-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17 from celli33/main
Feat: added pkcs12 support
- Loading branch information
Showing
10 changed files
with
362 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <phive xmlns="https://phar.io/phive"> | ||
| <phar name="php-cs-fixer" version="^3.14.4" installed="3.14.4" location="./tools/php-cs-fixer" copy="false"/> | ||
| <phar name="phpcs" version="^3.7.1" installed="3.7.1" location="./tools/phpcs" copy="false"/> | ||
| <phar name="phpcbf" version="^3.7.1" installed="3.7.1" location="./tools/phpcbf" copy="false"/> | ||
| <phar name="phpstan" version="^1.10.1" installed="1.10.1" location="./tools/phpstan" copy="false"/> | ||
| <phar name="phpcs" version="^3.7.2" installed="3.7.2" location="./tools/phpcs" copy="false"/> | ||
| <phar name="phpcbf" version="^3.7.2" installed="3.7.2" location="./tools/phpcbf" copy="false"/> | ||
| <phar name="phpstan" version="^1.10.2" installed="1.10.2" location="./tools/phpstan" copy="false"/> | ||
| <phar name="composer-normalize" version="^2.29.0" installed="2.29.0" location="./tools/composer-normalize" copy="false"/> | ||
| </phive> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace PhpCfdi\Credentials\Pfx; | ||
|
|
||
| use PhpCfdi\Credentials\Credential; | ||
| use PhpCfdi\Credentials\Internal\LocalFileOpenTrait; | ||
| use RuntimeException; | ||
|
|
||
| class PfxExporter | ||
| { | ||
| use LocalFileOpenTrait; | ||
|
|
||
| /** @var Credential $credential */ | ||
| private $credential; | ||
|
|
||
| public function __construct(Credential $credential) | ||
| { | ||
| $this->credential = $credential; | ||
| } | ||
|
|
||
| public function getCredential(): Credential | ||
| { | ||
| return $this->credential; | ||
| } | ||
|
|
||
| public function export(string $passPhrase): string | ||
| { | ||
| $pfxContents = ''; | ||
| /** @noinspection PhpUsageOfSilenceOperatorInspection */ | ||
| $success = @openssl_pkcs12_export( | ||
| $this->credential->certificate()->pem(), | ||
| $pfxContents, | ||
| [$this->credential->privateKey()->pem(), $this->credential->privateKey()->passPhrase()], | ||
| $passPhrase, | ||
| ); | ||
| if (! $success) { | ||
| throw $this->exceptionFromLastError(sprintf( | ||
| 'Cannot export credential with certificate %s', | ||
| $this->credential->certificate()->serialNumber()->bytes() | ||
| )); | ||
| } | ||
| return $pfxContents; | ||
| } | ||
|
|
||
| public function exportToFile(string $pfxFile, string $passPhrase): void | ||
| { | ||
| /** @noinspection PhpUsageOfSilenceOperatorInspection */ | ||
| $success = @openssl_pkcs12_export_to_file( | ||
| $this->credential->certificate()->pem(), | ||
| $pfxFile, | ||
| [$this->credential->privateKey()->pem(), $this->credential->privateKey()->passPhrase()], | ||
| $passPhrase | ||
| ); | ||
| if (! $success) { | ||
| throw $this->exceptionFromLastError(sprintf( | ||
| 'Cannot export credential with certificate %s to file %s', | ||
| $this->credential->certificate()->serialNumber()->bytes(), | ||
| $pfxFile | ||
| )); | ||
| } | ||
| } | ||
|
|
||
| private function exceptionFromLastError(string $message): RuntimeException | ||
| { | ||
| $previousError = error_get_last() ?? []; | ||
| return new RuntimeException(sprintf('%s: %s', $message, $previousError['message'] ?? '(Unknown reason)')); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace PhpCfdi\Credentials\Pfx; | ||
|
|
||
| use PhpCfdi\Credentials\Credential; | ||
| use PhpCfdi\Credentials\Internal\LocalFileOpenTrait; | ||
| use UnexpectedValueException; | ||
|
|
||
| class PfxReader | ||
| { | ||
| use LocalFileOpenTrait; | ||
|
|
||
| public function createCredentialFromContents(string $contents, string $passPhrase): Credential | ||
