123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 |
- <?php
- declare(strict_types=1);
- /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
- namespace Test\Security;
- use OC\Files\View;
- use OC\Security\CertificateManager;
- use OCP\Files\InvalidPathException;
- use OCP\IConfig;
- use OCP\Security\ISecureRandom;
- use PHPUnit\Framework\MockObject\MockObject;
- use Psr\Log\LoggerInterface;
- /**
- * Class CertificateManagerTest
- *
- * @group DB
- */
- class CertificateManagerTest extends \Test\TestCase {
- use \Test\Traits\UserTrait;
- use \Test\Traits\MountProviderTrait;
- private CertificateManager $certificateManager;
- private string $username;
- private ISecureRandom&MockObject $random;
- protected function setUp(): void {
- parent::setUp();
- $this->username = $this->getUniqueID('', 20);
- $this->createUser($this->username, '');
- $storage = new \OC\Files\Storage\Temporary();
- $this->registerMount($this->username, $storage, '/' . $this->username . '/');
- \OC_Util::tearDownFS();
- \OC_User::setUserId('');
- \OC\Files\Filesystem::tearDown();
- \OC_Util::setupFS($this->username);
- $config = $this->createMock(IConfig::class);
- $config->expects($this->any())->method('getSystemValueBool')
- ->with('installed', false)->willReturn(true);
- $this->random = $this->createMock(ISecureRandom::class);
- $this->random->method('generate')
- ->willReturn('random');
- $this->certificateManager = new CertificateManager(
- new \OC\Files\View(),
- $config,
- $this->createMock(LoggerInterface::class),
- $this->random
- );
- }
- protected function tearDown(): void {
- $user = \OC::$server->getUserManager()->get($this->username);
- if ($user !== null) {
- $user->delete();
- }
- parent::tearDown();
- }
- protected function assertEqualsArrays($expected, $actual) {
- sort($expected);
- sort($actual);
- $this->assertEquals($expected, $actual);
- }
- public function testListCertificates() {
- // Test empty certificate bundle
- $this->assertSame([], $this->certificateManager->listCertificates());
- // Add some certificates
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $certificateStore = [];
- $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
- // Add another certificates
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
- $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
- $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
- }
- public function testAddInvalidCertificate() {
- $this->expectException(\Exception::class);
- $this->expectExceptionMessage('Certificate could not get parsed.');
- $this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate');
- }
- /**
- * @return array
- */
- public function dangerousFileProvider() {
- return [
- ['.htaccess'],
- ['../../foo.txt'],
- ['..\..\foo.txt'],
- ];
- }
- /**
- * @dataProvider dangerousFileProvider
- * @param string $filename
- */
- public function testAddDangerousFile($filename) {
- $this->expectException(InvalidPathException::class);
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), $filename);
- }
- public function testRemoveDangerousFile() {
- $this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt'));
- }
- public function testRemoveExistingFile() {
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate'));
- }
- public function testGetCertificateBundle() {
- $this->assertSame('/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle());
- }
- /**
- * @dataProvider dataTestNeedRebundling
- *
- * @param int $CaBundleMtime
- * @param int $targetBundleMtime
- * @param int $targetBundleExists
- * @param bool $expected
- */
- public function testNeedRebundling($CaBundleMtime,
- $targetBundleMtime,
- $targetBundleExists,
- $expected
- ) {
- $view = $this->getMockBuilder(View::class)
- ->disableOriginalConstructor()->getMock();
- $config = $this->createMock(IConfig::class);
- /** @var CertificateManager | \PHPUnit\Framework\MockObject\MockObject $certificateManager */
- $certificateManager = $this->getMockBuilder('OC\Security\CertificateManager')
- ->setConstructorArgs([$view, $config, $this->createMock(LoggerInterface::class), $this->random])
- ->setMethods(['getFilemtimeOfCaBundle', 'getCertificateBundle'])
- ->getMock();
- $certificateManager->expects($this->any())->method('getFilemtimeOfCaBundle')
- ->willReturn($CaBundleMtime);
- $certificateManager->expects($this->once())->method('getCertificateBundle')
- ->willReturn('targetBundlePath');
- $view->expects($this->any())->method('file_exists')
- ->with('targetBundlePath')
- ->willReturn($targetBundleExists);
- $view->expects($this->any())->method('filemtime')
- ->willReturnCallback(function ($path) use ($targetBundleMtime) {
- if ($path === 'targetBundlePath') {
- return $targetBundleMtime;
- }
- throw new \Exception('unexpected path');
- });
- $this->assertSame($expected,
- $this->invokePrivate($certificateManager, 'needsRebundling')
- );
- }
- public function dataTestNeedRebundling() {
- return [
- //values: CaBundleMtime, targetBundleMtime, targetBundleExists, expected
- [10, 30, true, false],
- [10, 15, true, false],
- [10, 8, true, true],
- [10, 30, true, false],
- [10, 8, true, true],
- // if no target bundle exists we always build a new one
- [10, 30, false, true],
- [10, 15, false, true],
- [10, 8, false, true],
- [10, 30, false, true],
- [10, 8, false, true],
- ];
- }
- }
|