fix: Use starkbank/ecdsa 2.1.0 (#1111)

* Use starkbank/ecdsa 2 * Add gmp to CI * Require gmp here as well * Install gmp in docker --------- Co-authored-by: Shubham <[email protected]>
sendgrid · Nov 25, 2024 · bbc26aa · bbc26aa
1 parent e61bdc6
commit bbc26aa
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 5 deletions.
diff --git a/.github/workflows/test-and-deploy.yml b/.github/workflows/test-and-deploy.yml
@@ -52,6 +52,7 @@ jobs:
         uses: shivammathur/[email protected]
         with:
           php-version: '8.1'
+          extensions: gmp
         id: php
 
       - name: Build Release Artifacts

diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,9 @@ ARG version=latest
 FROM php:$version
 
 RUN apt-get update \
-    && apt-get install -y zip
+    && apt-get install -y zip \
+    && apt-get install -y libgmp-dev \
+    && docker-php-ext-install gmp
 
 RUN curl -s https://getcomposer.org/installer | php \
     && mv composer.phar /usr/local/bin/composer

diff --git a/composer.json b/composer.json
@@ -15,11 +15,12 @@
   "require": {
     "php": ">=7.3",
     "sendgrid/php-http-client": "~4.1",
-    "starkbank/ecdsa": "0.*",
+    "starkbank/ecdsa": "^2.1.0",
     "ext-curl": "*",
     "ext-json": "*",
     "ext-mbstring": "*",
-    "ext-openssl": "*"
+    "ext-openssl": "*",
+    "ext-gmp": "*"
   },
   "require-dev": {
     "phpunit/phpunit": "^9",

diff --git a/lib/eventwebhook/EventWebhook.php b/lib/eventwebhook/EventWebhook.php
@@ -5,6 +5,7 @@
 use EllipticCurve\Ecdsa;
 use EllipticCurve\PublicKey;
 use EllipticCurve\Signature;
+use EllipticCurve\Utils\Binary;
 
 /**
  * This class allows you to use the Event Webhook feature. Read the docs for
@@ -22,7 +23,7 @@ class EventWebhook
      */
     public function convertPublicKeyToECDSA($publicKey)
     {
-        return PublicKey::fromString($publicKey);
+        return PublicKey::fromDer(Binary::byteStringFromBase64($publicKey));
     }
 
     /**

diff --git a/test/unit/EventWebhookTest.php b/test/unit/EventWebhookTest.php
@@ -14,6 +14,7 @@ class EventWebhookTest extends TestCase
 {
     private static $PUBLIC_KEY;
     private static $SIGNATURE;
+    private static $BAD_SIGNATURE;
     private static $TIMESTAMP;
     private static $PAYLOAD;
 
@@ -23,6 +24,8 @@ public static function setUpBeforeClass(): void
         IW4mdBgQ/7dAfSmpqIM8kF9mN1flpVKS3GRqe62gw+2fNNRaINXvVpiglSI8eNEc6wEA3F+g==';
         self::$SIGNATURE = 'MEUCIGHQVtGj+Y3LkG9fLcxf3qfI10QysgDWmMOVmxG0u6ZUAiE
         AyBiXDWzM+uOe5W0JuG+luQAbPIqHh89M15TluLtEZtM=';
+        self::$BAD_SIGNATURE = 'BADSIGNATURE+Y3LkG9fLcxf3qfI10QysgDWmMOVmxG0u6ZUAiE
+        AyBiXDWzM+uOe5W0JuG+luQAbPIqHh89M15TluLtEZtM=';
         self::$TIMESTAMP = '1600112502';
         self::$PAYLOAD = \json_encode(
                 [
@@ -81,7 +84,7 @@ public function testBadSignature()
         $isValidSignature = $this->verify(
             self::$PUBLIC_KEY,
             self::$PAYLOAD,
-            'signature',
+            self::$BAD_SIGNATURE,
             self::$TIMESTAMP
         );