chore: upgrade phpseclib from version 2 to version 3 (openemr#6887)

bradymiller · Sep 27, 2023 · 5e85e16 · 5e85e16
1 parent 0a9b2d2
commit 5e85e16
Show file tree

Hide file tree

Showing 9 changed files with 347 additions and 289 deletions.
diff --git a/composer.json b/composer.json
@@ -53,7 +53,7 @@
         "pear/archive_tar": "1.4.14",
         "phpmailer/phpmailer": "6.8.0",
         "phpoffice/phpspreadsheet": "1.28.0",
-        "phpseclib/phpseclib": "2.0.42",
+        "phpseclib/phpseclib": "3.0.23",
         "php81_bc/strftime": "0.5.0",
         "php-http/discovery": "1.14.3",
         "psr/log": "1.1.4",

diff --git a/composer.lock b/composer.lock
diff --git a/interface/orders/gen_hl7_order.inc.php b/interface/orders/gen_hl7_order.inc.php
@@ -521,7 +521,7 @@ function send_hl7_order($ppid, $out)
         }
 
         // Connect to the server and write the file.
-        $sftp = new \phpseclib\Net\SFTP($remote_host);
+        $sftp = new \phpseclib3\Net\SFTP($remote_host);
         if (!$sftp->login($pprow['login'], $pprow['password'])) {
             return xl('Login to this remote host failed') . ": '$remote_host'";
         }

diff --git a/interface/orders/receive_hl7_results.inc.php b/interface/orders/receive_hl7_results.inc.php
@@ -28,7 +28,7 @@
 
 use OpenEMR\Common\Crypto\CryptoGen;
 use OpenEMR\Common\Logging\EventAuditLogger;
-use phpseclib\Net\SFTP;
+use phpseclib3\Net\SFTP;
 
 $rhl7_return = array();
 

diff --git a/interface/procedure_tools/gen_universal_hl7/gen_hl7_order.inc.php b/interface/procedure_tools/gen_universal_hl7/gen_hl7_order.inc.php
@@ -532,7 +532,7 @@ function send_hl7_order($ppid, $out)
         }
 
         // Connect to the server and write the file.
-        $sftp = new \phpseclib\Net\SFTP($remote_host);
+        $sftp = new \phpseclib3\Net\SFTP($remote_host);
         if (!$sftp->login($pprow['login'], $pprow['password'])) {
             return xl('Login to this remote host failed') . ": '$remote_host'";
         }

diff --git a/interface/procedure_tools/labcorp/gen_hl7_order.inc.php b/interface/procedure_tools/labcorp/gen_hl7_order.inc.php
@@ -805,7 +805,7 @@ function send_hl7_order($ppid, $out)
         }
 
         // Connect to the server and write the file.
-        $sftp = new \phpseclib\Net\SFTP($remote_host);
+        $sftp = new \phpseclib3\Net\SFTP($remote_host);
         if (!$sftp->login($pprow['login'], $pprow['password'])) {
             return xl('Login to this remote host failed') . ": '$remote_host'";
         }

diff --git a/library/edihistory/test_edih_sftp_files.php b/library/edihistory/test_edih_sftp_files.php
@@ -316,7 +316,7 @@ function sftp_status($msg, $val)
             $sftp_host['port'] = (isset($wrk[1]) ? $wrk[1] : '22');
         }
 
-        $cn = new \phpseclib\Net\SFTP($sftp_host['remote_host'], $sftp_host['port']);
+        $cn = new \phpseclib3\Net\SFTP($sftp_host['remote_host'], $sftp_host['port']);
         if (!$cn->login($sftp_host['login'], $sftp_host['password'])) {
             sftp_status('Login error', $sftp_host['remote_host'] . ':' . $sftp_host['port']);
         } else {

diff --git a/src/Billing/BillingProcessor/X12RemoteTracker.php b/src/Billing/BillingProcessor/X12RemoteTracker.php
@@ -16,7 +16,7 @@
 
 use OpenEMR\Common\Crypto\CryptoGen;
 use OpenEMR\Services\BaseService;
-use phpseclib\Net\SFTP;
+use phpseclib3\Net\SFTP;
 
 class X12RemoteTracker extends BaseService
 {

diff --git a/src/Common/Auth/OpenIDConnect/JWT/RsaSha384Signer.php b/src/Common/Auth/OpenIDConnect/JWT/RsaSha384Signer.php
@@ -32,6 +32,8 @@
 use Lcobucci\JWT\Signer;
 use Lcobucci\JWT\Signer\Key;
 use OpenEMR\Common\Logging\SystemLogger;
+use phpseclib3\Crypt\PublicKeyLoader;
+use phpseclib3\Crypt\RSA;
 use Psr\Log\LoggerInterface;
 
 class RsaSha384Signer implements Signer
@@ -98,9 +100,6 @@ public function verify($expected, $payload, $key): bool
     {
 
         $this->logger->debug("RsaSha384Signer->verify() beginning jwt verification");
-        if (!class_exists('\phpseclib\Crypt\RSA') && !class_exists('Crypt_RSA')) {
-            throw new JWKValidatorException('Crypt_RSA support unavailable.');
-        }
 
         if ($key instanceof JsonWebKeySet) {
             $kid = $this->headers['kid'] ?? null;
@@ -129,17 +128,8 @@ public function verify($expected, $payload, $key): bool
             '  <Modulus>' . $this->b64url2b64($jwk->n) . "</Modulus>\r\n" .
             '  <Exponent>' . $this->b64url2b64($jwk->e) . "</Exponent>\r\n" .
             '</RSAKeyValue>';
-        if (class_exists('Crypt_RSA', false)) {
-            $rsa = new Crypt_RSA();
-            $rsa->setHash(self::CRYPT_ALGORITHM);
-            $rsa->loadKey($public_key_xml, Crypt_RSA::PUBLIC_FORMAT_XML);
-            $rsa->signatureMode = Crypt_RSA::SIGNATURE_PKCS1;
-        } else {
-            $rsa = new \phpseclib\Crypt\RSA();
-            $rsa->setHash(self::CRYPT_ALGORITHM);
-            $rsa->loadKey($public_key_xml, \phpseclib\Crypt\RSA::PUBLIC_FORMAT_XML);
-            $rsa->signatureMode = \phpseclib\Crypt\RSA::SIGNATURE_PKCS1;
-        }
+        $rsa = PublicKeyLoader::load($public_key_xml)->withPadding(RSA::SIGNATURE_PKCS1)->withHash(self::CRYPT_ALGORITHM);
+
         return $rsa->verify($payload, $expected);
     }