WIP coverage

cicnavi · cicnavi · commit b78e83b942d9 · 2025-11-17T12:14:15.000+01:00
diff --git a/src/VerifiableCredentials/Factories/CredentialOfferFactory.php b/src/VerifiableCredentials/Factories/CredentialOfferFactory.php
@@ -29,14 +29,7 @@ public function from(
         ?array $parameters = null,
         ?string $uri = null,
     ): CredentialOffer {
-        if (
-            ($parameters !== null && $uri !== null) ||
-            ($parameters === null && $uri === null)
-        ) {
-            throw new CredentialOfferException('Only one of parameters or uri must be provided.');
-        }
-
-        if ($parameters !== null) {
+        if ($parameters !== null && $uri === null) {
             $credentialIssuer = $parameters[ClaimsEnum::CredentialIssuer->value] ?? null;
             $credentialIssuer = $this->helpers->type()->ensureNonEmptyString(
                 $credentialIssuer,
@@ -75,12 +68,12 @@ public function from(
             );
         }
 
-        if ($uri !== null) {
+        if ($uri !== null && $parameters === null) {
             return new CredentialOffer(
                 uri: $uri,
             );
         }
 
-        throw new CredentialOfferException('Invalid parameters or uri.');
+        throw new CredentialOfferException('Only one of parameters or uri must be provided.');
     }
 }
diff --git a/tests/src/VerifiableCredentials/CredentialOffer/CredentialOfferParametersTest.php b/tests/src/VerifiableCredentials/CredentialOffer/CredentialOfferParametersTest.php
@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\OpenID\VerifiableCredentials\CredentialOffer;
+
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer\CredentialOfferGrantsBag;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer\CredentialOfferParameters;
+
+#[\PHPUnit\Framework\Attributes\CoversClass(CredentialOfferParameters::class)]
+final class CredentialOfferParametersTest extends TestCase
+{
+    protected string $credentialIssuer = 'https://example.com/issuer';
+
+    protected array $credentialConfigurationIds = ['credential-1', 'credential-2'];
+
+    protected MockObject $credentialOfferGrantsBag;
+
+
+    protected function setUp(): void
+    {
+        $this->credentialOfferGrantsBag = $this->createMock(CredentialOfferGrantsBag::class);
+    }
+
+
+    protected function sut(
+        ?string $credentialIssuer = null,
+        ?array $credentialConfigurationIds = null,
+        false|null|CredentialOfferGrantsBag $credentialOfferGrantsBag = null,
+    ): CredentialOfferParameters {
+        $credentialIssuer ??= $this->credentialIssuer;
+        $credentialConfigurationIds ??= $this->credentialConfigurationIds;
+        $credentialOfferGrantsBag = $credentialOfferGrantsBag === false ?
+        null :
+        $credentialOfferGrantsBag ?? $this->credentialOfferGrantsBag;
+
+        return new CredentialOfferParameters(
+            $credentialIssuer,
+            $credentialConfigurationIds,
+            $credentialOfferGrantsBag,
+        );
+    }
+
+
+    public function testCanCreateInstance(): void
+    {
+        $this->assertInstanceOf(CredentialOfferParameters::class, $this->sut());
+    }
+
+
+    public function testCanJsonSerialize(): void
+    {
+        $this->credentialOfferGrantsBag->expects($this->once())->method('jsonSerialize');
+
+        $this->assertNotEmpty($this->sut()->jsonSerialize());
+    }
+}
diff --git a/tests/src/VerifiableCredentials/Factories/CredentialOfferFactoryTest.php b/tests/src/VerifiableCredentials/Factories/CredentialOfferFactoryTest.php
@@ -0,0 +1,99 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\OpenID\VerifiableCredentials\Factories;
+
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\OpenID\Exceptions\CredentialOfferException;
+use SimpleSAML\OpenID\Helpers;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer\CredentialOfferGrantsBag;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer\CredentialOfferGrantsValue;
+use SimpleSAML\OpenID\VerifiableCredentials\CredentialOffer\CredentialOfferParameters;
+use SimpleSAML\OpenID\VerifiableCredentials\Factories\CredentialOfferFactory;
+
+#[\PHPUnit\Framework\Attributes\CoversClass(CredentialOfferFactory::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(CredentialOffer::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(CredentialOfferParameters::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(CredentialOfferGrantsBag::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(CredentialOfferGrantsValue::class)]
+final class CredentialOfferFactoryTest extends TestCase
+{
+    protected MockObject $helpersMock;
+
+    protected array $sampleParameters = [
+        'credential_issuer' => 'https://example.com/issuer',
+        'credential_configuration_ids' => ['credential-1', 'credential-2'],
+        'grants' => [
+            'urn:ietf:params:oauth:grant-type:pre-authorized_code' => [
+                "pre-authorized_code" => "oaKazRN8I0IbtZ0C7JuMn5",
