Merge pull request #18 from paragonie/ga

Migrate from Travis CI to Github Actions
paragonie · Apr 19, 2021 · 591d0a7 · 591d0a7
2 parents d4f3ca9 + 8d78526
commit 591d0a7
Show file tree

Hide file tree

Showing 13 changed files with 201 additions and 41 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,96 @@
+name: CI
+
+on: [push]
+
+jobs:
+  old:
+    name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: ['ubuntu-16.04']
+        php-versions: ['5.6', '7.0']
+        phpunit-versions: ['6.5.14']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: mbstring, intl
+          ini-values: post_max_size=256M, max_execution_time=180
+          tools: psalm, phpunit:${{ matrix.phpunit-versions }}
+
+      - name: Install dependencies
+        run: composer self-update --1; composer install
+
+      - name: PHPUnit tests
+        uses: php-actions/phpunit@v2
+        with:
+          memory_limit: 256M
+
+  moderate:
+    name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: ['ubuntu-latest']
+        php-versions: ['7.1', '7.2', '7.3']
+        phpunit-versions: ['latest']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: mbstring, intl, sodium
+          ini-values: post_max_size=256M, max_execution_time=180
+          tools: psalm, phpunit:${{ matrix.phpunit-versions }}
+
+      - name: Install dependencies
+        run: composer install; composer require --dev "vimeo/psalm:^4"
+
+      - name: PHPUnit tests
+        uses: php-actions/phpunit@v2
+        timeout-minutes: 30
+        with:
+          memory_limit: 256M
+
+      - name: Static Analysis
+        run: vendor/bin/psalm
+
+  modern:
+    name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: ['ubuntu-latest']
+        php-versions: ['7.4', '8.0']
+        phpunit-versions: ['latest']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: mbstring, intl, sodium
+          ini-values: post_max_size=256M, max_execution_time=180
+          tools: psalm, phpunit:${{ matrix.phpunit-versions }}
+
+      - name: Install dependencies
+        run: composer install; composer require --dev "vimeo/psalm:^4"
+
+      - name: PHPUnit tests
+        uses: php-actions/phpunit@v2
+        timeout-minutes: 30
+        with:
+          memory_limit: 256M
+
+      - name: Static Analysis
+        run: vendor/bin/psalm
diff --git a/composer.json b/composer.json
@@ -15,17 +15,17 @@
         }
     },
     "require": {
-        "phpseclib/phpseclib": "^2.0",
-        "defuse/php-encryption": "^2.0",
+        "php": "^5.6|^7|^8",
+        "phpseclib/phpseclib": "^2",
+        "defuse/php-encryption": "^2",
         "paragonie/constant_time_encoding": "^1|^2",
-        "paragonie/random_compat": "^1|^2",
-        "sarciszewski/php-future": "^0"
+        "paragonie/random_compat": ">= 2"
     },
     "require-dev": {
-        "phpunit/phpunit":  "4.*|5.*"
+        "phpunit/phpunit":  "^5|^6|^7|^8|^9"
     },
     "suggest": {
-        "ext-libsodium": "Libsodium offers far better cryptography than RSA can ever offer. Use libsodium instead of EasyRSA.",
+        "ext-sodium": "Libsodium offers far better cryptography than RSA can ever offer. Use libsodium instead of EasyRSA.",
         "paragonie/halite": "A simple and secure libsodium wrapper. Consider using Halite instead of EasyRSA."
     }
 }
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -9,21 +9,10 @@
          processIsolation="false"
          stopOnError="false"
          stopOnFailure="false"
-         syntaxCheck="true"
 >
-    <testsuites>
-        <testsuite name="Unit">
-            <directory>test</directory>
-        </testsuite>
-    </testsuites>
     <testsuites>
         <testsuite name="EasyRSA Test Suite">
             <directory suffix="Test.php">./test</directory>
         </testsuite>
     </testsuites>
-    <filter>
-        <whitelist processUncoveredFilesFromWhitelist="true">
-            <directory suffix=".php">./lib</directory>
-        </whitelist>
-    </filter>
 </phpunit>
diff --git a/psalm.xml b/psalm.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<psalm
+    errorLevel="1"
+    resolveFromConfigFile="true"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns="https://getpsalm.org/schema/config"
+    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+>
+    <projectFiles>
+        <directory name="src" />
+        <ignoreFiles>
+            <directory name="vendor" />
+        </ignoreFiles>
+    </projectFiles>
+    <issueHandlers>
+        <MixedReturnStatement errorLevel="info" />
+        <MixedInferredReturnType errorLevel="info" />
+        <DocblockTypeContradiction errorLevel="info" />
+    </issueHandlers>
+</psalm>
diff --git a/src/EasyRSA.php b/src/EasyRSA.php
@@ -3,26 +3,32 @@
 
