From d0625d72f11a57a5aeb6cc043346ac39c5a79ddb Mon Sep 17 00:00:00 2001 From: Lucas D Hedding Date: Mon, 26 Aug 2019 16:15:48 -0600 Subject: [PATCH 1/3] Add checksum list collection class --- src/ChecksumList.php | 84 ++++++++++++++++++++++++++++++++++++++++++++ src/Verifier.php | 34 +----------------- 2 files changed, 85 insertions(+), 33 deletions(-) create mode 100644 src/ChecksumList.php diff --git a/src/ChecksumList.php b/src/ChecksumList.php new file mode 100644 index 0000000..adcbf60 --- /dev/null +++ b/src/ChecksumList.php @@ -0,0 +1,84 @@ + 64, 'SHA512' => 128); + + protected $checksums = array(); + + protected $position = 0; + + public function __construct($checksum_list_raw, $list_is_trusted) + { + $lines = explode("\n", $checksum_list_raw); + foreach ($lines as $line) { + if (trim($line) == '') { + continue; + } + + if (substr($line, 0, 1) === '\\') { + throw new VerifierException('Filenames with problematic characters are not yet supported.'); + } + + $algo = substr($line, 0, strpos($line, ' ')); + if (empty($this->HASH_ALGO_BASE64_LENGTHS[$algo])) { + throw new VerifierException("Algorithm \"$algo\" is unsupported for checksum verification."); + } + + $filename_start = strpos($line, '(') + 1; + $bytes_after_filename = $this->HASH_ALGO_BASE64_LENGTHS[$algo] + 4; + $filename = substr($line, $filename_start, -$bytes_after_filename); + + $verified_checksum = new VerifierFileChecksum($filename, $algo, substr($line, -$this->HASH_ALGO_BASE64_LENGTHS[$algo]), $list_is_trusted); + $this->checksums[] = $verified_checksum; + } + + return $this->checksums; + } + + /** + * @inheritDoc + */ + public function current() { + return $this->checksums[$this->position]; + } + + /** + * @inheritDoc + */ + public function next() { + $this->position += 1; + } + + /** + * @inheritDoc + */ + public function key() { + return $this->position; + } + + /** + * @inheritDoc + */ + public function valid() { + return isset($this->checksums[$this->position]); + } + + /** + * @inheritDoc + */ + public function rewind() { + $this->position = 0; + } + + /** + * @inheritDoc + */ + public function count() { + return iterator_count($this); + } + +} diff --git a/src/Verifier.php b/src/Verifier.php index db386ec..1669d69 100644 --- a/src/Verifier.php +++ b/src/Verifier.php @@ -8,9 +8,6 @@ class Verifier const COMMENTHDRLEN = 19; const COMMENTMAXLEN = 1024; - // Allowed checksum list verification algorithms and their base64-encoded lengths. - protected $HASH_ALGO_BASE64_LENGTHS = array('SHA256' => 64, 'SHA512' => 128); - /** * @var string */ @@ -173,7 +170,7 @@ public function verifyChecksumList($signed_checksum_list, $working_directory) } protected function verifyTrustedChecksumList($checksum_list_raw, $working_directory) { - $checksum_list = $this->parseChecksumList($checksum_list_raw, true); + $checksum_list = new ChecksumList($checksum_list_raw, true); $verified_count = 0; /** @@ -227,35 +224,6 @@ public function verifyChecksumFile($checksum_file) { return $this->verifyChecksumList($signed_checksum_list, $working_directory); } - protected function parseChecksumList($checksum_list_raw, $list_is_trusted) - { - $lines = explode("\n", $checksum_list_raw); - $verified_checksums = array(); - foreach ($lines as $line) { - if (trim($line) == '') { - continue; - } - - if (substr($line, 0, 1) === '\\') { - throw new VerifierException('Filenames with problematic characters are not yet supported.'); - } - - $algo = substr($line, 0, strpos($line, ' ')); - if (empty($this->HASH_ALGO_BASE64_LENGTHS[$algo])) { - throw new VerifierException("Algorithm \"$algo\" is unsupported for checksum verification."); - } - - $filename_start = strpos($line, '(') + 1; - $bytes_after_filename = $this->HASH_ALGO_BASE64_LENGTHS[$algo] + 4; - $filename = substr($line, $filename_start, -$bytes_after_filename); - - $verified_checksum = new VerifierFileChecksum($filename, $algo, substr($line, -$this->HASH_ALGO_BASE64_LENGTHS[$algo]), $list_is_trusted); - $verified_checksums[] = $verified_checksum; - } - - return $verified_checksums; - } - /** * Verify a string message signed with CSIG chained-signature extended Signify format. * From fbb25191305f8de3ddf16910349f7c84db15656c Mon Sep 17 00:00:00 2001 From: Lucas D Hedding Date: Mon, 26 Aug 2019 16:33:35 -0600 Subject: [PATCH 2/3] respond to more feedback --- src/ChecksumList.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/ChecksumList.php b/src/ChecksumList.php index adcbf60..8acfabc 100644 --- a/src/ChecksumList.php +++ b/src/ChecksumList.php @@ -35,8 +35,6 @@ public function __construct($checksum_list_raw, $list_is_trusted) $verified_checksum = new VerifierFileChecksum($filename, $algo, substr($line, -$this->HASH_ALGO_BASE64_LENGTHS[$algo]), $list_is_trusted); $this->checksums[] = $verified_checksum; } - - return $this->checksums; } /** @@ -78,7 +76,7 @@ public function rewind() { * @inheritDoc */ public function count() { - return iterator_count($this); + return count($this->checksums); } } From 36bd2dc863d11f87a8d356133689d2847116a72e Mon Sep 17 00:00:00 2001 From: Lucas D Hedding Date: Tue, 27 Aug 2019 10:19:16 -0600 Subject: [PATCH 3/3] update comment --- src/ChecksumList.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ChecksumList.php b/src/ChecksumList.php index 8acfabc..5418f33 100644 --- a/src/ChecksumList.php +++ b/src/ChecksumList.php @@ -4,7 +4,7 @@ class ChecksumList implements \Countable, \Iterator { - // Allowed checksum list verification algorithms and their base64-encoded lengths. + // Allowed checksum algorithms and their base-16 (hex) lengths. protected $HASH_ALGO_BASE64_LENGTHS = array('SHA256' => 64, 'SHA512' => 128); protected $checksums = array();