* @license BSD */ namespace Domframework\Tests; use Domframework\Certificationauthority; /** Test the certification Authority */ class CertificationauthorityTest extends \PHPUnit_Framework_TestCase { public function test_createCA_1() { $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = explode("\n", $certificationauthority->caCert()); $caKey = explode("\n", $certificationauthority->caKey()); $res = $caCert[0] . $caKey[0]; $this->assertSame( $res, "-----BEGIN CERTIFICATE----------BEGIN PRIVATE KEY-----" ); } public function test_createCA_2() { $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); file_put_contents("/tmp/test_createCA_2", $caCert); exec("openssl x509 -in - -text -noout < /tmp/test_createCA_2", $output); $res = preg_match( "# CA:TRUE#", implode("\n", $output) ); unlink("/tmp/test_createCA_2"); $this->assertSame($res, 1); } public function test_createPK_1() { $certificationauthority = new Certificationauthority(); $privateKey = $certificationauthority->createPrivateKey() -> privateKey(); $privateKey = explode("\n", $privateKey); $this->assertSame($privateKey[0], "-----BEGIN PRIVATE KEY-----"); } public function test_createCSR_1() { $certificationauthority = new Certificationauthority(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $csr = explode("\n", $csr); $this->assertSame($csr[0], "-----BEGIN CERTIFICATE REQUEST-----"); } public function test_signCSR_1() { $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR($csr, $caCert, $caKey); $cert = explode("\n", $cert); $this->assertSame($cert[0], "-----BEGIN CERTIFICATE-----"); } public function test_signCSR_2() { $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR($csr, $caCert, $caKey); file_put_contents("/tmp/test_signCSR_2", $cert); exec("openssl x509 -in - -text -noout < /tmp/test_signCSR_2", $output); $res = preg_match( "#Subject: C = FR, .+ CN = CSR#", implode("\n", $output) ); unlink("/tmp/test_signCSR_2"); $this->assertSame($res, 1); } public function test_signCSR_3() { // Check if generated cert X509v3 Extended Key Usage are valid $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR($csr, $caCert, $caKey); file_put_contents("/tmp/test_signCSR_3", $cert); exec("openssl x509 -in - -text -noout < /tmp/test_signCSR_3", $output); $res = preg_match( "#TLS Web Server Authentication, TLS Web Client Authentication#", implode("\n", $output) ); unlink("/tmp/test_signCSR_3"); $this->assertSame($res, 1); } public function test_signCSR_4() { // Check if generated cert issuer name is valid $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR($csr, $caCert, $caKey); file_put_contents("/tmp/test_signCSR_4", $cert); exec("openssl x509 -in - -text -noout < /tmp/test_signCSR_4", $output); $res = preg_match( "#Issuer: C = FR, O = FOURNIER38, CN = CATEST#", implode("\n", $output) ); unlink("/tmp/test_signCSR_4"); $this->assertSame($res, 1); } public function test_signCSR_5() { // Check if generated cert is not tagged CA $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR($csr, $caCert, $caKey); file_put_contents("/tmp/test_signCSR_5", $cert); exec("openssl x509 -in - -text -noout < /tmp/test_signCSR_5", $output); $res = preg_match( "# CA:FALSE#", implode("\n", $output) ); unlink("/tmp/test_signCSR_5"); $this->assertSame($res, 1); } public function test_signCSR_6() { // Check if generated cert has Alternative Names $certificationauthority = new Certificationauthority(); $certificationauthority->createCA("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert(); $caKey = $certificationauthority->caKey(); $csr = $certificationauthority->createCSR( "FR", "FOURNIER38", "CSR.fournier38.fr" ); $cert = $certificationauthority->signCSR( $csr, $caCert, $caKey, null, ["ALT1.example.com","ALT2.example.com"] ); file_put_contents("/tmp/test_signCSR_6", $cert); exec("openssl x509 -in - -text -noout < /tmp/test_signCSR_6", $output); $res = preg_match( "#DNS:CSR.fournier38.fr, DNS:ALT1.example.com, DNS:ALT#", implode("\n", $output) ); unlink("/tmp/test_signCSR_6"); $this->assertSame($res, 1); } }