123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216 |
- <?php
- /**
- * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
- namespace Test\Security;
- use OC\Files\Storage\Temporary;
- use \OC\Security\CertificateManager;
- use OCP\IConfig;
- use OCP\ILogger;
- /**
- * Class CertificateManagerTest
- *
- * @group DB
- */
- class CertificateManagerTest extends \Test\TestCase {
- use \Test\Traits\UserTrait;
- use \Test\Traits\MountProviderTrait;
- /** @var CertificateManager */
- private $certificateManager;
- /** @var String */
- private $username;
- protected function setUp() {
- parent::setUp();
- $this->username = $this->getUniqueID('', 20);
- $this->createUser($this->username, '');
- $storage = new \OC\Files\Storage\Temporary();
- $this->registerMount($this->username, $storage, '/' . $this->username . '/');
- \OC_Util::tearDownFS();
- \OC_User::setUserId('');
- \OC\Files\Filesystem::tearDown();
- \OC_Util::setupFS($this->username);
- $config = $this->createMock(IConfig::class);
- $config->expects($this->any())->method('getSystemValue')
- ->with('installed', false)->willReturn(true);
- $this->certificateManager = new CertificateManager($this->username, new \OC\Files\View(), $config, $this->createMock(ILogger::class));
- }
- protected function tearDown() {
- $user = \OC::$server->getUserManager()->get($this->username);
- if ($user !== null) {
- $user->delete();
- }
- parent::tearDown();
- }
- protected function assertEqualsArrays($expected, $actual) {
- sort($expected);
- sort($actual);
- $this->assertEquals($expected, $actual);
- }
- function testListCertificates() {
- // Test empty certificate bundle
- $this->assertSame(array(), $this->certificateManager->listCertificates());
- // Add some certificates
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $certificateStore = array();
- $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
- // Add another certificates
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
- $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
- $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
- }
- /**
- * @expectedException \Exception
- * @expectedExceptionMessage Certificate could not get parsed.
- */
- function testAddInvalidCertificate() {
- $this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate');
- }
- /**
- * @return array
- */
- public function dangerousFileProvider() {
- return [
- ['.htaccess'],
- ['../../foo.txt'],
- ['..\..\foo.txt'],
- ];
- }
- /**
- * @expectedException \Exception
- * @expectedExceptionMessage Filename is not valid
- * @dataProvider dangerousFileProvider
- * @param string $filename
- */
- function testAddDangerousFile($filename) {
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), $filename);
- }
- function testRemoveDangerousFile() {
- $this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt'));
- }
- function testRemoveExistingFile() {
- $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
- $this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate'));
- }
- function testGetCertificateBundle() {
- $this->assertSame('/' . $this->username . '/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle());
- }
- /**
- * @dataProvider dataTestNeedRebundling
- *
- * @param string $uid
- * @param int $CaBundleMtime
- * @param int $systemWideMtime
- * @param int $targetBundleMtime
- * @param int $targetBundleExists
- * @param bool $expected
- */
- function testNeedRebundling($uid,
- $CaBundleMtime,
- $systemWideMtime,
- $targetBundleMtime,
- $targetBundleExists,
- $expected
- ) {
- $view = $this->getMockBuilder('OC\Files\View')
- ->disableOriginalConstructor()->getMock();
- $config = $this->createMock(IConfig::class);
- /** @var CertificateManager | \PHPUnit_Framework_MockObject_MockObject $certificateManager */
- $certificateManager = $this->getMockBuilder('OC\Security\CertificateManager')
- ->setConstructorArgs([$uid, $view, $config, $this->createMock(ILogger::class)])
- ->setMethods(['getFilemtimeOfCaBundle', 'getCertificateBundle'])
- ->getMock();
- $certificateManager->expects($this->any())->method('getFilemtimeOfCaBundle')
- ->willReturn($CaBundleMtime);
- $certificateManager->expects($this->at(1))->method('getCertificateBundle')
- ->with($uid)->willReturn('targetBundlePath');
- $view->expects($this->any())->method('file_exists')
- ->with('targetBundlePath')
- ->willReturn($targetBundleExists);
- if ($uid !== null && $targetBundleExists) {
- $certificateManager->expects($this->at(2))->method('getCertificateBundle')
- ->with(null)->willReturn('SystemBundlePath');
- }
- $view->expects($this->any())->method('filemtime')
- ->willReturnCallback(function($path) use ($systemWideMtime, $targetBundleMtime) {
- if ($path === 'SystemBundlePath') {
- return $systemWideMtime;
- } elseif ($path === 'targetBundlePath') {
- return $targetBundleMtime;
- }
- throw new \Exception('unexpected path');
- });
- $this->assertSame($expected,
- $this->invokePrivate($certificateManager, 'needsRebundling', [$uid])
- );
- }
- function dataTestNeedRebundling() {
- return [
- //values: uid, CaBundleMtime, systemWideMtime, targetBundleMtime, targetBundleExists, expected
- // compare minimum of CaBundleMtime and systemWideMtime with targetBundleMtime
- ['user1', 10, 20, 30, true, false],
- ['user1', 10, 20, 15, true, true],
- ['user1', 10, 5, 30, true, false],
- ['user1', 10, 5, 8, true, true],
- // if no user exists we ignore 'systemWideMtime' because this is the bundle we re-build
- [null, 10, 20, 30, true, false],
- [null, 10, 20, 15, true, false],
- [null, 10, 20, 8, true, true],
- [null, 10, 5, 30, true, false],
- [null, 10, 5, 8, true, true],
- // if no target bundle exists we always build a new one
- ['user1', 10, 20, 30, false, true],
- ['user1', 10, 20, 15, false, true],
- ['user1', 10, 5, 30, false, true],
- ['user1', 10, 5, 8, false, true],
- [null, 10, 20, 30, false, true],
- [null, 10, 20, 15, false, true],
- [null, 10, 20, 8, false, true],
- [null, 10, 5, 30, false, true],
- [null, 10, 5, 8, false, true],
- ];
- }
- }
|