From 8cfb95c04e036e744393a49d6ea404f62f0e0ffc Mon Sep 17 00:00:00 2001
From: Vishwaraj Anand <vishwaraj.anand00@gmail.com>
Date: Fri, 5 Jan 2024 03:19:13 +0530
Subject: [PATCH] deprecate: remove support for phpseclib V2 (#518)

---
 src/AccessToken.php               | 63 +++----------------------------
 src/ServiceAccountSignerTrait.php | 11 +++---
 2 files changed, 11 insertions(+), 63 deletions(-)

diff --git a/src/AccessToken.php b/src/AccessToken.php
index b7eebb5fa..630b27961 100644
--- a/src/AccessToken.php
+++ b/src/AccessToken.php
@@ -28,10 +28,9 @@
 use GuzzleHttp\Psr7\Request;
 use GuzzleHttp\Psr7\Utils;
 use InvalidArgumentException;
-use phpseclib\Crypt\RSA;
-use phpseclib\Math\BigInteger as BigInteger2;
 use phpseclib3\Crypt\PublicKeyLoader;
-use phpseclib3\Math\BigInteger as BigInteger3;
+use phpseclib3\Crypt\RSA;
+use phpseclib3\Math\BigInteger;
 use Psr\Cache\CacheItemPoolInterface;
 use RuntimeException;
 use SimpleJWT\InvalidTokenException;
@@ -395,8 +394,8 @@ private function retrieveCertsFromLocation($url, array $options = [])
      */
     private function checkAndInitializePhpsec()
     {
-        if (!$this->checkAndInitializePhpsec2() && !$this->checkPhpsec3()) {
-            throw new RuntimeException('Please require phpseclib/phpseclib v2 or v3 to use this utility.');
+        if (!class_exists(RSA::class)) {
+            throw new RuntimeException('Please require phpseclib/phpseclib v3 to use this utility.');
         }
     }
 
@@ -406,23 +405,11 @@ private function checkAndInitializePhpsec()
      */
     private function loadPhpsecPublicKey(string $modulus, string $exponent): string
     {
-        if (class_exists(RSA::class) && class_exists(BigInteger2::class)) {
-            $key = new RSA();
-            $key->loadKey([
-                'n' => new BigInteger2($this->callJwtStatic('urlsafeB64Decode', [
-                    $modulus,
-                ]), 256),
-                'e' => new BigInteger2($this->callJwtStatic('urlsafeB64Decode', [
-                    $exponent
-                ]), 256),
-            ]);
-            return $key->getPublicKey();
-        }
         $key = PublicKeyLoader::load([
-            'n' => new BigInteger3($this->callJwtStatic('urlsafeB64Decode', [
+            'n' => new BigInteger($this->callJwtStatic('urlsafeB64Decode', [
                 $modulus,
             ]), 256),
-            'e' => new BigInteger3($this->callJwtStatic('urlsafeB64Decode', [
+            'e' => new BigInteger($this->callJwtStatic('urlsafeB64Decode', [
                 $exponent
             ]), 256),
         ]);
@@ -433,44 +420,6 @@ private function loadPhpsecPublicKey(string $modulus, string $exponent): string
         return $formattedPublicKey;
     }
 
-    /**
-     * @return bool
-     */
-    private function checkAndInitializePhpsec2(): bool
-    {
-        if (!class_exists('phpseclib\Crypt\RSA')) {
-            return false;
-        }
-
-        /**
-         * phpseclib calls "phpinfo" by default, which requires special
-         * whitelisting in the AppEngine VM environment. This function
-         * sets constants to bypass the need for phpseclib to check phpinfo
-         *
-         * @see phpseclib/Math/BigInteger
-         * @see https://github.com/GoogleCloudPlatform/getting-started-php/issues/85
-         * @codeCoverageIgnore
-         */
-        if (filter_var(getenv('GAE_VM'), FILTER_VALIDATE_BOOLEAN)) {
-            if (!defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
-                define('MATH_BIGINTEGER_OPENSSL_ENABLED', true);
-            }
-            if (!defined('CRYPT_RSA_MODE')) {
-                define('CRYPT_RSA_MODE', RSA::MODE_OPENSSL);
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * @return bool
-     */
-    private function checkPhpsec3(): bool
-    {
-        return class_exists('phpseclib3\Crypt\RSA');
-    }
-
     /**
      * @return void
      */
diff --git a/src/ServiceAccountSignerTrait.php b/src/ServiceAccountSignerTrait.php
index 2ef4cd90c..b032bf107 100644
--- a/src/ServiceAccountSignerTrait.php
+++ b/src/ServiceAccountSignerTrait.php
@@ -17,7 +17,8 @@
 
 namespace Google\Auth;
 
-use phpseclib\Crypt\RSA;
+use phpseclib3\Crypt\PublicKeyLoader;
+use phpseclib3\Crypt\RSA;
 
 /**
  * Sign a string using a Service Account private key.
@@ -37,11 +38,9 @@ public function signBlob($stringToSign, $forceOpenssl = false)
         $privateKey = $this->auth->getSigningKey();
 
         $signedString = '';
-        if (class_exists('\\phpseclib\\Crypt\\RSA') && !$forceOpenssl) {
-            $rsa = new RSA();
-            $rsa->loadKey($privateKey);
-            $rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
-            $rsa->setHash('sha256');
+        if (class_exists(phpseclib3\Crypt\RSA::class) && !$forceOpenssl) {
+            $key = PublicKeyLoader::load($privateKey);
+            $rsa = $key->withHash('sha256')->withPadding(RSA::SIGNATURE_PKCS1);
 
             $signedString = $rsa->sign($stringToSign);
         } elseif (extension_loaded('openssl')) {