createCA ("FR", "FOURNIER38", "CATEST"); $caCert = explode ("\n", $certificationauthority->caCert ()); $caKey = explode ("\n", $certificationauthority->caKey ()); $res = $caCert[0] . $caKey[0]; $this->assertSame ($res, "-----BEGIN CERTIFICATE----------BEGIN PRIVATE KEY-----"); } public function test_createPK_1 () { $certificationauthority = new certificationauthority (); $privateKey = $certificationauthority->createPrivateKey () -> privateKey (); $privateKey = explode ("\n", $privateKey); $this->assertSame ($privateKey[0], "-----BEGIN PRIVATE KEY-----"); } public function test_createCSR_1 () { $certificationauthority = new certificationauthority (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $csr = explode ("\n", $csr); $this->assertSame ($csr[0], "-----BEGIN CERTIFICATE REQUEST-----"); } public function test_signCSR_1 () { $certificationauthority = new certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); $cert = explode ("\n", $cert); $this->assertSame ($cert[0], "-----BEGIN CERTIFICATE-----"); } public function test_signCSR_2 () { $certificationauthority = new certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_2", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_2", $output); $res = preg_match ("#Subject: C = FR, .+ CN = CSR#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_2"); $this->assertSame ($res, 1); } public function test_signCSR_3 () { // Check if generated cert X509v3 Extended Key Usage are valid $certificationauthority = new certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_3", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_3", $output); $res = preg_match ( "#TLS Web Server Authentication, TLS Web Client Authentication#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_3"); $this->assertSame ($res, 1); } public function test_signCSR_4 () { // Check if generated cert issuer name is valid $certificationauthority = new certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_4", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_4", $output); $res = preg_match ("#Issuer: C = FR, O = FOURNIER38, CN = CATEST#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_4"); $this->assertSame ($res, 1); } public function test_signCSR_5 () { // Check if generated cert is not tagged CA $certificationauthority = new certificationauthority (); $certificationauthority->createCA ("FR", "FOURNIER38", "CATEST"); $caCert = $certificationauthority->caCert (); $caKey = $certificationauthority->caKey (); $csr = $certificationauthority->createCSR ("FR", "FOURNIER38", "CSR"); $cert = $certificationauthority->signCSR ($csr, $caCert, $caKey); file_put_contents ("/tmp/test_signCSR_5", $cert); exec ("openssl x509 -in - -text -noout < /tmp/test_signCSR_5", $output); $res = preg_match ("# CA:FALSE#", implode ("\n", $output)); unlink ("/tmp/test_signCSR_5"); $this->assertSame ($res, 1); } }