RequestSignerTest::getSignFixtures() - Code Metrics - Inspection of "GuzzleHttpClient: some light http tests" - bip70/bip70-php - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#10)

by thomas

created 2018-04-28 12:36 UTC

RequestSignerTest::getSignFixtures() A

↳ Parent: RequestSignerTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	19
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	19
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	13
nc	1
nop	0

<?php

declare(strict_types=1);

namespace Bip70\Test\X509;

use Bip70\Exception\X509Exception;
use Bip70\Protobuf\Proto\PaymentDetails;
use Bip70\Protobuf\Proto\X509Certificates;
use Bip70\X509\PKIType;
use Bip70\X509\RequestSigner;
use Bip70\X509\RequestValidation;
use Bip70\X509\TrustStoreLoader;
use PHPUnit\Framework\TestCase;
use Sop\CryptoEncoding\PEM;
use Sop\CryptoEncoding\PEMBundle;
use Sop\CryptoTypes\Asymmetric\PrivateKeyInfo;
use X509\Certificate\Certificate;
use X509\Certificate\CertificateBundle;
use X509\CertificationPath\PathValidation\PathValidationConfig;

class RequestSignerTest extends TestCase
{
    public function testSignRequiresPkiType()
    {
        $details = new PaymentDetails();
        $privateKey = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
        $cert = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
        $certBundle = new CertificateBundle();
        $requestSigner = new RequestSigner();

        $this->expectExceptionMessage("Don't call sign with pki_type = none");
        $this->expectException(\UnexpectedValueException::class);

        $requestSigner->sign($details, PKIType::NONE, $privateKey, $cert, $certBundle);
    }

    public function testSignRequiresValidPkiType()
    {
        $details = new PaymentDetails();
        $privateKey = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
        $cert = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
        $certBundle = new CertificateBundle();
        $requestSigner = new RequestSigner();

        $this->expectExceptionMessage("Unknown signature scheme");
        $this->expectException(X509Exception::class);

        $requestSigner->sign($details, "purebs", $privateKey, $cert, $certBundle);
    }

    /**
     * @return array
     */
    public function getSignFixtures(): array
    {
        $keySelfSigned = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
        $certSelfSigned = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
        $selfSignedStore = new CertificateBundle($certSelfSigned);
        $emptyBundle = new CertificateBundle();

        $keySigned = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/testnet-only-cert-not-valid.key"));
        $certs = CertificateBundle::fromPEMBundle(PEMBundle::fromFile(__DIR__ . "/../../data/testnet-only-cert-not-valid.cabundle.pem"));
        $certSigned = $certs->all()[0];
        $certBundle = new CertificateBundle(...array_slice($certs->all(), 1));

        $systemStore = TrustStoreLoader::fromSystem();
        return [
            // test a self signed case
            [$selfSignedStore, $keySelfSigned, $certSelfSigned, $emptyBundle],
            [$systemStore, $keySigned, $certSigned, $certBundle],
        ];
    }

    /**
     * @param PrivateKeyInfo $privateKey
     * @param Certificate $cert
     * @param CertificateBundle $certBundle
     * @param CertificateBundle $trustStore
     * @dataProvider getSignFixtures
     */
    public function testSignOperation(CertificateBundle $trustStore, PrivateKeyInfo $privateKey, Certificate $cert, CertificateBundle $certBundle)
    {
        $now = time();

        $details = new PaymentDetails();
        $details->setTime($now);

        $requestSigner = new RequestSigner();
        // 10/12/2017 ish
        $now = new \DateTimeImmutable();
        $now = $now->setTimestamp(1509692666);

        $requestValidator = new RequestValidation(new PathValidationConfig($now, 10), $trustStore);

        foreach ([PKIType::X509_SHA256, PKIType::X509_SHA1] as $pkiType) {
            $request = $requestSigner->sign($details, $pkiType, $privateKey, $cert, $certBundle);
            $this->assertTrue($request->hasSignature());
            $this->assertTrue($request->hasPkiData());
            $this->assertTrue($request->hasPkiType());

            $this->assertEquals($pkiType, $request->getPkiType());

            try {
                $requestValidator->validateX509Signature($cert, $request);
            } catch (\Exception $e) {
                $this->fail("verification of own signature should always succeed");
                return;
            }

            $x509 = new X509Certificates();
            $x509->parse($request->getPkiData());

            $this->assertEquals(1 + count($certBundle), count($x509->getCertificateList()));

            /** @var Certificate[] $allCerts */
            $allCerts = array_merge([$cert], $certBundle->all());
            foreach ($allCerts as $i => $certificate) {
                $this->assertEquals($certificate->toDER(), $x509->getCertificate($i));
            }

            try {
                $qualifiedCert = $requestValidator->validateCertificateChain($x509);
            } catch (\Exception $e) {
                $this->fail("certificate chain validation shouldn't fail");
                return;
            }

            $this->assertTrue($cert->equals($qualifiedCert->getPath()->endEntityCertificate()));

            try {
                $result = $requestValidator->verifyX509Details($request);
                $threw = false;
            } catch (\Exception $e) {
                $threw = true;
            }

            $this->assertFalse($threw, "verifying cert details shouldn't fail");