 // PHPSecLib:
 use ParagonIE\EasyRSA\Exception\InvalidKeyException;
-use \phpseclib\Crypt\RSA;
+use phpseclib\Crypt\RSA;
 // defuse/php-encryption:
-use \ParagonIE\ConstantTime\Base64;
-use \Defuse\Crypto\Key;
-use \Defuse\Crypto\Crypto;
+use ParagonIE\ConstantTime\Base64;
+use Defuse\Crypto\Key;
+use Defuse\Crypto\Crypto;
 // Typed Exceptions:
-use \ParagonIE\EasyRSA\Exception\InvalidChecksumException;
-use \ParagonIE\EasyRSA\Exception\InvalidCiphertextException;
+use ParagonIE\EasyRSA\Exception\InvalidChecksumException;
+use ParagonIE\EasyRSA\Exception\InvalidCiphertextException;
 
+/**
+ * Class EasyRSA
+ * @package ParagonIE\EasyRSA
+ */
 class EasyRSA implements EasyRSAInterface
 {
     const SEPARATOR = '$';
     const VERSION_TAG = "EzR2";
 
+    /** @var ?RSA $rsa */
     static private $rsa;
 
     /**
      * Set RSA to use in between calls
      *
      * @param RSA|null $rsa
+     * @return void
      */
     public static function setRsa(RSA $rsa = null)
     {
@@ -38,7 +44,8 @@ public static function setRsa(RSA $rsa = null)
      */
     public static function getRsa($mode)
     {
-        if (self::$rsa) {
+        /** @var RSA $rsa */
+        if (!\is_null(self::$rsa)) {
             $rsa = self::$rsa;
         } else {
             $rsa = new RSA();
@@ -225,7 +232,7 @@ protected static function rsaDecrypt($ciphertext, PrivateKey $rsaPrivateKey)
         }
 
         $return = @$rsa->decrypt($ciphertext);
-        if ($return === false) {
+        if (!\is_string($return)) {
             throw new InvalidCiphertextException('Decryption failed');
         }
         return $return;

diff --git a/src/EasyRSAInterface.php b/src/EasyRSAInterface.php
@@ -3,8 +3,32 @@
 
 interface EasyRSAInterface 
 {
+    /**
+     * @param string $plaintext
+     * @param PublicKey $rsaPublicKey
+     * @return string
+     */
     public static function encrypt($plaintext, PublicKey $rsaPublicKey);
+
+    /**
+     * @param string $ciphertext
+     * @param PrivateKey $rsaPrivateKey
+     * @return string
+     */
     public static function decrypt($ciphertext, PrivateKey $rsaPrivateKey);
-    public static function sign($plaintext, PrivateKey $rsaPrivateKey);
-    public static function verify($ciphertext, $signature, PublicKey $rsaPublicKey);
+
+    /**
+     * @param string $message
+     * @param PrivateKey $rsaPrivateKey
+     * @return string
+     */
+    public static function sign($message, PrivateKey $rsaPrivateKey);
+
+    /**
+     * @param string $message
+     * @param string $signature
+     * @param PublicKey $rsaPublicKey
+     * @return bool
+     */
+    public static function verify($message, $signature, PublicKey $rsaPublicKey);
 }
diff --git a/src/KeyPair.php b/src/KeyPair.php
@@ -4,9 +4,16 @@
 use \phpseclib\Crypt\RSA;
 use \ParagonIE\EasyRSA\Exception\InvalidKeyException;
 
