From c7c5ae83194f6f8c5df0b13d934c4c84950a59cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Cobucci?= Date: Fri, 19 Aug 2022 22:53:25 +0200 Subject: [PATCH 1/2] Remove deprecated components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In v4.x we deprecated many components, this removes them all to clean up our codebase a bit. Signed-off-by: Luís Cobucci --- docs/supported-algorithms.md | 26 --- phpstan.neon.dist | 7 - src/Signer/Ecdsa/UnsafeSha256.php | 27 --- src/Signer/Ecdsa/UnsafeSha384.php | 27 --- src/Signer/Ecdsa/UnsafeSha512.php | 27 --- src/Signer/Hmac/UnsafeSha256.php | 25 -- src/Signer/Hmac/UnsafeSha384.php | 25 -- src/Signer/Hmac/UnsafeSha512.php | 25 -- src/Signer/Key/LocalFileReference.php | 50 ---- src/Signer/Rsa/UnsafeSha256.php | 22 -- src/Signer/Rsa/UnsafeSha384.php | 22 -- src/Signer/Rsa/UnsafeSha512.php | 22 -- src/Signer/UnsafeEcdsa.php | 57 ----- src/Signer/UnsafeRsa.php | 31 --- src/Validation/Constraint/ValidAt.php | 25 -- test/functional/HmacTokenTest.php | 23 +- test/unit/Signer/Ecdsa/UnsafeSha256Test.php | 68 ------ test/unit/Signer/Ecdsa/UnsafeSha384Test.php | 68 ------ test/unit/Signer/Ecdsa/UnsafeSha512Test.php | 68 ------ test/unit/Signer/Hmac/UnsafeSha256Test.php | 46 ---- test/unit/Signer/Hmac/UnsafeSha384Test.php | 46 ---- test/unit/Signer/Hmac/UnsafeSha512Test.php | 46 ---- .../Signer/Key/LocalFileReferenceTest.php | 55 ----- test/unit/Signer/Rsa/UnsafeSha256.php | 42 ++++ test/unit/Signer/Rsa/UnsafeSha256Test.php | 36 --- test/unit/Signer/Rsa/UnsafeSha384Test.php | 36 --- test/unit/Signer/Rsa/UnsafeSha512Test.php | 36 --- test/unit/Signer/RsaTest.php | 28 +++ test/unit/Signer/UnsafeEcdsaTest.php | 140 ----------- test/unit/Signer/UnsafeRsaTest.php | 218 ------------------ .../Validation/Constraint/ValidAtTest.php | 49 ---- 31 files changed, 85 insertions(+), 1338 deletions(-) delete mode 100644 src/Signer/Ecdsa/UnsafeSha256.php delete mode 100644 src/Signer/Ecdsa/UnsafeSha384.php delete mode 100644 src/Signer/Ecdsa/UnsafeSha512.php delete mode 100644 src/Signer/Hmac/UnsafeSha256.php delete mode 100644 src/Signer/Hmac/UnsafeSha384.php delete mode 100644 src/Signer/Hmac/UnsafeSha512.php delete mode 100644 src/Signer/Key/LocalFileReference.php delete mode 100644 src/Signer/Rsa/UnsafeSha256.php delete mode 100644 src/Signer/Rsa/UnsafeSha384.php delete mode 100644 src/Signer/Rsa/UnsafeSha512.php delete mode 100644 src/Signer/UnsafeEcdsa.php delete mode 100644 src/Signer/UnsafeRsa.php delete mode 100644 src/Validation/Constraint/ValidAt.php delete mode 100644 test/unit/Signer/Ecdsa/UnsafeSha256Test.php delete mode 100644 test/unit/Signer/Ecdsa/UnsafeSha384Test.php delete mode 100644 test/unit/Signer/Ecdsa/UnsafeSha512Test.php delete mode 100644 test/unit/Signer/Hmac/UnsafeSha256Test.php delete mode 100644 test/unit/Signer/Hmac/UnsafeSha384Test.php delete mode 100644 test/unit/Signer/Hmac/UnsafeSha512Test.php delete mode 100644 test/unit/Signer/Key/LocalFileReferenceTest.php create mode 100644 test/unit/Signer/Rsa/UnsafeSha256.php delete mode 100644 test/unit/Signer/Rsa/UnsafeSha256Test.php delete mode 100644 test/unit/Signer/Rsa/UnsafeSha384Test.php delete mode 100644 test/unit/Signer/Rsa/UnsafeSha512Test.php delete mode 100644 test/unit/Signer/UnsafeEcdsaTest.php delete mode 100644 test/unit/Signer/UnsafeRsaTest.php delete mode 100644 test/unit/Validation/Constraint/ValidAtTest.php diff --git a/docs/supported-algorithms.md b/docs/supported-algorithms.md index 