From 25d13a4afe9c5902f289b9f27ae18440f9f4088a Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 9 Apr 2024 15:14:36 +0200 Subject: [PATCH] feat(deps): Upgrade phpseclib to v3 Signed-off-by: Ferdinand Thiessen --- 3rdparty | 2 +- apps/encryption/lib/Crypto/Crypt.php | 4 +- .../lib/Controller/AjaxController.php | 18 +++--- .../lib/Lib/Auth/PublicKey/RSA.php | 27 +++++---- .../lib/Lib/Auth/PublicKey/RSAPrivateKey.php | 12 ++-- apps/files_external/lib/Lib/Storage/SFTP.php | 12 ++-- .../lib/Lib/Storage/SFTPReadStream.php | 6 +- .../lib/Lib/Storage/SFTPWriteStream.php | 6 +- apps/files_external/lib/MountConfig.php | 2 +- core/Command/Integrity/SignApp.php | 7 +-- core/Command/Integrity/SignCore.php | 7 +-- lib/private/Installer.php | 2 +- lib/private/IntegrityCheck/Checker.php | 56 ++++++++++--------- lib/private/Security/Crypto.php | 6 +- tests/lib/IntegrityCheck/CheckerTest.php | 34 +++++------ 15 files changed, 98 insertions(+), 103 deletions(-) diff --git a/3rdparty b/3rdparty index 9a3b99624c793..ce1f7966c9f3a 160000 --- a/3rdparty +++ b/3rdparty @@ -1 +1 @@ -Subproject commit 9a3b99624c7939e29a42a333ec7b409d60820835 +Subproject commit ce1f7966c9f3a66578c2d2a96c1b69b8b8d515a7 diff --git a/apps/encryption/lib/Crypto/Crypt.php b/apps/encryption/lib/Crypto/Crypt.php index 463ca4e22bb21..ead50e2ca664b 100644 --- a/apps/encryption/lib/Crypto/Crypt.php +++ b/apps/encryption/lib/Crypto/Crypt.php @@ -16,7 +16,7 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IUserSession; -use phpseclib\Crypt\RC4; +use phpseclib3\Crypt\RC4; use Psr\Log\LoggerInterface; /** @@ -724,7 +724,6 @@ public function useLegacyBase64Encoding(): bool { */ private function rc4Decrypt(string $data, string $secret): string { $rc4 = new RC4(); - /** @psalm-suppress InternalMethod */ $rc4->setKey($secret); return $rc4->decrypt($data); @@ -735,7 +734,6 @@ private function rc4Decrypt(string $data, string $secret): string { */ private function rc4Encrypt(string $data, string $secret): string { $rc4 = new RC4(); - /** @psalm-suppress InternalMethod */ $rc4->setKey($secret); return $rc4->encrypt($data); diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php index 3934b12c7fa42..64b1ed345bed6 100644 --- a/apps/files_external/lib/Controller/AjaxController.php +++ b/apps/files_external/lib/Controller/AjaxController.php @@ -42,10 +42,15 @@ public function __construct( */ private function generateSshKeys($keyLength) { $key = $this->rsaMechanism->createKey($keyLength); - // Replace the placeholder label with a more meaningful one - $key['publickey'] = str_replace('phpseclib-generated-key', gethostname(), $key['publickey']); - - return $key; + return [ + 'private_key' => $key->toString('PKCS1'), + // Replace the placeholder label with a more meaningful one + 'public_key' => str_replace( + 'phpseclib-generated-key', + gethostname(), + $key->getPublicKey()->toString('OpenSSH'), + ), + ]; } /** @@ -57,10 +62,7 @@ private function generateSshKeys($keyLength) { public function getSshKeys($keyLength = 1024) { $key = $this->generateSshKeys($keyLength); return new JSONResponse( - ['data' => [ - 'private_key' => $key['privatekey'], - 'public_key' => $key['publickey'] - ], + ['data' => $key, 'status' => 'success' ]); } diff --git a/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php b/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php index 2371ce0a219dd..7a0e724652e5b 100644 --- a/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php +++ b/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php @@ -12,7 +12,7 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IUser; -use phpseclib\Crypt\RSA as RSACrypt; +use phpseclib3\Crypt\RSA as RSACrypt; /** * RSA public key authentication @@ -41,15 +41,16 @@ public function __construct( * @return void */ public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) { - $auth = new RSACrypt(); - $auth->setPassword($this->config->getSystemValue('secret', '')); - if (!