From 2f8dd9531edbc3e06620f36c297502125ee7849e Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Wed, 8 Nov 2023 17:45:13 +1100
Subject: [PATCH] [REF] Update Firebase JWT to be version 6.x

Add in Deprecation notice for versions less than 6 and add in compatability layer
---
 Civi/Crypto/CryptoJwt.php |  9 +++++++--
 composer.json             |  2 +-
 composer.lock             | 27 ++++++++++++++++++---------
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/Civi/Crypto/CryptoJwt.php b/Civi/Crypto/CryptoJwt.php
index 9559824118..bbc989ce20 100644
--- a/Civi/Crypto/CryptoJwt.php
+++ b/Civi/Crypto/CryptoJwt.php
@@ -13,6 +13,7 @@ namespace Civi\Crypto;
 
 use Civi\Crypto\Exception\CryptoException;
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 
 /**
  * The "Crypto JWT" service supports a token format suitable for
@@ -59,6 +60,10 @@ class CryptoJwt {
    * @throws CryptoException
    */
   public function decode($token, $keyTag = 'SIGN') {
+    $useKeyObj = version_compare(\Composer\InstalledVersions::getVersion('firebase/php-jwt'), '6', '>=');
+    if (!$useKeyObj) {
+      \CRM_Core_Error::deprecatedWarning('Using deprecated version of firebase/php-jwt. Upgrade to 6.x+.');
+    }
     $keyRows = $this->getRegistry()->findKeysByTag($keyTag);
 
     // We want to call JWT::decode(), but there's a slight mismatch -- the
@@ -73,13 +78,13 @@ class CryptoJwt {
     foreach ($keyRows as $key) {
       if ($alg = $this->suiteToAlg($key['suite'])) {
         // Currently, registry only has symmetric keys in $key['key']. For public key-pairs, might need to change.
-        $keysByAlg[$alg][$key['id']] = $key['key'];
+        $keysByAlg[$alg][$key['id']] = ($useKeyObj ? new Key($key['key'], $alg) : $key['key']);
       }
     }
 
     foreach ($keysByAlg as $alg => $keys) {
       try {
-        return (array) JWT::decode($token, $keys, [$alg]);
+        return ($useKeyObj ? (array) JWT::decode($token, $keys) : (array) JWT::decode($token, $keys, [$alg]));
       }
       catch (\UnexpectedValueException $e) {
         // Depending on the error, we might able to try other algos
diff --git a/composer.json b/composer.json
index f29ffaa536..c1da1a6a8f 100644
--- a/composer.json
+++ b/composer.json
@@ -53,7 +53,7 @@
     "php": "~7.3 || ~8",
     "composer-runtime-api": "~2.0",
     "dompdf/dompdf" : "~2.0.2",
-    "firebase/php-jwt": ">=3 <6",
+    "firebase/php-jwt": ">=3 <7",
     "rubobaquero/phpquery": "^0.9.15",
     "symfony/config": "~4.4 || ~6.0",
     "symfony/polyfill-iconv": "~1.0",
diff --git a/composer.lock b/composer.lock
index 2bd8d4e50e..3a5799d8ad 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "877911b3eb22b827449c0a1b597d2703",
+    "content-hash": "aaf2da4db21436c628b6081c643cdc1e",
     "packages": [
         {
             "name": "adrienrn/php-mimetyper",
@@ -610,23 +610,32 @@
         },
         {
             "name": "firebase/php-jwt",
-            "version": "v5.2.1",
+            "version": "v6.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "f42c9110abe98dd6cfe9053c49bc86acc70b2d23"
+                "reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/f42c9110abe98dd6cfe9053c49bc86acc70b2d23",
-                "reference": "f42c9110abe98dd6cfe9053c49bc86acc70b2d23",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
+                "reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": "^7.1||^8.0"
             },
             "require-dev": {
-                "phpunit/phpunit": ">=4.8 <=9"
+                "guzzlehttp/guzzle": "^6.5||^7.4",
+                "phpspec/prophecy-phpunit": "^1.1",
+                "phpunit/phpunit": "^7.5||^9.5",
+                "psr/cache": "^1.0||^2.0",
+                "psr/http-client": "^1.0",
+                "psr/http-factory": "^1.0"
+            },
+            "suggest": {
+                "ext-sodium": "Support EdDSA (Ed25519) signatures",
+                "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
             },
             "type": "library",
             "autoload": {
@@ -658,9 +667,9 @@
             ],
             "support": {
                 "issues": "https://github.com/firebase/php-jwt/issues",
-                "source": "https://github.com/firebase/php-jwt/tree/v5.2.1"
+                "source": "https://github.com/firebase/php-jwt/tree/v6.4.0"
             },
-            "time": "2021-02-12T00:02:00+00:00"
+            "time": "2023-02-09T21:01:23+00:00"
         },
         {
             "name": "guzzlehttp/guzzle",
-- 
2.25.1