9c7f632b..7143b498 100644 --- a/docs/supported-algorithms.md +++ b/docs/supported-algorithms.md @@ -21,18 +21,6 @@ They're usually recommended for scenarios where these operations are handled by !!! Warning Although `BLAKE2B` is fantastic due to its performance, it's not [JWT standard] and won't necessarily be offered by other libraries. -### Deprecated items - -In `v4.2.0`, we introduced key length validation and added a way for users to still use non-recommended keys. -The following implementations will be **removed** in `v5.0.0` (use them carefully): - -| Name | Description | Class | Key length req. | -|---------|--------------------|------------------------------------------|-----------------| -| `HS256` | HMAC using SHA-256 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha256` | `>= 1 bit` | -| `HS384` | HMAC using SHA-384 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha384` | `>= 1 bit` | -| `HS512` | HMAC using SHA-512 | `\Lcobucci\JWT\Signer\Hmac\UnsafeSha512` | `>= 1 bit` | - - ## Asymmetric algorithms Asymmetric algorithms perform signature creation with private/secret keys and verification with public keys. @@ -48,18 +36,4 @@ They're usually recommended for scenarios where creation is handled by a compone | `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 | `\Lcobucci\JWT\Signer\Rsa\Sha512` | `>= 2048 bits` | | `EdDSA` | EdDSA signature algorithms | `\Lcobucci\JWT\Signer\Eddsa` | `>= 256 bits` | -### Deprecated items - -In `v4.2.0`, we introduced key length validation and added a way for users to still use non-recommended keys. -The following implementations will be **removed** in `v5.0.0` (use them carefully): - -| Name | Description | Class | Key length req. | -|---------|---------------------------------|-------------------------------------------|-----------------| -| `ES256` | ECDSA using P-256 and SHA-256 | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha256` | `>= 1 bit` | -| `ES384` | ECDSA using P-384 and SHA-384 | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha384` | `>= 1 bit` | -| `ES512` | ECDSA using P-521 and SHA-512 | `\Lcobucci\JWT\Signer\Ecdsa\UnsafeSha512` | `>= 1 bit` | -| `RS256` | RSASSA-PKCS1-v1_5 using SHA-256 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha256` | `>= 1 bit` | -| `RS384` | RSASSA-PKCS1-v1_5 using SHA-384 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha384` | `>= 1 bit` | -| `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 | `\Lcobucci\JWT\Signer\Rsa\UnsafeSha512` | `>= 1 bit` | - [JWT standard]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms diff --git a/phpstan.neon.dist b/phpstan.neon.dist index ceeaa784..8b58520d 100644 --- a/phpstan.neon.dist +++ b/phpstan.neon.dist @@ -3,10 +3,3 @@ parameters: paths: - src - test - - ignoreErrors: - - '#Call to method .* of deprecated class Lcobucci\\JWT\\Signer\\Key\\LocalFileReference#' - - """ - #^.+ deprecated class Lcobucci\\\\JWT\\\\Signer\\\\.