From 4563685375f12de71a4fd938a00adabf55ad3c40 Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Mon, 30 Oct 2017 16:21:17 +0100 Subject: [PATCH 1/6] Also accept an RSA key with crlf --- .gitattributes | 4 +++- src/CryptKey.php | 2 +- tests/CryptKeyTest.php | 6 ++++++ tests/Stubs/public.key.crlf | 6 ++++++ 4 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 tests/Stubs/public.key.crlf diff --git a/.gitattributes b/.gitattributes index d85a794e..bea6eefb 100644 --- a/.gitattributes +++ b/.gitattributes @@ -10,4 +10,6 @@ /phpunit.xml.dist export-ignore /CHANGELOG.md export-ignore /CONTRIBUTING.md export-ignore -/README.md export-ignore \ No newline at end of file +/README.md export-ignore + ++*.crlf eol=crlf diff --git a/src/CryptKey.php b/src/CryptKey.php index 2ede9e33..0e06f7ab 100644 --- a/src/CryptKey.php +++ b/src/CryptKey.php @@ -14,7 +14,7 @@ namespace League\OAuth2\Server; class CryptKey { const RSA_KEY_PATTERN = - '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----\n)(.|\n)+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/'; + '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)(.|\n|\r)+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/'; /** * @var string diff --git a/tests/CryptKeyTest.php b/tests/CryptKeyTest.php index c7f7f4a0..08bf27e8 100644 --- a/tests/CryptKeyTest.php +++ b/tests/CryptKeyTest.php @@ -21,6 +21,12 @@ class CryptKeyTest extends \PHPUnit_Framework_TestCase $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); $this->assertEquals('secret', $key->getPassPhrase()); + + $keyFile = __DIR__ . '/Stubs/public.key.crlf'; + $key = new CryptKey($keyFile, 'secret'); + + $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); + $this->assertEquals('secret', $key->getPassPhrase()); } public function testKeyFileCreation() diff --git a/tests/Stubs/public.key.crlf b/tests/Stubs/public.key.crlf new file mode 100644 index 00000000..25010108 --- /dev/null +++ b/tests/Stubs/public.key.crlf @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOBcFjGUlo3BJ9zjwQLgAHn6Oy +5Si0uB7MublTiPob8rWTiCE4weAFqzPoAB07vB0t0f8c1R8rmwHMD5ljWPBgJ8Fe +wtwAUzprOBcau6DWukd/TKxXWeVLAl/NZxijI+jR5QDBYLNBtj1G4LBVHMmINd3r +yCycbf9ac3rcC8zhrQIDAQAB +-----END PUBLIC KEY----- From 90fec631040e572f0d4c559351da3efc702b1081 Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Mon, 30 Oct 2017 16:41:10 +0100 Subject: [PATCH 2/6] Setup the public.key.crlf with the proper permissions --- tests/AuthorizationServerTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/AuthorizationServerTest.php b/tests/AuthorizationServerTest.php index 91ca9e4b..c937e84a 100644 --- a/tests/AuthorizationServerTest.php +++ b/tests/AuthorizationServerTest.php @@ -31,6 +31,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase // Make sure the keys have the correct permissions. chmod(__DIR__ . '/Stubs/private.key', 0600); chmod(__DIR__ . '/Stubs/public.key', 0600); + chmod(__DIR__ . '/Stubs/public.key.crlf', 0600); } public function testRespondToRequestInvalidGrantType() From f79d3f27cf85c093de3dce41880c4d1116b81d7d Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Tue, 31 Oct 2017 10:14:46 +0100 Subject: [PATCH 3/6] Incorporate https://github.com/thephpleague/oauth2-server/pull/731. Thanks. Now can handle cr/lf, cr, and lf endings. And on php5 large keys as well. --- src/CryptKey.php | 2 +- tests/AuthorizationServerTest.php | 2 +- tests/CryptKeyTest.php | 2 +- tests/Stubs/private.key.crlf | 27 +++++++++++++++++++++++++++ tests/Stubs/public.key.crlf | 6 ------ 5 files changed, 30 insertions(+), 9 deletions(-) create mode 100644 tests/Stubs/private.key.crlf delete mode 100644 tests/Stubs/public.key.crlf diff --git a/src/CryptKey.php b/src/CryptKey.php index 0e06f7ab..9ec9202f 100644 --- a/src/CryptKey.php +++ b/src/CryptKey.php @@ -14,7 +14,7 @@ namespace League\OAuth2\Server; class CryptKey { const RSA_KEY_PATTERN = - '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)(.