* @license BSD */ namespace Domframework\Tests; use Domframework\Certificationauthority; /** Test the certification Authority */ class CertificationauthorityTest extends \PHPUnit_Framework_TestCase { public function test_createCA_1 () { $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = explode ("\n", $certificationauthority->caCert ()); $caKey = explode ("\n", $certificationauthority->caKey ()); $res = $caCert[0] . $caKey[0]; $this->assertSame ($res, "-----BEGIN CERTIFICATE----------BEGIN PRIVATE KEY-----"); } public function test_createCA_2 () { $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); file_put_contents ("/tmp/test_createCA_2", $caCert); exec ("openssl x509 -in - -text -noout < /tmp/test_createCA_2", $output); $res = preg_match ("# CA:TRUE#", implode ("\n", $output)); unlink ("/tmp/test_createCA_2"); $this->assertSame ($res, 1); } public function test_createPK_1 () { $certificationauthority = new Certificationauthority (); $privateKey = $certificationauthority->createPrivateKey () -> privateKey (); $privateKey = explode ("\n", $privateKey); $this->assertSame ($privateKey[0], "-----BEGIN PRIVATE KEY-----"); } public function test_createCSR_1 () { $certificationauthority = new Certificationauthority (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $csr = explode ("\n", $csr); $this->assertSame ($csr[0], "-----BEGIN CERTIFICATE REQUEST-----"); } public function test_signCSR_1 () { $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); $cert = explode ("\n", $cert); $this->assertSame ($cert[0], "-----BEGIN CERTIFICATE-----"); } public function test_signCSR_2 () { $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_2", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_2", $output); $res = preg_match ("#Subject: C = FR, .+ CN = CSR#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_2"); $this->assertSame ($res, 1); } public function test_signCSR_3 () { // Check if generated cert X509v3 Extended Key Usage are valid $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_3", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_3", $output); $res = preg_match ( "#TLS Web Server Authentication, TLS Web Client Authentication#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_3"); $this->assertSame ($res, 1); } public function test_signCSR_4 () { // Check if generated cert issuer name is valid $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_4", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_4", $output); $res = preg_match ("#Issuer: C = FR, O = FOURNIER38, CN = CATEST#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_4"); $this->assertSame ($res, 1); } public function test_signCSR_5 () { // Check if generated cert is not tagged CA $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_5", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_5", $output); $res = preg_match ("# CA:FALSE#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_5"); $this->assertSame ($res, 1); } public function test_signCSR_6 () { // Check if generated cert has Alternative Names $certificationauthority = new Certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR.fournier38.fr"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey, null, ["ALT1.example.com","ALT2.example.com"]); file_put_contents ("/tmp/test_signCSR_6", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_6", $output); $res = preg_match ("#DNS:CSR.fournier38.fr, DNS:ALT1.example.com, DNS:ALT#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_6"); $this->assertSame ($res, 1); } }