+: - Deprecated since v4\\.2$# - """ diff --git a/src/Signer/Ecdsa/UnsafeSha256.php b/src/Signer/Ecdsa/UnsafeSha256.php deleted file mode 100644 index 6f2699d0..00000000 --- a/src/Signer/Ecdsa/UnsafeSha256.php +++ /dev/null @@ -1,27 +0,0 @@ -contents)) { - $this->contents = InMemory::file($this->path)->contents(); - } - - return $this->contents; - } - - public function passphrase(): string - { - return $this->passphrase; - } -} diff --git a/src/Signer/Rsa/UnsafeSha256.php b/src/Signer/Rsa/UnsafeSha256.php deleted file mode 100644 index e6e67f29..00000000 --- a/src/Signer/Rsa/UnsafeSha256.php +++ /dev/null @@ -1,22 +0,0 @@ -converter->fromAsn1( - $this->createSignature($key->contents(), $key->passphrase(), $payload), - $this->pointLength(), - ); - } - - final public function verify(string $expected, string $payload, Key $key): bool - { - return $this->verifySignature( - $this->converter->toAsn1($expected, $this->pointLength()), - $payload, - $key->contents(), - ); - } - - // phpcs:ignore SlevomatCodingStandard.Functions.UnusedParameter.UnusedParameter - final protected function guardAgainstIncompatibleKey(int $type, int $lengthInBits): void - { - if ($type !== OPENSSL_KEYTYPE_EC) { - throw InvalidKeyProvided::incompatibleKeyType( - self::KEY_TYPE_MAP[OPENSSL_KEYTYPE_EC], - self::KEY_TYPE_MAP[$type], - ); - } - } - - /** - * Returns the length of each point in the signature, so that we can calculate and verify R and S points properly - * - * @internal - */ - abstract public function pointLength(): int; -} diff --git a/src/Signer/UnsafeRsa.php b/src/Signer/UnsafeRsa.php deleted file mode 100644 index 182ef806..00000000 --- a/src/Signer/UnsafeRsa.php +++ /dev/null @@ -1,31 +0,0 @@ -createSignature($key->contents(), $key->passphrase(), $payload); - } - - final public function verify(string $expected, string $payload, Key $key): bool - { - return $this->verifySignature($expected, $payload, $key->contents()); - } - - // phpcs:ignore SlevomatCodingStandard.Functions.UnusedParameter.UnusedParameter - final protected function guardAgainstIncompatibleKey(int $type, int $lengthInBits): void - { - if ($type !== OPENSSL_KEYTYPE_RSA) { - throw InvalidKeyProvided::incompatibleKeyType( - self::KEY_TYPE_MAP[OPENSSL_KEYTYPE_RSA], - self::KEY_TYPE_MAP[$type], - ); - } - } -} diff --git a/src/Validation/Constraint/ValidAt.php b/src/Validation/Constraint/ValidAt.php deleted file mode 100644 index db7f6baf..00000000 --- a/src/Validation/Constraint/ValidAt.php +++ /dev/null @@ -1,25 +0,0 @@ -constraint = new LooseValidAt($clock, $leeway); - } - - public function assert(Token $token): void - { - $this->constraint->assert($token); - } -} diff --git a/test/functional/HmacTokenTest.php b/test/functional/HmacTokenTest.php index 94e5b718..44c7a2eb 100644 --- a/test/functional/HmacTokenTest.php +++ b/test/functional/HmacTokenTest.php @@ -6,8 +6,8 @@ use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Hmac\Sha256; use Lcobucci\JWT\Signer\Hmac\Sha512; -use Lcobucci\JWT\Signer\Hmac\UnsafeSha256; use Lcobucci\JWT\Signer\Key\InMemory; +use Lcobucci\JWT\SodiumBase64Polyfill; use Lcobucci\JWT\Token; use Lcobucci\JWT\Validation\Constraint\SignedWith; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -136,11 +136,12 @@ public function signatureValidationShouldSucceedWhenKeyIsRight(Token $token): vo public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs(): void { $config = Configuration::forSymmetricSigner( - new UnsafeSha256(), - InMemory::plainText('testing'), + new Sha256(), + InMemory::base64Encoded('FkL2+V+1k2auI3xxTz/2skChDQVVjT9PW1/grXafg3M='), ); - $data = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJoZWxsbyI6IndvcmxkIn0.Rh' - . '7AEgqCB7zae1PkgIlvOpeyw9Ab8NGTbeOH7heHO0o'; + + $data = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJoZWxsbyI6IndvcmxkIn0.' + . 