$auth->loadKey($storage->getBackendOption('private_key'))) { + try { + $auth = RSACrypt::loadPrivateKey( + $storage->getBackendOption('private_key'), + $this->config->getSystemValue('secret', '') + ); + } catch (\Throwable) { // Add fallback routine for a time where secret was not enforced to be exists - $auth->setPassword(''); - if (!$auth->loadKey($storage->getBackendOption('private_key'))) { - throw new \RuntimeException('unable to load private key'); - } + $auth = RSACrypt::loadPrivateKey($storage->getBackendOption('private_key')); } + $storage->setBackendOption('public_key_auth', $auth); } @@ -57,17 +58,15 @@ public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = * Generate a keypair * * @param int $keyLenth - * @return array ['privatekey' => $privateKey, 'publickey' => $publicKey] */ - public function createKey($keyLength) { + public function createKey($keyLength): RSACrypt\PrivateKey { $rsa = new RSACrypt(); - $rsa->setPublicKeyFormat(RSACrypt::PUBLIC_FORMAT_OPENSSH); - $rsa->setPassword($this->config->getSystemValue('secret', '')); - + if ($keyLength !== 1024 && $keyLength !== 2048 && $keyLength !== 4096) { $keyLength = 1024; } - return $rsa->createKey($keyLength); + return $rsa->createKey($keyLength) + ->withPassword($this->config->getSystemValue('secret', '')); } } diff --git a/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php index 8c2e2f3d6ecfc..88fc7c3bba629 100644 --- a/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php +++ b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php @@ -11,7 +11,7 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IUser; -use phpseclib\Crypt\RSA as RSACrypt; +use phpseclib3\Crypt\RSA; /** * RSA public key authentication @@ -39,12 +39,12 @@ public function __construct( * @return void */ public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) { - $auth = new RSACrypt(); - $auth->setPassword($this->config->getSystemValue('secret', '')); - if (!$auth->loadKey($storage->getBackendOption('private_key'))) { + $auth = new RSA\PrivateKey(); + $auth->withPassword($this->config->getSystemValue('secret', '')); + if (!$auth->loadPrivateKey($storage->getBackendOption('private_key'))) { // Add fallback routine for a time where secret was not enforced to be exists - $auth->setPassword(''); - if (!$auth->loadKey($storage->getBackendOption('private_key'))) { + $auth->withPassword(''); + if (!$auth->loadPrivateKey($storage->getBackendOption('private_key'))) { throw new \RuntimeException('unable to load private key'); } } diff --git a/apps/files_external/lib/Lib/Storage/SFTP.php b/apps/files_external/lib/Lib/Storage/SFTP.php index 44073beedecee..0377a8e0ce721 100644 --- a/apps/files_external/lib/Lib/Storage/SFTP.php +++ b/apps/files_external/lib/Lib/Storage/SFTP.php @@ -14,7 +14,7 @@ use OCP\Constants; use OCP\Files\FileInfo; use OCP\Files\IMimeTypeDetector; -use phpseclib\Net\SFTP\Stream; +use phpseclib3\Net\SFTP\Stream; /** * Uses phpseclib's Net\SFTP class and the Net\SFTP\Stream stream wrapper to @@ -29,7 +29,7 @@ class SFTP extends Common { private $auth = []; /** - * @var \phpseclib\Net\SFTP + * @var \phpseclib3\Net\SFTP */ protected $client; private IMimeTypeDetector $mimeTypeDetector; @@ -93,16 +93,16 @@ public function __construct(array $parameters) { /** * Returns the connection. * - * @return \phpseclib\Net\SFTP connected client instance + * @return \phpseclib3\Net\SFTP connected client instance * @throws \Exception when the connection failed */ - public function getConnection(): \phpseclib\Net\SFTP { + public function getConnection(): \phpseclib3\Net\SFTP { if (!is_null($this->client)) { return $this->client; } $hostKeys = $this->readHostKeys(); - $this->client = new \phpseclib\Net\SFTP($this->host, $this->port); + $this->client = new \phpseclib3\Net\SFTP($this->host, $this->port); // The SSH Host Key MUST be verified before login(). $currentHostKey = $this->client->getServerPublicHostKey(); @@ -453,7 +453,7 @@ public function copy(string $source, string $target): bool { return false; } /** @psalm-suppress InternalMethod */ - if (!