From 8d7ff848291cd224e650813d7d212bda5c452937 Mon Sep 17 00:00:00 2001 From: Fritz Gerneth Date: Mon, 26 Aug 2024 13:38:37 +0200 Subject: [PATCH] Add support for transit/sign call (#16) --- .../Transit/Request/SignDataRequest.php | 100 ++++++++++++++++++ .../Transit/Response/SignDataResponse.php | 21 ++++ .../SecretEngines/Engines/Transit/Transit.php | 19 ++++ .../Engines/Transit/SignDataTest.php | 43 ++++++++ 4 files changed, 183 insertions(+) create mode 100644 src/VaultPHP/SecretEngines/Engines/Transit/Request/SignDataRequest.php create mode 100644 src/VaultPHP/SecretEngines/Engines/Transit/Response/SignDataResponse.php create mode 100644 tests/VaultPHP/SecretEngines/Engines/Transit/SignDataTest.php diff --git a/src/VaultPHP/SecretEngines/Engines/Transit/Request/SignDataRequest.php b/src/VaultPHP/SecretEngines/Engines/Transit/Request/SignDataRequest.php new file mode 100644 index 0000000..8ee3688 --- /dev/null +++ b/src/VaultPHP/SecretEngines/Engines/Transit/Request/SignDataRequest.php @@ -0,0 +1,100 @@ +key = $key; + $this->hashAlgorithm = $hashAlgorithm; + $this->input = $input; + $this->signature_algorithm = $signature_algorithm; + } + + /** + * @return string + */ + public function getKey() + { + return $this->key; + } + + /** + * @return string + */ + public function getHashAlgorithm() + { + return $this->hashAlgorithm; + } + + /** + * @return string + */ + public function getInput() + { + return $this->input; + } + + /** + * @return string + */ + public function getSignatureAlgorithm() + { + return $this->signature_algorithm; + } + + /** + * @return array + */ + public function toArray() + { + return [ + 'input' => $this->input, + 'signature_algorithm' => $this->signature_algorithm + ]; + } +} diff --git a/src/VaultPHP/SecretEngines/Engines/Transit/Response/SignDataResponse.php b/src/VaultPHP/SecretEngines/Engines/Transit/Response/SignDataResponse.php new file mode 100644 index 0000000..363bc4d --- /dev/null +++ b/src/VaultPHP/SecretEngines/Engines/Transit/Response/SignDataResponse.php @@ -0,0 +1,21 @@ +signature; + } +} diff --git a/src/VaultPHP/SecretEngines/Engines/Transit/Transit.php b/src/VaultPHP/SecretEngines/Engines/Transit/Transit.php index 9d9749a..e139288 100644 --- a/src/VaultPHP/SecretEngines/Engines/Transit/Transit.php +++ b/src/VaultPHP/SecretEngines/Engines/Transit/Transit.php @@ -15,12 +15,14 @@ use VaultPHP\SecretEngines\Engines\Transit\Request\DecryptData\DecryptDataRequest; use VaultPHP\SecretEngines\Engines\Transit\Request\EncryptData\EncryptDataBulkRequest; use VaultPHP\SecretEngines\Engines\Transit\Request\EncryptData\EncryptDataRequest; +use VaultPHP\SecretEngines\Engines\Transit\Request\SignDataRequest; use VaultPHP\SecretEngines\Engines\Transit\Request\UpdateKeyConfigRequest; use VaultPHP\SecretEngines\Engines\Transit\Response\CreateKeyResponse; use VaultPHP\SecretEngines\Engines\Transit\Response\DecryptDataResponse; use VaultPHP\SecretEngines\Engines\Transit\Response\DeleteKeyResponse; use VaultPHP\SecretEngines\Engines\Transit\Response\EncryptDataResponse; use VaultPHP\SecretEngines\Engines\Transit\Response\ListKeysResponse; +use VaultPHP\SecretEngines\Engines\Transit\Response\SignDataResponse; use VaultPHP\SecretEngines\Engines\Transit\Response\UpdateKeyConfigResponse; /** @@ -187,4 +189,21 @@ public function updateKeyConfig(UpdateKeyConfigRequest $updateKeyConfigRequest) $updateKeyConfigRequest ); } + + /** + * @param SignDataRequest $signDataRequest + * @return SignDataResponse + * @throws InvalidDataException + * @throws InvalidRouteException + * @throws VaultException + */ + public function sign(SignDataRequest $signDataRequest) + { + return $this->vaultClient->sendApiRequest( + 'POST', + sprintf('/v1/%s/sign/%s/%s', $this->APIPath, urlencode($signDataRequest->getKey()), $signDataRequest->getHashAlgorithm()), + SignDataResponse::class, + $signDataRequest + ); + } } diff --git a/tests/VaultPHP/SecretEngines/Engines/Transit/SignDataTest.php b/tests/VaultPHP/SecretEngines/Engines/Transit/SignDataTest.php new file mode 100644 index 0000000..91b9734 --- /dev/null +++ b/tests/VaultPHP/SecretEngines/Engines/Transit/SignDataTest.php @@ -0,0 +1,43 @@ +createApiClient( + 'POST', + '/v1/transit/sign/test/sha1', + [ + 'input' => 'some-input-to-sign', + 'signature_algorithm' => 'pss' + ], + [ + 'data' => [ + 'signature' => 'vault:v1:someHash', + ] + ] + ); + $request = new SignDataRequest( + 'test', + SignDataRequest::HASH_ALGORITHM_SHA1, + 'some-input-to-sign', + SignDataRequest::SIGNATURE_ALGORITHM_PSS + ); + $api = new Transit($client); + $response = $api->sign($request); + + $this->assertInstanceOf(SignDataResponse::class, $response); + $this->assertEquals('vault:v1:someHash', $response->getSignature()); + } +}