'ZQfnc_iFebE--gXmnhJrqMXv3GWdH9uvdkFXTgBcMFw'; $token = $config->parser()->parse($data); assert($token instanceof Token\Plain); @@ -153,14 +154,20 @@ public function everythingShouldWorkWhenUsingATokenGeneratedByOtherLibs(): void /** @test */ public function signatureValidationWithLocalFileKeyReferenceWillOperateWithKeyContents(): void { - $key = tempnam(sys_get_temp_dir(), 'key'); + $key = tempnam(sys_get_temp_dir(), 'a-very-long-prefix-to-create-a-longer-key'); assert(is_string($key)); - file_put_contents($key, 'just a dummy key'); + file_put_contents( + $key, + SodiumBase64Polyfill::base642bin( + 'FkL2+V+1k2auI3xxTz/2skChDQVVjT9PW1/grXafg3M=', + SodiumBase64Polyfill::SODIUM_BASE64_VARIANT_ORIGINAL, + ), + ); $validKey = InMemory::file($key); $invalidKey = InMemory::plainText('file://' . $key); - $signer = new UnsafeSha256(); + $signer = new Sha256(); $configuration = Configuration::forSymmetricSigner($signer, $validKey); $validator = $configuration->validator(); diff --git a/test/unit/Signer/Ecdsa/UnsafeSha256Test.php b/test/unit/Signer/Ecdsa/UnsafeSha256Test.php deleted file mode 100644 index 6e1725e8..00000000 --- a/test/unit/Signer/Ecdsa/UnsafeSha256Test.php +++ /dev/null @@ -1,68 +0,0 @@ -getSigner()->algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function algorithmMustBeCorrect(): void - { - self::assertSame(OPENSSL_ALGO_SHA256, $this->getSigner()->algorithm()); - } - - /** - * @test - * - * @covers ::pointLength - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function keyLengthMustBeCorrect(): void - { - self::assertSame(64, $this->getSigner()->pointLength()); - } - - private function getSigner(): UnsafeSha256 - { - return new UnsafeSha256($this->createMock(SignatureConverter::class)); - } -} diff --git a/test/unit/Signer/Ecdsa/UnsafeSha384Test.php b/test/unit/Signer/Ecdsa/UnsafeSha384Test.php deleted file mode 100644 index d6875b00..00000000 --- a/test/unit/Signer/Ecdsa/UnsafeSha384Test.php +++ /dev/null @@ -1,68 +0,0 @@ -getSigner()->algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function algorithmMustBeCorrect(): void - { - self::assertSame(OPENSSL_ALGO_SHA384, $this->getSigner()->algorithm()); - } - - /** - * @test - * - * @covers ::pointLength - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function keyLengthMustBeCorrect(): void - { - self::assertSame(96, $this->getSigner()->pointLength()); - } - - private function getSigner(): UnsafeSha384 - { - return new UnsafeSha384($this->createMock(SignatureConverter::class)); - } -} diff --git a/test/unit/Signer/Ecdsa/UnsafeSha512Test.php b/test/unit/Signer/Ecdsa/UnsafeSha512Test.php deleted file mode 100644 index da3a0b74..00000000 --- a/test/unit/Signer/Ecdsa/UnsafeSha512Test.php +++ /dev/null @@ -1,68 +0,0 @@ -getSigner()->algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function algorithmMustBeCorrect(): void - { - self::assertSame(OPENSSL_ALGO_SHA512, $this->getSigner()->algorithm()); - } - - /** - * @test - * - * @covers ::pointLength - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa - */ - public function keyLengthMustBeCorrect(): void - { - self::assertSame(132, $this->getSigner()->pointLength()); - } - - private function getSigner(): UnsafeSha512 - { - return new UnsafeSha512($this->createMock(SignatureConverter::class)); - } -} diff --git a/test/unit/Signer/Hmac/UnsafeSha256Test.php b/test/unit/Signer/Hmac/UnsafeSha256Test.php deleted file mode 100644 index 010e4dd2..00000000 --- a/test/unit/Signer/Hmac/UnsafeSha256Test.php +++ /dev/null @@ -1,46 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha256(); - - self::assertEquals('sha256', $signer->algorithm()); - } - - /** - * @test - * - * @covers ::minimumBitsLengthForKey - */ - public function minimumBitsLengthForKeyIsWhatItIs(): void - { - $signer = new UnsafeSha256(); - - self::assertSame(1, $signer->minimumBitsLengthForKey()); - } -} diff --git a/test/unit/Signer/Hmac/UnsafeSha384Test.php b/test/unit/Signer/Hmac/UnsafeSha384Test.php deleted file mode 100644 index c1a62b62..00000000 --- a/test/unit/Signer/Hmac/UnsafeSha384Test.php +++ /dev/null @@ -1,46 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha384(); - - self::assertEquals('sha384', $signer->algorithm()); - } - - /** - * @test - * - * @covers ::minimumBitsLengthForKey - */ - public function minimumBitsLengthForKeyIsWhatItIs(): void - { - $signer = new UnsafeSha384(); - - self::assertSame(1, $signer->minimumBitsLengthForKey()); - } -} diff --git a/test/unit/Signer/Hmac/UnsafeSha512Test.php b/test/unit/Signer/Hmac/UnsafeSha512Test.php deleted file mode 100644 index 5c2c867a..00000000 --- a/test/unit/Signer/Hmac/UnsafeSha512Test.php +++ /dev/null @@ -1,46 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha512(); - - self::assertEquals('sha512', $signer->algorithm()); - } - - /** - * @test - * - * @covers ::minimumBitsLengthForKey - */ - public function minimumBitsLengthForKeyIsWhatItIs(): void - { - $signer = new UnsafeSha512(); - - self::assertSame(1, $signer->minimumBitsLengthForKey()); - } -} diff --git a/test/unit/Signer/Key/LocalFileReferenceTest.php b/test/unit/Signer/Key/LocalFileReferenceTest.php deleted file mode 100644 index 6ea065b9..00000000 --- a/test/unit/Signer/Key/LocalFileReferenceTest.php +++ /dev/null @@ -1,55 +0,0 @@ - 'testing'], - ); - } - - /** - * @test - * - * @covers ::file - * @covers \Lcobucci\JWT\Signer\Key\FileCouldNotBeRead - */ - public function thereShouldBeNoReferenceToAFileThatDoesNotExist(): void - { - $this->expectException(FileCouldNotBeRead::class); - $this->expectExceptionMessage('The path "vfs://root/test2.pem" does not contain a valid key file'); - - LocalFileReference::file(vfsStream::url('root/test2.pem')); - } - - /** - * @test - * - * @covers ::file - * @covers ::__construct - * @covers ::contents - * @covers ::passphrase - */ - public function pathShouldBeNormalised(): void - { - $key = LocalFileReference::file('file://' . vfsStream::url('root/test.pem'), 'test'); - - self::assertSame('testing', $key->contents()); - self::assertSame('test', $key->passphrase()); - } -} diff --git a/test/unit/Signer/Rsa/UnsafeSha256.php b/test/unit/Signer/Rsa/UnsafeSha256.php new file mode 100644 index 00000000..45e5ff01 --- /dev/null +++ b/test/unit/Signer/Rsa/UnsafeSha256.php @@ -0,0 +1,42 @@ +createSignature($key->contents(), $key->passphrase(), $payload); + } + + public function verify(string $expected, string $payload, Key $key): bool + { + return $this->verifySignature($expected, $payload, $key->contents()); + } +} diff --git a/test/unit/Signer/Rsa/UnsafeSha256Test.php b/test/unit/Signer/Rsa/UnsafeSha256Test.php deleted file mode 100644 index fcc26b53..00000000 --- a/test/unit/Signer/Rsa/UnsafeSha256Test.php +++ /dev/null @@ -1,36 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha256(); - - self::assertEquals(OPENSSL_ALGO_SHA256, $signer->algorithm()); - } -} diff --git a/test/unit/Signer/Rsa/UnsafeSha384Test.php b/test/unit/Signer/Rsa/UnsafeSha384Test.php deleted file mode 100644 index 4dd5f21f..00000000 --- a/test/unit/Signer/Rsa/UnsafeSha384Test.php +++ /dev/null @@ -1,36 