Fix certfile when signing (#25)

* Fix certfile when signing * Added test to check if signature contains the needed certificates
minvws · Dec 21, 2022 · 0c4ddbc · 0c4ddbc
1 parent cc94228
commit 0c4ddbc
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/src/Service/Signature/ProcessSpawnService.php b/src/Service/Signature/ProcessSpawnService.php
@@ -69,7 +69,7 @@ public function sign(string $payload, bool $detached = false): string
             $args = array_merge($args, ['-passin', $this->privKeyPass]);
         }
         if (!empty($this->certChainPath)) {
-            $args = array_merge($args, ['-CAfile', $this->certChainPath]);
+            $args = array_merge($args, ['-certfile', $this->certChainPath]);
         }
 
         $process = new Process($args);

diff --git a/tests/Service/Signature/ServiceTest.php b/tests/Service/Signature/ServiceTest.php
@@ -9,6 +9,7 @@
 use MinVWS\Crypto\Laravel\SignatureCryptoInterface;
 use MinVWS\Crypto\Laravel\TempFileInterface;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Process\Process;
 
 class ServiceTest extends TestCase
 {
@@ -22,6 +23,36 @@ public function serviceTypeProvider(): array
         );
     }
 
+    /**
+     * @dataProvider serviceTypeProvider
+     */
+    public function testSignatureContainsChain(string $serviceType, string $serviceTypeOther): void
+    {
+        $service = $this->getService($serviceType);
+        $serviceOther = $this->getService($serviceTypeOther);
+
+        $signedData = $service->sign('foobar', true);
+        $signedDataByOtherService = $serviceOther->sign('foobar', true);
+
+        $certificatesInSignature = $this->getCertificatesFromSignature($signedData);
+        $certificatesInSignatureOtherService = $this->getCertificatesFromSignature($signedDataByOtherService);
+
+        // Check if the created signature both contains same certificates
+        $this->assertEquals($certificatesInSignature, $certificatesInSignatureOtherService);
+
+        // Check if the created signature both contains the cert
+        $this->assertStringContainsString(
+            "subject=C = NL, ST = ZH, L = Den Haag, O = MinVWS, OU = RDO-TESTING, CN = server1.test",
+            $certificatesInSignature
+        );
+
+        // Check if the created signature both contains the chain
+        $this->assertStringContainsString(
+            "subject=C = NL, ST = ZH, L = Den Haag, O = MinVWS, OU = RDO-TESTING, CN = RDO-TESTING",
+            $certificatesInSignature
+        );
+    }
+
     /**
      * @dataProvider serviceTypeProvider
      */
@@ -185,4 +216,15 @@ private function getServiceWithoutChain(string $serviceType): SignatureCryptoInt
 
         return new ProcessSpawnService(...$args);
     }
+
+    private function getCertificatesFromSignature(string $signature): string
+    {
+        $process = new Process([
+            'openssl', 'pkcs7', '-inform', 'DER', '-print_certs'
+        ]);
+        $process->setInput(base64_decode($signature));
+        $process->run();
+
+        return $process->getOutput();
+    }
 }