| { | ||
| if ('' === $contents) { | ||
| throw new UnexpectedValueException('Cannot create credential from empty PFX contents'); | ||
| } | ||
| $pfx = $this->loadPkcs12($contents, $passPhrase); | ||
| $certificatePem = $pfx['cert']; | ||
| $privateKeyPem = $pfx['pkey']; | ||
| return Credential::create($certificatePem, $privateKeyPem, ''); | ||
| } | ||
|
|
||
| public function createCredentialFromFile(string $fileName, string $passPhrase): Credential | ||
| { | ||
| return $this->createCredentialFromContents(self::localFileOpen($fileName), $passPhrase); | ||
| } | ||
|
|
||
| /** | ||
| * @return array{cert:string, pkey:string} | ||
| */ | ||
| public function loadPkcs12(string $contents, string $password = ''): array | ||
| { | ||
| $pfx = []; | ||
| if (! openssl_pkcs12_read($contents, $pfx, $password)) { | ||
| throw new UnexpectedValueException('Invalid PKCS#12 contents or wrong passphrase'); | ||
| } | ||
| return [ | ||
| 'cert' => $pfx['cert'] ?? '', | ||
| 'pkey' => $pfx['pkey'] ?? '', | ||
| ]; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace PhpCfdi\Credentials\Tests\Unit\Pfx; | ||
|
|
||
| use PhpCfdi\Credentials\Certificate; | ||
| use PhpCfdi\Credentials\Credential; | ||
| use PhpCfdi\Credentials\Pfx\PfxExporter; | ||
| use PhpCfdi\Credentials\Pfx\PfxReader; | ||
| use PhpCfdi\Credentials\PrivateKey; | ||
| use PhpCfdi\Credentials\Tests\TestCase; | ||
| use RuntimeException; | ||
|
|
||
| class PfxExporterTest extends TestCase | ||
| { | ||
| /** @var string */ | ||
| private $credentialPassphrase; | ||
|
|
||
| protected function setUp(): void | ||
| { | ||
| parent::setUp(); | ||
| $this->credentialPassphrase = trim($this->fileContents('CSD01_AAA010101AAA/password.txt')); | ||
| } | ||
|
|
||
| private function createCredential(): Credential | ||
| { | ||
| return Credential::openFiles( | ||
| $this->filePath('CSD01_AAA010101AAA/certificate.cer'), | ||
| $this->filePath('CSD01_AAA010101AAA/private_key.key'), | ||
| $this->credentialPassphrase | ||
| ); | ||
| } | ||
|
|
||
| public function testExport(): void | ||
| { | ||
| $credential = $this->createCredential(); | ||
| $pfxExporter = new PfxExporter($credential); | ||
|
|
||
| $pfxContents = $pfxExporter->export(''); | ||
|
|
||
| $reader = new PfxReader(); | ||
| $this->assertSame( | ||
| $reader->loadPkcs12($this->fileContents('CSD01_AAA010101AAA/credential_unprotected.pfx')), | ||
| $reader->loadPkcs12($pfxContents) | ||
| ); | ||
| } | ||
|
|
||
| public function testExportToFile(): void | ||
| { | ||
| $credential = $this->createCredential(); | ||
| $pfxExporter = new PfxExporter($credential); | ||
| $temporaryFile = tempnam('', ''); | ||
| if (false === $temporaryFile) { | ||
| $this->fail('Expected to create a temporary file'); | ||
| } | ||
|
|
||
| $pfxExporter->exportToFile($temporaryFile, ''); | ||
|
|
||
| $reader = new PfxReader(); | ||
| $this->assertSame( | ||
| $reader->loadPkcs12($this->fileContents('CSD01_AAA010101AAA/credential_unprotected.pfx')), | ||
| $reader->loadPkcs12((string) file_get_contents($temporaryFile)) | ||
| ); | ||
| } | ||
|
|
||
| public function testExportWithError(): void | ||
| { | ||
| // create a credential with an invalid private key to produce error | ||
| $certificate = Certificate::openFile($this->filePath('CSD01_AAA010101AAA/certificate.cer')); | ||
| $privateKey = $this->createMock(PrivateKey::class); | ||
| $privateKey->method('belongsTo')->willReturn(true); | ||
| $privateKey->method('pem')->willReturn('bar'); | ||
| $privateKey->method('passPhrase')->willReturn('baz'); | ||
| $malformedCredential = new Credential($certificate, $privateKey); | ||