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha384(); - - self::assertEquals(OPENSSL_ALGO_SHA384, $signer->algorithm()); - } -} diff --git a/test/unit/Signer/Rsa/UnsafeSha512Test.php b/test/unit/Signer/Rsa/UnsafeSha512Test.php deleted file mode 100644 index 98b7a640..00000000 --- a/test/unit/Signer/Rsa/UnsafeSha512Test.php +++ /dev/null @@ -1,36 +0,0 @@ -algorithmId()); - } - - /** - * @test - * - * @covers ::algorithm - */ - public function algorithmMustBeCorrect(): void - { - $signer = new UnsafeSha512(); - - self::assertEquals(OPENSSL_ALGO_SHA512, $signer->algorithm()); - } -} diff --git a/test/unit/Signer/RsaTest.php b/test/unit/Signer/RsaTest.php index 8d43a707..07145ee4 100644 --- a/test/unit/Signer/RsaTest.php +++ b/test/unit/Signer/RsaTest.php @@ -5,6 +5,7 @@ use Lcobucci\JWT\Keys; use Lcobucci\JWT\Signer\Key\InMemory; +use Lcobucci\JWT\Signer\Rsa\UnsafeSha256; use OpenSSLAsymmetricKey; use PHPUnit\Framework\TestCase; @@ -53,6 +54,33 @@ public function signShouldReturnAValidOpensslSignature(): void self::assertSame(1, openssl_verify($payload, $signature, $publicKey, OPENSSL_ALGO_SHA256)); } + /** + * @test + * + * @covers ::sign + * @covers \Lcobucci\JWT\Signer\OpenSSL + * @covers \Lcobucci\JWT\Signer\CannotSignPayload + * + * @uses \Lcobucci\JWT\Signer\Key\InMemory + */ + public function signShouldRaiseAnExceptionWhenKeyIsInvalid(): void + { + $key = <<expectException(CannotSignPayload::class); + $this->expectExceptionMessage('There was an error while creating the signature:' . PHP_EOL . '* error:'); + + $signer->sign('testing', InMemory::plainText($key)); + } + /** * @test * diff --git a/test/unit/Signer/UnsafeEcdsaTest.php b/test/unit/Signer/UnsafeEcdsaTest.php deleted file mode 100644 index 3b78d77f..00000000 --- a/test/unit/Signer/UnsafeEcdsaTest.php +++ /dev/null @@ -1,140 +0,0 @@ -pointsManipulator = new MultibyteStringConverter(); - } - - private function getSigner(): UnsafeEcdsa - { - $signer = $this->getMockForAbstractClass(UnsafeEcdsa::class, [$this->pointsManipulator]); - - $signer->method('algorithm') - ->willReturn(OPENSSL_ALGO_SHA256); - - $signer->method('algorithmId') - ->willReturn('ES256'); - - $signer->method('pointLength') - ->willReturn(64); - - return $signer; - } - - /** - * @test - * - * @covers ::sign - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter - * @covers \Lcobucci\JWT\Signer\OpenSSL - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa::__construct - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function signShouldReturnTheAHashBasedOnTheOpenSslSignature(): void - { - $payload = 'testing'; - - $signer = $this->getSigner(); - $signature = $signer->sign($payload, self::$ecdsaKeys['private']); - - $publicKey = openssl_pkey_get_public(self::$ecdsaKeys['public1']->contents()); - assert($publicKey instanceof OpenSSLAsymmetricKey); - - self::assertSame( - 1, - openssl_verify( - $payload, - $this->pointsManipulator->toAsn1($signature, $signer->pointLength()), - $publicKey, - OPENSSL_ALGO_SHA256, - ), - ); - } - - /** - * @test - * - * @covers ::sign - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa::__construct - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function signShouldRaiseAnExceptionWhenKeyTypeIsNotEC(): void - { - $signer = $this->getSigner(); - - $this->expectException(InvalidKeyProvided::class); - $this->expectExceptionMessage('The type of the provided key is not "EC", "RSA" provided'); - - $signer->sign('testing', self::$rsaKeys['private']); - } - - /** - * @test - * - * @covers ::verify - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter - * @covers \Lcobucci\JWT\Signer\OpenSSL - * - * @uses \Lcobucci\JWT\Signer\UnsafeEcdsa::__construct - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function verifyShouldDelegateToEcdsaSignerUsingPublicKey(): void - { - $payload = 'testing'; - $privateKey = openssl_pkey_get_private(self::$ecdsaKeys['private']->contents()); - assert($privateKey instanceof OpenSSLAsymmetricKey); - - $signature = ''; - openssl_sign($payload, $signature, $privateKey, OPENSSL_ALGO_SHA256); - - $signer = $this->getSigner(); - - self::assertTrue( - $signer->verify( - $this->pointsManipulator->fromAsn1($signature, $signer->pointLength()), - $payload, - self::$ecdsaKeys['public1'], - ), - ); - } -} diff --git a/test/unit/Signer/UnsafeRsaTest.php b/test/unit/Signer/UnsafeRsaTest.php deleted file mode 100644 index ce02143b..00000000 --- a/test/unit/Signer/UnsafeRsaTest.php +++ /dev/null @@ -1,218 +0,0 @@ -getSigner(); - $signature = $signer->sign($payload, self::$rsaKeys['private']); - - $publicKey = openssl_pkey_get_public(self::$rsaKeys['public']->contents()); - assert($publicKey instanceof OpenSSLAsymmetricKey); - - self::assertSame(1, openssl_verify($payload, $signature, $publicKey, OPENSSL_ALGO_SHA256)); - } - - /** - * @test - * - * @covers ::sign - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\CannotSignPayload - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function signShouldRaiseAnExceptionWhenKeyIsInvalid(): void - { - $key = <<getSigner(); - - $this->expectException(CannotSignPayload::class); - $this->expectExceptionMessage('There was an error while creating the signature:' . PHP_EOL . '* error:'); - - $signer->sign('testing', InMemory::plainText($key)); - } - - /** - * @test - * - * @covers ::sign - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function signShouldRaiseAnExceptionWhenKeyIsNotParseable(): void - { - $signer = $this->getSigner(); - - $this->expectException(InvalidKeyProvided::class); - $this->expectExceptionMessage('It was not possible to parse your key, reason:' . PHP_EOL . '* error:'); - - $signer->sign('testing', InMemory::plainText('blablabla')); - } - - /** - * @test - * - * @covers ::sign - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function signShouldRaiseAnExceptionWhenKeyTypeIsNotRsa(): void - { - $signer = $this->getSigner(); - - $this->expectException(InvalidKeyProvided::class); - $this->expectExceptionMessage('The type of the provided key is not "RSA", "EC" provided'); - - $signer->sign('testing', self::$ecdsaKeys['private']); - } - - /** - * @test - * - * @covers ::sign - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - * @uses \Lcobucci\JWT\Signer\UnsafeRsa::verify - * @uses \Lcobucci\JWT\Signer\UnsafeRsa::guardAgainstIncompatibleKey - */ - public function signShouldAcceptAKeyLengthBelowMinimum(): void - { - $signer = $this->getSigner(); - - $payload = 'testing'; - $signature = $signer->sign($payload, self::$rsaKeys['private_short']); - - self::assertTrue($signer->verify($signature, $payload, self::$rsaKeys['public_short'])); - } - - /** - * @test - * - * @covers ::verify - * @covers \Lcobucci\JWT\Signer\OpenSSL - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - * @uses \Lcobucci\JWT\Signer\UnsafeRsa::guardAgainstIncompatibleKey - */ - public function verifyShouldReturnTrueWhenSignatureIsValid(): void - { - $payload = 