Skip to content

Commit 4925fa8

Browse files
SystemKeeperbackportbot[bot]
SystemKeeper
authored and
backportbot[bot]
committed
fix: Psalm for encrypt methods
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
1 parent 69c3c85 commit 4925fa8

2 files changed

Lines changed: 19 additions & 18 deletions

File tree

lib/Push.php

Lines changed: 19 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -296,7 +296,7 @@ public function pushToDevice(int $id, INotification $notification): void {
296296
}
297297

298298
try {
299-
$payload = json_encode($this->encryptAndSign($userKey, $device, $id, $notification, $isTalkNotification), JSON_THROW_ON_ERROR);
299+
$payload = json_encode($this->encryptAndSign($userKey->getPrivate(), $device, $id, $notification, $isTalkNotification), JSON_THROW_ON_ERROR);
300300

301301
$proxyServer = rtrim($device['proxyserver'], '/');
302302
if (!isset($this->payloadsToSend[$proxyServer])) {
@@ -393,7 +393,7 @@ public function pushDeleteToDevice(string $userId, ?array $notificationIds, stri
393393
}
394394

395395
if ($deleteAll) {
396-
$data = $this->encryptAndSignDelete($userKey, $device, null);
396+
$data = $this->encryptAndSignDelete($userKey->getPrivate(), $device, null);
397397
try {
398398
$this->payloadsToSend[$proxyServer][] = json_encode($data['payload'], JSON_THROW_ON_ERROR);
399399
} catch (\JsonException $e) {
@@ -403,7 +403,7 @@ public function pushDeleteToDevice(string $userId, ?array $notificationIds, stri
403403
$temp = $notificationIds;
404404

405405
while (!empty($temp)) {
406-
$data = $this->encryptAndSignDelete($userKey, $device, $temp);
406+
$data = $this->encryptAndSignDelete($userKey->getPrivate(), $device, $temp);
407407
$temp = $data['remaining'];
408408
try {
409409
$this->payloadsToSend[$proxyServer][] = json_encode($data['payload'], JSON_THROW_ON_ERROR);
@@ -602,7 +602,7 @@ protected function callSafelyForToken(IToken $token, string $method): ?int {
602602
}
603603

604604
/**
605-
* @param Key $userKey
605+
* @param string $userPrivateKey
606606
* @param array $device
607607
* @param int $id
608608
* @param INotification $notification
@@ -612,7 +612,7 @@ protected function callSafelyForToken(IToken $token, string $method): ?int {
612612
* @throws InvalidTokenException
613613
* @throws \InvalidArgumentException
614614
*/
615-
protected function encryptAndSign(Key $userKey, array $device, int $id, INotification $notification, bool $isTalkNotification): array {
615+
protected function encryptAndSign(string $userPrivateKey, array $device, int $id, INotification $notification, bool $isTalkNotification): array {
616616
$data = [
617617
'nid' => $id,
618618
'app' => $notification->getApp(),
@@ -621,9 +621,11 @@ protected function encryptAndSign(Key $userKey, array $device, int $id, INotific
621621
'id' => $notification->getObjectId(),
622622
];
623623

624+
$jsonData = (string)json_encode($data);
625+
624626
// Max length of encryption is ~240, so we need to make sure the subject is shorter.
625627
// Also, subtract two for encapsulating quotes will be added.
626-
$maxDataLength = 200 - strlen(json_encode($data)) - 2;
628+
$maxDataLength = 200 - strlen($jsonData) - 2;
627629
$data['subject'] = Util::shortenMultibyteString($notification->getParsedSubject(), $maxDataLength);
628630
if ($notification->getParsedSubject() !== $data['subject']) {
629631
$data['subject'] .= '';
@@ -641,17 +643,17 @@ protected function encryptAndSign(Key $userKey, array $device, int $id, INotific
641643
}
642644

643645
$this->printInfo('Device public key size: ' . strlen($device['devicepublickey']));
644-
$this->printInfo('Data to encrypt is: ' . json_encode($data));
646+
$this->printInfo('Data to encrypt is: ' . $jsonData);
645647

