Issues (19)

src/OAuth1/Signature/MethodRSASHA1.php (2 issues)

1
<?php
2
/**
3
 * SocialConnect project
4
 * @author: Andreas Heigl https://github.com/heiglandreas <[email protected]>
5
 */
6
7
namespace SocialConnect\OAuth1\Signature;
8
9
use SocialConnect\Provider\Consumer;
10
use SocialConnect\OAuth1\Request;
11
use SocialConnect\OAuth1\Token;
12
use SocialConnect\OAuth1\Util;
13
14
class MethodRSASHA1 extends AbstractSignatureMethod
15
{
16
    /**
17
     * @var string Path to the private key used for signing
18
     */
19
    private $privateKey;
20
21
    /**
22
     * MethodRSASHA1 constructor.
23
     *
24
     * @param string $privateKey The path to the private key used for signing
25
     */
26 6
    public function __construct($privateKey)
27
    {
28 6
        if (!is_readable($privateKey)) {
29 1
            throw new \InvalidArgumentException('The private key is not readable');
30
        }
31
32 5
        if (!function_exists('openssl_pkey_get_private')) {
33
            throw new \InvalidArgumentException('The OpenSSL-Extension seems not to be available. That is necessary to handle RSA-SHA1');
34
        }
35
36 5
        $this->privateKey = $privateKey;
37 5
    }
38
39
    /**
40
     * @return string
41
     */
42 1
    public function getName()
43
    {
44 1
        return 'RSA-SHA1';
45
    }
46
47
    /**
48
     * @param Request $request
49
     * @param Consumer $consumer
50
     * @param Token $token
51
     * @return string
52
     */
53 1
    public function buildSignature(Request $request, Consumer $consumer, Token $token)
54
    {
55 1
        $signatureBase = $request->getSignatureBaseString();
56 1
        $parts = [$consumer->getSecret(), null !== $token ? $token->getSecret() : ''];
57
58 1
        $parts = Util::urlencodeRFC3986($parts);
59 1
        $key = implode('&', $parts);
0 ignored issues
show
The assignment to $key is dead and can be removed.
Loading history...
60
61 1
        $certificate = openssl_pkey_get_private('file://' . $this->privateKey);
62 1
        $privateKeyId = openssl_get_privatekey($certificate);
63 1
        $signature = null;
64 1
        openssl_sign($signatureBase, $signature, $privateKeyId);
65 1
        openssl_free_key($privateKeyId);
0 ignored issues
show
It seems like $privateKeyId can also be of type false; however, parameter $key_identifier of openssl_free_key() does only seem to accept resource, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

65
        openssl_free_key(/** @scrutinizer ignore-type */ $privateKeyId);
Loading history...
66
67 1
        return base64_encode($signature);
68
    }
69
}
70