projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
(dev/core#2258) CryptoRegistry - Keep track of available keys+suites. Hookable.
[civicrm-core.git] / tests / phpunit / Civi / Crypto / CryptoRegistryTest.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 namespace Civi\Crypto;
13
14 use Civi\Crypto\Exception\CryptoException;
15
16 /**
17 * Test major use-cases of the 'crypto.registry' service.
18 */
19 class CryptoRegistryTest extends \CiviUnitTestCase {
20
21 use CryptoTestTrait;
22
23 protected function setUp() {
24 parent::setUp();
25 \CRM_Utils_Hook::singleton()->setHook('civicrm_crypto', [$this, 'registerExampleKeys']);
26 }
27
28 public function testParseKey() {
29 $examples = self::getExampleKeys();
30 $registry = \Civi::service('crypto.registry');
31
32 $key0 = $registry->parseKey($examples[0]);
33 $this->assertEquals("please use 32 bytes for aes-256!", $key0['key']);
34 $this->assertEquals('aes-cbc', $key0['suite']);
35
36 $key1 = $registry->parseKey($examples[1]);
37 $this->assertEquals(32, strlen($key1['key']));
38 $this->assertEquals('aes-cbc', $key1['suite']);
39 $this->assertEquals('0ao5eC7C/rwwk2qii4oLd6eG3KJq8ZDX2K9zWbvaLdo=', base64_encode($key1['key']));
40
41 $key2 = $registry->parseKey($examples[2]);
42 $this->assertEquals(32, strlen($key2['key']));
43 $this->assertEquals('aes-ctr', $key2['suite']);
44 $this->assertEquals('0ao5eC7C/rwwk2qii4oLd6eG3KJq8ZDX2K9zWbvaLdo=', base64_encode($key2['key']));
45
46 $key3 = $registry->parseKey($examples[3]);
47 $this->assertEquals(32, strlen($key3['key']));
48 $this->assertEquals('aes-cbc-hs', $key3['suite']);
49 $this->assertEquals('0ao5eC7C/rwwk2qii4oLd6eG3KJq8ZDX2K9zWbvaLdo=', base64_encode($key3['key']));
50 }
51
52 public function testRegisterAndFindKeys() {
53 /** @var CryptoRegistry $registry */
54 $registry = \Civi::service('crypto.registry');
55
56 $key = $registry->findKey('asdf-key-0');
57 $this->assertEquals(32, strlen($key['key']));
58 $this->assertEquals('aes-cbc', $key['suite']);
59
60 $key = $registry->findKey('asdf-key-1');
61 $this->assertEquals(32, strlen($key['key']));
62 $this->assertEquals('aes-cbc', $key['suite']);
63
64 $key = $registry->findKey('asdf-key-2');
65 $this->assertEquals(32, strlen($key['key']));
66 $this->assertEquals('aes-ctr', $key['suite']);
67
68 $key = $registry->findKey('asdf-key-3');
69 $this->assertEquals(32, strlen($key['key']));
70 $this->assertEquals('aes-cbc-hs', $key['suite']);
71
72 $key = $registry->findKey('UNIT-TEST');
73 $this->assertEquals(32, strlen($key['key']));
74 $this->assertEquals('asdf-key-1', $key['id']);
75 }
76
77 public function testValidKeyId() {
78 $valids = ['abc', 'a.b-c_d+e/', 'f\\g:h;i='];
79 $invalids = [chr(0), chr(1), chr(1) . 'abc', 'a b', "ab\n", "ab\nc", "\r", "\n"];
80
81 /** @var CryptoRegistry $registry */
82 $registry = \Civi::service('crypto.registry');
83
84 foreach ($valids as $valid) {
85 $this->assertEquals(TRUE, $registry->isValidKeyId($valid), "Key ID \"$valid\" should be valid");
86 }
87
88 foreach ($invalids as $invalid) {
89 $this->assertEquals(FALSE, $registry->isValidKeyId($invalid), "Key ID \"$invalid\" should be invalid");
90 }
91 }
92
93 public function testAddBadKeyId() {
94 /** @var CryptoRegistry $registry */
95 $registry = \Civi::service('crypto.registry');
96
97 try {
98 $registry->addSymmetricKey([
99 'key' => 'abcd',
100 'id' => "foo\n",
101 ]);
102 $this->fail("Expected crypto exception");
103 }
104 catch (CryptoException $e) {
105 $this->assertRegExp(';Malformed key ID;', $e->getMessage());
106 }
107 }
108
109 }