/**
  * @return array
  */
 protected function createCA()
 {
     $caKeyPair = KeyPair::create();
     $this->assertNotEmpty($caKeyPair['privatekey']);
     $this->assertNotEmpty($caKeyPair['publickey']);
     $caCert = CA::create($caKeyPair, '/O=test');
     $this->assertNotEmpty($caCert);
     return array($caKeyPair, $caCert);
 }
Exemplo n.º 2
0
 public function testRoundtrip()
 {
     $test = $this;
     $caKeyPair = KeyPair::create();
     $this->assertNotEmpty($caKeyPair['privatekey']);
     $this->assertNotEmpty($caKeyPair['publickey']);
     $caCert = CA::create($caKeyPair, '/O=test');
     $this->assertNotEmpty($caCert);
     $certValidator = new DefaultCertificateValidator($caCert, NULL, NULL);
     // The application provider sets up a RegistrationServer.
     // The site connects to the registration server.
     $appKeyPair = KeyPair::create();
     $appMeta = array('title' => 'My App', 'appId' => 'app:abcd1234abcd1234', 'appCert' => CA::signCSR($caKeyPair, $caCert, CA::createAppCSR($appKeyPair, '/O=Application Provider, CN=app:abcd1234abcd1234')), 'appUrl' => 'http://app-a.com/cxn', 'perm' => array('api' => array(), 'grant' => array('view all contacts')));
     $appCxnStore = new ArrayCxnStore();
     $regServer = new RegistrationServer($appMeta, $appKeyPair, $appCxnStore);
     $regServer->setCertValidator($certValidator);
     $siteCxnStore = new ArrayCxnStore();
     $regClient = new RegistrationClient($siteCxnStore, 'http://example.org/civicrm/cxn/api');
     $regClient->setCertValidator($certValidator);
     $regClient->setHttp(new Http\FakeHttp(function ($verb, $url, $blob) use($regServer, $test) {
         $test->assertEquals('http://app-a.com/cxn', $url);
         return $regServer->handle($blob)->toHttp();
     }));
     list($cxnId, $regResponse) = $regClient->register($appMeta, $siteCxnStore);
     $this->assertEquals(0, $regResponse['is_error']);
     $siteCxn = $siteCxnStore->getByCxnId($cxnId);
     $this->assertEquals($siteCxn['appUrl'], 'http://app-a.com/cxn');
     $appCxn = $appCxnStore->getByCxnId($cxnId);
     $this->assertEquals($appCxn['siteUrl'], 'http://example.org/civicrm/cxn/api');
     // The application provider issues an API call to the site.
     $apiServer = new ApiServer($siteCxnStore);
     $apiServer->setCertValidator(new DefaultCertificateValidator($caCert, NULL, NULL));
     $apiServer->setRouter(function ($cxn, $entity, $action, $params) {
         if ($action == 'echo') {
             return $params;
         } else {
             return array('message' => 'unrecognized action');
         }
     });
     $apiClient = new ApiClient($appMeta, $appCxnStore, $cxnId);
     $apiClient->setHttp(new Http\FakeHttp(function ($verb, $url, $blob) use($apiServer, $test) {
         $test->assertEquals('http://example.org/civicrm/cxn/api', $url);
         return $apiServer->handle($blob)->toHttp();
     }));
     $this->assertEquals(array('whimsy'), $apiClient->call('Foo', 'echo', array('whimsy')));
     $this->assertEquals(array('message' => 'unrecognized action'), $apiClient->call('Foo', 'bar', array()));
     // The site unregisters.
     list($unregCxnId, $unregResponse) = $regClient->unregister($appMeta);
     $this->assertEquals(0, $unregResponse['is_error']);
     $this->assertNull($siteCxnStore->getByCxnId($cxnId));
     $this->assertNull($appCxnStore->getByCxnId($cxnId));
 }
 /**
  * @param Message $invalidInput
  * @throws Exception\InvalidMessageException
  * @dataProvider invalidInputExamples
  */
 public function testInvalidInput($appKeyPair, $invalidInput)
 {
     $caKeyPair = KeyPair::create();
     $this->assertNotEmpty($caKeyPair['privatekey']);
     $this->assertNotEmpty($caKeyPair['publickey']);
     $caCert = CA::create($caKeyPair, '/O=test');
     $this->assertNotEmpty($caCert);
     $appMeta = array('title' => 'My App', 'appId' => self::APP_ID, 'appCert' => CA::signCSR($caKeyPair, $caCert, CA::createAppCSR($appKeyPair, '/O=Application Provider')), 'appUrl' => 'http://app-a.com/cxn', 'perm' => array('api' => array(), 'grant' => array('view all contacts')));
     $appCxnStore = new ArrayCxnStore();
     $regServer = new RegistrationServer($appMeta, $appKeyPair, $appCxnStore);
     list($headers, $blob, $code) = $regServer->handle($invalidInput->encode())->toHttp();
     $this->assertEquals(400, $code);
     $message = InsecureMessage::decode($blob);
     $data = $message->getData();
     $this->assertEquals(1, $data['is_error']);
     $this->assertEquals('Invalid message coding', $data['error_message']);
 }
Exemplo n.º 4
0
 /**
  * In this case, we have an app whose $appCertPem appears valid, and we have CRL
  * whose $crlDistCertPem is signed, but the $crlDistCertPem has usage rules
  * which do not allow signing CRLs.
  */
 public function testCRL_SignedByNonDist()
 {
     // create CA
     $caKeyPairPems = KeyPair::create();
     $caCertPem = CA::create($caKeyPairPems, '/O=test');
     $this->assertNotEmpty($caCertPem);
     // create would-be CRL dist authority -- but not really authorized for signing CRLs.
     // note createCSR() instead of createCrlDistCSR().
     $crlDistKeyPairPems = KeyPair::create();
     $crlDistCertPem = CA::signCSR($caKeyPairPems, $caCertPem, CA::createAppCSR($crlDistKeyPairPems, '/O=test'));
     $this->assertNotEmpty($crlDistCertPem);
     $certValidator = new DefaultCertificateValidator($caCertPem, NULL, NULL);
     $certValidator->validateCert($crlDistCertPem);
     // create CRL
     $crlDistCertObj = X509Util::loadCert($crlDistCertPem, $crlDistKeyPairPems, $caCertPem);
     $this->assertNotEmpty($crlDistCertObj);
     $crlObj = new \File_X509();
     $crlObj->setSerialNumber(1, 10);
     $crlObj->setEndDate('+2 days');
     $crlPem = $crlObj->saveCRL($crlObj->signCRL($crlDistCertObj, $crlObj));
     $this->assertNotEmpty($crlPem);
     $crlObj->loadCRL($crlPem);
     // create cert
     $appKeyPair = KeyPair::create();
     $appCertPem = CA::signCSR($caKeyPairPems, $caCertPem, CA::createAppCSR($appKeyPair, '/O=Application Provider'), 4321);
     // validate cert - fails due to improper CRL
     try {
         $certValidator = new DefaultCertificateValidator($caCertPem, $crlDistCertPem, $crlPem);
         $certValidator->validateCert($appCertPem);
         $this->fail('Expected InvalidCertException, but no exception was reported.');
     } catch (InvalidCertException $e) {
         $this->assertRegExp('/CRL-signing certificate is not a CRL-signing certificate/', $e->getMessage());
     }
 }