            $this->assertTrue($result->certificate()->equals($cert));
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace Bip70\Test\X509;
6
7			use Bip70\Exception\X509Exception;
8			use Bip70\Protobuf\Proto\PaymentDetails;
9			use Bip70\Protobuf\Proto\X509Certificates;
10			use Bip70\X509\PKIType;
11			use Bip70\X509\RequestSigner;
12			use Bip70\X509\RequestValidation;
13			use Bip70\X509\TrustStoreLoader;
14			use PHPUnit\Framework\TestCase;
15			use Sop\CryptoEncoding\PEM;
16			use Sop\CryptoEncoding\PEMBundle;
17			use Sop\CryptoTypes\Asymmetric\PrivateKeyInfo;
18			use X509\Certificate\Certificate;
19			use X509\Certificate\CertificateBundle;
20			use X509\CertificationPath\PathValidation\PathValidationConfig;
21
22			class RequestSignerTest extends TestCase
23			{
24			public function testSignRequiresPkiType()
25			{
26			$details = new PaymentDetails();
27			$privateKey = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
28			$cert = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
29			$certBundle = new CertificateBundle();
30			$requestSigner = new RequestSigner();
31
32			$this->expectExceptionMessage("Don't call sign with pki_type = none");
33			$this->expectException(\UnexpectedValueException::class);
34
35			$requestSigner->sign($details, PKIType::NONE, $privateKey, $cert, $certBundle);
36			}
37
38			public function testSignRequiresValidPkiType()
39			{
40			$details = new PaymentDetails();
41			$privateKey = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
42			$cert = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
43			$certBundle = new CertificateBundle();
44			$requestSigner = new RequestSigner();
45
46			$this->expectExceptionMessage("Unknown signature scheme");
47			$this->expectException(X509Exception::class);
48
49			$requestSigner->sign($details, "purebs", $privateKey, $cert, $certBundle);
50			}
51
52			/**
53			* @return array
54			*/
55			public function getSignFixtures(): array
56			{
57			$keySelfSigned = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.key.pem"));
58			$certSelfSigned = Certificate::fromPEM(PEM::fromFile(__DIR__ . "/../../data/selfsigned.cert.pem"));
59			$selfSignedStore = new CertificateBundle($certSelfSigned);
60			$emptyBundle = new CertificateBundle();
61
62			$keySigned = PrivateKeyInfo::fromPEM(PEM::fromFile(__DIR__ . "/../../data/testnet-only-cert-not-valid.key"));
63			$certs = CertificateBundle::fromPEMBundle(PEMBundle::fromFile(__DIR__ . "/../../data/testnet-only-cert-not-valid.cabundle.pem"));
64			$certSigned = $certs->all()[0];
65			$certBundle = new CertificateBundle(...array_slice($certs->all(), 1));
66
67			$systemStore = TrustStoreLoader::fromSystem();
68			return [
69			// test a self signed case
70			[$selfSignedStore, $keySelfSigned, $certSelfSigned, $emptyBundle],
71			[$systemStore, $keySigned, $certSigned, $certBundle],
72			];
73			}
74
75			/**
76			* @param PrivateKeyInfo $privateKey
77			* @param Certificate $cert
78			* @param CertificateBundle $certBundle
79			* @param CertificateBundle $trustStore
80			* @dataProvider getSignFixtures
81			*/
82			public function testSignOperation(CertificateBundle $trustStore, PrivateKeyInfo $privateKey, Certificate $cert, CertificateBundle $certBundle)
83			{
84			$now = time();
85
86			$details = new PaymentDetails();
87			$details->setTime($now);
88
89			$requestSigner = new RequestSigner();
90			// 10/12/2017 ish
91			$now = new \DateTimeImmutable();
92			$now = $now->setTimestamp(1509692666);
93
94			$requestValidator = new RequestValidation(new PathValidationConfig($now, 10), $trustStore);
95
96			foreach ([PKIType::X509_SHA256, PKIType::X509_SHA1] as $pkiType) {
97			$request = $requestSigner->sign($details, $pkiType, $privateKey, $cert, $certBundle);
98			$this->assertTrue($request->hasSignature());
99			$this->assertTrue($request->hasPkiData());
100			$this->assertTrue($request->hasPkiType());
101
102			$this->assertEquals($pkiType, $request->getPkiType());
103
104			try {
105			$requestValidator->validateX509Signature($cert, $request);
106			} catch (\Exception $e) {
107			$this->fail("verification of own signature should always succeed");
108			return;
109			}
110
111			$x509 = new X509Certificates();
112			$x509->parse($request->getPkiData());
113
114			$this->assertEquals(1 + count($certBundle), count($x509->getCertificateList()));
115
116			/** @var Certificate[] $allCerts */
117			$allCerts = array_merge([$cert], $certBundle->all());
118			foreach ($allCerts as $i => $certificate) {
119			$this->assertEquals($certificate->toDER(), $x509->getCertificate($i));
120			}
121
122			try {
123			$qualifiedCert = $requestValidator->validateCertificateChain($x509);
124			} catch (\Exception $e) {
125			$this->fail("certificate chain validation shouldn't fail");
126			return;
127			}
128
129			$this->assertTrue($cert->equals($qualifiedCert->getPath()->endEntityCertificate()));
130
131			try {
132			$result = $requestValidator->verifyX509Details($request);
133			$threw = false;
134			} catch (\Exception $e) {
135			$threw = true;
136			}
137
138			$this->assertFalse($threw, "verifying cert details shouldn't fail");
139
140			$this->assertTrue($result->certificate()->equals($cert));
141			}
142			}
143			}
144

bip70 / bip70-php

Pull Request — master (#10)

RequestSignerTest::getSignFixtures() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like