Added tests for SimpleSAML\XML\Signer

lib/SimpleSAML/XML/Signer.php

@@ -123,14 +123,22 @@ class Signer
      *                      to the cert-directory.
      * @param string|null $pass  The passphrase on the private key. Pass no value or NULL if the private
      *                           key is unencrypted.
+     * @param bool $full_path  Whether the filename found in the configuration contains the
+     *                         full path to the private key or not. Default to false.
      * @throws \Exception
      */
-    public function loadPrivateKey($file, $pass = null)
+    public function loadPrivateKey($file, $pass = null, $full_path = false)
     {
         assert('is_string($file)');
         assert('is_string($pass) || is_null($pass)');
+        assert('is_bool($full_path)');
+
+        if (!$full_path) {
+            $keyFile = Config::getCertPath($file);
+        } else {
+            $keyFile = $file;
+        }
 
-        $keyFile = Config::getCertPath($file);
         if (!file_exists($keyFile)) {
             throw new \Exception('Could not find private key file "' . $keyFile . '".');
         }
@@ -178,13 +186,21 @@ class Signer
      *
      * @param string $file  The file which contains the certificate. The path is assumed to be relative to
      *                      the cert-directory.
+     * @param bool $full_path  Whether the filename found in the configuration contains the
+     *                         full path to the private key or not. Default to false.
      * @throws \Exception
      */
-    public function loadCertificate($file)
+    public function loadCertificate($file, $full_path = false)
     {
         assert('is_string($file)');
+        assert('is_bool($full_path)');
+
+        if (!$full_path) {
+            $certFile = Config::getCertPath($file);
+        } else {
+            $certFile = $file;
+        }
 
-        $certFile = Config::getCertPath($file);
         if (!file_exists($certFile)) {
             throw new \Exception('Could not find certificate file "' . $certFile . '".');
         }
@@ -216,13 +232,21 @@ class Signer
      * are added.
      *
      * @param string $file  The file which contains the certificate, relative to the cert-directory.
+     * @param bool $full_path  Whether the filename found in the configuration contains the
+     *                         full path to the private key or not. Default to false.
      * @throws \Exception
      */
-    public function addCertificate($file)
+    public function addCertificate($file, $full_path = false)
     {
         assert('is_string($file)');
+        assert('is_bool($full_path)');
+
+        if (!$full_path) {
+            $certFile = Config::getCertPath($file);
+        } else {
+            $certFile = $file;
+        }
 
-        $certFile = Config::getCertPath($file);
         if (!file_exists($certFile)) {
             throw new \Exception('Could not find extra certificate file "' . $certFile . '".');
         }
@@ -268,9 +292,12 @@ class Signer
             $options['id_name'] = $this->idAttrName;
         }
 
-        $objXMLSecDSig->addReferenceList(array($node), XMLSecurityDSig::SHA1,
+        $objXMLSecDSig->addReferenceList(
+            array($node),
+            XMLSecurityDSig::SHA1,
             array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
-            $options);
+            $options
+        );
 
         $objXMLSecDSig->sign($this->privateKey);
 

