CryptoHelper::verify method seems wrong

[mcorteel-harel]

The CryptoHelper::verify() method (here) uses openssl_pkcs7_verify. But the parameters do not match the documentation at all:

• The first parameter is a MimePart or a content string when it should be a filename
• The third parameter is an output file when it should be null
• The fourth parameter is an array of strings (which actually only contains a single certificate as a string, which comes from PartnerInterface::getCertificate()) when according to this, it should contain an array of filenames.

Am I missing something here?

[mackieee]

The first paramater supplied to openssl_pkcs7_verify is a temporary filename, on the basis that $data is checked to be an instance of MimePart at the beginning of the method

From what i can gather though for the other paramaters - these have changed since the PHP 7 upgrade:

PHP 5 Docs on openssl-pkcs7-verify: https://php-legacy-docs.zend.com/manual/php4/en/function.openssl-pkcs7-verify

The arguments linked above I think matches the input on the verify method.

[mcorteel-harel]

Well the parameters look backward-compatible (at least in this case), but the $cainfo (or $ca_info) parameter still requires an array of locations, not an array of certificate strings according to the doc... Maybe it works and it's just not mentioned in the doc.

About the first parameter you are right though, it's just that the this docblock is wrong, because providing a string would skip over the getTempFilename part and provide the content as-is to the openssl_pkcs7_verify function (which again might work but is not documented that way).

I'm having an issue with this method in my use case (upon reception of a signed message) and I'm looking for the source of the problem.