Merge pull request #51 from minvws/improve-insecure-ssl-key

ricklambrechts · web-flow · commit 40821d6be08f · 2025-05-12T15:32:32.000+02:00
Add generateInsecureOpenSSLKey function for testing
diff --git a/tests/Feature/Http/Controllers/LoginControllerResponseTest.php b/tests/Feature/Http/Controllers/LoginControllerResponseTest.php
@@ -19,7 +19,7 @@
 
 use function MinVWS\OpenIDConnectLaravel\Tests\{
     generateJwt,
-    generateOpenSSLKey,
+    generateInsecureOpenSSLKey,
 };
 
 class LoginControllerResponseTest extends TestCase
@@ -530,7 +530,7 @@ public function testTokenSignedWithPrivateKey(): void
         Config::set('oidc.client_id', 'test-client-id');
 
         // Set client private key
-        [$key, $keyResource] = generateOpenSSLKey();
+        [$key, $keyResource] = generateInsecureOpenSSLKey();
         Config::set('oidc.client_authentication.signing_private_key_path', stream_get_meta_data($keyResource)['uri']);
 
         // Set the current state, which is usually generated and saved in the session before login,
diff --git a/tests/Feature/JweDecryptInterfaceBindingTest.php b/tests/Feature/JweDecryptInterfaceBindingTest.php
@@ -10,7 +10,7 @@
 use OpenSSLCertificate;
 
 use function MinVWS\OpenIDConnectLaravel\Tests\{
-    generateOpenSSLKey,
+    generateInsecureOpenSSLKey,
     generateX509Certificate,
     buildJweString,
     buildExamplePayload
@@ -27,7 +27,7 @@ class JweDecryptInterfaceBindingTest extends TestCase
 
     public function setUp(): void
     {
-        [$key, $keyResource] = generateOpenSSLKey();
+        [$key, $keyResource] = generateInsecureOpenSSLKey();
         $this->decryptionKeyResource = $keyResource;
         $this->recipient = generateX509Certificate($key);
 
diff --git a/tests/TestFunctions.php b/tests/TestFunctions.php
@@ -60,17 +60,30 @@ function buildExamplePayload(): string
 
 /**
  * Generate OpenSSL Key and return the tempfile resource
+ *
+ * Warning: This function generates a key with 512 bits, which is considered insecure.
+ * This is only for testing purposes.
+ *
  * @return array{OpenSSLAsymmetricKey, resource}
  */
-function generateOpenSSLKey(): array
+function generateInsecureOpenSSLKey(): array
+{
+    return generateOpenSSLKey(bits: 512);
+}
+
+/**
+ * Generate OpenSSL Key and return the tempfile resource
+ * @return array{OpenSSLAsymmetricKey, resource}
+ */
+function generateOpenSSLKey(int $bits = 2048): array
 {
     $file = tmpfile();
     if (!is_resource($file)) {
         throw new RuntimeException('Could not create temporary file');
     }
 
     $key = openssl_pkey_new([
-        'private_key_bits' => 512,
+        'private_key_bits' => $bits,
         'private_key_type' => OPENSSL_KEYTYPE_RSA,
     ]);
     if (!$key instanceof OpenSSLAsymmetricKey) {
diff --git a/tests/Unit/Services/JWE/JweDecryptServiceTest.php b/tests/Unit/Services/JWE/JweDecryptServiceTest.php
@@ -17,7 +17,7 @@
 use PHPUnit\Framework\TestCase;
 
 use function MinVWS\OpenIDConnectLaravel\Tests\{
-    generateOpenSSLKey,
+    generateInsecureOpenSSLKey,
     generateX509Certificate,
     getJwkFromResource,
     buildJweString,
@@ -37,7 +37,7 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        [$key, $keyResource] = generateOpenSSLKey();
+        [$key, $keyResource] = generateInsecureOpenSSLKey();
         $this->decryptionKeyResource = $keyResource;
 
         $this->decryptionKeySet = new JWKSet([
@@ -92,7 +92,7 @@ public function testJweDecryptionThrowsExceptionWhenKeyIsNotCorrect(): void
         $this->expectExceptionMessage('Failed to decrypt JWE');
 
         // Create different key
-        [$key, $keyResource] = generateOpenSSLKey();
+        [$key, $keyResource] = generateInsecureOpenSSLKey();
         $jwk = getJwkFromResource($keyResource);
         $decryptionKeySet = new JWKSet([$jwk]);
 
@@ -149,10 +149,10 @@ public function testJweDecryptionThrowsExceptionWhenPayloadIsNull(): void
      */
     public function testJweDecryptionWithMultipleKeysInKeySet(): void
     {
-        [$firstRecipientKey, $firstRecipientKeyResource] = generateOpenSSLKey();
+        [$firstRecipientKey, $firstRecipientKeyResource] = generateInsecureOpenSSLKey();
         $firstRecipient = generateX509Certificate($firstRecipientKey);
 
-        [$secondRecipientKey, $secondRecipientKeyResource] = generateOpenSSLKey();
+        [$secondRecipientKey, $secondRecipientKeyResource] = generateInsecureOpenSSLKey();
         $secondRecipient = generateX509Certificate($secondRecipientKey);
 
         $payload = buildExamplePayload();
diff --git a/tests/Unit/Services/JWS/PrivateKeyJWTBuilderTest.php b/tests/Unit/Services/JWS/PrivateKeyJWTBuilderTest.php
@@ -20,7 +20,7 @@
 use PHPUnit\Framework\TestCase;
 
 use function MinVWS\OpenIDConnectLaravel\Tests\{
-    generateOpenSSLKey,
+    generateInsecureOpenSSLKey,
     getJwkFromResource,
 };
 
@@ -38,7 +38,7 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        [$privateKey, $privateKeyResource] = generateOpenSSLKey();
+        [$privateKey, $privateKeyResource] = generateInsecureOpenSSLKey();
 
         $this->privateKey = $privateKey;
         $this->privateKeyResource = $privateKeyResource;