646648
$padding = $this->appConfig->getAppValueString('push_encryption_padding', 'PKCS1') === 'OAEP' ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING;
647-
if (!openssl_public_encrypt(json_encode($data), $encryptedSubject, $device['devicepublickey'], $padding)) {
648-
$error = openssl_error_string();
649+
if (!openssl_public_encrypt($jsonData, $encryptedSubject, $device['devicepublickey'], $padding)) {
650+
$error = openssl_error_string() ?: 'Unknown OpenSSL error';
649651
$this->log->error($error, ['app' => 'notifications']);
650652
$this->printInfo('<error>Error while encrypting data: "' . $error . '"</error>');
651653
throw new \InvalidArgumentException('Failed to encrypt message for device');
652654
}
653655

654-
if (openssl_sign($encryptedSubject, $signature, $userKey->getPrivate(), OPENSSL_ALGO_SHA512)) {
656+
if (openssl_sign($encryptedSubject, $signature, $userPrivateKey, OPENSSL_ALGO_SHA512)) {
655657
$this->printInfo('Signed encrypted push subject');
656658
} else {
657659
$this->printInfo('<error>Failed to signed encrypted push subject</error>');
@@ -670,15 +672,15 @@ protected function encryptAndSign(Key $userKey, array $device, int $id, INotific
670672
}
671673

672674
/**
673-
* @param Key $userKey
675+
* @param string $userPrivateKey
674676
* @param array $device
675677
* @param ?int[] $ids
676678
* @return array
677-
* @psalm-return array{remaining: list<int>, payload: array{deviceIdentifier: string, pushTokenHash: string, subject: string, signature: string, priority: string, type: string}}
679+
* @psalm-return array{remaining: array<array-key, int>, payload: array{deviceIdentifier: string, pushTokenHash: string, subject: string, signature: string, priority: string, type: string}}
678680
* @throws InvalidTokenException
679681
* @throws \InvalidArgumentException
680682
*/
681-
protected function encryptAndSignDelete(Key $userKey, array $device, ?array $ids): array {
683+
protected function encryptAndSignDelete(string $userPrivateKey, array $device, ?array $ids): array {
682684
$remainingIds = [];
683685
if ($ids === null) {
684686
$data = [
@@ -698,12 +700,13 @@ protected function encryptAndSignDelete(Key $userKey, array $device, ?array $ids
698700
}
699701

700702
$padding = $this->appConfig->getAppValueString('push_encryption_padding', 'PKCS1') === 'OAEP' ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING;
701-
if (!openssl_public_encrypt(json_encode($data), $encryptedSubject, $device['devicepublickey'], $padding)) {
702-
$this->log->error(openssl_error_string(), ['app' => 'notifications']);
703+
if (!openssl_public_encrypt(json_encode($data, JSON_THROW_ON_ERROR), $encryptedSubject, $device['devicepublickey'], $padding)) {
704+
$error = openssl_error_string() ?: 'Unknown OpenSSL error';
705+
$this->log->error($error, ['app' => 'notifications']);
703706
throw new \InvalidArgumentException('Failed to encrypt message for device');
704707
}
705708

706-
openssl_sign($encryptedSubject, $signature, $userKey->getPrivate(), OPENSSL_ALGO_SHA512);
709+
openssl_sign($encryptedSubject, $signature, $userPrivateKey, OPENSSL_ALGO_SHA512);
707710
$base64EncryptedSubject = base64_encode($encryptedSubject);
708711
$base64Signature = base64_encode($signature);
709712

tests/psalm-baseline.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,6 @@
2727
<code><![CDATA[$this->keyManager]]></code>
2828
<code><![CDATA[$this->tokenProvider]]></code>
2929
<code><![CDATA[ClientException]]></code>
30-
<code><![CDATA[Key]]></code>
31-
<code><![CDATA[Key]]></code>
3230
<code><![CDATA[ServerException]]></code>
3331
<code><![CDATA[protected]]></code>
3432
<code><![CDATA[protected]]></code>

0 commit comments

Comments
 (0)