HMACSignatureTest - Code Metrics - Inspection of "Update simplesamlphp/simplesamlphp-test-framework..." - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#61)

unknown

created 2025-04-04 23:39 UTC

HMACSignatureTest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	128
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	55
dl	0
loc	128
rs	10
c	0
b	0
f	0
wmc	4

<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\Test\Alg\Signature;

use PHPUnit\Framework\TestCase;
use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Key\SymmetricKey;

use function bin2hex;
use function hex2bin;

/**
 * Tests for SimpleSAML\XMLSecurity\Alg\Signature\HMAC.
 *
 * @package SimpleSAML\Signature
 */
final class HMACSignatureTest extends TestCase
{
    /** @var string */
    protected const PLAINTEXT = 'plaintext';

    /** @var string */
    protected const SECRET = 'de54fbd0f10c34df6e800b11043024fa';

    /** @var \SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory */
    protected static SignatureAlgorithmFactory $factory;

    /** @var \SimpleSAML\XMLSecurity\Key\SymmetricKey */
    protected static SymmetricKey $key;


    public static function setUpBeforeClass(): void
    {
        self::$factory = new SignatureAlgorithmFactory([]);
        self::$key = new SymmetricKey(self::SECRET);
    }


    /**
     * Test that signing works.
     */
    public function testSign(): void
    {
        // test HMAC-SHA1
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
        $this->assertEquals('655c3b4277b39f31dedf5adc7f4cc9f07da7102c', bin2hex($hmac->sign(self::PLAINTEXT)));

        // test HMAC-SHA224
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key);
        $this->assertEquals(
            '645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40',
            bin2hex($hmac->sign(self::PLAINTEXT)),
        );

        // test HMAC-SHA256
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key);
        $this->assertEquals(
            '721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2',
            bin2hex($hmac->sign(self::PLAINTEXT)),
        );

        // test HMAC-SHA384
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key);
        $this->assertEquals(
            'b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c',
            bin2hex($hmac->sign(self::PLAINTEXT)),
        );

        // test HMAC-SHA512
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key);
        $this->assertEquals(
            '9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f506776d8' .
            '8e2f47fff055fc51342b69cdc',
            bin2hex($hmac->sign(self::PLAINTEXT)),
        );

        // test HMAC-RIPEMD160
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key);
        $this->assertEquals('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d', bin2hex($hmac->sign(self::PLAINTEXT)));
    }


    /**
     * Test that signature verification works.
     */
    public function testVerify(): void
    {
        // test HMAC-SHA1
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
        $this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));

        // test HMAC-SHA224
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key);
        $this->assertTrue($hmac->verify(
            self::PLAINTEXT,
            hex2bin('645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40'),
        ));

        // test HMAC-SHA256
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key);
        $this->assertTrue($hmac->verify(
            self::PLAINTEXT,
            hex2bin('721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2'),
        ));

        // test HMAC-SHA384
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key);
        $this->assertTrue($hmac->verify(
            self::PLAINTEXT,
            hex2bin('b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c'),
        ));

        // test HMAC-SHA512
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key);
        $this->assertTrue($hmac->verify(
            self::PLAINTEXT,
            hex2bin(
                '9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f5067' .
                '76d88e2f47fff055fc51342b69cdc',
            ),
        ));

        // test HMAC-RIPEMD160
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key);
        $this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d')));
    }


    /**
     * Test that signature verification fails properly.
     */
    public function testVerificationFailure(): void
    {
        // test wrong plaintext
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
        $this->assertFalse($hmac->verify(self::PLAINTEXT . '.', hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));

        // test wrong signature
        $this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102d')));