+/**
+ * Class KeyPair
+ * @package ParagonIE\EasyRSA
+ */
 class KeyPair
 {
+    /** @var PrivateKey $privateKey */
     private $privateKey;
+
+    /** @var PublicKey $publicKey */
     protected $publicKey;
 
     public function __construct(PrivateKey $privateKey, PublicKey $publicKey = null)
@@ -33,6 +40,7 @@ public static function generateKeyPair($size = 2048)
             throw new InvalidKeyException('Key size must be at least 2048 bits.');
         }
         $rsa = new RSA();
+        /** @var array{privatekey: string, publickey: string} $keypair */
         $keypair = $rsa->createKey($size);
         return new KeyPair(
             new PrivateKey($keypair['privatekey']),

diff --git a/src/Kludge.php b/src/Kludge.php
@@ -3,18 +3,26 @@
 
 use Defuse\Crypto\Key;
 
+/**
+ * Class Kludge
+ * @package ParagonIE\EasyRSA
+ */
 class Kludge
 {
     /**
      * Use an internally generated key in a Defuse context
      *
      * @param string $randomBytes
      * @return Key
+     * @psalm-suppress MissingClosureParamType
+     * @psalm-suppress MissingClosureReturnType
+     * @psalm-suppress PossiblyInvalidFunctionCall
      */
     public function defuseKey($randomBytes)
     {
         $key = Key::createNewRandomKey();
         $func = function ($bytes) {
+            /** @psalm-suppress UndefinedThisPropertyAssignment */
             $this->key_bytes = $bytes;
         };
         $helper = $func->bindTo($key, $key);

diff --git a/src/PrivateKey.php b/src/PrivateKey.php
@@ -1,14 +1,18 @@
 <?php
 namespace ParagonIE\EasyRSA;
 
-
+/**
+ * Class PrivateKey
+ * @package ParagonIE\EasyRSA
+ */
 class PrivateKey
 {
+    /** @var string $keyMaterial */
     protected $keyMaterial = '';
 
     /**
      * PrivateKey constructor.
-     * @param $string
+     * @param string $string
      */
     public function __construct($string)
     {
@@ -24,14 +28,14 @@ public function __debugInfo()
     }
 
     /**
-     * return PublicKey
+     * @return PublicKey
      */
     public function getPublicKey()
     {
         $res = \openssl_pkey_get_private($this->keyMaterial);
         $pubkey = \openssl_pkey_get_details($res);
         $public = \rtrim(
-            \str_replace("\n", "\r\n", $pubkey['key']),
+            \str_replace("\n", "\r\n", (string) $pubkey['key']),
             "\r\n"
         );
         return new PublicKey($public);

diff --git a/src/PublicKey.php b/src/PublicKey.php
@@ -3,11 +3,12 @@
 
 class PublicKey
 {
+    /** @var string $keyMaterial */
     protected $keyMaterial = '';
 
     /**
      * PrivateKey constructor.
-     * @param $string
+     * @param string $string
      */
     public function __construct($string)
     {

diff --git a/test/EncryptionTest.php b/test/EncryptionTest.php
@@ -1,9 +1,10 @@
 <?php
-use \ParagonIE\ConstantTime\Base64;
-use \ParagonIE\EasyRSA\EasyRSA;
-use \ParagonIE\EasyRSA\KeyPair;
+use ParagonIE\ConstantTime\Base64;
+use ParagonIE\EasyRSA\EasyRSA;
+use ParagonIE\EasyRSA\KeyPair;
+use PHPUnit\Framework\TestCase;
 
-class EncryptionTest extends PHPUnit_Framework_TestCase
+class EncryptionTest extends TestCase
 {
     public function testEncrypt()
     {

diff --git a/test/KeyPairTest.php b/test/KeyPairTest.php
@@ -1,7 +1,8 @@
 <?php
-use \ParagonIE\EasyRSA\KeyPair;
+use ParagonIE\EasyRSA\KeyPair;
+use PHPUnit\Framework\TestCase;
 
-class KeyPairTest extends PHPUnit_Framework_TestCase
+class KeyPairTest extends TestCase
 {
     public function testBasicFunctions()
     {