From 4cd2bb876c2fd50ba4ea061dccf8945309ec037b Mon Sep 17 00:00:00 2001 From: FromSi Date: Thu, 24 Nov 2022 12:37:29 +0600 Subject: [PATCH 1/8] Update README.md --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index ee5aefb..d0861d4 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,17 @@ class PayU\ApplePay\Decoding\ApplePayPaymentData#19 (9) { Run `composer require payu/apple-pay` +**Get AppleRootCA-G3.pem:** + +1. Download [AppleRootCA-G3.cer](https://www.apple.com/certificateauthority) +2. Run command: `openssl x509 -inform der -in AppleRootCA-G3.cer -out AppleRootCA-G3.pem` + +**Get Private Key:** + +1. Export merchant certificate to a p12 cert +2. Use openssl to get the private key: `openssl pkcs12 -in .p12 -out private_key.pem -nocerts -nodes` +3. Copy content without `BEGIN` and `END` markers + **Usage:** See https://github.com/PayU/apple-pay/blob/master/examples/decode_token.php From 2a2bbb64285ada293f02eb205455e7db3e2cb017 Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Wed, 6 Dec 2023 18:30:55 +0200 Subject: [PATCH 2/8] add phpunit run for unit tests --- .github/workflows/phpunit-unit.yml | 45 ++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/phpunit-unit.yml diff --git a/.github/workflows/phpunit-unit.yml b/.github/workflows/phpunit-unit.yml new file mode 100644 index 0000000..cc8e074 --- /dev/null +++ b/.github/workflows/phpunit-unit.yml @@ -0,0 +1,45 @@ +name: PHPUnit unit tests + +on: + pull_request: + push: + +jobs: + phpunit: + name: PHPUnit tests + + runs-on: ${{ matrix.operating-system }} + + strategy: + matrix: + operating-system: + - ubuntu-latest + php-version: + - 7.4 + - 8.0 + - 8.1 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Cache dependencies + uses: actions/cache@v3 + with: + path: /tmp/composer-cache + key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }} + + - name: Install dependencies + uses: php-actions/composer@v6 + with: + args: --prefer-dist --ansi --no-interaction --no-progress --no-suggest + + - name: PHPUnit Tests + uses: php-actions/phpunit@v3 + env: + OPENSSL_VERSION: 1.1.1 + with: + bootstrap: vendor/autoload.php + configuration: phpunit.xml + php_version: ${{ matrix.php-version }} + args: --testdox --colors=always --no-interaction --verbose From 0d2ad7506639343bb3dae1719d117cbba85519d5 Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Thu, 7 Dec 2023 10:37:40 +0200 Subject: [PATCH 3/8] Use a phpunit version compatible with PHP7.4 --- .github/workflows/phpunit-unit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/phpunit-unit.yml b/.github/workflows/phpunit-unit.yml index cc8e074..099b3ca 100644 --- a/.github/workflows/phpunit-unit.yml +++ b/.github/workflows/phpunit-unit.yml @@ -39,6 +39,7 @@ jobs: env: OPENSSL_VERSION: 1.1.1 with: + version: 9.6 bootstrap: vendor/autoload.php configuration: phpunit.xml php_version: ${{ matrix.php-version }} From dd1cd4d9498fce4bd34898463d15e6928dd0496f Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Thu, 7 Dec 2023 11:36:04 +0200 Subject: [PATCH 4/8] disable openssl tests that fail due to expired certificate --- src/ApplePay/Decoding/OpenSSL/OpenSslService.php | 6 +++--- tests/Decoding/OpenSSL/OpenSslServiceTest.php | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php index 7e8c158..8e909ed 100644 --- a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php +++ b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php @@ -21,7 +21,7 @@ public function validateCertificateChain($caCertificatePath, $intermediateCertif try { $this->runCommand($verifyCertificateCommand); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't validate certificate chain", 0, $e); + throw new \RuntimeException("Can't validate certificate chain: $e", 0, $e); } return true; @@ -59,7 +59,7 @@ public function getCertificatesFromPkcs7($certificatePath) { try { $commandOutput = $this->runCommand($getCertificatesCommand); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't get certificates", 0, $e); + throw new \RuntimeException("Can't get certificates: $e", 0, $e); } return $this->normalisePrintCerts(rtrim($commandOutput)); @@ -92,7 +92,7 @@ public function deriveKey($privateKeyFilePath, $publicKeyFilePath) { try { $execOutput = $this->runCommand($command); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't derive secret", 0, $e); + throw new \RuntimeException("Can't derive secret: $e", 0, $e); } if (empty($execOutput)) { diff --git a/tests/Decoding/OpenSSL/OpenSslServiceTest.php b/tests/Decoding/OpenSSL/OpenSslServiceTest.php index 3826e63..be34317 100644 --- a/tests/Decoding/OpenSSL/OpenSslServiceTest.php +++ b/tests/Decoding/OpenSSL/OpenSslServiceTest.php @@ -129,6 +129,7 @@ protected function setUp(): void public function testValidateCertificateChainSuccess() { + $this->markTestSkipped('Needs fresh (not expired) certificate chain'); $intermediateCertificate = new TemporaryFile(); $intermediateCertificate->write($this->intermediateCertificate); @@ -180,6 +181,7 @@ public function testVerifySignatureFail() public function testGetCertificatesFromPkcs7Success() { + $this->markTestSkipped('Needs fresh (not expired) certificate chain'); $expectedResponse = $this->leafCertificate . PHP_EOL . PHP_EOL . $this->intermediateCertificate; if (getenv('OPENSSL_VERSION') === '1.1.1') { From f3f2778bbf4b3bffed49564a5168536206acbb39 Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Thu, 7 Dec 2023 17:26:49 +0200 Subject: [PATCH 5/8] add phpstan tests --- .github/workflows/phpstan.yml | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/phpstan.yml diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml new file mode 100644 index 0000000..4e0cedc --- /dev/null +++ b/.github/workflows/phpstan.yml @@ -0,0 +1,42 @@ +name: PHPStan tests + +on: + pull_request: + push: + +jobs: + phpunit: + name: PHPStan tests + + runs-on: ${{ matrix.operating-system }} + + strategy: + matrix: + operating-system: + - ubuntu-latest + php-version: + - 7.4 + - 8.0 + - 8.1 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Cache dependencies + uses: actions/cache@v3 + with: + path: /tmp/composer-cache + key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }} + + - name: Install dependencies + uses: php-actions/composer@v6 + with: + args: --prefer-dist --ansi --no-interaction --no-progress --no-suggest + + - name: PHPStan + uses: php-actions/phpstan@v3 + with: + php_version: ${{ matrix.php-version }} + path: src tests + level: 5 From 0d13e2122473659dd273d62569f03fba20144d5b Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Fri, 8 Dec 2023 13:32:36 +0200 Subject: [PATCH 6/8] Update certificates used by the openssl tests. --- .../Decoding/OpenSSL/OpenSslService.php | 7 +- tests/Decoding/OpenSSL/OpenSslServiceTest.php | 155 +++--------------- tests/Decoding/OpenSSL/intermediate.crt | 21 +++ tests/Decoding/OpenSSL/leaf-bad.crt | 23 +++ tests/Decoding/OpenSSL/leaf.crt | 21 +++ tests/Decoding/OpenSSL/leaf.p7b | Bin 0 -> 1836 bytes tests/Decoding/OpenSSL/root.crt | 21 +++ 7 files changed, 116 insertions(+), 132 deletions(-) create mode 100644 tests/Decoding/OpenSSL/intermediate.crt create mode 100644 tests/Decoding/OpenSSL/leaf-bad.crt create mode 100644 tests/Decoding/OpenSSL/leaf.crt create mode 100644 tests/Decoding/OpenSSL/leaf.p7b create mode 100644 tests/Decoding/OpenSSL/root.crt diff --git a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php index 8e909ed..1a12ae4 100644 --- a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php +++ b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php @@ -21,7 +21,7 @@ public function validateCertificateChain($caCertificatePath, $intermediateCertif try { $this->runCommand($verifyCertificateCommand); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't validate certificate chain: $e", 0, $e); + throw new \RuntimeException("Can't validate certificate chain", 0, $e); } return true; @@ -59,7 +59,7 @@ public function getCertificatesFromPkcs7($certificatePath) { try { $commandOutput = $this->runCommand($getCertificatesCommand); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't get certificates: $e", 0, $e); + throw new \RuntimeException("Can't get certificates", 0, $e); } return $this->normalisePrintCerts(rtrim($commandOutput)); @@ -77,6 +77,7 @@ public function getCertificateExtensions($certificate) { throw new \RuntimeException("Can't load x509 certificate"); } $certificateData = openssl_x509_parse($certificateResource, false); + var_dump($certificateData); return $certificateData['extensions']; } @@ -92,7 +93,7 @@ public function deriveKey($privateKeyFilePath, $publicKeyFilePath) { try { $execOutput = $this->runCommand($command); } catch (ProcessFailedException $e) { - throw new \RuntimeException("Can't derive secret: $e", 0, $e); + throw new \RuntimeException("Can't derive secret", 0, $e); } if (empty($execOutput)) { diff --git a/tests/Decoding/OpenSSL/OpenSslServiceTest.php b/tests/Decoding/OpenSSL/OpenSslServiceTest.php index be34317..109c958 100644 --- a/tests/Decoding/OpenSSL/OpenSslServiceTest.php +++ b/tests/Decoding/OpenSSL/OpenSslServiceTest.php @@ -3,7 +3,6 @@ namespace PayU\ApplePay\Decoding\OpenSSL; use Exception; -use PayU\ApplePay\ApplePaySettings; use PayU\ApplePay\Decoding\TemporaryFile\TemporaryFile; use PHPUnit\Framework\TestCase; @@ -13,102 +12,6 @@ class OpenSslServiceTest extends TestCase /** @var OpenSslService */ private $openSslService; - private $leafCertificate = 'subject=/CN=ecc-smp-broker-sign_UC4-SANDBOX/OU=iOS Systems/O=Apple Inc./C=US -issuer=/CN=Apple Application Integration CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US ------BEGIN CERTIFICATE----- -MIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwl -QXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwd -QXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIElu -Yy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFow -YjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIG -A1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYT -AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfi -qQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOC -AhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3Au -YXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1G -MZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n -5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCB -wwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5 -IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj -YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp -ZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1l -bnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNh -dGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUu -Y29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0E -AgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOh -Z5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJN ------END CERTIFICATE-----'; - - // Header formats differ in openssl 1.1.1 - private $leafCertificate_1_1_1 = 'subject=CN = ecc-smp-broker-sign_UC4-SANDBOX, OU = iOS Systems, O = Apple Inc., C = US -issuer=CN = Apple Application Integration CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US ------BEGIN CERTIFICATE----- -MIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwl -QXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwd -QXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIElu -Yy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFow -YjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIG -A1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYT -AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfi -qQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOC -AhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3Au -YXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1G -MZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n -5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCB -wwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5 -IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj -YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp -ZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1l -bnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNh -dGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUu -Y29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0E -AgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOh -Z5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJN ------END CERTIFICATE-----'; - - private $intermediateCertificate = 'subject=/CN=Apple Application Integration CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US -issuer=/CN=Apple Root CA - G3/OU=Apple Certification Authority/O=Apple Inc./C=US ------BEGIN CERTIFICATE----- -MIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwS -QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN -MTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBB -cHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkG -A1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWB -B3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE -/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29j -c3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knE -T5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw -3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwu -YXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoq -hkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/ -9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7 -kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQ== ------END CERTIFICATE-----'; - - // Header formats differ in openssl 1.1.1 - private $intermediateCertificate_1_1_1 = 'subject=CN = Apple Application Integration CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US -issuer=CN = Apple Root CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US ------BEGIN CERTIFICATE----- -MIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwS -QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN -MTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBB -cHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkG -A1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWB -B3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE -/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29j -c3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knE -T5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw -3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwu -YXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoq -hkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/ -9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7 -kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQ== ------END CERTIFICATE-----'; - private $publicKey = '-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE2bliUppPzZ514eAP3VchGbxAHWD 9Mg8bYTHqmQCPRVhKhA9ePuZ6wvBOM97fMu9sHo6GFr00mPAhoT+vww+jg== @@ -127,34 +30,29 @@ protected function setUp(): void $this->openSslService = new OpenSslService(); } - public function testValidateCertificateChainSuccess() + public function testValidateCertificateChainSuccess(): void { - $this->markTestSkipped('Needs fresh (not expired) certificate chain'); - $intermediateCertificate = new