feat: add support for phpseclib3 (#5251)

* feat: add support for phpseclib3 * sign data for phpseclib2 * fixes for php 5 * syntax fix for php 5 * add support for phpseclib2 in tests * fix php5 syntax again
googleapis · May 4, 2022 · 2c5a2e1 · 2c5a2e1
1 parent 46c1d34
commit 2c5a2e1
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 9 deletions.
diff --git a/Core/src/Testing/KeyPairGenerateTrait.php b/Core/src/Testing/KeyPairGenerateTrait.php
@@ -18,7 +18,8 @@
 namespace Google\Cloud\Core\Testing;
 
 use Google\Cloud\Storage\EncryptionTrait;
-use phpseclib\Crypt\RSA;
+use phpseclib\Crypt\RSA as RSA2;
+use phpseclib3\Crypt\RSA as RSA3;
 
 /**
  * Trait KeyPairGenerateTrait implements key pair generation functions used for testing
@@ -32,8 +33,16 @@ trait KeyPairGenerateTrait
 
     private function getKeyPair()
     {
-        $rsa = new RSA;
-        $rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
+        if (class_exists(RSA3::class)) {
+            $key = RSA3::createKey();
+            $key = $key->withPadding(RSA3::SIGNATURE_PKCS1)
+                ->withHash('sha256');
+
+            return [$key->toString('PKCS1'), $key->getPublicKey()];
+        }
+
+        $rsa = new RSA2;
+        $rsa->setSignatureMode(RSA2::SIGNATURE_PKCS1);
         $rsa->setHash('sha256');
 
         $key = $rsa->createKey();

diff --git a/Storage/composer.json b/Storage/composer.json
@@ -12,7 +12,7 @@
         "squizlabs/php_codesniffer": "2.*",
         "phpdocumentor/reflection": "^3.0",
         "erusev/parsedown": "^1.6",
-        "phpseclib/phpseclib": "^2",
+        "phpseclib/phpseclib": "^2.0||^3.0",
         "google/cloud-pubsub": "^1.0"
     },
     "suggest": {

diff --git a/Storage/src/EncryptionTrait.php b/Storage/src/EncryptionTrait.php
@@ -17,7 +17,8 @@
 
 namespace Google\Cloud\Storage;
 
-use phpseclib\Crypt\RSA;
+use phpseclib\Crypt\RSA as RSA2;
+use phpseclib3\Crypt\RSA as RSA3;
 
 /**
  * Trait which provides helper methods for customer-supplied encryption.
@@ -127,10 +128,16 @@ protected function signString($privateKey, $data, $forceOpenssl = false)
     {
         $signature = '';
 
-        if (class_exists(RSA::class) && !$forceOpenssl) {
-            $rsa = new RSA;
+        if (class_exists(RSA3::class) && !$forceOpenssl) {
+            $rsa = RSA3::loadPrivateKey($privateKey);
+            $rsa = $rsa->withPadding(RSA3::SIGNATURE_PKCS1)
+                ->withHash('sha256');
+
+            $signature = $rsa->sign($data);
+        } elseif (class_exists(RSA2::class) && !$forceOpenssl) {
+            $rsa = new RSA2;
             $rsa->loadKey($privateKey);
-            $rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
+            $rsa->setSignatureMode(RSA2::SIGNATURE_PKCS1);
             $rsa->setHash('sha256');
 
             $signature = $rsa->sign($data);

diff --git a/composer.json b/composer.json
@@ -63,7 +63,7 @@
         "erusev/parsedown": "^1.6",
         "vierbergenlars/php-semver": "^3.0",
         "symfony/lock": "3.3.x-dev#1ba6ac9",
-        "phpseclib/phpseclib": "^2",
+        "phpseclib/phpseclib": "^2.0||^3.0",
         "google/cloud-tools": "^0.12.0",
         "opis/closure": "^3.0",
         "swaggest/json-schema": "^0.12.0",