Add support for transit/sign call (#16)

src/VaultPHP/SecretEngines/Engines/Transit/Request/SignDataRequest.php

@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+
+namespace VaultPHP\SecretEngines\Engines\Transit\Request;
+
+use VaultPHP\SecretEngines\Interfaces\ResourceRequestInterface;
+
+final class SignDataRequest  implements ResourceRequestInterface
+{
+    const HASH_ALGORITHM_SHA1 = 'sha1';
+
+    const HASH_ALGORITHM_SHA2_224 = 'sha2-224';
+
+    const HASH_ALGORITHM_SHA2_256 = 'sha2-265';
+
+    const HASH_ALGORITHM_SHA2_384 = 'sha2-384';
+
+    const HASH_ALGORITHM_SHA2_512 = 'sha2-512';
+
+    const HASH_ALGORITHM_SHA3_224 = 'sha3-224';
+
+    const HASH_ALGORITHM_SHA3_256 = 'sha3-265';
+
+    const HASH_ALGORITHM_SHA3_384 = 'sha3-384';
+
+    const HASH_ALGORITHM_SHA3_512 = 'sha3-512';
+
+    const SIGNATURE_ALGORITHM_PSS = 'pss';
+
+    const SIGNATURE_ALGORITHM_PKCS1V15 = 'pkcs1v15';
+
+    /** @var string */
+    protected $key;
+
+    /** @var string */
+    protected $hashAlgorithm;
+
+    /** @var string */
+    protected $input;
+
+    /** @var string */
+    protected $signature_algorithm;
+
+    /**
+     * @param string $key
+     * @param string $input
+     * @param string $signature_algorithm
+     */
+    public function __construct($key, $hashAlgorithm, $input, $signature_algorithm = self::SIGNATURE_ALGORITHM_PSS)
+    {
+        $this->key = $key;
+        $this->hashAlgorithm = $hashAlgorithm;
+        $this->input = $input;
+        $this->signature_algorithm = $signature_algorithm;
+    }
+
+    /**
+     * @return string
+     */
+    public function getKey()
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return string
+     */
+    public function getHashAlgorithm()
+    {
+        return $this->hashAlgorithm;
+    }
+
+    /**
+     * @return string
+     */
+    public function getInput()
+    {
+        return $this->input;
+    }
+
+    /**
+     * @return string
+     */
+    public function getSignatureAlgorithm()
+    {
+        return $this->signature_algorithm;
+    }
+
+    /**
+     * @return array
+     */
+    public function toArray()
+    {
+        return [
+            'input' => $this->input,
+            'signature_algorithm' => $this->signature_algorithm
+        ];
+    }
+}

src/VaultPHP/SecretEngines/Engines/Transit/Response/SignDataResponse.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace VaultPHP\SecretEngines\Engines\Transit\Response;
+
+use VaultPHP\Response\EndpointResponse;
+
+final class SignDataResponse extends EndpointResponse
+{
+    /** @var string */
+    protected $signature = '';
+
+    /**
+     * @return string
+     */
+    public function getSignature()
+    {
+        return $this->signature;
+    }
+}

src/VaultPHP/SecretEngines/Engines/Transit/Transit.php

@@ -15,12 +15,14 @@
 use VaultPHP\SecretEngines\Engines\Transit\Request\DecryptData\DecryptDataRequest;
 use VaultPHP\SecretEngines\Engines\Transit\Request\EncryptData\EncryptDataBulkRequest;
 use VaultPHP\SecretEngines\Engines\Transit\Request\EncryptData\EncryptDataRequest;
+use VaultPHP\SecretEngines\Engines\Transit\Request\SignDataRequest;
 use VaultPHP\SecretEngines\Engines\Transit\Request\UpdateKeyConfigRequest;
 use VaultPHP\SecretEngines\Engines\Transit\Response\CreateKeyResponse;
 use VaultPHP\SecretEngines\Engines\Transit\Response\DecryptDataResponse;
 use VaultPHP\SecretEngines\Engines\Transit\Response\DeleteKeyResponse;
 use VaultPHP\SecretEngines\Engines\Transit\Response\EncryptDataResponse;
 use VaultPHP\SecretEngines\Engines\Transit\Response\ListKeysResponse;
+use VaultPHP\SecretEngines\Engines\Transit\Response\SignDataResponse;
 use VaultPHP\SecretEngines\Engines\Transit\Response\UpdateKeyConfigResponse;
 
 /**
@@ -187,4 +189,21 @@ public function updateKeyConfig(UpdateKeyConfigRequest $updateKeyConfigRequest)
             $updateKeyConfigRequest
         );
     }
+
+    /**
+     * @param SignDataRequest $signDataRequest
+     * @return SignDataResponse
+     * @throws InvalidDataException
+     * @throws InvalidRouteException
+     * @throws VaultException
+     */
+    public function sign(SignDataRequest $signDataRequest)
+    {
+        return $this->vaultClient->sendApiRequest(
+            'POST',
+            sprintf('/v1/%s/sign/%s/%s', $this->APIPath, urlencode($signDataRequest->getKey()), $signDataRequest->getHashAlgorithm()),
+            SignDataResponse::class,
+            $signDataRequest
+        );
+    }
 }

tests/VaultPHP/SecretEngines/Engines/Transit/SignDataTest.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace Test\VaultPHP\SecretEngines\Engines\Transit;
+
+use Test\VaultPHP\SecretEngines\AbstractSecretEngineTestCase;
+use VaultPHP\SecretEngines\Engines\Transit\Request\SignDataRequest;
+use VaultPHP\SecretEngines\Engines\Transit\Response\SignDataResponse;
+use VaultPHP\SecretEngines\Engines\Transit\Transit;
+
+/**
+ * Class SignDataTest
+ * @package Test\VaultPHP\SecretEngines\Transit
+ */
+final class SignDataTest extends AbstractSecretEngineTestCase
+{
+    public function testApiCall()
+    {
+        $client = $this->createApiClient(
+            'POST',
+            '/v1/transit/sign/test/sha1',
+            [
+                'input' => 'some-input-to-sign',
+                'signature_algorithm' => 'pss'
+            ],
+            [
+                'data' => [
+                    'signature' => 'vault:v1:someHash',
+                ]
+            ]
+        );
+        $request = new SignDataRequest(
+            'test',
+            SignDataRequest::HASH_ALGORITHM_SHA1,
+            'some-input-to-sign',
+            SignDataRequest::SIGNATURE_ALGORITHM_PSS
+        );
+        $api = new Transit($client);
+        $response = $api->sign($request);
+
+        $this->assertInstanceOf(SignDataResponse::class, $response);
+        $this->assertEquals('vault:v1:someHash', $response->getSignature());
+    }
+}