chore: migration to phpseclib 3.x (#10)

fix: unit tests

Author: smarcet

composer.json

@@ -15,8 +15,9 @@
     }
   ],
   "require": {
-    "php": "^8.2",
-    "phpseclib/phpseclib": "2.0.47"
+    "php": "^8.3",
+    "phpseclib/phpseclib": "3.0.43",
+    "phpseclib/phpseclib2_compat": "1.0.6"
   },
   "suggest":{
     "lib-openssl": "Required to use AES algorithms (except AES GCM)",

readme.md

@@ -30,4 +30,4 @@ run following commands on root folder
     * curl -s https://getcomposer.org/installer | php
     * php composer.phar install --prefer-dist
     * php composer.phar dump-autoload --optimize
-    * phpunit --bootstrap vendor/autoload.php 
+    * vendor/bin/phpunit --bootstrap vendor/autoload.php 

src/jwk/impl/AsymmetricJWK.php

@@ -187,7 +187,10 @@ public function getX509Url()
      */
     protected function checkX509CertMismatch(){
         $x509 = $this->getX509LeafCertificate();
-        return !is_null($x509) && $x509->getPublicKey() !== $this->public_key->getStrippedEncoded();
+        if(is_null($x509)) return false;
+        $ppk1 = $x509->getPublicKey();
+        $ppk2 = $this->public_key->getStrippedEncoded();
+        return $ppk1 !== $ppk2 ;
     }
 
     /**

src/security/rsa/CustomAsymmetricKey.php

@@ -0,0 +1,46 @@
+<?php namespace security\rsa;
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+use phpseclib3\Crypt\Common\AsymmetricKey;
+use phpseclib3\Crypt\RSA;
+use phpseclib\Crypt\RSA as RSA_OLD;
+
+/**
+ * @class CustomPrivateKey
+ * this is a decorator in order to add getter fpr protected methods
+ */
+class CustomAsymmetricKey extends RSA
+{
+
+    protected $key;
+    public function __construct(AsymmetricKey $key){
+        parent::__construct();
+        $this->key = $key;
+    }
+    public function getModulus(){
+        return $this->key->modulus;
+    }
+
+    public function getPrivateExponent(){
+        return $this->key->exponent;
+    }
+
+    public function getPublicExponent(){
+        return $this->key->publicExponent;
+    }
+
+    public function toString($type = RSA_OLD::PRIVATE_FORMAT_PKCS8, array $options = [])
+    {
+        return $this->key->toString($type, $options);
+    }
+}

src/security/rsa/RSAFacade.php

@@ -11,10 +11,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use phpseclib3\Crypt\PublicKeyLoader;
 use security\KeyPair;
 use security\rsa\exceptions\RSABadPEMFormat;
 use phpseclib\Crypt\RSA;
-use phpseclib\Math\BigInteger;
+use phpseclib3\Math\BigInteger;
+
 /**
  * Class RSAFacade
  * @package security\rsa
@@ -65,8 +68,15 @@ public function buildKeyPair($bits){
      * @return RSAPublicKey
      */
     public function buildPublicKey(BigInteger $n, BigInteger $e){
-        $public_key_pem = $this->rsa_imp->_convertPublicKey($n, $e);
-        return new _RSAPublicKeyPEMFormat($public_key_pem);
+
+
+        $key = PublicKeyLoader::load([
+            'n' => $n,
+            'e' => $e
+        ]);
+
+        $pem = $key->toString('pkcs1');
+        return new _RSAPublicKeyPEMFormat($pem);
     }
 
     /**

src/security/rsa/RSAKey.php

@@ -11,7 +11,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-use phpseclib\Math\BigInteger;
+use phpseclib3\Math\BigInteger;
 /**
  * Interface RSAKey
  * @package security\rsa

src/security/rsa/RSAPrivateKey.php

@@ -13,7 +13,7 @@
  **/
 use security\KeyWithPassword;
 use security\PrivateKey;
-use phpseclib\Math\BigInteger;
+use phpseclib3\Math\BigInteger;
 /**
  * Interface RSAPrivateKey
  * @package security\rsa

src/security/rsa/RSAPublicKey.php

@@ -12,7 +12,7 @@
  * limitations under the License.
  **/
 use security\PublicKey;
-use phpseclib\Math\BigInteger;
+use phpseclib3\Math\BigInteger;
 /**
  * Interface RSAPublicKey
  * @package security\rsa

src/security/rsa/_AbstractRSAKeyPEMFormat.php

@@ -11,9 +11,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use phpseclib3\Crypt\PublicKeyLoader;
 use security\rsa\exceptions\RSABadPEMFormat;
 use phpseclib\Crypt\RSA;
-use phpseclib\Math\BigInteger;
+use phpseclib3\Math\BigInteger;
 /**
  * Class _AbstractRSAKeyPEMFormat
  * @package security\rsa
@@ -40,6 +42,8 @@ abstract class _AbstractRSAKeyPEMFormat {
      */
     protected $password;
 
+    protected $key;
+
     /**
      * @return null|string
      */
@@ -70,10 +74,8 @@ public function __construct($pem_format, $password = null){
         }
 
         $res = $this->rsa_imp->loadKey($this->pem_format, RSA::PRIVATE_FORMAT_PKCS1);
-
         if(!$res) throw new RSABadPEMFormat(sprintf('pem %s',$pem_format ));
-
-        $this->n = $this->rsa_imp->modulus;
+        $this->key = new CustomAsymmetricKey(PublicKeyLoader::load($this->pem_format, $this->password));
     }
 
     /**
@@ -82,7 +84,7 @@ public function __construct($pem_format, $password = null){
      */
     public function getModulus()
     {
-        return  $this->n;
+        return  $this->key->getModulus();
     }
 
 }

src/security/rsa/_RSAPrivateKeyPEMFormat.php

@@ -35,7 +35,7 @@ final class _RSAPrivateKeyPEMFormat
     public function __construct($pem_format, $password = null){
 
         parent::__construct($pem_format, $password);
-        $this->d = $this->rsa_imp->exponent;
+        $this->d = $this->key->getPrivateExponent();
         if($this->d->toString() === $this->e->toString())
             throw new RSABadPEMFormat(sprintf('pem %s is a public key!', $pem_format));
     }
@@ -47,7 +47,7 @@ public function __construct($pem_format, $password = null){
      */
     public function getPrivateExponent()
     {
-       return $this->d;
+       return $this->key->getPrivateExponent();
     }
 
     /**