        // test wrong key
        $wrongKey = new SymmetricKey('de54fbd0f10c34df6e800b11043024fb');
        $hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, $wrongKey);
        $this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\XMLSecurity\Test\Alg\Signature;
6
7			use PHPUnit\Framework\TestCase;
8			use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
9			use SimpleSAML\XMLSecurity\Constants as C;
10			use SimpleSAML\XMLSecurity\Key\SymmetricKey;
11
12			use function bin2hex;
13			use function hex2bin;
14
15			/**
16			* Tests for SimpleSAML\XMLSecurity\Alg\Signature\HMAC.
17			*
18			* @package SimpleSAML\Signature
19			*/
20			final class HMACSignatureTest extends TestCase
21			{
22			/** @var string */
23			protected const PLAINTEXT = 'plaintext';
24
25			/** @var string */
26			protected const SECRET = 'de54fbd0f10c34df6e800b11043024fa';
27
28			/** @var \SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory */
29			protected static SignatureAlgorithmFactory $factory;
30
31			/** @var \SimpleSAML\XMLSecurity\Key\SymmetricKey */
32			protected static SymmetricKey $key;
33
34
35			public static function setUpBeforeClass(): void
36			{
37			self::$factory = new SignatureAlgorithmFactory([]);
38			self::$key = new SymmetricKey(self::SECRET);
39			}
40
41
42			/**
43			* Test that signing works.
44			*/
45			public function testSign(): void
46			{
47			// test HMAC-SHA1
48			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
49			$this->assertEquals('655c3b4277b39f31dedf5adc7f4cc9f07da7102c', bin2hex($hmac->sign(self::PLAINTEXT)));
50
51			// test HMAC-SHA224
52			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key);
53			$this->assertEquals(
54			'645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40',
55			bin2hex($hmac->sign(self::PLAINTEXT)),
56			);
57
58			// test HMAC-SHA256
59			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key);
60			$this->assertEquals(
61			'721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2',
62			bin2hex($hmac->sign(self::PLAINTEXT)),
63			);
64
65			// test HMAC-SHA384
66			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key);
67			$this->assertEquals(
68			'b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c',
69			bin2hex($hmac->sign(self::PLAINTEXT)),
70			);
71
72			// test HMAC-SHA512
73			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key);
74			$this->assertEquals(
75			'9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f506776d8' .
76			'8e2f47fff055fc51342b69cdc',
77			bin2hex($hmac->sign(self::PLAINTEXT)),
78			);
79
80			// test HMAC-RIPEMD160
81			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key);
82			$this->assertEquals('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d', bin2hex($hmac->sign(self::PLAINTEXT)));
83			}
84
85
86			/**
87			* Test that signature verification works.
88			*/
89			public function testVerify(): void
90			{
91			// test HMAC-SHA1
92			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
93			$this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));
94
95			// test HMAC-SHA224
96			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key);
97			$this->assertTrue($hmac->verify(
98			self::PLAINTEXT,
99			hex2bin('645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40'),
100			));
101
102			// test HMAC-SHA256
103			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key);
104			$this->assertTrue($hmac->verify(
105			self::PLAINTEXT,
106			hex2bin('721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2'),
107			));
108
109			// test HMAC-SHA384
110			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key);
111			$this->assertTrue($hmac->verify(
112			self::PLAINTEXT,
113			hex2bin('b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c'),
114			));
115
116			// test HMAC-SHA512
117			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key);
118			$this->assertTrue($hmac->verify(
119			self::PLAINTEXT,
120			hex2bin(
121			'9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f5067' .
122			'76d88e2f47fff055fc51342b69cdc',
123			),
124			));
125
126			// test HMAC-RIPEMD160
127			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key);
128			$this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d')));
129			}
130
131
132			/**
133			* Test that signature verification fails properly.
134			*/
135			public function testVerificationFailure(): void
136			{
137			// test wrong plaintext
138			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key);
139			$this->assertFalse($hmac->verify(self::PLAINTEXT . '.', hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));
140
141			// test wrong signature
142			$this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102d')));
143
144			// test wrong key
145			$wrongKey = new SymmetricKey('de54fbd0f10c34df6e800b11043024fb');
146			$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, $wrongKey);
147			$this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c')));
148			}
149			}
150

simplesamlphp / xml-security

Pull Request — master (#61)

HMACSignatureTest A

Complexity

Size/Duplication

Importance

Duplication Side-by-Side

Filter issues like