Merge pull request #6286 from pixelfed/shleeable-patch-17

Refactor: Update Crypto to phpseclib3 - Low risk

composer.json

@@ -34,7 +34,7 @@
         "league/oauth2-client": "^2.8",
         "league/uri": "^7.4",
         "pbmedia/laravel-ffmpeg": "^8.0",
-        "phpseclib/phpseclib": "~2.0",
+        "phpseclib/phpseclib": "~3.0",
         "pixelfed/fractal": "^0.18.0",
         "pixelfed/laravel-snowflake": "^2.0",
         "pragmarx/google2fa": "^8.0",

tests/Unit/CryptoTest.php

@@ -2,7 +2,8 @@
 
 namespace Tests\Unit;
 
-use phpseclib\Crypt\RSA;
+use phpseclib3\Crypt\PublicKeyLoader;
+use phpseclib3\Crypt\RSA;
 use PHPUnit\Framework\Attributes\Test;
 use Tests\TestCase;
 
@@ -16,18 +17,18 @@ class CryptoTest extends TestCase
     #[Test]
     public function libraryInstalled()
     {
-        $this->assertTrue(class_exists('\phpseclib\Crypt\RSA'));
+        $this->assertTrue(class_exists('\phpseclib3\Crypt\RSA'));
     }
 
     #[Test]
     public function RSASigning()
     {
-        $rsa = new RSA();
+        $private = RSA::createKey();
-        extract($rsa->createKey());
+        $publicKey = $private->getPublicKey();
-        $rsa->loadKey($privatekey);
+        
         $plaintext = 'pixelfed rsa test';
-        $signature = $rsa->sign($plaintext);
+        $signature = $private->sign($plaintext);
-        $rsa->loadKey($publickey);
+        
-        $this->assertTrue($rsa->verify($plaintext, $signature));
+        $this->assertTrue($publicKey->verify($plaintext, $signature));
     }
 }