Skip to content

Commit

Permalink
deprecate: remove support for phpseclib V2 (googleapis#518)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vishwarajanand
vishwarajanand authored Jan 4, 2024
1 parent ee2436d commit 8cfb95c
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 63 deletions.
63 changes: 6 additions & 57 deletions src/AccessToken.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,9 @@
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Psr7\Utils;
use InvalidArgumentException;
use phpseclib\Crypt\RSA;
use phpseclib\Math\BigInteger as BigInteger2;
use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Math\BigInteger as BigInteger3;
use phpseclib3\Crypt\RSA;
use phpseclib3\Math\BigInteger;
use Psr\Cache\CacheItemPoolInterface;
use RuntimeException;
use SimpleJWT\InvalidTokenException;
Expand Down Expand Up @@ -395,8 +394,8 @@ private function retrieveCertsFromLocation($url, array $options = [])
*/
private function checkAndInitializePhpsec()
{
if (!$this->checkAndInitializePhpsec2() && !$this->checkPhpsec3()) {
throw new RuntimeException('Please require phpseclib/phpseclib v2 or v3 to use this utility.');
if (!class_exists(RSA::class)) {
throw new RuntimeException('Please require phpseclib/phpseclib v3 to use this utility.');
}
}

Expand All @@ -406,23 +405,11 @@ private function checkAndInitializePhpsec()
*/
private function loadPhpsecPublicKey(string $modulus, string $exponent): string
{
if (class_exists(RSA::class) && class_exists(BigInteger2::class)) {
$key = new RSA();
$key->loadKey([
'n' => new BigInteger2($this->callJwtStatic('urlsafeB64Decode', [
$modulus,
]), 256),
'e' => new BigInteger2($this->callJwtStatic('urlsafeB64Decode', [
$exponent
]), 256),
]);
return $key->getPublicKey();
}
$key = PublicKeyLoader::load([
'n' => new BigInteger3($this->callJwtStatic('urlsafeB64Decode', [
'n' => new BigInteger($this->callJwtStatic('urlsafeB64Decode', [
$modulus,
]), 256),
'e' => new BigInteger3($this->callJwtStatic('urlsafeB64Decode', [
'e' => new BigInteger($this->callJwtStatic('urlsafeB64Decode', [
$exponent
]), 256),
]);
Expand All @@ -433,44 +420,6 @@ private function loadPhpsecPublicKey(string $modulus, string $exponent): string
return $formattedPublicKey;
}

/**
* @return bool
*/
private function checkAndInitializePhpsec2(): bool
{
if (!class_exists('phpseclib\Crypt\RSA')) {
return false;
}

/**
* phpseclib calls "phpinfo" by default, which requires special
* whitelisting in the AppEngine VM environment. This function
* sets constants to bypass the need for phpseclib to check phpinfo
*
* @see phpseclib/Math/BigInteger
* @see https://github.com/GoogleCloudPlatform/getting-started-php/issues/85
* @codeCoverageIgnore
*/
if (filter_var(getenv('GAE_VM'), FILTER_VALIDATE_BOOLEAN)) {
if (!defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
define('MATH_BIGINTEGER_OPENSSL_ENABLED', true);
}
if (!defined('CRYPT_RSA_MODE')) {
define('CRYPT_RSA_MODE', RSA::MODE_OPENSSL);
}
}

return true;
}

/**
* @return bool
*/
private function checkPhpsec3(): bool
{
return class_exists('phpseclib3\Crypt\RSA');
}

/**
* @return void
*/
Expand Down
11 changes: 5 additions & 6 deletions src/ServiceAccountSignerTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@

namespace Google\Auth;

use phpseclib\Crypt\RSA;
use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Crypt\RSA;

/**
* Sign a string using a Service Account private key.
Expand All @@ -37,11 +38,9 @@ public function signBlob($stringToSign, $forceOpenssl = false)
$privateKey = $this->auth->getSigningKey();

$signedString = '';
if (class_exists('\\phpseclib\\Crypt\\RSA') && !$forceOpenssl) {
$rsa = new RSA();
$rsa->loadKey($privateKey);
$rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
$rsa->setHash('sha256');
if (class_exists(phpseclib3\Crypt\RSA::class) && !$forceOpenssl) {
$key = PublicKeyLoader::load($privateKey);
$rsa = $key->withHash('sha256')->withPadding(RSA::SIGNATURE_PKCS1);

$signedString = $rsa->sign($stringToSign);
} elseif (extension_loaded('openssl')) {
Expand Down

0 comments on commit 8cfb95c

Please sign in to comment.