[MediaWiki-commits] [Gerrit] Better support for RSA Key clients - change (mediawiki...OAuth)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: Better support for RSA Key clients
......................................................................


Better support for RSA Key clients

Allow the MWOAuthSignatureMethod_RSA_SHA1 method to support conumers
by keeping track of the desired private key.

Change-Id: I78808d14c55b282b463fb018631b40abdf8991a9
---
M backend/MWOAuthSignatureMethod.php
1 file changed, 21 insertions(+), 2 deletions(-)

Approvals:
  Anomie: Looks good to me, but someone else must approve
  Aaron Schulz: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/backend/MWOAuthSignatureMethod.php 
b/backend/MWOAuthSignatureMethod.php
index aac6750..7445735 100644
--- a/backend/MWOAuthSignatureMethod.php
+++ b/backend/MWOAuthSignatureMethod.php
@@ -3,12 +3,28 @@
 class MWOAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod_RSA_SHA1 {
        /** OAuthDataStore */
        protected $store;
+       /** PEM encoded RSA private key **/
+       private $privateKey;
 
        /**
         * @param OAuthDataStore $store
+        * @param string $privateKey RSA private key, passed to 
openssl_get_privatekey
         */
-       function __construct( OAuthDataStore $store ) {
+       function __construct( OAuthDataStore $store, $privateKey = null ) {
                $this->store = $store;
+               $this->privateKey = $privateKey;
+
+               if ( $privateKey !== null ) {
+                       $key = openssl_pkey_get_private( $privateKey );
+                       if ( !$key ) {
+                               throw new OAuthException( "Invalid private key 
given" );
+                       }
+                       $details = openssl_pkey_get_details( $key );
+                       if ( $details['type'] !== OPENSSL_KEYTYPE_RSA ) {
+                               throw new OAuthException( "Key is not an RSA 
key" );
+                       }
+                       openssl_pkey_free( $key );
+               }
        }
 
        /**
@@ -27,6 +43,9 @@
         * this function to get your private key, so you can sign the request.
         */
        protected function fetch_private_cert( &$request ) {
-               throw new OAuthException( "This has not been implemented" );
+               if ( $this->privateKey === null ) {
+                       throw new OAuthException( "No private key was set" );
+               }
+               return $this->privateKey;
        }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/85128
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I78808d14c55b282b463fb018631b40abdf8991a9
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits