Merge branch 'master' into sergeyzinder_master

PayU-EMEA · Dec 8, 2023 · e93a0d9 · e93a0d9
2 parents 36d550f + 97406e7
commit e93a0d9
Show file tree

Hide file tree

Showing 11 changed files with 210 additions and 163 deletions.
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
@@ -0,0 +1,42 @@
+name: PHPStan tests
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  phpunit:
+    name: PHPStan tests
+
+    runs-on: ${{ matrix.operating-system }}
+
+    strategy:
+      matrix:
+        operating-system:
+          - ubuntu-latest
+        php-version:
+          - 7.4
+          - 8.0
+          - 8.1
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: /tmp/composer-cache
+          key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
+
+      - name: Install dependencies
+        uses: php-actions/composer@v6
+        with:
+          args: --prefer-dist --ansi --no-interaction --no-progress --no-suggest
+
+      - name: PHPStan
+        uses: php-actions/phpstan@v3
+        with:
+          php_version: ${{ matrix.php-version }}
+          path: src tests
+          level: 5
diff --git a/.github/workflows/phpunit-unit.yml b/.github/workflows/phpunit-unit.yml
@@ -0,0 +1,44 @@
+name: PHPUnit unit tests
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  phpunit:
+    name: PHPUnit tests
+
+    runs-on: ${{ matrix.operating-system }}
+
+    strategy:
+      matrix:
+        operating-system:
+          - ubuntu-latest
+        php-version:
+          - 7.4
+          - 8.0
+          - 8.1
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: /tmp/composer-cache
+          key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
+
+      - name: Install dependencies
+        uses: php-actions/composer@v6
+        with:
+          args: --prefer-dist --ansi --no-interaction --no-progress --no-suggest
+
+      - name: PHPUnit Tests
+        uses: php-actions/phpunit@v3
+        with:
+          version: 9.6
+          bootstrap: vendor/autoload.php
+          configuration: phpunit.xml
+          php_version: ${{ matrix.php-version }}
+          args: --testdox --colors=always --no-interaction --verbose
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -35,6 +35,17 @@ class PayU\ApplePay\Decoding\ApplePayPaymentData#19 (9) {
 
 Run `composer require payu/apple-pay`
 
+**Get AppleRootCA-G3.pem:**
+
+1. Download [AppleRootCA-G3.cer](https://www.apple.com/certificateauthority)
+2. Run command: `openssl x509 -inform der -in AppleRootCA-G3.cer -out AppleRootCA-G3.pem`
+
+**Get Private Key:**
+
+1. Export merchant certificate to a p12 cert
+2. Use openssl to get the private key: `openssl pkcs12 -in <your_cert>.p12 -out private_key.pem -nocerts -nodes`
+3. Copy content without `BEGIN` and `END` markers
+
 **Usage:**
 
 See https://github.com/PayU/apple-pay/blob/master/examples/decode_token.php

diff --git a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php
@@ -77,6 +77,7 @@ public function getCertificateExtensions($certificate) {
             throw new \RuntimeException("Can't load x509 certificate");
         }
         $certificateData = openssl_x509_parse($certificateResource, false);
+
         return $certificateData['extensions'];
     }
 

diff --git a/tests/Decoding/OpenSSL/OpenSslServiceTest.php b/tests/Decoding/OpenSSL/OpenSslServiceTest.php
@@ -3,7 +3,6 @@
 namespace PayU\ApplePay\Decoding\OpenSSL;
 
 use Exception;
-use PayU\ApplePay\ApplePaySettings;
 use PayU\ApplePay\Decoding\TemporaryFile\TemporaryFile;
 
 use PHPUnit\Framework\TestCase;
@@ -13,102 +12,6 @@ class OpenSslServiceTest extends TestCase
     /** @var OpenSslService */
     private $openSslService;
 