|\n|\r)+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/'; + '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----).+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/s'; /** * @var string diff --git a/tests/AuthorizationServerTest.php b/tests/AuthorizationServerTest.php index c937e84a..dfbb51d4 100644 --- a/tests/AuthorizationServerTest.php +++ b/tests/AuthorizationServerTest.php @@ -31,7 +31,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase // Make sure the keys have the correct permissions. chmod(__DIR__ . '/Stubs/private.key', 0600); chmod(__DIR__ . '/Stubs/public.key', 0600); - chmod(__DIR__ . '/Stubs/public.key.crlf', 0600); + chmod(__DIR__ . '/Stubs/private.key.crlf', 0600); } public function testRespondToRequestInvalidGrantType() diff --git a/tests/CryptKeyTest.php b/tests/CryptKeyTest.php index 08bf27e8..ce3c8081 100644 --- a/tests/CryptKeyTest.php +++ b/tests/CryptKeyTest.php @@ -22,7 +22,7 @@ class CryptKeyTest extends \PHPUnit_Framework_TestCase $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); $this->assertEquals('secret', $key->getPassPhrase()); - $keyFile = __DIR__ . '/Stubs/public.key.crlf'; + $keyFile = __DIR__ . '/Stubs/private.key.crlf'; $key = new CryptKey($keyFile, 'secret'); $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); diff --git a/tests/Stubs/private.key.crlf b/tests/Stubs/private.key.crlf new file mode 100644 index 00000000..5e7e5a01 --- /dev/null +++ b/tests/Stubs/private.key.crlf @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtHYxRBYATiiyDFs3pEhFg6Ei/UiQEmolTaQyQK810xHY23+X +4elLl6HP1J09mefmJ3ZdIgjIOS6rfK1BQnZIvI+IkoC7+qpD92y9f48iL0tCYKsn +i1LFFjP0bESTGDe7XANifQPkp9GvKgJbu7h1/ac8x4CBSU0ZjtEvinQRsdYil6OM +MXLWGozbBy13X8G+Ganv2i1aPZ2B25GyrH6lVIEwztGrSYxUrFVL+8dHhONf6PYX +19gjdzxkXCYQy2AGMc1FevZmnpIqDNQwX7CUUXQ4TDJmiP0aBEni094gUhnRFUr9 +dmGpLQcCb2i0WMh2K+swFk3EutDAJ+73LKoZ3QIDAQABAoIBADo8Tge3xd9zGIoO +QbV9MRmaPW1ZJk0a/fDBRQpEwGzdvIqQ8VWQ8Lj9GdF18LQi9s3TT5i1FtAFNIfm +bUHiY/SdqSgF7SOmIIrPB5QLf6+dbM0/TmKSklFo8L6jnohZK9g0q2rGf9p8Ozem +TS4WB9WUS3PiD1a1T8Mb1Gisri0h7rvI4TIkrcx6lUUCgphCZd2TWUhmE3YmybOg +4h855W685g/ydzjwB+5Y6CS3V6a78Z5Gb4df3l0XfqCWh/xzuNs7nIpRv8CE0vRE +vq9j/cVyKkzMjiagteJaisTCBkDmtAi9dEVL8uaSDoTJq1g+VOGuJxHUm31Pavqr +3RwvXS0CgYEA74jUqmzxAwr/uBWquIkfMg+hsKjJe3gsSAJIAPzcA9OkzZd9w/1R +P8C92N2UaDbCW7ZEl7ZzS+IO6nA4OcR98j77/nBk6cYykyVRkSaj01epz3bRApxc +R18e49MBftSMnI5R7lIJO/UAIRfd0rntX4jkdVAdn9s/VOvG8w4KQXcCgYEAwN3W +b3azSNYlj4CW8+t6qS/3JQ/qpPgVuqkqP9dQXC9O6VlV03pJIwFk2Ldjd7/eXT+0 +hFVB3O71iECfet/1UgustlgFp5I4ZrPmYF/J1nGpx1KIE8P4d0qC8lODtdnsGAcU ++/vBjXinX7pWgM8e6LAJzqNUq/xal/wNY325dEsCgYB7J0+n+/ECToJhhApNbHq0 +g2LvcCh/Ka8iqsGYeGkqMoOWDKBlxvUiIRe6y1nFJvpQquqjUfP/fM+Ma3wM/2B9 +zzJChEjuBK/2BYblaQdr3rN47i7R99BeBaLdIZywN9m/mFC5hkYnJHUXjqzG7j8E +El7bjgBdMx1hrQOR7ZMKSwKBgQC2SXXBiBlPwEdj6I/EH06h1hnrR63pGim/cN/j +0ye62WPmHW+HH888bLbaNgqnRgtvayS85rAHlzst+pZBVqfRUgN9nJhLl2IDgAlA +EYj9TBTBtXmz5MdUSHKXguO73yrMUvU8bOi1Q9I+IipcOGboWmoKikke/LbLa4lj +/ZJpHQKBgQCuDanU+AJKgUQkkC2gHwT8quxPoRcFFErHp3iaDAwd5XsZJG9FHQUP +RkPE+JkSaj65byFLhCPHUayfk4Y4udHEy4cXiv2SxZNK8q1HwuFEvb7uFprj0hNs +14qJunONVt/jzswdwO5kGVbpGlHl7U0JABnTJP71fW/rE5SH4zYxqg== +-----END RSA PRIVATE KEY----- diff --git a/tests/Stubs/public.key.crlf b/tests/Stubs/public.key.crlf