Added HmacEncrypter class

tswagger · tswagger · commit d02ccf4406c0 · 2023-11-21T19:02:04.000-06:00
diff --git a/src/Authentication/Authenticators/HmacSha256.php b/src/Authentication/Authenticators/HmacSha256.php
@@ -17,16 +17,14 @@
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\AuthenticationException;
 use CodeIgniter\Shield\Authentication\AuthenticatorInterface;
+use CodeIgniter\Shield\Authentication\HMAC\HmacEncrypter;
 use CodeIgniter\Shield\Config\Auth;
-use CodeIgniter\Shield\Config\AuthToken;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Exceptions\InvalidArgumentException;
 use CodeIgniter\Shield\Models\TokenLoginModel;
 use CodeIgniter\Shield\Models\UserIdentityModel;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Shield\Result;
-use Config\Encryption;
-use Config\Services;
 
 class HmacSha256 implements AuthenticatorInterface
 {
@@ -162,17 +160,8 @@ public function check(array $credentials): Result
             ]);
         }
 
-        /** @var AuthToken $authConfig */
-        $authConfig = config('AuthToken');
-        $config     = new Encryption();
-
-        $config->key    = $authConfig->hmacEncryptionKey;
-        $config->driver = $authConfig->hmacEncryptionDriver;
-        $config->digest = $authConfig->hmacEncryptionDigest;
-
-        // decrypt secret key so signature can be validated
-        $encryptor = Services::encrypter($config);
-        $secretKey = $encryptor->decrypt(hex2bin($token->secret2));
+        $encrypter = new HmacEncrypter();
+        $secretKey = $encrypter->decrypt($token->secret2);
 
         // Check signature...
         $hash = hash_hmac('sha256', $credentials['body'], $secretKey);
diff --git a/src/Authentication/HMAC/HmacEncrypter.php b/src/Authentication/HMAC/HmacEncrypter.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CodeIgniter\Shield\Authentication\HMAC;
+
+use CodeIgniter\Encryption\EncrypterInterface;
+use CodeIgniter\Shield\Config\AuthToken;
+use Config\Encryption;
+use Config\Services;
+use Exception;
+
+/**
+ * HMAC Encrypter class
+ *
+ * This class handles the setup and configuration of the HMAC Encryption
+ */
+class HmacEncrypter
+{
+    /**
+     * Codeigniter Encrypter
+     */
+    private EncrypterInterface $encrypter;
+
+    /**
+     * Auth Token config
+     */
+    private AuthToken $authConfig;
+
+    /**
+     * Constructor
+     * Setup encryption configuration
+     */
+    public function __construct()
+    {
+        $this->authConfig = config('AuthToken');
+        $config           = new Encryption();
+
+        $config->key    = $this->authConfig->hmacEncryptionKey;
+        $config->driver = $this->authConfig->hmacEncryptionDriver;
+        $config->digest = $this->authConfig->hmacEncryptionDigest;
+
+        // decrypt secret key so signature can be validated
+        $this->encrypter = Services::encrypter($config);
+    }
+
+    /**
+     * Decrypt
+     *
+     * @param string $hexString Encrypted string in Hex format
+     *
+     * @return string Raw decrypted string
+     */
+    public function decrypt(string $hexString): string
+    {
+        return $this->encrypter->decrypt(hex2bin($hexString));
+    }
+
+    /**
+     * Encrypt
+     *
+     * @param string $rawString Raw string to encrypt
+     *
+     * @return string Encrypted string in hex format
+     */
+    public function encrypt(string $rawString): string
+    {
+        return bin2hex($this->encrypter->encrypt($rawString));
+    }
+
+    /**
+     * Generate Key
+     *
+     * @return string Secret Key in hexed format
+     *
+     * @throws Exception
+     */
+    public function generateSecretKey(): string
+    {
+        return bin2hex(random_bytes($this->authConfig->hmacSecretKeyByteSize));
+    }
+}
diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php
@@ -17,15 +17,13 @@
 use CodeIgniter\Shield\Authentication\Authenticators\AccessTokens;
 use CodeIgniter\Shield\Authentication\Authenticators\HmacSha256;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
+use CodeIgniter\Shield\Authentication\HMAC\HmacEncrypter;
 use CodeIgniter\Shield\Authentication\Passwords;
-use CodeIgniter\Shield\Config\AuthToken;
 use CodeIgniter\Shield\Entities\AccessToken;
 use CodeIgniter\Shield\Entities\User;
 use CodeIgniter\Shield\Entities\UserIdentity;
 use CodeIgniter\Shield\Exceptions\LogicException;
 use CodeIgniter\Shield\Exceptions\ValidationException;
-use Config\Encryption;
-use Config\Services;
 use Exception;
 use Faker\Generator;
 use ReflectionException;
@@ -254,18 +252,9 @@ public function generateHmacToken(User $user, string $name, array $scopes = ['*'
     {
         $this->checkUserId($user);
 
-        /** @var AuthToken $authConfig */
-        $authConfig = config('AuthToken');
-        $config     = new Encryption();
-
-        $config->key    = $authConfig->hmacEncryptionKey;
-        $config->driver = $authConfig->hmacEncryptionDriver;
-        $config->digest = $authConfig->hmacEncryptionDigest;
-
-        // Generate and encrypt secret key
-        $encrypter    = Services::encrypter($config);
-        $rawSecretKey = bin2hex(random_bytes(config('AuthToken')->hmacSecretKeyByteSize));
-        $secretKey    = bin2hex($encrypter->encrypt($rawSecretKey));
+        $encrypter    = new HmacEncrypter();
+        $rawSecretKey = $encrypter->generateSecretKey();
+        $secretKey    = $encrypter->encrypt($rawSecretKey);
 
         $return = $this->insert([
             'type'    => HmacSha256::ID_TYPE_HMAC_TOKEN,