TemporaryFile(); - $intermediateCertificate->write($this->intermediateCertificate); - - $leafCertificate = new TemporaryFile(); - $leafCertificate->write($this->leafCertificate); + $rootCertPath = realpath(__DIR__ . '/root.crt'); + $intermediateCertPath = realpath(__DIR__ . '/intermediate.crt'); + $leafCertPath = realpath(__DIR__ . '/leaf.crt'); - $response = $this->openSslService->validateCertificateChain(realpath(__DIR__ . '/../../../examples/AppleRootCA-G3.pem'), $intermediateCertificate->getPath(), $leafCertificate->getPath()); + $response = $this->openSslService->validateCertificateChain($rootCertPath, $intermediateCertPath, $leafCertPath); $this->assertTrue($response); } - public function testValidateCertificateChainFail() + public function testValidateCertificateChainFail(): void { $this->expectException(Exception::class); - $intermediateCertificate = new TemporaryFile(); - $intermediateCertificate->write($this->intermediateCertificate); - - $leafCertificate = new TemporaryFile(); - $leafCertificate->write('invalid certificate'); + $rootCertPath = realpath(__DIR__ . '/root.crt'); + $intermediateCertPath = realpath(__DIR__ . '/intermediate.crt'); + $leafCertPath = realpath(__DIR__ . '/leaf-bad.crt'); - $this->openSslService->validateCertificateChain(realpath(__DIR__ . '/../../../examples/AppleRootCA-G3.pem'), $intermediateCertificate->getPath(), $leafCertificate->getPath()); + $this->openSslService->validateCertificateChain($rootCertPath, $intermediateCertPath, $leafCertPath); } - public function testVerifySignatureSuccess() + public function testVerifySignatureSuccess(): void { $signedAttributes = base64_decode('MYGVMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE3MTIxMTE2MTAyNVowKgYJKoZIhvcNAQk0MR0wGzANBglghkgBZQMEAgEFAKEKBggqhkjOPQQDAjAvBgkqhkiG9w0BCQQxIgQgwsYUbK8j9xu7zed2B5jbOYSNaenOmC5cf1ZV01+DHOY='); $signature = base64_decode('MEUCIEZvNK+I5N/EE6yYCHJqijamwaHHhW9pQAlsCSFocosWAiEAmzl1jc20RxbfVtiD1Z7C5u2UtmKCDHO2s5Eab0fnyys='); @@ -169,7 +67,7 @@ public function testVerifySignatureSuccess() $this->assertTrue($response); } - public function testVerifySignatureFail() + public function testVerifySignatureFail(): void { $this->expectException(Exception::class); @@ -181,19 +79,18 @@ public function testVerifySignatureFail() public function testGetCertificatesFromPkcs7Success() { - $this->markTestSkipped('Needs fresh (not expired) certificate chain'); - $expectedResponse = $this->leafCertificate . PHP_EOL . PHP_EOL . $this->intermediateCertificate; + $leafHeader = 'subject=C = RO, ST = BUH, L = Bucuresti, O = Internet Widgits Pty Ltd, CN = leaflet' . + PHP_EOL . 'issuer=C = RO, ST = BUH, O = PayU, CN = intermediate-cert' . PHP_EOL; + $leafCert = file_get_contents(__DIR__ . '/leaf.crt'); + $intermediateHeader = 'subject=C = RO, ST = BUH, O = PayU, CN = intermediate-cert' . PHP_EOL . + 'issuer=C = RO, ST = BUH, O = PayU ROOT, CN = root-cert' . PHP_EOL; + $intermediateCert = file_get_contents(__DIR__ . '/intermediate.crt'); - if (getenv('OPENSSL_VERSION') === '1.1.1') { - $expectedResponse = $this->leafCertificate_1_1_1 . PHP_EOL . PHP_EOL . $this->intermediateCertificate_1_1_1; - } + $expectedResponse = $leafHeader . $leafCert . PHP_EOL . PHP_EOL . $intermediateHeader . $intermediateCert; - $signature = base64_decode('MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFowYjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfiqQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOCAhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1GMZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOhZ5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJNMIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWBB3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knET5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoqhkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQAAMYIBjDCCAYgCAQEwgYYwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAghoYPaZ2cynDzANBglghkgBZQMEAgEFAKCBlTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEyMTExNjEwMjVaMCoGCSqGSIb3DQEJNDEdMBswDQYJYIZIAWUDBAIBBQChCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIMLGFGyvI/cbu83ndgeY2zmEjWnpzpguXH9WVdNfgxzmMAoGCCqGSM49BAMCBEcwRQIgRm80r4jk38QTrJgIcmqKNqbBoceFb2lACWwJIWhyixYCIQCbOXWNzbRHFt9W2IPVnsLm7ZS2YoIMc7azkRpvR+fLKwAAAAAAAA=='); + $pkcs7DerCert = realpath(__DIR__ . '/leaf.p7b'); - $certificateFile = new TemporaryFile(); - $certificateFile->write($signature); - - $response = $this->openSslService->getCertificatesFromPkcs7($certificateFile->getPath()); + $response = $this->openSslService->getCertificatesFromPkcs7($pkcs7DerCert); $this->assertEquals($expectedResponse, $response); } @@ -201,17 +98,17 @@ public function testGetCertificatesFromPkcs7Success() public function testGetCertificatesFromPkcs7Fail() { $this->expectException(Exception::class); - $certificateFile = new TemporaryFile(); - $certificateFile->write('invalid signature'); - $this->openSslService->getCertificatesFromPkcs7($certificateFile->getPath()); + $nonPkcs7DerCert = realpath(__DIR__ . '/leaf.crt'); + + $this->openSslService->getCertificatesFromPkcs7($nonPkcs7DerCert); } public function testGetCertificateExtensionsSuccess() { - $response = $this->openSslService->getCertificateExtensions($this->leafCertificate); + $leafCert = file_get_contents(__DIR__ . '/leaf.crt'); + $response = $this->openSslService->getCertificateExtensions($leafCert); $this->assertNotEmpty($response); - } public function testGetCertificateExtensionsFail() diff --git a/tests/Decoding/OpenSSL/intermediate.crt b/tests/Decoding/OpenSSL/intermediate.crt new file mode 100644 index 0000000..7bcdfe5 --- /dev/null +++ b/tests/Decoding/OpenSSL/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIUGaFV8F0nLq1abn2qSs2THEtdC90wDQYJKoZIhvcNAQEL +BQAwQzELMAkGA1UEBhMCUk8xDDAKBgNVBAgMA0JVSDESMBAGA1UECgwJUGF5VSBS +T09UMRIwEAYDVQQDDAlyb290LWNlcnQwHhcNMjMxMjA4MDczMjU5WhcNNDEwOTI0 +MDczMjU5WjBGMQswCQYDVQQGEwJSTzEMMAoGA1UECAwDQlVIMQ0wCwYDVQQKDARQ +YXlVMRowGAYDVQQDDBFpbnRlcm1lZGlhdGUtY2VydDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAOKLuTakYAfr4TXHm83kD7hwJ5Rdm0rt6gAFTvDbvFcV +e7A7cQHqKwr+dM7cU0UuKV2C8jw6I6Qa8d4F3vnaPuFQsNJo3oVckPeMde4EJNqi +2vMR+ODRJ+IOz0ZeaLoV9rVIqxKQTAdR96dOeN3YxTHBPedftr+ZTpkJtbwjYHWy +KyuEtNgMutBm7SPFlpKzsDlA6T6T+pbyXFgIDhN/MkI+jml3Tkk1je3tmMmCWA/O +HuWXJJJ/t9c+/9IOqJgePGHgrxNjKy6/R44WY+gqAxqPdQIlkmRzUDo6SBOKGNyA +F5BsvvTuHp58F3Wnwb1RmrM5O5BDGWUTKJyF7t5rQ6UCAwEAAaNWMFQwEgYDVR0T +AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFF0YosMsLpnfBkFffwQSxwCwrvMwHwYD +VR0jBBgwFoAU/nRbaj5g0z+MQhqoElFY7lsCzt0wDQYJKoZIhvcNAQELBQADggEB +AGh01CXhwzyppB0bqn5dCH5Wl2R75SFy/oIqglEsAmwdTX5tcOMhSVqhTKMskgBH +PGd/TQ4hhS37ouDjnKEB/EKthD8A8eGhIjcyYmQKUmqf8RTAdqsH9xkzGhcWIkBC +rHk5DfbsvSvaLtSt1RaiLuw4CCT+RnbLkaD117wDSIbtpl+ScKYXDHF3GmmTj42c +wu9QlaroMv99qVVyZSfA0qR7xVYA/lUOT99/Z6GGEKW9+G8WIx5lOFFS3MkHeECF +FDIcAm6IdOe7udGHIQEBg6lU0Ib0SU31gVxjn926+4htQm/bDTwi8me7nHQ36xRW +nUBeOEBgfsFwOzm8ruXTYjU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/Decoding/OpenSSL/leaf-bad.crt b/tests/Decoding/OpenSSL/leaf-bad.crt new file mode 100644 index 0000000..b5a8139 --- /dev/null +++ b/tests/Decoding/OpenSSL/leaf-bad.