-    private $leafCertificate = 'subject=/CN=ecc-smp-broker-sign_UC4-SANDBOX/OU=iOS Systems/O=Apple Inc./C=US
-issuer=/CN=Apple Application Integration CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US
------BEGIN CERTIFICATE-----
-MIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwl
-QXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwd
-QXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIElu
-Yy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFow
-YjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIG
-A1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYT
-AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfi
-qQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOC
-AhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3Au
-YXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1G
-MZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n
-5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCB
-wwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5
-IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj
-YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1l
-bnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNh
-dGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUu
-Y29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0E
-AgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOh
-Z5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJN
------END CERTIFICATE-----';
-
-    // Header formats differ in openssl 1.1.1
-    private $leafCertificate_1_1_1 = 'subject=CN = ecc-smp-broker-sign_UC4-SANDBOX, OU = iOS Systems, O = Apple Inc., C = US
-issuer=CN = Apple Application Integration CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
------BEGIN CERTIFICATE-----
-MIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwl
-QXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwd
-QXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIElu
-Yy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFow
-YjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIG
-A1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYT
-AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfi
-qQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOC
-AhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3Au
-YXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1G
-MZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n
-5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCB
-wwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5
-IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj
-YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1l
-bnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNh
-dGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUu
-Y29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0E
-AgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOh
-Z5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJN
------END CERTIFICATE-----';
-
-    private $intermediateCertificate = 'subject=/CN=Apple Application Integration CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US
-issuer=/CN=Apple Root CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US
------BEGIN CERTIFICATE-----
-MIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwS
-QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN
-MTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBB
-cHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkG
-A1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWB
-B3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE
-/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29j
-c3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knE
-T5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw
-3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwu
-YXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoq
-hkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/
-9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7
-kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQ==
------END CERTIFICATE-----';
-
-    // Header formats differ in openssl 1.1.1
-    private $intermediateCertificate_1_1_1 = 'subject=CN = Apple Application Integration CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
-issuer=CN = Apple Root CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
------BEGIN CERTIFICATE-----
-MIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwS
-QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN
-MTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBB
-cHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkG
-A1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWB
-B3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE
-/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29j
-c3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knE
-T5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw
-3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwu
-YXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoq
-hkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/
-9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7
-kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQ==
------END CERTIFICATE-----';
-
     private $publicKey = '-----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE2bliUppPzZ514eAP3VchGbxAHWD
 9Mg8bYTHqmQCPRVhKhA9ePuZ6wvBOM97fMu9sHo6GFr00mPAhoT+vww+jg==
@@ -127,33 +30,29 @@ protected function setUp(): void
         $this->openSslService = new OpenSslService();
     }
 
-    public function testValidateCertificateChainSuccess()
+    public function testValidateCertificateChainSuccess(): void
     {
-        $intermediateCertificate = new TemporaryFile();
-        $intermediateCertificate->write($this->intermediateCertificate);
-
-        $leafCertificate = new TemporaryFile();
-        $leafCertificate->write($this->leafCertificate);
+        $rootCertPath = realpath(__DIR__ . '/root.crt');
+        $intermediateCertPath = realpath(__DIR__ . '/intermediate.crt');
+        $leafCertPath = realpath(__DIR__ . '/leaf.crt');
 
-        $response = $this->openSslService->validateCertificateChain(realpath(__DIR__ . '/../../../examples/AppleRootCA-G3.pem'), $intermediateCertificate->getPath(), $leafCertificate->getPath());
+        $response = $this->openSslService->validateCertificateChain($rootCertPath, $intermediateCertPath, $leafCertPath);
 
         $this->assertTrue($response);
     }
 
-    public function testValidateCertificateChainFail()
+    public function testValidateCertificateChainFail(): void
     {
         $this->expectException(Exception::class);
 
-        $intermediateCertificate = new TemporaryFile();
-        $intermediateCertificate->write($this->intermediateCertificate);
-
-        $leafCertificate = new TemporaryFile();
-        $leafCertificate->write('invalid certificate');
+        $rootCertPath = realpath(__DIR__ . '/root.crt');
+        $intermediateCertPath = realpath(__DIR__ . '/intermediate.crt');
+        $leafCertPath = realpath(__DIR__ . '/leaf-bad.crt');
 
-        $this->openSslService->validateCertificateChain(realpath(__DIR__ . '/../../../examples/AppleRootCA-G3.pem'), $intermediateCertificate->getPath(), $leafCertificate->getPath());
+        $this->openSslService->validateCertificateChain($rootCertPath, $intermediateCertPath, $leafCertPath);
     }
 
-    public function testVerifySignatureSuccess()
+    public function testVerifySignatureSuccess(): void
     {
         $signedAttributes = base64_decode('MYGVMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE3MTIxMTE2MTAyNVowKgYJKoZIhvcNAQk0MR0wGzANBglghkgBZQMEAgEFAKEKBggqhkjOPQQDAjAvBgkqhkiG9w0BCQQxIgQgwsYUbK8j9xu7zed2B5jbOYSNaenOmC5cf1ZV01+DHOY=');
         $signature = base64_decode('MEUCIEZvNK+I5N/EE6yYCHJqijamwaHHhW9pQAlsCSFocosWAiEAmzl1jc20RxbfVtiD1Z7C5u2UtmKCDHO2s5Eab0fnyys=');
@@ -168,7 +67,7 @@ public function testVerifySignatureSuccess()
         $this->assertTrue($response);
     }
 
-    public function testVerifySignatureFail()
+    public function testVerifySignatureFail(): void
     {
         $this->expectException(Exception::class);
 
@@ -180,36 +79,36 @@ public function testVerifySignatureFail()
 
     public function testGetCertificatesFromPkcs7Success()
     {
-        $expectedResponse = $this->leafCertificate . PHP_EOL . PHP_EOL . $this->intermediateCertificate;
+        $leafHeader = 'subject=C = RO, ST = BUH, L = Bucuresti, O = Internet Widgits Pty Ltd, CN = leaflet' .
+            PHP_EOL . 'issuer=C = RO, ST = BUH, O = PayU, CN = intermediate-cert' . PHP_EOL;
+        $leafCert = file_get_contents(__DIR__ . '/leaf.crt');
+        $intermediateHeader = 'subject=C = RO, ST = BUH, O = PayU, CN = intermediate-cert' . PHP_EOL .
+            'issuer=C = RO, ST = BUH, O = PayU ROOT, CN = root-cert' . PHP_EOL;
+        $intermediateCert = file_get_contents(__DIR__ . '/intermediate.crt');
 
-        if (getenv('OPENSSL_VERSION') === '1.1.1') {
-            $expectedResponse = $this->leafCertificate_1_1_1 . PHP_EOL . PHP_EOL . $this->intermediateCertificate_1_1_1;
-        }
+        $expectedResponse = $leafHeader . $leafCert . PHP_EOL . PHP_EOL . $intermediateHeader . $intermediateCert;
 
-        $signature = base64_decode('MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFowYjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfiqQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOCAhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1GMZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOhZ5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJNMIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWBB3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knET5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoqhkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQAAMYIBjDCCAYgCAQEwgYYwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAghoYPaZ2cynDzANBglghkgBZQMEAgEFAKCBlTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEyMTExNjEwMjVaMCoGCSqGSIb3DQEJNDEdMBswDQYJYIZIAWUDBAIBBQChCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIMLGFGyvI/cbu83ndgeY2zmEjWnpzpguXH9WVdNfgxzmMAoGCCqGSM49BAMCBEcwRQIgRm80r4jk38QTrJgIcmqKNqbBoceFb2lACWwJIWhyixYCIQCbOXWNzbRHFt9W2IPVnsLm7ZS2YoIMc7azkRpvR+fLKwAAAAAAAA==');
+        $pkcs7DerCert = realpath(__DIR__ . '/leaf.p7b');
 
-        $certificateFile = new TemporaryFile();
-        $certificateFile->write($signature);
-
-        $response = $this->openSslService->getCertificatesFromPkcs7($certificateFile->getPath());
+        $response = $this->openSslService->getCertificatesFromPkcs7($pkcs7DerCert);
 
         $this->assertEquals($expectedResponse, $response);
     }
 
     public function testGetCertificatesFromPkcs7Fail()
     {
         $this->expectException(Exception::class);
-        $certificateFile = new TemporaryFile();
-        $certificateFile->write('invalid signature');
 
-        $this->openSslService->getCertificatesFromPkcs7($certificateFile->getPath());
+        $nonPkcs7DerCert = realpath(__DIR__ . '/leaf.crt');
+
+        $this->openSslService->getCertificatesFromPkcs7($nonPkcs7DerCert);
     }
 
     public function testGetCertificateExtensionsSuccess()
     {
-        $response = $this->openSslService->getCertificateExtensions($this->leafCertificate);
+        $leafCert = file_get_contents(__DIR__ . '/leaf.crt');
+        $response = $this->openSslService->getCertificateExtensions($leafCert);
         $this->assertNotEmpty($response);
-
     }
 
     public function testGetCertificateExtensionsFail()

diff --git a/tests/Decoding/OpenSSL/intermediate.crt b/tests/Decoding/OpenSSL/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIUGaFV8F0nLq1abn2qSs2THEtdC90wDQYJKoZIhvcNAQEL
+BQAwQzELMAkGA1UEBhMCUk8xDDAKBgNVBAgMA0JVSDESMBAGA1UECgwJUGF5VSBS
+T09UMRIwEAYDVQQDDAlyb290LWNlcnQwHhcNMjMxMjA4MDczMjU5WhcNNDEwOTI0
+MDczMjU5WjBGMQswCQYDVQQGEwJSTzEMMAoGA1UECAwDQlVIMQ0wCwYDVQQKDARQ
+YXlVMRowGAYDVQQDDBFpbnRlcm1lZGlhdGUtY2VydDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOKLuTakYAfr4TXHm83kD7hwJ5Rdm0rt6gAFTvDbvFcV
+e7A7cQHqKwr+dM7cU0UuKV2C8jw6I6Qa8d4F3vnaPuFQsNJo3oVckPeMde4EJNqi
+2vMR+ODRJ+IOz0ZeaLoV9rVIqxKQTAdR96dOeN3YxTHBPedftr+ZTpkJtbwjYHWy
+KyuEtNgMutBm7SPFlpKzsDlA6T6T+pbyXFgIDhN/MkI+jml3Tkk1je3tmMmCWA/O
+HuWXJJJ/t9c+/9IOqJgePGHgrxNjKy6/R44WY+gqAxqPdQIlkmRzUDo6SBOKGNyA
+F5BsvvTuHp58F3Wnwb1RmrM5O5BDGWUTKJyF7t5rQ6UCAwEAAaNWMFQwEgYDVR0T
+AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFF0YosMsLpnfBkFffwQSxwCwrvMwHwYD
+VR0jBBgwFoAU/nRbaj5g0z+MQhqoElFY7lsCzt0wDQYJKoZIhvcNAQELBQADggEB
+AGh01CXhwzyppB0bqn5dCH5Wl2R75SFy/oIqglEsAmwdTX5tcOMhSVqhTKMskgBH
+PGd/TQ4hhS37ouDjnKEB/EKthD8A8eGhIjcyYmQKUmqf8RTAdqsH9xkzGhcWIkBC
+rHk5DfbsvSvaLtSt1RaiLuw4CCT+RnbLkaD117wDSIbtpl+ScKYXDHF3GmmTj42c
+wu9QlaroMv99qVVyZSfA0qR7xVYA/lUOT99/Z6GGEKW9+G8WIx5lOFFS3MkHeECF
+FDIcAm6IdOe7udGHIQEBg6lU0Ib0SU31gVxjn926+4htQm/bDTwi8me7nHQ36xRW
+nUBeOEBgfsFwOzm8ruXTYjU=
+-----END CERTIFICATE-----
-Original file line number
+Diff line change
@@ Expand Up / @@ -77,6 +77,7 @@ public function getCertificateExtensions($certificate) { @@
                 throw new \RuntimeException("Can't load x509 certificate");
             }
             $certificateData = openssl_x509_parse($certificateResource, false);
             return $certificateData['extensions'];
         }
@@ Expand Down @@