Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phpsec workaround #848

Merged
merged 1 commit into from Feb 12, 2016
Merged

phpsec workaround #848

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 23 additions & 0 deletions src/Google/AccessToken/Verify.php
View file
Open in desktop
Expand Up @@ -72,6 +72,9 @@ public function verifyIdToken($idToken, $audience = null)
throw new LogicException('id_token cannot be null');
}

// set phpseclib constants if applicable
$this->setPhpsecConstants();

// Check signature
$certs = $this->getFederatedSignOnCerts();
foreach ($certs as $cert) {
Expand Down Expand Up @@ -200,4 +203,24 @@ private function getJwtService()

return new $jwtClass;
}

/**
* phpseclib calls "phpinfo" by default, which requires special
* whitelisting in the AppEngine VM environment. This function
* sets constants to bypass the need for phpseclib to check phpinfo
*
* @see phpseclib/Math/BigInteger
* @see https://github.com/GoogleCloudPlatform/getting-started-php/issues/85
*/
private function setPhpsecConstants()
{
if (filter_var(getenv('GAE_VM'), FILTER_VALIDATE_BOOLEAN)) {
if (!defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
define('MATH_BIGINTEGER_OPENSSL_ENABLED', true);
}
if (!defined('CRYPT_RSA_MODE')) {
define('CRYPT_RSA_MODE', RSA::MODE_OPENSSL);
}
}
}
}
27 changes: 27 additions & 0 deletions tests/Google/AccessToken/VerifyTest.php
View file
Open in desktop
Expand Up @@ -23,6 +23,33 @@

class Google_AccessToken_VerifyTest extends BaseTest
{
/**
* This test needs to run before the other verify tests,
* to ensure the constants are not defined.
*/
public function testPhpsecConstants()
{
$client = $this->getClient();
$verify = new Google_AccessToken_Verify($client->getHttpClient());

// set these to values that will be changed
if (defined('MATH_BIGINTEGER_OPENSSL_ENABLED') || defined('CRYPT_RSA_MODE')) {
$this->markTestSkipped('Cannot run test - constants already defined');
}

// Pretend we are on App Engine VMs
putenv('GAE_VM=1');

$verify->verifyIdToken('a.b.c');

putenv('GAE_VM=0');

$openSslEnable = constant('MATH_BIGINTEGER_OPENSSL_ENABLED');
$rsaMode = constant('CRYPT_RSA_MODE');
$this->assertEquals(true, $openSslEnable);
$this->assertEquals(phpseclib\Crypt\RSA::MODE_OPENSSL, $rsaMode);
}

/**
* Most of the logic for ID token validation is in AuthTest -
* this is just a general check to ensure we verify a valid
Expand Down