tests/lib/SimpleSAML/XML/SignerTest.php

+<?php
+
+namespace SimpleSAML\Test\Utils;
+
+use \SimpleSAML_Configuration as Configuration;
+use \SimpleSAML\XML\Signer;
+
+use \org\bovigo\vfs\vfsStream;
+
+/**
+ * Tests for SimpleSAML\XML\Signer.
+ */
+class SignerTest extends \PHPUnit_Framework_TestCase
+{
+    // openssl genrsa -out private.pem 2048
+    private $private_key = <<<'NOWDOC'
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/
+FZODrGpm8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFV
+KdqodrDXNN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxY
+lC9t8c+Kv3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aB
+nc1WoUBGudSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4
+Y6RKCn3fOJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABAoIBAH364cTkPompPIyw
+0AmMB6MafFVfZHD8Y0GSJvPaJESaOLny0fWPX4oavQNsl/g37lGe6Jr+26Ujs3CT
+WplP1V01new+cYQoWa9bpDoSj2RtpOmE/6Ri9EETnCVZoK7W+7m3A2Zt1y8N61T2
+vhZtBA5uhvMvQZTUvehz99bsX4GPTUilYHCPEq4IPkfhCMGigv/c0lWtFQhOoNUF
+BjZHezH4Z/qQolIaHpzFZT0K0e7VD4gomBegGsIqPuEJ0gProCjULqA0O5QT4gQX
+IT52pUJuU0061d4JOfDcgDI3NT2SmBBMfig71n/R88eMn0azWKN4rn4/3QjxRW3q
+tdjL0UECgYEA/ynTXtuL7G5zOezKirakuSlSbHu/3TJ+tdG5p7WOLqWADUzgqss+
+k7rxxFUxw40dBpC0LfYP5YMhXi4cBiNoT5EWhT53x/UxCilXHuz5uYcrt/Wyaqa0
+mZuyIPYuw/yTASEBUE/sE1DU82PD3IlkPmqfgEyW6j8CVyLqo/LxMWECgYEA5XoM
+aVB5jhYk8jxy0APWn4jSTm2zpTBZpzHmqTPL19B4Es18XoU+ehWA8rWGQFFwbl1f
+TTUBE1hlS9MgMMI8MK6S1Qrhi7mVrHuMaMbp0ilwDBjv+4DSqlDGDoCSLCLrDkkl
+c0uDLLFGHkfDjNmk3uiSxPZvrUiVVuwJYLGNGt8CgYEAyvjWbsptz7E8b4Nwyk7n
+UXMRYcI+qRIVwUQHTuUZKPn1lp7kyHfMW2+GCgtK/qctw58v9K+bjZJ15JkBKdDY
+lRJwu6UpWyIr1E12Q9919qMTn84OEtBxMQ+s7pNmN/ieZ3N9vAkXXXYbL1DY6IFS
+AGSIZGKIWeWtUusvgyMpwYECgYEArGDIHfxTs0YzLrv1ywh3GpQe1sdVYUs2rX+w
+s32zLETvTcCKIj6ZNgAdQzTUyk/i0yTUyBx+2FdYkGLiFX5y1Gbu6ZYo41rfchfE
+25hAYJy8DHpXG2gj18ihXpd6NilsxOhxd3BL8zCfaXOjE5USYlf2mHo+Xb7eX9Mj
+ID1/r6UCgYBos8plM27v5BzI8gghUlkFAFLmmccJXQHCUlUhT1+d8FTMEhTZGjZk
+94a7cc/ps+6UCp6hOqJ2d6w+cfteWZWP0zMcoxr2JAO9lYekIlUafoZ+mhJCCqoC
+ENg4/K7BqpAlRzCf28gUiL53wOut2CadGIoSvj0UR/Mh2eM64jTgSQ==
+-----END RSA PRIVATE KEY-----
+NOWDOC;
+
+    // openssl req -new -x509 -key private.pem -out public1.pem -days 3650
+    private $certificate1 = <<<'NOWDOC'
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAIonjtIRUcfJMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTcwNjE1MTcyMTI4WhcNMjcwNjEzMTcyMTI4WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/FZODrGpm
+8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFVKdqodrDX
+NN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxYlC9t8c+K
+v3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aBnc1WoUBG
+udSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4Y6RKCn3f
+OJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABo1AwTjAdBgNVHQ4EFgQUZHjC+k2X
+pMchyKojQngj5zOsZacwHwYDVR0jBBgwFoAUZHjC+k2XpMchyKojQngj5zOsZacw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAETjO0RltSYxFdxmIqVIg
+7N6yKptUr46YkWY877HWmCLExHwFLTvewUvbgx7ASYA0YMErnAaVrT9IqCDbOUF+
+RCBovVuiAwwKcvag0C8nKg7rfx7KDr2E8vVV+2WzSpDECtLrpTmrPaje8TlFv8NW
+hMk80osVxnGmI7UewiMzfpRuA4tEKFxHhoQG5LVinWRTMKw6EYmrSKGLdQt/27zj
+xDe0oOS2DDIYbU/oWCqLtlTlzVqrNM7ig9HKcT0Xxgf5rwTDDzNf/dpM/Nt8DWFY
+YmLDnUolf8d/M/kglX1x5IRSN+GxTCgV8i6dIF9EPtBW/AfMz99ojmW+WOgfOLnm
+vg==
+-----END CERTIFICATE-----
+NOWDOC;
+
+    // openssl req -new -x509 -key private.pem -out public2.pem -days 3650
+    private $certificate2 = <<<'NOWDOC'