'testing'; - $privateKey = openssl_pkey_get_private(self::$rsaKeys['private']->contents()); - assert($privateKey instanceof OpenSSLAsymmetricKey); - - $signature = ''; - openssl_sign($payload, $signature, $privateKey, OPENSSL_ALGO_SHA256); - - $signer = $this->getSigner(); - - self::assertTrue($signer->verify($signature, $payload, self::$rsaKeys['public'])); - } - - /** - * @test - * - * @covers ::verify - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function verifyShouldRaiseAnExceptionWhenKeyIsNotParseable(): void - { - $signer = $this->getSigner(); - - $this->expectException(InvalidKeyProvided::class); - $this->expectExceptionMessage('It was not possible to parse your key, reason:' . PHP_EOL . '* error:'); - - $signer->verify('testing', 'testing', InMemory::plainText('blablabla')); - } - - /** - * @test - * - * @covers ::verify - * @covers ::guardAgainstIncompatibleKey - * @covers \Lcobucci\JWT\Signer\OpenSSL - * @covers \Lcobucci\JWT\Signer\InvalidKeyProvided - * - * @uses \Lcobucci\JWT\Signer\Key\InMemory - */ - public function verifyShouldRaiseAnExceptionWhenKeyTypeIsNotRsa(): void - { - $signer = $this->getSigner(); - - $this->expectException(InvalidKeyProvided::class); - $this->expectExceptionMessage('The type of the provided key is not "RSA", "EC" provided'); - - $signer->verify('testing', 'testing', self::$ecdsaKeys['public1']); - } - - private function getSigner(): UnsafeRsa - { - $signer = $this->getMockForAbstractClass(UnsafeRsa::class); - - $signer->method('algorithm') - ->willReturn(OPENSSL_ALGO_SHA256); - - $signer->method('algorithmId') - ->willReturn('RS256'); - - return $signer; - } -} diff --git a/test/unit/Validation/Constraint/ValidAtTest.php b/test/unit/Validation/Constraint/ValidAtTest.php deleted file mode 100644 index bd5997b7..00000000 --- a/test/unit/Validation/Constraint/ValidAtTest.php +++ /dev/null @@ -1,49 +0,0 @@ - $clock->now(), - RegisteredClaims::NOT_BEFORE => $clock->now()->modify('+5 seconds'), - RegisteredClaims::EXPIRATION_TIME => $clock->now()->modify('15 seconds'), - ]; - - // @phpstan-ignore-next-line - $constraint = new ValidAt($clock, new DateInterval('PT1S')); - - $clock->setTo($clock->now()->modify('+4 seconds')); - $constraint->assert($this->buildToken($claims)); - $this->addToAssertionCount(1); - - $this->expectException(ConstraintViolation::class); - - $clock->setTo($clock->now()->modify('+20 seconds')); - $constraint->assert($this->buildToken($claims)); - } -} From f9c44801572f3359c3072bc6287a5c0bd14bd412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Cobucci?= Date: Fri, 19 Aug 2022 22:55:42 +0200 Subject: [PATCH 2/2] Temporarily disable composer-unused MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Due to a weird bug in that awesome package (PHP 8.1 readonly incompatibility), we need to disable it. More info: https://github.com/composer-unused/composer-unused/issues/326 Signed-off-by: Luís Cobucci --- .github/workflows/composer-json-lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/composer-json-lint.yml b/.github/workflows/composer-json-lint.yml index 38f55df3..e9658bda 100644 --- a/.github/workflows/composer-json-lint.yml +++ b/.github/workflows/composer-json-lint.yml @@ -63,5 +63,5 @@ jobs: - name: "Check composer.json explicit dependencies" run: "composer-require-checker check" - - name: "Check composer.json unused dependencies" - run: "composer-unused" +# - name: "Check composer.json unused dependencies" +# run: "composer-unused"