$connection->put($absTarget, $chunk, \phpseclib\Net\SFTP::SOURCE_STRING, $i)) { + if (!$connection->put($absTarget, $chunk, \phpseclib3\Net\SFTP::SOURCE_STRING, $i)) { return false; } } diff --git a/apps/files_external/lib/Lib/Storage/SFTPReadStream.php b/apps/files_external/lib/Lib/Storage/SFTPReadStream.php index 7dedbd7035a90..f787b441ba5a3 100644 --- a/apps/files_external/lib/Lib/Storage/SFTPReadStream.php +++ b/apps/files_external/lib/Lib/Storage/SFTPReadStream.php @@ -9,13 +9,13 @@ namespace OCA\Files_External\Lib\Storage; use Icewind\Streams\File; -use phpseclib\Net\SSH2; +use phpseclib3\Net\SSH2; class SFTPReadStream implements File { /** @var resource */ public $context; - /** @var \phpseclib\Net\SFTP */ + /** @var \phpseclib3\Net\SFTP */ private $sftp; /** @var string */ @@ -53,7 +53,7 @@ protected function loadContext(string $name) { } else { throw new \BadMethodCallException('Invalid context, "' . $name . '" options not set'); } - if (isset($context['session']) and $context['session'] instanceof \phpseclib\Net\SFTP) { + if (isset($context['session']) and $context['session'] instanceof \phpseclib3\Net\SFTP) { $this->sftp = $context['session']; } else { throw new \BadMethodCallException('Invalid context, session not set'); diff --git a/apps/files_external/lib/Lib/Storage/SFTPWriteStream.php b/apps/files_external/lib/Lib/Storage/SFTPWriteStream.php index d64e89b546217..68cebcd45d663 100644 --- a/apps/files_external/lib/Lib/Storage/SFTPWriteStream.php +++ b/apps/files_external/lib/Lib/Storage/SFTPWriteStream.php @@ -9,13 +9,13 @@ namespace OCA\Files_External\Lib\Storage; use Icewind\Streams\File; -use phpseclib\Net\SSH2; +use phpseclib3\Net\SSH2; class SFTPWriteStream implements File { /** @var resource */ public $context; - /** @var \phpseclib\Net\SFTP */ + /** @var \phpseclib3\Net\SFTP */ private $sftp; /** @var string */ @@ -51,7 +51,7 @@ protected function loadContext(string $name) { } else { throw new \BadMethodCallException('Invalid context, "' . $name . '" options not set'); } - if (isset($context['session']) and $context['session'] instanceof \phpseclib\Net\SFTP) { + if (isset($context['session']) and $context['session'] instanceof \phpseclib3\Net\SFTP) { $this->sftp = $context['session']; } else { throw new \BadMethodCallException('Invalid context, session not set'); diff --git a/apps/files_external/lib/MountConfig.php b/apps/files_external/lib/MountConfig.php index ca14275ab1350..62202cdd0e965 100644 --- a/apps/files_external/lib/MountConfig.php +++ b/apps/files_external/lib/MountConfig.php @@ -18,7 +18,7 @@ use OCP\Files\StorageNotAvailableException; use OCP\IL10N; use OCP\Util; -use phpseclib\Crypt\AES; +use phpseclib3\Crypt\AES; use Psr\Log\LoggerInterface; /** diff --git a/core/Command/Integrity/SignApp.php b/core/Command/Integrity/SignApp.php index d307bc589859c..13cc4af0cb4cc 100644 --- a/core/Command/Integrity/SignApp.php +++ b/core/Command/Integrity/SignApp.php @@ -10,8 +10,8 @@ use OC\IntegrityCheck\Checker; use OC\IntegrityCheck\Helpers\FileAccessHelper; use OCP\IURLGenerator; -use phpseclib\Crypt\RSA; -use phpseclib\File\X509; +use phpseclib3\Crypt\RSA; +use phpseclib3\File\X509; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; @@ -68,8 +68,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 1; } - $rsa = new RSA(); - $rsa->loadKey($privateKey); + $rsa = RSA::loadPrivateKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); diff --git a/core/Command/Integrity/SignCore.php b/core/Command/Integrity/SignCore.php index ed80091ec3882..46e7572ec7492 100644 --- a/core/Command/Integrity/SignCore.php +++ b/core/Command/Integrity/SignCore.php @@ -9,8 +9,8 @@ use OC\IntegrityCheck\Checker; use OC\IntegrityCheck\Helpers\FileAccessHelper; -use phpseclib\Crypt\RSA; -use phpseclib\File\X509; +use phpseclib3\Crypt\RSA; +use phpseclib3\File\X509; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; @@ -63,8 +63,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 1; } - $rsa = new RSA(); - $rsa->loadKey($privateKey); + $rsa = RSA::loadPrivateKey($privateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $x509->setPrivateKey($rsa); diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 00fdd84c1bc83..c66a60da7cc69 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -24,7 +24,7 @@ use OCP\IConfig; use OCP\ITempManager; use OCP\Migration\IOutput; -use phpseclib\File\X509; +use phpseclib3\File\X509; use Psr\Log\LoggerInterface; /** diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index 3a24e8632de4c..9d9e5c4467dbf 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -22,8 +22,8 @@ use OCP\ICacheFactory; use OCP\IConfig; use OCP\ServerVersion; -use phpseclib\Crypt\RSA; -use phpseclib\File\X509; +use phpseclib3\Crypt\RSA; +use phpseclib3\File\X509; /** * Class Checker handles the code signing using X.509 and RSA. ownCloud ships with @@ -167,24 +167,26 @@ private function generateHashes(\RecursiveIteratorIterator $iterator, * * @param array $hashes * @param X509 $certificate - * @param RSA $privateKey + * @param RSA\PrivateKey $privateKey * @return array */ - private function createSignatureData(array $hashes, + private function createSignatureData( + array $hashes, X509 $certificate, - RSA $privateKey): array { + RSA\PrivateKey $privateKey, + ): array { ksort($hashes); - $privateKey->setSignatureMode(RSA::SIGNATURE_PSS); - $privateKey->setMGFHash('sha512'); - // See https://tools.ietf.org/html/rfc3447#page-38 - $privateKey->setSaltLength(0); - $signature = $privateKey->sign(json_encode($hashes)); + $signature = $privateKey + ->withPadding(RSA::SIGNATURE_PSS) + ->withMGFHash('sha512') + ->withSaltLength(0) + ->sign(json_encode($hashes)); return [ 'hashes' => $hashes, 'signature' => base64_encode($signature), - 'certificate' => $certificate->saveX509($certificate->currentCert), + 'certificate' => $certificate->saveX509($certificate->getCurrentCert()), ]; } @@ -193,12 +195,12 @@ private function createSignatureData(array $hashes, * * @param string $path * @param X509 $certificate - * @param RSA $privateKey + * @param RSA\PrivateKey $privateKey * @throws \Exception */ public function writeAppSignature($path, X509 $certificate, - RSA $privateKey) { + RSA\PrivateKey $privateKey) { $appInfoDir = $path . '/appinfo'; try { $this->fileAccessHelper->assertDirectoryExists($appInfoDir); @@ -222,12 +224,12 @@ public function writeAppSignature($path, * Write the signature of core * * @param X509 $certificate - * @param RSA $rsa + * @param RSA\PrivateKey $rsa * @param string $path * @throws \Exception */ public function writeCoreSignature(X509 $certificate, - RSA $rsa, + RSA\PrivateKey $rsa, $path) { $coreDir = $path . '/core'; try { @@ -291,15 +293,14 @@ private function verify(string $signaturePath, string $basePath, string $certifi $certificate = $signatureData['certificate']; // Check if certificate is signed by Nextcloud Root Authority - $x509 = new \phpseclib\File\X509(); + $x509 = new X509(); $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt'); $rootCerts = $this->splitCerts($rootCertificatePublicKey); foreach ($rootCerts as $rootCert) { $x509->loadCA($rootCert); } - $x509->loadX509($certificate); - if (!$x509->validateSignature()) { + if ($x509->loadX509($certificate) === false || !$x509->validateSignature()) { throw new InvalidSignatureException('Certificate is not valid.'); } // Verify if certificate has proper CN. "core" CN is always trusted. @@ -310,13 +311,18 @@ private function verify(string $signaturePath, string $basePath, string $certifi } // Check if the signature of the files is valid - $rsa = new \phpseclib\Crypt\RSA(); - $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']); - $rsa->setSignatureMode(RSA::SIGNATURE_PSS); - $rsa->setMGFHash('sha512'); - // See https://tools.ietf.org/html/rfc3447#page-38 - $rsa->setSaltLength(0); - if (!