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAJ6gIIeYjdQSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTcwNjE1MTcyMTM0WhcNMjcwNjEzMTcyMTM0WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/FZODrGpm
+8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFVKdqodrDX
+NN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxYlC9t8c+K
+v3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aBnc1WoUBG
+udSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4Y6RKCn3f
+OJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABo1AwTjAdBgNVHQ4EFgQUZHjC+k2X
+pMchyKojQngj5zOsZacwHwYDVR0jBBgwFoAUZHjC+k2XpMchyKojQngj5zOsZacw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA1CqpKLeYLkgRym2qeMhU
+5lKlXAYX5b0eM2SOCCjfpEnRqp2PTU/E83H0MOY6i47OfHp3LKNUj4Kze2DD+S6A
+llpmLfuLXZ/CB19sByzMrcEyUQo4mfqvKyzLhUTgygGczyocwRRZgnw1e+VwMtpf
+mgXnldomDT8CUsM2v3Xb52+JPGSCs16lRYZkgDCQEpHU4+VQxwGAGpj13NM+sidR
+ymj443jgpF6XUviaGiaS292rXMO/tW7veA1UZ2/eTKu5PF9RqDmYLiGatY1qp4tr
+QjBeEjMtDCs9Rqaety/UIaL4ZfOKffLKsKb2mjM/ew+QTwTLDg9RVv5vv2jbZrw7
+Nw==
+-----END CERTIFICATE-----
+NOWDOC;
+
+    const ROOTDIRNAME = 'testdir';
+    const DEFAULTCERTDIR = 'certdir';
+    const PRIVATEKEY = 'privatekey.pem';
+    const CERTIFICATE1 = 'certificate1.pem';
+    const CERTIFICATE2 = 'certificate2.pem';
+
+    public function setUp()
+    {
+        $this->root = vfsStream::setup(
+            self::ROOTDIRNAME,
+            null,
+            array(
+                self::DEFAULTCERTDIR => array(
+                    self::PRIVATEKEY => $this->private_key,
+                    self::CERTIFICATE1 => $this->certificate1,
+                    self::CERTIFICATE2 => $this->certificate2,
+                ),
+            )
+        );
+        $this->root_directory = vfsStream::url(self::ROOTDIRNAME);
+
+        $this->certdir = $this->root_directory.DIRECTORY_SEPARATOR.self::DEFAULTCERTDIR;
+        $this->privatekey_file = $this->certdir.DIRECTORY_SEPARATOR.self::PRIVATEKEY;
+        $this->certificate_file1 = $this->certdir.DIRECTORY_SEPARATOR.self::CERTIFICATE1;
+        $this->certificate_file2 = $this->certdir.DIRECTORY_SEPARATOR.self::CERTIFICATE2;
+
+        $this->config = Configuration::loadFromArray(array(
+            'certdir' => $this->certdir,
+        ), '[ARRAY]', 'simplesaml');
+    }
+
+    public function tearDown()
+    {
+        $this->clearInstance($this->config, '\SimpleSAML_Configuration', array());
+    }
+
+    public function testSignerBasic()
+    {
+        $res = new Signer(array());
+
+        $this->assertNotNull($res);
+    }
+
+    public function testSignBasic()
+    {
+        $node = new \DOMDocument();
+        $node->loadXML('<?xml version="1.0"?><node>value</node>');
+        $element = $node->getElementsByTagName("node")->item(0);
+
+        $doc = new \DOMDocument();
+        $insertInto = $doc->appendChild(new \DOMElement('insert'));
+
+        $signer = new Signer(array());
+        $signer->loadPrivateKey($this->privatekey_file, null, true);
+        $signer->sign($element, $insertInto);
+
+        $res = $doc->saveXML();
+
+        $this->assertContains('DigestValue', $res);
+        $this->assertContains('SignatureValue', $res);
+    }
+
+    private static function getCertificateValue($certificate)
+    {
+        $replacements = array(
+            "-----BEGIN CERTIFICATE-----",
+            "-----END CERTIFICATE-----",
+            "\n",
+        );
+
+        return str_replace($replacements, "", $certificate);
+    }
+
+    public function testSignWithCertificate()
+    {