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5jCCA4ugAwIBAgIIaGD2mdnMpw8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwl +QXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwd +QXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIElu +Yy4xCzAJBgNVBAYTAlVTMB4XDTE2MDYwMzE4MTY0MFoXDTIxMDYwMjE4MTY0MFow +YjEoMCYGA1UEAwwfZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtU0FOREJPWDEUMBIG +A1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYT +AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgjD9q8Oc914gLFDZm0US5jfi +qQHdbLPgsc1LUmeY+M9OvegaJajCHkwz3c6OKpbC9q+hkwNFxOh6RCbOlRsSlaOC +AhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3Au +YXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwHQYDVR0OBBYEFAIkMAua7u1G +MZekplopnkJxghxFMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n +5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCB +wwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5 +IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj +YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp +ZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1l +bnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNh +dGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUu +Y29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0E +AgUAMAoGCCqGSM49BAMCA0kAMEYCIQDaHGOui+X2T44R6GVpN7m2nEcr6T6sMjOh +Z5NuSo1egwIhAL1a+/hp88DKJ0sv3eT3FxWcs71xmbLKD/QJ3mWagrJN +-----END CERTIFICATE----- diff --git a/tests/Decoding/OpenSSL/leaf.crt b/tests/Decoding/OpenSSL/leaf.crt new file mode 100644 index 0000000..eb75a18 --- /dev/null +++ b/tests/Decoding/OpenSSL/leaf.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIUCnklVSDdZplZdVOMZ6a4pRIlXGMwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCUk8xDDAKBgNVBAgMA0JVSDENMAsGA1UECgwEUGF5VTEa +MBgGA1UEAwwRaW50ZXJtZWRpYXRlLWNlcnQwHhcNMjMxMjA4MTEyNTU0WhcNNDAw +NTEyMTEyNTU0WjBkMQswCQYDVQQGEwJSTzEMMAoGA1UECAwDQlVIMRIwEAYDVQQH +DAlCdWN1cmVzdGkxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQ +MA4GA1UEAwwHbGVhZmxldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJ1AyN/zccHfX7uOL2BGjKOevtoamDxCTSV8MuO7SeBt+T8aK9DJ+/EpMlT/q7Rv +LsrFmgmCUwhx8fzsm6t5vVQIN6gOrPgSg78p1NXxMl69Ys+MruPY/B6IgEGd6ux2 +xfr4wzGNHPCcwPOjbPcN8tZxFuP6Ij1AuhigBMeI6HLX5Mq77EetR3ZtBZ+XEzkg +1LIz5q2Ac+iLYlF7/Oxku6RLTNwK0r+fIulOIYbrPyI2cL7P+VaH03kcYUWiDgls +37k6vfZTwK3+24kdtzkG+cBbXBPiKW7JmfVwDMPbG8e1HVXGXlhRIjJe2yXxSOnT +6eRLxKBV8nsJMLiAYwjm9JUCAwEAAaNQME4wDAYDVR0TAQH/BAIwADAdBgNVHQ4E +FgQURH0N7SAcQsdK4ghM/eU3vHTX5dEwHwYDVR0jBBgwFoAUFF0YosMsLpnfBkFf +fwQSxwCwrvMwDQYJKoZIhvcNAQELBQADggEBALhQSEm6SD0eUYr1XghLc0CxlILM +vmGkvv6u6S32+v/mScYDZrf16RS10Th06cUxWtryZ90SD8QVFNpAKCjxwyxfSX8q +K40x9tCjL1wgnNHKaF53C5KnU/4PU4FvI+NVWdqabcF5VARUrrySWA19p3V09jji +Dx3+C7m5990IKfxvaRlhm5Q/+QI4r/m5VUv/O8QgQ7yLF5dVJq0W4plSSzxbemwX +ATuzMASPAi8fX04xStJTraOab4VPCu0P3U/igbSEo5C8FUHT3zc6ZAcaS1kAVNlk +Udyuyk4XR5eHVy/524zo+ey1wHhbIuqRsPG3GffHhPe9zkzLuL1Wjs2yBU0= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/Decoding/OpenSSL/leaf.p7b b/tests/Decoding/OpenSSL/leaf.p7b new file mode 100644 index 0000000000000000000000000000000000000000..0323e1d6992c90ca617c5cb591f0cdfcdf988398 GIT binary patch literal 1836 zcmXqLV%K2f)N1o+`_9YA&a|M3UDBY5U6hHD(U8G_8zIBEpo#6TK@)R_K@(HK0%j&g zCMFTCO4U$>yJ<5cOM`pTm+e?8q#BcKzzf&I$j!=N;AY5ez{$oO%EBhh6y$HnW55OC zaPTlYg?bqB0&M{DxOi9s5-URur3@rMTxK4@%)FA+qTJM!%*2vZ-Q?7w5(7DLUL#{e zBLfRVLnBjDlPGas69WTNLnA2HAO)X2LIwgLgV}jFol28Si&BeAG7S|CLDFyMo@hdn1XF)b&x#Gr{$3E6{;tPIRejQk8haW1AN zMn;CY4kzw^EN@fN7&i@Q+zg#Jk=(>oHGw1$J ztG(ZX53K!nyHj?%CEL#f(J{i0H1kf*{93?s__p-%t+JuV;vxc-jN)#qe)M>G`Q;Pu zBMU-5RdX8bXh`OG_GKy)Gb01z;s66b10G<=$qF+v{%2t_U@(vc@%UK8SVUZEdEY9? zI34$T#NqSzsrjCg>rXF&V?tJ$MZ!R=K|~~0V$oq8y_xsf9OLU*gpM<8Soaw@%z=pt z80L%&I|4jBcX`;#1$KRn%)Z1W`~Izasr&8M|7V`ZnA5g@eJQf_qD9He zqlQtpKBeCk;y)rPa?3$Ol8LjY*#Bg*SpRcpsP}*C zBMQ!Yy2Yo5s;w1!G&9KCCb}v|oY8u-0ZTuVzI?o&q1UD0wToxvxB7Fv<-hCysBufn z;t6|19WUQEw@P7`@{VK(xtS7pXWc13arf!%;rc&s_q_P|X6u29Xr)&ZH+hur6eLrOoxP}LT{)q3qTU^F2(QjKlRtrt=VGsPi z+^^#9jiZJKZJ)<)+dtE9Cg;{Y$_b^Lw6$Bd+~C=DA?>a5(P@)5Z?JTDX*c=Tv`;Y+ z9DKs{MoxBpndN?-roC_9&N$f=!GBKf>2#Gz_1mx8{lCPwVuqYe;)C_V$=Z7R-TTCn zUuZE)^_McKPD&{bu(I+H?vl9EAU+{y-IPmml04IBT<|^#o_hRAG%dt?