Skip to content
This repository has been archived by the owner on Jan 3, 2023. It is now read-only.

Kontrola existence cesty k veřejnému klíči #24

Closed
wants to merge 5 commits into from
Closed

Kontrola existence cesty k veřejnému klíči #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
620ee50
Extract cryptography creation to reduce DRY
jost125 Feb 25, 2017
ee398b0
Use valid public key in pkp test
jost125 Feb 25, 2017
6326084
Check key existence in cryptography constructor
jost125 Feb 25, 2017
32dc091
Extract invalid certificate path into constant
jost125 Feb 25, 2017
b0fb3d6
Verify public key format before usage
jost125 Feb 25, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions src/Cryptography/CryptographyService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ class CryptographyService

public function __construct(string $privateKeyFile, string $publicKeyFile, string $privateKeyPassword = '')
{
if (!file_exists($privateKeyFile)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spíš is_file file_exists vrací true i pro adresáře

throw new PrivateKeyFileNotFoundException($privateKeyFile);
}
if (!file_exists($publicKeyFile)) {
throw new PublicKeyFileNotFoundException($publicKeyFile);
}
$this->privateKeyFile = $privateKeyFile;
$this->publicKeyFile = $publicKeyFile;
$this->privateKeyPassword = $privateKeyPassword;
Expand Down Expand Up @@ -59,6 +65,7 @@ public function getBkpCode(string $pkpCode): string

public function addWSESignature(string $request): string
{
$this->tryLoadPublicKey();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Asi bych do metody posílal už obsah souboru, nebude se muset načítat 2x.

Přejmenoval bych metodu na verifyPublicKey

$securityKey = new \RobRichards\XMLSecLibs\XMLSecurityKey(\RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256, ['type' => 'private']);
$document = new \DOMDocument('1.0');
$document->loadXML($request);
Expand All @@ -73,4 +80,13 @@ public function addWSESignature(string $request): string
return $wse->saveXML();
}

private function tryLoadPublicKey()
{
$publicKeyResource = openssl_get_publickey(file_get_contents($this->publicKeyFile));
if ($publicKeyResource === false) {
throw new PublicKeyFileException($this->publicKeyFile);
}
openssl_free_key($publicKeyResource);
}

}
8 changes: 8 additions & 0 deletions src/Cryptography/PrivateKeyFileNotFoundException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?php declare(strict_types = 1);

namespace SlevomatEET\Cryptography;

class PrivateKeyFileNotFoundException extends PrivateKeyFileException
{

}
28 changes: 28 additions & 0 deletions src/Cryptography/PublicKeyFileException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?php declare(strict_types = 1);

namespace SlevomatEET\Cryptography;

class PublicKeyFileException extends \Exception
{

/**
* @var string
*/
private $publicKeyFile;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anotaci na jeden řádek


public function __construct(string $publicKeyFile, \Throwable $previous = null)
{
parent::__construct(sprintf(
'Public key could not be loaded from file \'%s\'. Please make sure that the file contains valid public key in PEM format.',
$publicKeyFile
), 0, $previous);

$this->publicKeyFile = $publicKeyFile;
}

public function getPublicKeyFile(): string
{
return $this->publicKeyFile;
}

}
8 changes: 8 additions & 0 deletions src/Cryptography/PublicKeyFileNotFoundException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?php declare(strict_types = 1);

namespace SlevomatEET\Cryptography;

class PublicKeyFileNotFoundException extends PublicKeyFileException
{

}
92 changes: 69 additions & 23 deletions tests/SlevomatEET/Cryptography/CryptographyServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,31 +9,61 @@ class CryptographyServiceTest extends \PHPUnit\Framework\TestCase

const EXPECTED_PKP = 'a0asEiJhFCBlVtptSspKvEZhcrvnzF7SQ55C4DhnStnSu1b37GUI2+Dlme9P94UCPZ1oCUPJdsYOBZ3IX6aEgEe0FJKXYX0kXraYCJKIo3g64wRchE7iblIOBCK1uHh8qqHA66Isnhb6hqBOOdlt2aWO/0jCzlfeQr0axpPF1mohMnP3h3ICaxZh0dnMdju5OmMrq+91PL5T9KkR7bfGHqAoWJ0kmxY/mZumtRfGil2/xf7I5pdVeYXPgDO/Tojzm6J95n68fPDOXTDrTzKYmqDjpg3kmWepLNQKFXRmkQrkBLToJWG1LDUDm3UTTmPWzq4c0XnGcXJDZglxfolGpA==';
const EXPECTED_BKP = '9356D566-A3E48838-FB403790-D201244E-95DCBD92';
const PRIVATE_KEY_WITHOUT_PASSWORD_PATH = __DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.key';
const PRIVATE_KEY_WITH_PASSWORD_PATH = __DIR__ . '/../../../cert/EET_CA1_Playground_With_Password-CZ00000019.key';
const PUBLIC_KEY_PATH = __DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub';
const INVALID_KEY_PATH = __DIR__ . '/invalid-certificate.pem';

public function testGetCodes()
{
$data = $this->getReceiptData();
$crypto = new CryptographyService(__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.key', __DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub');
$crypto = $this->createCryptographyServiceWithoutPassword();

