diff options
| author | StevenWdV <stevenwdv@gmail.com> | 2021-12-17 15:21:53 +0100 |
|---|---|---|
| committer | StevenWdV <stevenwdv@gmail.com> | 2021-12-17 15:24:59 +0100 |
| commit | a47513aeeb728b6316ba6765afdd7e5adbf4f2e3 (patch) | |
| tree | 2ebb3a6936af606b0276f67d4cebb446d60cc610 /wrappers/php/src/Discovery.php | |
| parent | a4d394a8794a254a102b8fa3bf311d4c59f9e9b5 (diff) | |
Add PHP wrapper, use header for right platform for PHP & Swift, simplify Swift Windows fix
Diffstat (limited to 'wrappers/php/src/Discovery.php')
| -rw-r--r-- | wrappers/php/src/Discovery.php | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/wrappers/php/src/Discovery.php b/wrappers/php/src/Discovery.php new file mode 100644 index 0000000..3ae7010 --- /dev/null +++ b/wrappers/php/src/Discovery.php @@ -0,0 +1,72 @@ +<?php declare(strict_types=1); + +namespace EduVpn\Common; + +use EduVpn\Common\Impl\GoSlice; +use Error; +use FFI; +use InvalidArgumentException; + +final class Discovery +{ + public function __construct() { } + + private static ?FFI $ffi = null; + + private static function ffi(): FFI + { + if (!self::$ffi) { + if (!(self::$ffi = FFI::load(__DIR__ . '/headers/eduvpn_verify_php.h'))) + throw new Error('failed to load eduvpn_verify'); + } + return self::$ffi; + } + + /** + * Verifies the signature on the JSON server_list.json/organization_list.json file. + * If the function returns, the signature is valid for the given file type. + * + * @param string $signature .minisig signature file contents. + * @param string $signedJson Signed .json file contents. + * @param string $expectedFileName The file type to be verified, one of "server_list.json" or + * "organization_list.json". + * @param int $minSignTime Minimum time for signature. Should be set to at least the time in a previously + * retrieved file. + * @return void + * @throws InvalidArgumentException If expectedFileName is not one of the allowed values. + * @throws VerifyException If signature verification fails. + */ + public static function verify(string $signature, string $signedJson, string $expectedFileName, + int $minSignTime): void + { + $ffi = self::ffi(); + $signatureData = new GoSlice($ffi, $signature); + $jsonData = new GoSlice($ffi, $signedJson); + $expectedNameData = new GoSlice($ffi, $expectedFileName); + + $result = $ffi->Verify($signatureData->slice(), $jsonData->slice(), $expectedNameData->slice(), $minSignTime); + + switch ($result) { + case 0: + return; + case 1: + throw new InvalidArgumentException('unknown expected file name', $result); + case 2: + throw new InvalidSignatureException(); + case 3: + throw new InvalidSignatureUnknownKeyException(); + case 4: + throw new SignatureTooOldException(); + default: + throw new UnknownVerifyException($result); + } + } + + /** @internal Use for testing only, see Go documentation. */ + public static function insecureTestingSetExtraKey(string $keyString): void + { + $ffi = self::ffi(); + $keyData = new GoSlice($ffi, $keyString); + $ffi->InsecureTestingSetExtraKey($keyData->slice()); + } +} |