$rsa->verify(json_encode($expectedHashes), $signature)) { + /** @var RSA\PublicKey|false */ + $rsa = $x509->getPublicKey(); + if ($rsa === false) { + throw new InvalidSignatureException('Certificate does not provide valid public RSA key.'); + } + + $rsa = $rsa + ->withPadding(RSA::SIGNATURE_PSS) + ->withMGFHash('sha512') + ->withSaltLength(0); + + if (!$rsa->verify(json_encode($expectedHashes), (string)$signature)) { throw new InvalidSignatureException('Signature could not get verified.'); } diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php index f7f62aadb7b26..34a2548dd7bd2 100644 --- a/lib/private/Security/Crypto.php +++ b/lib/private/Security/Crypto.php @@ -11,8 +11,8 @@ use Exception; use OCP\IConfig; use OCP\Security\ICrypto; -use phpseclib\Crypt\AES; -use phpseclib\Crypt\Hash; +use phpseclib3\Crypt\AES; +use phpseclib3\Crypt\Hash; /** * Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided @@ -31,7 +31,7 @@ class Crypto implements ICrypto { public function __construct( private IConfig $config, ) { - $this->cipher = new AES(); + $this->cipher = new AES('cbc'); } /** diff --git a/tests/lib/IntegrityCheck/CheckerTest.php b/tests/lib/IntegrityCheck/CheckerTest.php index 5858a01203f5f..c87ff68d303d8 100644 --- a/tests/lib/IntegrityCheck/CheckerTest.php +++ b/tests/lib/IntegrityCheck/CheckerTest.php @@ -18,8 +18,8 @@ use OCP\ICacheFactory; use OCP\IConfig; use OCP\ServerVersion; -use phpseclib\Crypt\RSA; -use phpseclib\File\X509; +use phpseclib3\Crypt\RSA; +use phpseclib3\File\X509; use Test\TestCase; class CheckerTest extends TestCase { @@ -29,7 +29,7 @@ class CheckerTest extends TestCase { private $environmentHelper; /** @var AppLocator|\PHPUnit\Framework\MockObject\MockObject */ private $appLocator; - /** @var Checker */ + /** @var Checker|\PHPUnit\Framework\MockObject\MockObject */ private $checker; /** @var FileAccessHelper|\PHPUnit\Framework\MockObject\MockObject */ private $fileAccessHelper; @@ -96,8 +96,7 @@ public function testWriteAppSignatureOfNotExistingApp(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeAppSignature('NotExistingApp', $x509, $rsa); @@ -115,8 +114,8 @@ public function testWriteAppSignatureWrongPermissions(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsaPrivateKey = file_get_contents(__DIR__ .'/../../data/integritycheck/SomeApp.key'); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa); @@ -146,8 +145,7 @@ public function testWriteAppSignature(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa); @@ -477,8 +475,7 @@ public function testWriteCoreSignatureWithException(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, __DIR__); @@ -501,8 +498,7 @@ public function testWriteCoreSignatureWrongPermissions(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, __DIR__); @@ -536,8 +532,7 @@ public function testWriteCoreSignature(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/app/'); @@ -571,8 +566,7 @@ public function testWriteCoreSignatureWithUnmodifiedHtaccess(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/'); @@ -601,8 +595,7 @@ public function testWriteCoreSignatureWithInvalidModifiedHtaccess(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent/'); @@ -636,8 +629,7 @@ public function testWriteCoreSignatureWithValidModifiedHtaccess(): void { $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt'); $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key'); - $rsa = new RSA(); - $rsa->loadKey($rsaPrivateKey); + $rsa = RSA::loadPrivateKey($rsaPrivateKey); $x509 = new X509(); $x509->loadX509($keyBundle); $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');