%w- zJ1>P~wJ?Ja10i@;<1k%07u<0q)PZf*)HEA^k>M-TV`qt$ZJXZ9KTIjP_XA*Gl(?9ZgVUNy zOWtp9_G;hKyR!DG*do0*791-7+{#W*T=4b!9%hfWx69%u6)Y3yDJ+-DoZR0#=g|9r zsjFTX{jXgaT9m4O;L?)nqhSpHLizmf*QYOR6IijWNmd@9z5Dk?WLyo7YC^Q~K^XCFZY1!sa@}SvVxr R9W1c6+_UcK1^`pXvqt~` literal 0 HcmV?d00001 diff --git a/tests/Decoding/OpenSSL/root.crt b/tests/Decoding/OpenSSL/root.crt new file mode 100644 index 0000000..79712f3 --- /dev/null +++ b/tests/Decoding/OpenSSL/root.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIUQpsV9iFfMCfE9Q3TgHfjHwGNQB8wDQYJKoZIhvcNAQEL +BQAwQzELMAkGA1UEBhMCUk8xDDAKBgNVBAgMA0JVSDESMBAGA1UECgwJUGF5VSBS +T09UMRIwEAYDVQQDDAlyb290LWNlcnQwHhcNMjMxMjA3MTYxNzM2WhcNNDMwMjA1 +MTYxNzM2WjBDMQswCQYDVQQGEwJSTzEMMAoGA1UECAwDQlVIMRIwEAYDVQQKDAlQ +YXlVIFJPT1QxEjAQBgNVBAMMCXJvb3QtY2VydDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAL+gJoYHW50vGB+N7fUmhS/AMKsd4hYYunDAETgkGgvbODW9 +0WBaeVnN1dqwu7ZqK84kA7xFWLu62+o70BI+LePMI3eZ0ED8dlMVUGiicyQv/WqQ +vGCnHF1WwyEkZt3hBWcpTNDzeRY8CNWj1ITbfl1csImx0RRJl7wiuJ/Pb5ppSuVP +/X6K8ksJPO9LlpcwRnjNLGiA3Q6y+0EeTs/lP7k/P8RIPGERnOLgj43MyTw86Dnw +wF72EF2tMoxmiL6aFqb/MB3wRa5MR5izHvA1D9PeWIPJOUt6STpJ0tQle8e4sSy3 +FxKtM6A4nFYjfDlJf1bPDxp3mYyYsgvPoqhjgwECAwEAAaNTMFEwHQYDVR0OBBYE +FP50W2o+YNM/jEIaqBJRWO5bAs7dMB8GA1UdIwQYMBaAFP50W2o+YNM/jEIaqBJR +WO5bAs7dMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5urEg+ +RayF21IglV1CIbv6yJGp+kc63mtRv0cLlepsY2K42PvVpCtMC8tWkfvTE54uwgfY +C+CQLLDLrstT6NX8h1Bn0a05g6P56DNuxlMTafbjsQr8opOFD5Xj9UQbVD3BrWWc +AOJShCaJvlD5nJ799rUQWApFSh7zQtAQ9Lwf+bvN2VSHrf+r/Fd4oNMPEBnDT4r+ +OEbKtpm8yZLfvgz4el+yfyJCvCH8qenZbMUrRCWVSeelWRaOOU2q04fH/TPmwIvZ +GQEvb240xIfDR2n+/amwM9B9gE2qEorgHV+w/p51GoojDQF21kFEEUW9U2kZ27gC +PsvMAXBH0kVOiEY= +-----END CERTIFICATE----- From 41a60ac4d87678b3830967b46c9177e6828dea7b Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Fri, 8 Dec 2023 13:34:23 +0200 Subject: [PATCH 7/8] remove obsolete code --- .github/workflows/phpunit-unit.yml | 2 -- .travis.yml | 36 ------------------------------ 2 files changed, 38 deletions(-) delete mode 100644 .travis.yml diff --git a/.github/workflows/phpunit-unit.yml b/.github/workflows/phpunit-unit.yml index 099b3ca..95fcdd6 100644 --- a/.github/workflows/phpunit-unit.yml +++ b/.github/workflows/phpunit-unit.yml @@ -36,8 +36,6 @@ jobs: - name: PHPUnit Tests uses: php-actions/phpunit@v3 - env: - OPENSSL_VERSION: 1.1.1 with: version: 9.6 bootstrap: vendor/autoload.php diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 88e9dd0..0000000 --- a/.travis.yml +++ /dev/null @@ -1,36 +0,0 @@ -os: linux -dist: xenial -language: php - -php: - - 7.4 - - 8.0 - - 8.1 - - nightly - -cache: - directories: - - "$HOME/.composer/cache" - -jobs: - include: - # Run against Ubuntu 18.04 to test with openssl v1.1.1. - - dist: bionic - php: 7.4 - env: OPENSSL_VERSION=1.1.1 - - dist: bionic - php: 8.0 - env: OPENSSL_VERSION=1.1.1 - - dist: bionic - php: 8.1 - env: OPENSSL_VERSION=1.1.1 - fast_finish: true - allow_failures: - - php: nightly - -install: - - travis_retry composer install --no-scripts --no-suggest --no-interaction - -script: - - vendor/bin/phpunit - - vendor/bin/phpstan analyse src tests --level=5 From a2282715e89f073bb8eea358a9e2ccc7c5556674 Mon Sep 17 00:00:00 2001 From: Andrei Ciovica Date: Fri, 8 Dec 2023 13:43:27 +0200 Subject: [PATCH 8/8] removed left-over var_dump --- src/ApplePay/Decoding/OpenSSL/OpenSslService.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php index 1a12ae4..7f69fc4 100644 --- a/src/ApplePay/Decoding/OpenSSL/OpenSslService.php +++ b/src/ApplePay/Decoding/OpenSSL/OpenSslService.php @@ -77,7 +77,7 @@ public function getCertificateExtensions($certificate) { throw new \RuntimeException("Can't load x509 certificate"); } $certificateData = openssl_x509_parse($certificateResource, false); - var_dump($certificateData); + return $certificateData['extensions']; }