 
         $this->assertNotEquals($payload, $encrypted);
         $this->assertEquals($payload, $plainText);