+        $node = new \DOMDocument();
+        $node->loadXML('<?xml version="1.0"?><node>value</node>');
+        $element = $node->getElementsByTagName("node")->item(0);
+
+        $doc = new \DOMDocument();
+        $insertInto = $doc->appendChild(new \DOMElement('insert'));
+
+        $signer = new Signer(array());
+        $signer->loadPrivateKey($this->privatekey_file, null, true);
+        $signer->loadCertificate($this->certificate_file1, true);
+        $signer->sign($element, $insertInto);
+
+        $res = $doc->saveXML();
+
+        $expected = self::getCertificateValue($this->certificate1);
+
+        $this->assertContains('X509Certificate', $res);
+        $this->assertContains($expected, $res);
+    }
+
+    public function testSignWithMultiCertificate()
+    {
+        $node = new \DOMDocument();
+        $node->loadXML('<?xml version="1.0"?><node>value</node>');
+        $element = $node->getElementsByTagName("node")->item(0);
+
+        $doc = new \DOMDocument();
+        $insertInto = $doc->appendChild(new \DOMElement('insert'));
+
+        $signer = new Signer(array());
+        $signer->loadPrivateKey($this->privatekey_file, null, true);
+        $signer->loadCertificate($this->certificate_file1, true);
+        $signer->addCertificate($this->certificate_file2, true);
+        $signer->sign($element, $insertInto);
+
+        $res = $doc->saveXML();
+
+        $expected1 = self::getCertificateValue($this->certificate1);
+        $expected2 = self::getCertificateValue($this->certificate2);
+
+        $this->assertContains('X509Certificate', $res);
+        $this->assertContains($expected1, $res);
+        $this->assertContains($expected2, $res);
+    }
+
+    public function testSignMissingPrivateKey()
+    {
+        $node = new \DOMDocument();
+        $node->loadXML('<?xml version="1.0"?><node>value</node>');
+        $element = $node->getElementsByTagName("node")->item(0);
+
+        $doc = new \DOMDocument();
+        $insertInto = $doc->appendChild(new \DOMElement('insert'));
+
+        $signer = new Signer(array());
+
+        $this->setExpectedException('\Exception');
+        $signer->sign($element, $insertInto);
+    }
+
+    protected function clearInstance($service, $className, $value = null)
+    {
+        $reflectedClass = new \ReflectionClass($className);
+        $reflectedInstance = $reflectedClass->getProperty('instance');
+        $reflectedInstance->setAccessible(true);
+        $reflectedInstance->setValue($service, $value);
+        $reflectedInstance->setAccessible(false);
+    }
+}

tests/modules/consent/lib/Auth/Process/ConsentTest.php

@@ -8,8 +8,14 @@
 
 namespace SimpleSAML\Test\Module\consent\Auth\Process;
 
+use \SimpleSAML_Configuration as Configuration;
+
 class ConsentTest extends \PHPUnit_Framework_TestCase
 {
+    public function setUp()
+    {
+        $this->config = Configuration::loadFromArray(array(), '[ARRAY]', 'simplesaml');
+    }
 
     /**
      * Helper function to run the filter with a given configuration.

tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php

@@ -2,6 +2,8 @@
 
 namespace SimpleSAML\Test\Module\saml\Auth\Source;
 
+use \SimpleSAML_Configuration as Configuration;
+
 /**
  * Custom Exception to throw to terminate a TestCase.
  */
@@ -121,6 +123,8 @@ class SP_Test extends \PHPUnit_Framework_TestCase
                 ),
             ),
         );
+
+        $this->config = Configuration::loadFromArray(array(), '[ARRAY]', 'simplesaml');
     }