CertificateManagerTest.php 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-or-later
  7. */
  8. namespace Test\Security;
  9. use OC\Files\View;
  10. use OC\Security\CertificateManager;
  11. use OCP\Files\InvalidPathException;
  12. use OCP\IConfig;
  13. use OCP\Security\ISecureRandom;
  14. use PHPUnit\Framework\MockObject\MockObject;
  15. use Psr\Log\LoggerInterface;
  16. /**
  17. * Class CertificateManagerTest
  18. *
  19. * @group DB
  20. */
  21. class CertificateManagerTest extends \Test\TestCase {
  22. use \Test\Traits\UserTrait;
  23. use \Test\Traits\MountProviderTrait;
  24. private CertificateManager $certificateManager;
  25. private string $username;
  26. private ISecureRandom&MockObject $random;
  27. protected function setUp(): void {
  28. parent::setUp();
  29. $this->username = $this->getUniqueID('', 20);
  30. $this->createUser($this->username, '');
  31. $storage = new \OC\Files\Storage\Temporary();
  32. $this->registerMount($this->username, $storage, '/' . $this->username . '/');
  33. \OC_Util::tearDownFS();
  34. \OC_User::setUserId($this->username);
  35. \OC\Files\Filesystem::tearDown();
  36. \OC_Util::setupFS($this->username);
  37. $config = $this->createMock(IConfig::class);
  38. $config->expects($this->any())->method('getSystemValueBool')
  39. ->with('installed', false)->willReturn(true);
  40. $this->random = $this->createMock(ISecureRandom::class);
  41. $this->random->method('generate')
  42. ->willReturn('random');
  43. $this->certificateManager = new CertificateManager(
  44. new \OC\Files\View(),
  45. $config,
  46. $this->createMock(LoggerInterface::class),
  47. $this->random
  48. );
  49. }
  50. protected function tearDown(): void {
  51. $user = \OC::$server->getUserManager()->get($this->username);
  52. if ($user !== null) {
  53. $user->delete();
  54. }
  55. parent::tearDown();
  56. }
  57. protected function assertEqualsArrays($expected, $actual) {
  58. sort($expected);
  59. sort($actual);
  60. $this->assertEquals($expected, $actual);
  61. }
  62. public function testListCertificates(): void {
  63. // Test empty certificate bundle
  64. $this->assertSame([], $this->certificateManager->listCertificates());
  65. // Add some certificates
  66. $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
  67. $certificateStore = [];
  68. $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
  69. $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
  70. // Add another certificates
  71. $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
  72. $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
  73. $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
  74. }
  75. public function testAddInvalidCertificate(): void {
  76. $this->expectException(\Exception::class);
  77. $this->expectExceptionMessage('Certificate could not get parsed.');
  78. $this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate');
  79. }
  80. /**
  81. * @return array
  82. */
  83. public function dangerousFileProvider() {
  84. return [
  85. ['.htaccess'],
  86. ['../../foo.txt'],
  87. ['..\..\foo.txt'],
  88. ];
  89. }
  90. /**
  91. * @dataProvider dangerousFileProvider
  92. * @param string $filename
  93. */
  94. public function testAddDangerousFile($filename): void {
  95. $this->expectException(InvalidPathException::class);
  96. $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), $filename);
  97. }
  98. public function testRemoveDangerousFile(): void {
  99. $this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt'));
  100. }
  101. public function testRemoveExistingFile(): void {
  102. $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
  103. $this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate'));
  104. }
  105. public function testGetCertificateBundle(): void {
  106. $this->assertSame('/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle());
  107. }
  108. /**
  109. * @dataProvider dataTestNeedRebundling
  110. *
  111. * @param int $CaBundleMtime
  112. * @param int $targetBundleMtime
  113. * @param int $targetBundleExists
  114. * @param bool $expected
  115. */
  116. public function testNeedRebundling($CaBundleMtime,
  117. $targetBundleMtime,
  118. $targetBundleExists,
  119. $expected,
  120. ): void {
  121. $view = $this->getMockBuilder(View::class)
  122. ->disableOriginalConstructor()->getMock();
  123. $config = $this->createMock(IConfig::class);
  124. /** @var CertificateManager | \PHPUnit\Framework\MockObject\MockObject $certificateManager */
  125. $certificateManager = $this->getMockBuilder('OC\Security\CertificateManager')
  126. ->setConstructorArgs([$view, $config, $this->createMock(LoggerInterface::class), $this->random])
  127. ->setMethods(['getFilemtimeOfCaBundle', 'getCertificateBundle'])
  128. ->getMock();
  129. $certificateManager->expects($this->any())->method('getFilemtimeOfCaBundle')
  130. ->willReturn($CaBundleMtime);
  131. $certificateManager->expects($this->once())->method('getCertificateBundle')
  132. ->willReturn('targetBundlePath');
  133. $view->expects($this->any())->method('file_exists')
  134. ->with('targetBundlePath')
  135. ->willReturn($targetBundleExists);
  136. $view->expects($this->any())->method('filemtime')
  137. ->willReturnCallback(function ($path) use ($targetBundleMtime) {
  138. if ($path === 'targetBundlePath') {
  139. return $targetBundleMtime;
  140. }
  141. throw new \Exception('unexpected path');
  142. });
  143. $this->assertSame($expected,
  144. $this->invokePrivate($certificateManager, 'needsRebundling')
  145. );
  146. }
  147. public function dataTestNeedRebundling() {
  148. return [
  149. //values: CaBundleMtime, targetBundleMtime, targetBundleExists, expected
  150. [10, 30, true, false],
  151. [10, 15, true, false],
  152. [10, 8, true, true],
  153. [10, 30, true, false],
  154. [10, 8, true, true],
  155. // if no target bundle exists we always build a new one
  156. [10, 30, false, true],
  157. [10, 15, false, true],
  158. [10, 8, false, true],
  159. [10, 30, false, true],
  160. [10, 8, false, true],
  161. ];
  162. }
  163. }