Skip to content

Commit

Permalink
Merge pull request #41 from paragonie/v2.9
Browse files Browse the repository at this point in the history
Prepare for Version 2.9
  • Loading branch information
paragonie-security authored May 8, 2024
2 parents aedf6b5 + ef6e649 commit 852c1a7
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 9 deletions.
17 changes: 17 additions & 0 deletions src/Composer.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,25 @@ public static function postAutoloadDump(Event $event)
require_once $vendorDir . '/autoload.php';

$dataDir = \dirname($vendorDir) . '/data';
(new RemoteFetch($dataDir))->getLatestBundle(false, false);
self::dos2unixAll($dataDir);
(new RemoteFetch($dataDir))->getLatestBundle();

echo '[OK] Remote Fetch of latest CACert Bundle', PHP_EOL;
}

/**
* Prevent newline weirdness with Git from causing invalid files (SHA-256, signatures)
*
* @param string $dataDir
* @return void
*/
public static function dos2unixAll($dataDir)
{
foreach (glob($dataDir . '/*.pem') as $pemFile) {
$contents = file_get_contents($pemFile);
$fixed = str_replace("\r\n", "\n", $contents);
file_put_contents($pemFile, $fixed);
}
}
}
12 changes: 6 additions & 6 deletions src/Fetch.php
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,12 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =
$checkChronicle = (bool) (static::CHECK_CHRONICLE_BY_DEFAULT && $sodiumCompatIsntSlow);
}

/** @var int $bundleIndex */
$bundleIndex = 0;
/** @var Bundle $bundle */
foreach ($this->listBundles('', $this->trustChannel) as $bundle) {
$bundlesAvailable = $this->listBundles('', $this->trustChannel);
if (empty($bundlesAvailable)) {
throw new BundleException('No bundles were found in the data directory.');
}
foreach ($bundlesAvailable as $bundle) {
if ($bundle->hasCustom()) {
$validator = $bundle->getValidator();
} else {
Expand All @@ -93,10 +95,9 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =

// If the SHA256 doesn't match, fail fast.
if ($validator::checkSha256Sum($bundle)) {
/** @var bool $valid */
$valid = true;
if ($checkEd25519Signature) {
$valid = $valid && $validator->checkEd25519Signature($bundle);
$valid = $validator->checkEd25519Signature($bundle);
if (!$valid) {
$this->markBundleAsBad($bundleIndex, 'Ed25519 signature mismatch');
}
Expand All @@ -106,7 +107,6 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle =
$index = array_search($bundle->getFilePath(), $this->unverified, true);
if ($index !== false) {
$validChronicle = $validator->checkChronicleHash($bundle);
$valid = $valid && $validChronicle;
if ($validChronicle) {
unset($this->unverified[$index]);
} else {
Expand Down
3 changes: 2 additions & 1 deletion test/CustomCASupportTest.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?php
namespace ParagonIE\Certainty\Tests;

use ParagonIE\Certainty\Composer;
use ParagonIE\Certainty\Exception\CertaintyException;
use ParagonIE\Certainty\Exception\CryptoException;
use ParagonIE\ConstantTime\Hex;
Expand Down Expand Up @@ -49,7 +50,6 @@ public function after()
*/
public function testCustom()
{
$this->markTestSkipped('not important for now');
$keypair = \ParagonIE_Sodium_Compat::crypto_sign_keypair();
$secretKey = \ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair);
$publicKey = \ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair);
Expand All @@ -71,6 +71,7 @@ public function testCustom()
\hash_file('sha256', __DIR__ . '/static/combined.pem'),
$customLatest->getSha256Sum()
);
$this->assertTrue(file_exists($customLatest->getFilePath()), 'File does not exist');

$this->assertTrue($validator->checkEd25519Signature($customLatest));
}
Expand Down
4 changes: 2 additions & 2 deletions test/CustomValidator.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ public static function setPublicKey($string)
*/
public function checkEd25519Signature(Bundle $bundle, $backupKey = false)
{
return \ParagonIE_Sodium_File::verify(
return \sodium_crypto_sign_verify_detached(
$bundle->getSignature(true),
$bundle->getFilePath(),
$bundle->getFileContents(),
Hex::decode(self::$publicKey)
);
}
Expand Down
2 changes: 2 additions & 0 deletions test/RemoteFetchTest.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?php
namespace ParagonIE\Certainty\Tests;

use ParagonIE\Certainty\Composer;
use ParagonIE\Certainty\Exception\CertaintyException;
use ParagonIE\Certainty\RemoteFetch;
use PHPUnit\Framework\TestCase;
Expand Down Expand Up @@ -59,6 +60,7 @@ public function testRemoteFetch()
}
$this->assertFalse(\file_exists($this->dir . '/ca-certs.json'));
$fetch = new RemoteFetch($this->dir);
Composer::dos2unixAll($this->dir);
$fetch->getLatestBundle();
$this->assertTrue(\file_exists($this->dir . '/ca-certs.json'));

Expand Down

0 comments on commit 852c1a7

Please sign in to comment.