RsaWalletServiceInterface.php

/Classes/TYPO3/FLOW3/Security/Cryptography/RsaWalletServiceInterface.php

https://github.com/christianjul/FLOW3-Composer
PHP | 120 lines | 15 code | 12 blank | 93 comment | 0 complexity | 22fdbaf7b976ed0ad62092e48368d98e MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-3.0

<?php
namespace TYPO3\FLOW3\Security\Cryptography;

/*                                                                        *
 * This script belongs to the FLOW3 framework.                            *
 *                                                                        *
 * It is free software; you can redistribute it and/or modify it under    *
 * the terms of the GNU Lesser General Public License, either version 3   *
 * of the License, or (at your option) any later version.                 *
 *                                                                        *
 * The TYPO3 project - inspiring people to share!                         *
 *                                                                        */

/**
 * RSA related service functions (e.g. used for the RSA authentication provider)
 *
 */
interface RsaWalletServiceInterface {

	/**
	 * Generates a new keypair and returns a UUID to refer to it
	 *
	 * @param boolean $usedForPasswords TRUE if this keypair should be used to encrypt passwords (then decryption won't be allowed!).
	 * @return integer An UUID that identifies the generated keypair
	 */
	public function generateNewKeypair($usedForPasswords = FALSE);

	/**
	 * Adds the specified keypair to the local store and returns a UUID to refer to it.
	 *
	 * @param string $privateKeyString The private key in its string representation
	 * @param boolean $usedForPasswords TRUE if this keypair should be used to encrypt passwords (then decryption won't be allowed!).
	 * @return string The UUID used for storing
	 */
	public function registerKeyPairFromPrivateKeyString($privateKeyString, $usedForPasswords = FALSE);

	/**
	 * Adds the specified public key to the wallet and returns a UUID to refer to it.
	 * This is helpful if you have not private key and want to use this key only to
	 * verify incoming data.
	 *
	 * @param string $publicKeyString The public key in its string representation
	 * @return string The UUID used for storing
	 */
	public function registerPublicKeyFromString($publicKeyString);

	/**
	 * Returns the public key for the given UUID
	 *
	 * @param string $uuid The UUID
	 * @return \TYPO3\FLOW3\Security\Cryptography\OpenSslRsaKey The public key
	 * @throws \TYPO3\FLOW3\Security\Exception\InvalidKeyPairIdException If the given UUID identifies no valid key pair
	 */
	public function getPublicKey($uuid);

	/**
	 * Decrypts the given cypher with the private key identified by the given UUID
	 * Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword()
	 * to check passwords!
	 *
	 * @param string $cypher Cypher text to decrypt
	 * @param string $uuid The uuid to identify to correct private key
	 * @return string The decrypted text
	 * @throws \TYPO3\FLOW3\Security\Exception\InvalidKeyPairIdException If the given UUID identifies no valid keypair
	 * @throws \TYPO3\FLOW3\Security\Exception\DecryptionNotAllowedException If the given UUID identifies a keypair for encrypted passwords
	 */
	public function decrypt($cypher, $uuid);

	/**
	 * Signs the given plaintext with the private key identified by the given UUID
	 *
	 * @param string $plaintext The plaintext to sign
	 * @param string $uuid The uuid to identify to correct private key
	 * @return string The signature of the given plaintext
	 * @throws \TYPO3\FLOW3\Security\Exception\InvalidKeyPairIdException If the given UUID identifies no valid keypair
	 */
	public function sign($plaintext, $uuid);

	/**
	 * Checks whether the given signature is valid for the given plaintext
	 * with the public key identified by the given UUID
	 *
	 * @param string $plaintext The plaintext to sign
	 * @param string $signature The signature that should be verified
	 * @param string $uuid The uuid to identify to correct public key
	 * @return boolean TRUE if the signature is correct for the given plaintext and public key
	 */
	public function verifySignature($plaintext, $signature, $uuid);

	/**
	 * Encrypts the given plaintext with the public key identified by the given UUID
	 *
	 * @param string $plaintext The plaintext to encrypt
	 * @param string $uuid The uuid to identify to correct public key
	 * @return string The ciphertext
	 */
	public function encryptWithPublicKey($plaintext, $uuid);

	/**
	 * Checks if the given encrypted password is correct by
	 * comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.
	 *
	 * @param string $encryptedPassword The received, RSA encrypted password to check
	 * @param string $passwordHash The md5 hashed password string (md5(md5(password) . salt))
	 * @param string $salt The salt used in the md5 password hash
	 * @param string $uuid The uuid to identify to correct private key
	 * @return boolean TRUE if the password is correct
	 */
	public function checkRSAEncryptedPassword($encryptedPassword, $passwordHash, $salt, $uuid);

	/**
	 * Destroys the keypair identified by the given UUID
	 *
	 * @param string $uuid The UUID
	 * @return void
	 * @throws \TYPO3\FLOW3\Security\Exception\InvalidKeyPairIdException If the given UUID identifies no valid key pair
	 */
	public function destroyKeypair($uuid);
}
?>