Merge pull request #41 from paragonie/v2.9

Prepare for Version 2.9
paragonie · May 8, 2024 · 852c1a7 · 852c1a7
2 parents aedf6b5 + ef6e649
commit 852c1a7
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 9 deletions.
diff --git a/src/Composer.php b/src/Composer.php
@@ -28,8 +28,25 @@ public static function postAutoloadDump(Event $event)
         require_once $vendorDir . '/autoload.php';
 
         $dataDir = \dirname($vendorDir) . '/data';
+        (new RemoteFetch($dataDir))->getLatestBundle(false, false);
+        self::dos2unixAll($dataDir);
         (new RemoteFetch($dataDir))->getLatestBundle();
 
         echo '[OK] Remote Fetch of latest CACert Bundle', PHP_EOL;
     }
+
+    /**
+     * Prevent newline weirdness with Git from causing invalid files (SHA-256, signatures)
+     *
+     * @param string $dataDir
+     * @return void
+     */
+    public static function dos2unixAll($dataDir)
+    {
+        foreach (glob($dataDir . '/*.pem') as $pemFile) {
+            $contents = file_get_contents($pemFile);
+            $fixed = str_replace("\r\n", "\n", $contents);
+            file_put_contents($pemFile, $fixed);
+        }
+    }
 }
diff --git a/src/Fetch.php b/src/Fetch.php
@@ -81,10 +81,12 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =
             $checkChronicle = (bool) (static::CHECK_CHRONICLE_BY_DEFAULT && $sodiumCompatIsntSlow);
         }
 
-        /** @var int $bundleIndex */
         $bundleIndex = 0;
-        /** @var Bundle $bundle */
-        foreach ($this->listBundles('', $this->trustChannel) as $bundle) {
+        $bundlesAvailable = $this->listBundles('', $this->trustChannel);
+        if (empty($bundlesAvailable)) {
+            throw new BundleException('No bundles were found in the data directory.');
+        }
+        foreach ($bundlesAvailable as $bundle) {
             if ($bundle->hasCustom()) {
                 $validator = $bundle->getValidator();
             } else {
@@ -93,10 +95,9 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =
 
             // If the SHA256 doesn't match, fail fast.
             if ($validator::checkSha256Sum($bundle)) {
-                /** @var bool $valid */
                 $valid = true;
                 if ($checkEd25519Signature) {
-                    $valid = $valid && $validator->checkEd25519Signature($bundle);
+                    $valid = $validator->checkEd25519Signature($bundle);
                     if (!$valid) {
                         $this->markBundleAsBad($bundleIndex, 'Ed25519 signature mismatch');
                     }
@@ -106,7 +107,6 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =
                     $index = array_search($bundle->getFilePath(), $this->unverified, true);
                     if ($index !== false) {
                         $validChronicle = $validator->checkChronicleHash($bundle);
-                        $valid = $valid && $validChronicle;
                         if ($validChronicle) {
                             unset($this->unverified[$index]);
                         } else {

diff --git a/test/CustomCASupportTest.php b/test/CustomCASupportTest.php
@@ -1,6 +1,7 @@
 <?php
 namespace ParagonIE\Certainty\Tests;
 
+use ParagonIE\Certainty\Composer;
 use ParagonIE\Certainty\Exception\CertaintyException;
 use ParagonIE\Certainty\Exception\CryptoException;
 use ParagonIE\ConstantTime\Hex;
@@ -49,7 +50,6 @@ public function after()
      */
     public function testCustom()
     {
-        $this->markTestSkipped('not important for now');
         $keypair = \ParagonIE_Sodium_Compat::crypto_sign_keypair();
         $secretKey = \ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair);
         $publicKey = \ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair);
@@ -71,6 +71,7 @@ public function testCustom()
             \hash_file('sha256', __DIR__ . '/static/combined.pem'),
             $customLatest->getSha256Sum()
         );
+        $this->assertTrue(file_exists($customLatest->getFilePath()), 'File does not exist');
 
         $this->assertTrue($validator->checkEd25519Signature($customLatest));
     }

diff --git a/test/CustomValidator.php b/test/CustomValidator.php
@@ -36,9 +36,9 @@ public static function setPublicKey($string)
      */
     public function checkEd25519Signature(Bundle $bundle, $backupKey = false)
     {
-        return \ParagonIE_Sodium_File::verify(
+        return \sodium_crypto_sign_verify_detached(
             $bundle->getSignature(true),
-            $bundle->getFilePath(),
+            $bundle->getFileContents(),
             Hex::decode(self::$publicKey)
         );
     }

diff --git a/test/RemoteFetchTest.php b/test/RemoteFetchTest.php
@@ -1,6 +1,7 @@
 <?php
 namespace ParagonIE\Certainty\Tests;
 
+use ParagonIE\Certainty\Composer;
 use ParagonIE\Certainty\Exception\CertaintyException;
 use ParagonIE\Certainty\RemoteFetch;
 use PHPUnit\Framework\TestCase;
@@ -59,6 +60,7 @@ public function testRemoteFetch()
         }
         $this->assertFalse(\file_exists($this->dir . '/ca-certs.json'));
         $fetch = new RemoteFetch($this->dir);
+        Composer::dos2unixAll($this->dir);
         $fetch->getLatestBundle();
         $this->assertTrue(\file_exists($this->dir . '/ca-certs.json'));