deleted file mode 100644 index 25010108..00000000 --- a/tests/Stubs/public.key.crlf +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOBcFjGUlo3BJ9zjwQLgAHn6Oy -5Si0uB7MublTiPob8rWTiCE4weAFqzPoAB07vB0t0f8c1R8rmwHMD5ljWPBgJ8Fe -wtwAUzprOBcau6DWukd/TKxXWeVLAl/NZxijI+jR5QDBYLNBtj1G4LBVHMmINd3r -yCycbf9ac3rcC8zhrQIDAQAB ------END PUBLIC KEY----- From 2ec8d148b062e7a04be88df2348fc94c9d91a8c7 Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Wed, 3 Jan 2018 09:41:39 +0100 Subject: [PATCH 4/6] fix .gitattributes --- .gitattributes | 1 - tests/Stubs/.gitattributes | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 tests/Stubs/.gitattributes diff --git a/.gitattributes b/.gitattributes index bea6eefb..24a9c15e 100644 --- a/.gitattributes +++ b/.gitattributes @@ -12,4 +12,3 @@ /CONTRIBUTING.md export-ignore /README.md export-ignore -+*.crlf eol=crlf diff --git a/tests/Stubs/.gitattributes b/tests/Stubs/.gitattributes new file mode 100644 index 00000000..ea9fa3f5 --- /dev/null +++ b/tests/Stubs/.gitattributes @@ -0,0 +1 @@ +private.key.crlf text eol=crlf From 91d9c11fb4b4874796e9367f52d5217a33f1178a Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Wed, 3 Jan 2018 10:18:32 +0100 Subject: [PATCH 5/6] Fixed tests, allow whitespace at the end of a key --- src/CryptKey.php | 2 +- tests/CryptKeyTest.php | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/CryptKey.php b/src/CryptKey.php index 9ec9202f..935461cc 100644 --- a/src/CryptKey.php +++ b/src/CryptKey.php @@ -14,7 +14,7 @@ namespace League\OAuth2\Server; class CryptKey { const RSA_KEY_PATTERN = - '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----).+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)$/s'; + '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----).+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\s*$/s'; /** * @var string diff --git a/tests/CryptKeyTest.php b/tests/CryptKeyTest.php index ce3c8081..2a0b71ab 100644 --- a/tests/CryptKeyTest.php +++ b/tests/CryptKeyTest.php @@ -21,12 +21,6 @@ class CryptKeyTest extends \PHPUnit_Framework_TestCase $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); $this->assertEquals('secret', $key->getPassPhrase()); - - $keyFile = __DIR__ . '/Stubs/private.key.crlf'; - $key = new CryptKey($keyFile, 'secret'); - - $this->assertEquals('file://' . $keyFile, $key->getKeyPath()); - $this->assertEquals('secret', $key->getPassPhrase()); } public function testKeyFileCreation() @@ -38,5 +32,13 @@ class CryptKeyTest extends \PHPUnit_Framework_TestCase 'file://' . sys_get_temp_dir() . '/' . sha1($keyContent) . '.key', $key->getKeyPath() ); + + $keyContent = file_get_contents(__DIR__ . '/Stubs/private.key.crlf'); + $key = new CryptKey($keyContent); + + $this->assertEquals( + 'file://' . sys_get_temp_dir() . '/' . sha1($keyContent) . '.key', + $key->getKeyPath() + ); } } From ef8a74152764012ba0c228b82b87207cdee103a0 Mon Sep 17 00:00:00 2001 From: Ron Arts Date: Thu, 4 Jan 2018 12:17:31 +0100 Subject: [PATCH 6/6] In public/private keys, force the header to be on its own line, allow missing \n after the footer --- src/CryptKey.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CryptKey.php b/src/CryptKey.php index 935461cc..0d5f5cf6 100644 --- a/src/CryptKey.php +++ b/src/CryptKey.php @@ -14,7 +14,7 @@ namespace League\OAuth2\Server; class CryptKey { const RSA_KEY_PATTERN = - '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----).+(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\s*$/s'; + '/^(-----BEGIN (RSA )?(PUBLIC|PRIVATE) KEY-----)\R.*(-----END (RSA )?(PUBLIC|PRIVATE) KEY-----)\R?$/s'; /** * @var string