$expectedPkp = base64_decode(self::EXPECTED_PKP);
$pkpCode = $crypto->getPkpCode($data);
self::assertSame($expectedPkp, $pkpCode);
self::assertSame(self::EXPECTED_BKP, $crypto->getBkpCode($pkpCode));
}

public function testExceptions()
/**
* @dataProvider provideInvalidKeyPaths
*/
public function testInvalidKeyPaths(string $privateKeyPath, string $publicKeyPath, string $expectedExceptionType)
{
try {
new CryptographyService($privateKeyPath, $publicKeyPath);
$this->fail('Exception ' . $expectedExceptionType . ' expected');
} catch (\PHPUnit\Framework\AssertionFailedError $exception) {
throw $exception;
} catch (\Throwable $exception) {
$this->assertInstanceOf($expectedExceptionType, $exception);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tady by se hodilo spíš $this->expectException

}
}

/**
* @return array[]
*/
public function provideInvalidKeyPaths(): array
{
return [
[self::PRIVATE_KEY_WITHOUT_PASSWORD_PATH, './foo/path', PublicKeyFileNotFoundException::class],
['./foo/path', self::PUBLIC_KEY_PATH, PrivateKeyFileNotFoundException::class],
];
}

public function testInvalidPrivateKeyInPkpCalculation()
{
$cryptoService = new CryptographyService(
__DIR__ . '/invalid-certificate.pem',
__DIR__ . '/invalid-certificate.pem'
self::INVALID_KEY_PATH,
self::PUBLIC_KEY_PATH
);

try {
$cryptoService->getPkpCode($this->getReceiptData());
$this->fail();

} catch (PrivateKeyFileException $e) {
$this->assertSame(__DIR__ . '/invalid-certificate.pem', $e->getPrivateKeyFile());
$this->assertSame(self::INVALID_KEY_PATH, $e->getPrivateKeyFile());
}
}

Expand All @@ -44,10 +74,7 @@ public function testExceptions2()
{
include __DIR__ . '/OpenSslFunctionsMock.php';

$cryptoService = new CryptographyService(
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.key',
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub'
);
$cryptoService = $cryptoService = $this->createCryptographyServiceWithoutPassword();

try {
$cryptoService->getPkpCode($this->getReceiptData());
Expand All @@ -61,40 +88,45 @@ public function testExceptions2()
public function testWSESignatureWithoutPrivateKeyPassword()
{
$request = $this->getRequestData();
$crypto = new CryptographyService(
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.key',
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub'
);
$crypto = $this->createCryptographyServiceWithoutPassword();

$this->assertNotEmpty($crypto->addWSESignature($request));
}

public function testWSESignatureWithPrivateKeyPassword()
{
$request = $this->getRequestData();
$crypto = new CryptographyService(
__DIR__ . '/../../../cert/EET_CA1_Playground_With_Password-CZ00000019.key',
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub',
'eet'
);
$crypto = $this->createCryptographyServiceWithPassword('eet');

$this->assertNotEmpty($crypto->addWSESignature($request));
}

public function testWSESignatureWithInvalidPrivateKeyPassword()
{
$request = $this->getRequestData();
$crypto = new CryptographyService(
__DIR__ . '/../../../cert/EET_CA1_Playground_With_Password-CZ00000019.key',
__DIR__ . '/../../../cert/EET_CA1_Playground-CZ00000019.pub',
'invalid'
);
$crypto = $this->createCryptographyServiceWithPassword('invalid');

$this->expectException(\PHPUnit\Framework\Error\Error::class);
$this->expectExceptionMessage('openssl_sign(): supplied key param cannot be coerced into a private key');
$crypto->addWSESignature($request);
}

public function testWSESignatureWithInvalidPublicKey()
{
$request = $this->getRequestData();
$crypto = new CryptographyService(
self::PRIVATE_KEY_WITHOUT_PASSWORD_PATH,
self::INVALID_KEY_PATH
);

try {
$crypto->addWSESignature($request);
$this->fail('Exception ' . PublicKeyFileException::class . ' expected');
} catch (PublicKeyFileException $e) {
$this->assertSame(self::INVALID_KEY_PATH, $e->getPublicKeyFile());
}
}

private function getReceiptData(): array
{
return [
Expand Down Expand Up @@ -127,4 +159,18 @@ private function getRequestData(): string
return $request;
}

private function createCryptographyServiceWithoutPassword(): CryptographyService
{
return new CryptographyService(self::PRIVATE_KEY_WITHOUT_PASSWORD_PATH, self::PUBLIC_KEY_PATH);
}

private function createCryptographyServiceWithPassword(string $password): CryptographyService
{
return new CryptographyService(
self::PRIVATE_KEY_WITH_PASSWORD_PATH,
self::PUBLIC_KEY_PATH,
$password
);
}

}