|
|
||
| $pfxExporter = new PfxExporter($malformedCredential); | ||
|
|
||
| $this->expectException(RuntimeException::class); | ||
| $this->expectExceptionMessageMatches( | ||
| '#^Cannot export credential with certificate 30001000000300023708: #' | ||
| ); | ||
|
|
||
| $pfxExporter->export(''); | ||
| } | ||
|
|
||
| public function testExportToFileWithError(): void | ||
| { | ||
| $credential = $this->createCredential(); | ||
| $pfxExporter = new PfxExporter($credential); | ||
| $exportFile = __DIR__ . '/non-existent/path/file.pfx'; | ||
|
|
||
| $this->expectException(RuntimeException::class); | ||
| $this->expectExceptionMessageMatches( | ||
| "#^Cannot export credential with certificate 30001000000300023708 to file $exportFile: #" | ||
| ); | ||
| $pfxExporter->exportToFile($exportFile, ''); | ||
| } | ||
|
|
||
| public function testGetCredential(): void | ||
| { | ||
| $credential = $this->createCredential(); | ||
| $pfxExporter = new PfxExporter($credential); | ||
|
|
||
| $this->assertSame($credential, $pfxExporter->getCredential()); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace PhpCfdi\Credentials\Tests\Unit\Pfx; | ||
|
|
||
| use PhpCfdi\Credentials\Credential; | ||
| use PhpCfdi\Credentials\Pfx\PfxReader; | ||
| use PhpCfdi\Credentials\Tests\TestCase; | ||
| use UnexpectedValueException; | ||
|
|
||
| class PfxReaderTest extends TestCase | ||
| { | ||
| private function obtainKnownCredential(): Credential | ||
| { | ||
| $reader = new PfxReader(); | ||
| return $reader->createCredentialFromFile( | ||
| $this->filePath('CSD01_AAA010101AAA/credential_unprotected.pfx'), | ||
| '' | ||
| ); | ||
| } | ||
|
|
||
| /** | ||
| * @testWith ["CSD01_AAA010101AAA/credential_unprotected.pfx", ""] | ||
| * ["CSD01_AAA010101AAA/credential_protected.pfx", "CSD01_AAA010101AAA/password.txt"] | ||
| */ | ||
| public function testCreateCredentialFromFile(string $dir, string $passPhrasePath): void | ||
| { | ||
| $passPhrase = $this->fileContents($passPhrasePath); | ||
| $reader = new PfxReader(); | ||
| $expectedCsd = $this->obtainKnownCredential(); | ||
|
|
||
| $csd = $reader->createCredentialFromFile($this->filePath($dir), $passPhrase); | ||
|
|
||
| $this->assertInstanceOf(Credential::class, $csd); | ||
| $this->assertSame($expectedCsd->certificate()->pem(), $csd->certificate()->pem()); | ||
| $this->assertSame($expectedCsd->privateKey()->pem(), $csd->privateKey()->pem()); | ||
| } | ||
|
|
||
| public function testCreateCredentialEmptyContents(): void | ||
| { | ||
| $reader = new PfxReader(); | ||
|
|
||
| $this->expectException(UnexpectedValueException::class); | ||
| $this->expectExceptionMessage('Cannot create credential from empty PFX contents'); | ||
|
|
||
| $reader->createCredentialFromContents('', ''); | ||
| } | ||
|
|
||
| public function testCreateCredentialWrongContent(): void | ||
| { | ||
| $reader = new PfxReader(); | ||
|
|
||
| $this->expectException(UnexpectedValueException::class); | ||
| $this->expectExceptionMessage('Invalid PKCS#12 contents or wrong passphrase'); | ||
|
|
||
| $reader->createCredentialFromContents('invalid-contents', ''); | ||
| } | ||
|
|
||
| public function testCreateCredentialWrongPassword(): void | ||
| { | ||
| $reader = new PfxReader(); | ||
|
|
||
| $this->expectException(UnexpectedValueException::class); | ||
| $this->expectExceptionMessage('Invalid PKCS#12 contents or wrong passphrase'); | ||
|
|
||
| $reader->createCredentialFromFile( | ||
| $this->filePath('CSD01_AAA010101AAA/credential_protected.pfx'), | ||
| 'wrong-password' | ||
| ); | ||
| } | ||
| } |
Binary file not shown.
Binary file not shown.
Oops, something went wrong.