51 private string $clientPub,
52 \Closure $onCompletion
56 JwtUtils::parseDerPublicKey($this->clientPub);
57 if(self::$SERVER_PRIVATE_KEY ===
null){
58 $serverPrivateKey = openssl_pkey_new([
"ec" => [
"curve_name" =>
"secp384r1"]]);
59 if($serverPrivateKey ===
false){
60 throw new \RuntimeException(
"openssl_pkey_new() failed: " . openssl_error_string());
62 self::$SERVER_PRIVATE_KEY = $serverPrivateKey;
65 $this->serverPrivateKey = igbinary_serialize(openssl_pkey_get_details(self::$SERVER_PRIVATE_KEY));
66 $this->
storeLocal(self::TLS_KEY_ON_COMPLETION, $onCompletion);
71 $serverPrivDetails = igbinary_unserialize($this->serverPrivateKey);
72 $serverPriv = openssl_pkey_new($serverPrivDetails);
73 if($serverPriv ===
false)
throw new AssumptionFailedError(
"Failed to restore server signing key from details");
74 $clientPub = JwtUtils::parseDerPublicKey($this->clientPub);
75 $sharedSecret = EncryptionUtils::generateSharedSecret($serverPriv, $clientPub);
77 $salt = random_bytes(16);
78 $this->aesKey = EncryptionUtils::generateKey($sharedSecret, $salt);
79 $this->handshakeJwt = EncryptionUtils::generateServerHandshakeJwt($serverPriv, $salt);