Add unit test

simplesamlphp · Jul 25, 2024 · 3bf953a · 3bf953a
1 parent 01128b2
commit 3bf953a
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/tests/XML/SignedElementTest.php b/tests/XML/SignedElementTest.php
@@ -34,6 +34,9 @@ final class SignedElementTest extends TestCase
     /** @var \SimpleSAML\XMLSecurity\CryptoEncoding\PEM */
     private PEM $certificate;
 
+    /** @var \SimpleSAML\XMLSecurity\CryptoEncoding\PEM */
+    private PEM $wrong_certificate;
+
     /** @var \DOMElement */
     private DOMElement $signedDocumentWithComments;
 
@@ -63,6 +66,10 @@ public function setUp(): void
         $this->certificate = PEM::fromString(
             PEMCertificatesMock::getPlainCertificate(PEMCertificatesMock::SELFSIGNED_CERTIFICATE),
         );
+
+        $this->wrong_certificate = PEM::fromString(
+            PEMCertificatesMock::getPlainCertificate(PEMCertificatesMock::OTHER_CERTIFICATE),
+        );
     }
 
 
@@ -108,6 +115,44 @@ public function testSuccessfulVerifyingWithGivenKey(): void
     }
 
 
+    /**
+     * Test the verification of a signature with the wrong key first, and the right one second.
+     */
+    public function testSuccessfulVerifyingWithWrongKeyFirstRightOneSecond(): void
+    {
+        $customSigned = CustomSignable::fromXML($this->signedDocument);
+
+        $this->assertTrue($customSigned->isSigned());
+        $signature = $customSigned->getSignature();
+        $this->assertInstanceOf(Signature::class, $signature);
+        $sigAlg = $signature->getSignedInfo()->getSignatureMethod()->getAlgorithm();
+        $this->assertEquals(C::SIG_RSA_SHA256, $sigAlg);
+
+        $verified = null;
+        foreach ([$this->wrong_certificate, $this->certificate] as $i => $key) {
+            $factory = new SignatureAlgorithmFactory();
+            $certificate = new X509Certificate($key);
+            $verifier = $factory->getAlgorithm($sigAlg, $certificate->getPublicKey());
+
+            try {
+                $verified = $customSigned->verify($verifier);
+                break 1;
+            } catch (\SimpleSAML\XMLSecurity\Exception\SignatureVerificationFailedException $e) {
+                continue;
+            }
+        }
+
+        $this->assertInstanceOf(CustomSignable::class, $verified);
+        $this->assertFalse($verified->isSigned());
+        $this->assertEquals(
+            '<ssp:CustomSignable xmlns:ssp="urn:x-simplesamlphp:namespace"><ssp:Chunk>Some' .
+            '</ssp:Chunk></ssp:CustomSignable>',
+            strval($verified),
+        );
+        $this->assertEquals($certificate->getPublicKey(), $verified->getVerifyingKey());
+    }
+
+
     /**
      * Test the verification of a signature without passing a key, just what's in KeyInfo
      */