diff --git a/tests/XML/EncryptedCustomTest.php b/tests/XML/EncryptedCustomTest.php index aceabbc2..e4d868dc 100644 --- a/tests/XML/EncryptedCustomTest.php +++ b/tests/XML/EncryptedCustomTest.php @@ -10,10 +10,12 @@ use SimpleSAML\XML\DOMDocumentFactory; use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory; use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory; +use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory; use SimpleSAML\XMLSecurity\Constants as C; use SimpleSAML\XMLSecurity\Key\PrivateKey; use SimpleSAML\XMLSecurity\Key\PublicKey; use SimpleSAML\XMLSecurity\Key\SymmetricKey; +use SimpleSAML\XMLSecurity\Test\XML\CustomSigned; use SimpleSAML\XMLSecurity\Test\XML\EncryptedCustom; use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock; use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait; @@ -32,7 +34,7 @@ class EncryptedCustomTest extends TestCase { /** @var \DOMElement */ - private DOMElement $signedDocument; + private DOMElement $signableDocument; /** @var PrivateKey */ protected PrivateKey $privKey; @@ -45,8 +47,8 @@ class EncryptedCustomTest extends TestCase */ public function setUp(): void { - $this->signedDocument = DOMDocumentFactory::fromFile( - dirname(__FILE__, 2) . '/resources/xml/custom_CustomSignableSigned.xml', + $this->signableDocument = DOMDocumentFactory::fromFile( + dirname(__FILE__, 2) . '/resources/xml/custom_CustomSignable.xml', )->documentElement; $this->privKey = PEMCertificatesMock::getPrivateKey(PEMCertificatesMock::PRIVATE_KEY); @@ -60,7 +62,7 @@ public function setUp(): void public function testEncryptAndDecryptSharedSecret(): void { // instantiate - $customSigned = CustomSignable::fromXML($this->signedDocument); + $customSigned = CustomSignable::fromXML($this->signableDocument); $sharedKey = SymmetricKey::generate(16); // encrypt @@ -81,7 +83,7 @@ public function testEncryptAndDecryptSharedSecret(): void public function testEncryptAndDecryptSessionKey(): void { // instantiate - $customSigned = CustomSignable::fromXML($this->signedDocument); + $customSigned = CustomSignable::fromXML($this->signableDocument); // encrypt $factory = new KeyTransportAlgorithmFactory(); @@ -94,4 +96,42 @@ public function testEncryptAndDecryptSessionKey(): void $this->assertEquals($customSigned, $decryptedCustom); } + + + /** + * Test that a signature isn't mangled after encrypting/decrypting a signed object. + */ + public function testSignatureVerifiesAfterEncryptionAndDecryption(): void + { + // instantiate + $customSigned = CustomSignable::fromXML($this->signableDocument); + + // sign + $privateKey = PEMCertificatesMock::getPrivateKey(PEMCertificatesMock::SELFSIGNED_PRIVATE_KEY); + $signer = (new SignatureAlgorithmFactory())->getAlgorithm( + C::SIG_RSA_SHA256, + $privateKey + ); + $customSigned->sign($signer); + $customSigned = CustomSignable::fromXML($customSigned->toXML()); + + // encrypt + $factory = new KeyTransportAlgorithmFactory(); + $encryptor = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, $this->pubKey); + $encryptedCustom = new EncryptedCustom($customSigned->encrypt($encryptor)); + + // decrypt + $decryptor = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, $this->privKey); + $decryptedCustom = $encryptedCustom->decrypt($decryptor); + + // verify signature + $publicKey = PEMCertificatesMock::getPublicKey(PEMCertificatesMock::SELFSIGNED_PUBLIC_KEY); + $verifier = (new SignatureAlgorithmFactory())->getAlgorithm( + $decryptedCustom->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm(), + $publicKey, + ); + + $verified = $decryptedCustom->verify($verifier); + $this->assertInstanceOf(CustomSignable::class, $verified); + } }