From 857b24f2501eb5538de4df4d5659aa05a16f34bc Mon Sep 17 00:00:00 2001 From: Bastien Miclo Date: Tue, 22 Dec 2020 12:33:42 +0100 Subject: [PATCH 1/2] feat: Support phpseclib3 --- composer.json | 2 +- src/AccessToken/Verify.php | 45 ++++++++++++++++++++----- tests/Google/AccessToken/VerifyTest.php | 4 +++ 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/composer.json b/composer.json index 016fe6bcb..ab7eaaba4 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "google/apiclient-services": "~0.13", "firebase/php-jwt": "~2.0||~3.0||~4.0||~5.0", "monolog/monolog": "^1.17|^2.0", - "phpseclib/phpseclib": "~2.0", + "phpseclib/phpseclib": "~2.0||~3.0", "guzzlehttp/guzzle": "~5.3.3||~6.0||~7.0", "guzzlehttp/psr7": "^1.2" }, diff --git a/src/AccessToken/Verify.php b/src/AccessToken/Verify.php index 96fabdefd..fa997f211 100644 --- a/src/AccessToken/Verify.php +++ b/src/AccessToken/Verify.php @@ -22,6 +22,8 @@ use Firebase\JWT\SignatureInvalidException; use GuzzleHttp\Client; use GuzzleHttp\ClientInterface; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\RSA\PublicKey; use Psr\Cache\CacheItemPoolInterface; use Google\Auth\Cache\MemoryCacheItemPool; use Google\Exception as GoogleException; @@ -97,18 +99,10 @@ public function verifyIdToken($idToken, $audience = null) // Check signature $certs = $this->getFederatedSignOnCerts(); foreach ($certs as $cert) { - $bigIntClass = $this->getBigIntClass(); - $rsaClass = $this->getRsaClass(); - $modulus = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['n']), 256); - $exponent = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['e']), 256); - - $rsa = new $rsaClass(); - $rsa->loadKey(array('n' => $modulus, 'e' => $exponent)); - try { $payload = $this->jwt->decode( $idToken, - $rsa->getPublicKey(), + $this->getPublicKey($cert), array('RS256') ); @@ -229,8 +223,33 @@ private function getJwtService() return new $jwtClass; } + private function getPublicKey($cert) + { + $bigIntClass = $this->getBigIntClass(); + $modulus = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['n']), 256); + $exponent = new $bigIntClass($this->jwt->urlsafeB64Decode($cert['e']), 256); + $component = array('n' => $modulus, 'e' => $exponent); + + if (class_exists('phpseclib3\Crypt\RSA\PublicKey')) { + /** @var PublicKey $loader */ + $loader = PublicKeyLoader::load($component); + + return $loader->toString('PKCS8'); + } + + $rsaClass = $this->getRsaClass(); + $rsa = new $rsaClass(); + $rsa->loadKey($component); + + return $rsa->getPublicKey(); + } + private function getRsaClass() { + if (class_exists('phpseclib3\Crypt\RSA')) { + return 'phpseclib3\Crypt\RSA'; + } + if (class_exists('phpseclib\Crypt\RSA')) { return 'phpseclib\Crypt\RSA'; } @@ -240,6 +259,10 @@ private function getRsaClass() private function getBigIntClass() { + if (class_exists('phpseclib3\Math\BigInteger')) { + return 'phpseclib3\Math\BigInteger'; + } + if (class_exists('phpseclib\Math\BigInteger')) { return 'phpseclib\Math\BigInteger'; } @@ -249,6 +272,10 @@ private function getBigIntClass() private function getOpenSslConstant() { + if (class_exists('phpseclib3\Crypt\AES')) { + return 'phpseclib3\Crypt\AES::ENGINE_OPENSSL'; + } + if (class_exists('phpseclib\Crypt\RSA')) { return 'phpseclib\Crypt\RSA::MODE_OPENSSL'; } diff --git a/tests/Google/AccessToken/VerifyTest.php b/tests/Google/AccessToken/VerifyTest.php index bce9501b4..dbcaa6f33 100644 --- a/tests/Google/AccessToken/VerifyTest.php +++ b/tests/Google/AccessToken/VerifyTest.php @@ -139,6 +139,10 @@ private function getJwtService() private function getOpenSslConstant() { + if (class_exists('phpseclib3\Crypt\AES')) { + return 'phpseclib3\Crypt\AES::ENGINE_OPENSSL'; + } + if (class_exists('phpseclib\Crypt\RSA')) { return 'phpseclib\Crypt\RSA::MODE_OPENSSL'; } From 42d6abcf7092231593f0f13f4dabb00fefd6d2d5 Mon Sep 17 00:00:00 2001 From: Bastien Miclo Date: Thu, 24 Dec 2020 16:52:28 +0100 Subject: [PATCH 2/2] Require >=3.0.2 for PHP 8 compatibility --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ab7eaaba4..c29adc2c3 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "google/apiclient-services": "~0.13", "firebase/php-jwt": "~2.0||~3.0||~4.0||~5.0", "monolog/monolog": "^1.17|^2.0", - "phpseclib/phpseclib": "~2.0||~3.0", + "phpseclib/phpseclib": "~2.0||^3.0.2", "guzzlehttp/guzzle": "~5.3.3||~6.0||~7.0", "guzzlehttp/psr7": "^1.2" },