Fallback file_get_contents with curl in case it returns empty string (#…

…59)

.dev-tools/composer.json

@@ -8,6 +8,14 @@
         "tpay-com/coding-standards": "^1.0.1",
         "vimeo/psalm": "^5.15.0"
     },
+    "scripts": {
+        "sast": [
+            "composer normalize --diff --dry-run --indent-size=4 --indent-style=space ../composer.json",
+            "./vendor/bin/php-cs-fixer fix -vvv --diff --dry-run",
+            "./vendor/bin/phpstan",
+            "./vendor/bin/psalm --no-progress --shepherd"
+        ]
+    },
     "config": {
         "allow-plugins": {
             "ergebnis/composer-normalize": true,

.dev-tools/phpstan.neon

@@ -7,3 +7,4 @@ parameters:
   excludePaths:
     - ../examples/
     - ../vendor/
+    - ../tests/

.dev-tools/psalm.xml

@@ -10,7 +10,6 @@
 >
     <projectFiles>
         <directory name='../src' />
-        <directory name='../tests' />
     </projectFiles>
 
     <globals>

.github/workflows/sca.yaml

@@ -16,7 +16,7 @@ jobs:
           extensions: none, curl, dom, mbstring, simplexml, tokenizer, xml, xmlwriter
           coverage: none
 
-      - run: composer update --no-progress --classmap-authoritative
+      - run: composer install --no-dev --no-progress --classmap-authoritative
 
       - run: composer validate --strict
 

src/Utilities/TpayException.php

@@ -21,6 +21,11 @@ public function __construct($message, $code = 0)
         );
         $this->message = sprintf('%s : %s', $code, $message);
 
-        return $this->message;
+        parent::__construct($message, $code);
+    }
+
+    public static function curlNotAvailable()
+    {
+        return new self('Curl not available');
     }
 }

src/Webhook/JWSVerifiedPaymentNotification.php

@@ -74,16 +74,23 @@ protected function checkJwsSignature()
         }
 
         $prefix = $this->getResourcePrefix();
+
         if (substr($x5u, 0, strlen($prefix)) !== $prefix) {
             throw new TpayException('Wrong x5u url');
         }
 
         $certificate = file_get_contents($x5u);
-        $trusted = file_get_contents($this->getResourcePrefix().'/x509/tpay-jws-root.pem');
+        $trusted = file_get_contents(sprintf('%s/x509/tpay-jws-root.pem', $this->getResourcePrefix()));
+
+        if (empty($certificate) || empty($trusted)) {
+            $certificate = $this->fallbackGetContents($x5u);
+            $trusted = $this->fallbackGetContents(sprintf('%s/x509/tpay-jws-root.pem', $this->getResourcePrefix()));
+        }
 
         $x509 = new X509();
         $x509->loadX509($certificate);
         $x509->loadCA($trusted);
+
         if (!$x509->validateSignature()) {
             throw new TpayException('Signing certificate is not signed by Tpay CA certificate');
         }
@@ -93,6 +100,7 @@ protected function checkJwsSignature()
         $decodedSignature = base64_decode(strtr($signature, '-_', '+/'));
         $publicKey = $x509->getPublicKey();
         $publicKey = $x509->withSettings($publicKey, 'sha256', RSA::SIGNATURE_PKCS1);
+
         if (!$publicKey->verify($headers.'.'.$payload, $decodedSignature)) {
             throw new TpayException('FALSE - Invalid JWS signature');
         }
@@ -160,4 +168,26 @@ private function getNotificationObject()
 
         return $this->Manager->getRequestBody();
     }
+
+    /**
+     * @param string $url
+     *
+     * @throws TpayException
+     *
+     * @return bool|string
+     */
+    private function fallbackGetContents($url)
+    {
+        if (!function_exists('curl_init')) {
+            throw TpayException::curlNotAvailable();
+        }
+
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, $url);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        $result = curl_exec($ch);
+        curl_close($ch);
+
+        return $result;
+    }
 }