Skip to content

Commit

Permalink
feat: Support phpseclib3
Browse files Browse the repository at this point in the history
  • Loading branch information
kylekatarnls committed Dec 23, 2020
1 parent 791f2b2 commit 857b24f
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 10 deletions.
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"google/apiclient-services": "~0.13",
"firebase/php-jwt": "~2.0||~3.0||~4.0||~5.0",
"monolog/monolog": "^1.17|^2.0",
"phpseclib/phpseclib": "~2.0",
"phpseclib/phpseclib": "~2.0||~3.0",
"guzzlehttp/guzzle": "~5.3.3||~6.0||~7.0",
"guzzlehttp/psr7": "^1.2"
},
Expand Down
45 changes: 36 additions & 9 deletions src/AccessToken/Verify.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
use Firebase\JWT\SignatureInvalidException;
use GuzzleHttp\Client;
use GuzzleHttp\ClientInterface;
use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Crypt\RSA\PublicKey;
use Psr\Cache\CacheItemPoolInterface;
use Google\Auth\Cache\MemoryCacheItemPool;
use Google\Exception as GoogleException;
Expand Down Expand Up @@ -97,18 +99,10 @@ public function verifyIdToken($idToken, $audience = null)
// Check signature
$certs = $this->getFederatedSignOnCerts();
foreach ($certs as $cert) {
$bigIntClass = $this->getBigIntClass();
$rsaClass = $this->getRsaClass();
$modulus = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['n']), 256);
$exponent = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['e']), 256);

$rsa = new $rsaClass();
$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));

try {
$payload = $this->jwt->decode(
$idToken,
$rsa->getPublicKey(),
$this->getPublicKey($cert),
array('RS256')
);

Expand Down Expand Up @@ -229,8 +223,33 @@ private function getJwtService()
return new $jwtClass;
}

private function getPublicKey($cert)
{
$bigIntClass = $this->getBigIntClass();
$modulus = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['n']), 256);
$exponent = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['e']), 256);
$component = array('n' => $modulus, 'e' => $exponent);

if (class_exists('phpseclib3\Crypt\RSA\PublicKey')) {
/** @var PublicKey $loader */
$loader = PublicKeyLoader::load($component);

return $loader->toString('PKCS8');
}

$rsaClass = $this->getRsaClass();
$rsa = new $rsaClass();
$rsa->loadKey($component);

return $rsa->getPublicKey();
}

private function getRsaClass()
{
if (class_exists('phpseclib3\Crypt\RSA')) {
return 'phpseclib3\Crypt\RSA';
}

if (class_exists('phpseclib\Crypt\RSA')) {
return 'phpseclib\Crypt\RSA';
}
Expand All @@ -240,6 +259,10 @@ private function getRsaClass()

private function getBigIntClass()
{
if (class_exists('phpseclib3\Math\BigInteger')) {
return 'phpseclib3\Math\BigInteger';
}

if (class_exists('phpseclib\Math\BigInteger')) {
return 'phpseclib\Math\BigInteger';
}
Expand All @@ -249,6 +272,10 @@ private function getBigIntClass()

private function getOpenSslConstant()
{
if (class_exists('phpseclib3\Crypt\AES')) {
return 'phpseclib3\Crypt\AES::ENGINE_OPENSSL';
}

if (class_exists('phpseclib\Crypt\RSA')) {
return 'phpseclib\Crypt\RSA::MODE_OPENSSL';
}
Expand Down
4 changes: 4 additions & 0 deletions tests/Google/AccessToken/VerifyTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,10 @@ private function getJwtService()

private function getOpenSslConstant()
{
if (class_exists('phpseclib3\Crypt\AES')) {
return 'phpseclib3\Crypt\AES::ENGINE_OPENSSL';
}

if (class_exists('phpseclib\Crypt\RSA')) {
return 'phpseclib\Crypt\RSA::MODE_OPENSSL';
}
Expand Down

0 comments on commit 857b24f

Please sign in to comment.