protected function supportsKey($key)
{
if (false === parent::supportsKey($key)) {
return false;
}
// openssl_sign with EC keys was introduced in this PHP release
$minVersions = array('5.4' => '5.4.26', '5.5' => '5.5.10', '5.6' => '5.6.0');
if (isset($minVersions[PHP_MAJOR_VERSION . '.' . PHP_MINOR_VERSION]) && version_compare(PHP_VERSION, $minVersions[PHP_MAJOR_VERSION . '.' . PHP_MINOR_VERSION], '<')) {
return false;
}
$keyDetails = openssl_pkey_get_details($key);
if (0 === preg_match('/-----BEGIN PUBLIC KEY-----([^-]+)-----END PUBLIC KEY-----/', $keyDetails['key'], $matches)) {
return false;
}
$publicKey = trim($matches[1]);
$asn1 = new ASN1();
/*
* http://tools.ietf.org/html/rfc3279#section-2.2.3
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
* For ECDSA Signature Algorithm:
* algorithm: ansi-X9-62 => 1.2.840.10045.2.1
* parameters: id-ecSigType => 1.2.840.10045.x.y.z
*
*/
$asnAlgorithmIdentifier = array('type' => ASN1::TYPE_SEQUENCE, 'children' => array('ansi-X9-62' => array('type' => ASN1::TYPE_OBJECT_IDENTIFIER), 'id-ecSigType' => array('type' => ASN1::TYPE_OBJECT_IDENTIFIER)));
/*
* http://tools.ietf.org/html/rfc5280#section-4.1
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*/
$asnSubjectPublicKeyInfo = array('type' => ASN1::TYPE_SEQUENCE, 'children' => array('algorithm' => $asnAlgorithmIdentifier, 'subjectPublicKey' => array('type' => ASN1::TYPE_BIT_STRING)));
$decoded = $asn1->decodeBER(base64_decode($publicKey));
$mappedDetails = $asn1->asn1map($decoded[0], $asnSubjectPublicKeyInfo);
return isset($mappedDetails['algorithm']['id-ecSigType']) ? $this->getSupportedECDSACurve() === $mappedDetails['algorithm']['id-ecSigType'] : false;
}