+                "tx_code" => [
+                    "length" => 4,
+                    "input_mode" => "numeric",
+                    "description" => "Please provide the one-time code that was sent via e-mail",
+                ],
+            ],
+        ],
+    ];
+
+
+    protected function setUp(): void
+    {
+        $this->helpersMock = $this->createMock(Helpers::class);
+    }
+
+
+    protected function sut(
+        ?Helpers $helpers = null,
+    ): CredentialOfferFactory {
+        $helpers ??= $this->helpersMock;
+
+        return new CredentialOfferFactory($helpers);
+    }
+
+
+    public function testCanCreateInstance(): void
+    {
+        $this->assertInstanceOf(CredentialOfferFactory::class, $this->sut());
+    }
+
+
+    public function testCanBuildFromParameters(): void
+    {
+        $this->assertInstanceOf(
+            CredentialOffer::class,
+            $this->sut()->from($this->sampleParameters),
+        );
+    }
+
+
+    public function testFromThrowsForInvalidGrantData(): void
+    {
+        $this->expectException(CredentialOfferException::class);
+        $this->expectExceptionMessage('Grants');
+
+        $parameters = $this->sampleParameters;
+        $parameters['grants']['urn:ietf:params:oauth:grant-type:pre-authorized_code'] = 123;
+        $this->sut()->from($parameters);
+    }
+
+
+    public function testFromUri(): void
+    {
+        $this->assertInstanceOf(
+            CredentialOffer::class,
+            $this->sut()->from(uri: 'https://example.com/offer'),
+        );
+    }
+
+
+    public function testFromThrowsIfBothParametersAndUriIsProvided(): void
+    {
+        $this->expectException(CredentialOfferException::class);
+        $this->expectExceptionMessage('Only one');
+
+        $this->sut()->from($this->sampleParameters, 'https://example.com/offer');
+    }
+}
diff --git a/tests/src/VerifiableCredentials/Factories/OpenId4VciProofFactoryTest.php b/tests/src/VerifiableCredentials/Factories/OpenId4VciProofFactoryTest.php
@@ -0,0 +1,153 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\OpenID\VerifiableCredentials\Factories;
+
+use Jose\Component\Signature\JWS;
+use Jose\Component\Signature\Signature;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum;
+use SimpleSAML\OpenID\Decorators\DateIntervalDecorator;
+use SimpleSAML\OpenID\Factories\ClaimFactory;
+use SimpleSAML\OpenID\Helpers;
+use SimpleSAML\OpenID\Jwks\Factories\JwksDecoratorFactory;
+use SimpleSAML\OpenID\Jws\JwsDecorator;
+use SimpleSAML\OpenID\Jws\JwsDecoratorBuilder;
+use SimpleSAML\OpenID\Jws\JwsVerifierDecorator;
+use SimpleSAML\OpenID\Jws\ParsedJws;
+use SimpleSAML\OpenID\Serializers\JwsSerializerManagerDecorator;
+use SimpleSAML\OpenID\VerifiableCredentials\Factories\OpenId4VciProofFactory;
+use SimpleSAML\OpenID\VerifiableCredentials\OpenId4VciProof;
+
+#[\PHPUnit\Framework\Attributes\CoversClass(OpenId4VciProofFactory::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(SignatureAlgorithmEnum::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(ParsedJws::class)]
+#[\PHPUnit\Framework\Attributes\UsesClass(OpenId4VciProof::class)]
+final class OpenId4VciProofFactoryTest extends TestCase
+{
+    protected MockObject $signatureMock;
+
+    protected MockObject $jwsDecoratorBuilderMock;
+
+    protected MockObject $jwsVerifierDecoratorMock;
+
+    protected MockObject $jwksDecoratorFactoryMock;
+
+    protected MockObject $jwsSerializerManagerDecoratorMock;
+
+    protected MockObject $dateIntervalDecoratorMock;
+
+    protected MockObject $helpersMock;
+
+    protected MockObject $jsonHelperMock;
+
+    protected MockObject $claimFactoryMock;
+
+    protected array $sampleHeader = [
+        "typ" => "openid4vci-proof+jwt",
+        "alg" => "ES256",
+        "jwk" => [
+            "kty" => "EC",
+            "crv" => "P-256",
+            "x" => "nUWAoAv3XZith8E7i19OdaxOLYFOwM-Z2EuM02TirT4",
+            "y" => "HskHU8BjUi1U9Xqi7Swmj8gwAK_0xkcDjEW_71SosEY",
+        ],
+    ];
+
+    protected array $expiredPayload = [
+        'iat' => 1734009487,
+        'nbf' => 1734009487,
+        'exp' => 1734009487,
+        "iss" => "s6BhdRkqt3",
+        "aud" => "https://server.example.com",
+        "nonce" => "tZignsnFbp",
+    ];
+
+    protected array $validPayload;
+
+
+    protected function setUp(): void
+    {
+        $this->signatureMock = $this->createMock(Signature::class);
+
+        $jwsMock = $this->createMock(JWS::class);
+        $jwsMock->method('getPayload')
+            ->willReturn('json-payload-string'); // Just so we have non-empty value.
+        $jwsMock->method('getSignature')->willReturn($this->signatureMock);
+
+        $jwsDecoratorMock = $this->createMock(JwsDecorator::class);
+        $jwsDecoratorMock->method('jws')->willReturn($jwsMock);
+
+        $this->jwsDecoratorBuilderMock = $this->createMock(JwsDecoratorBuilder::class);
+        $this->jwsDecoratorBuilderMock->method('fromToken')->willReturn($jwsDecoratorMock);
+        $this->jwsDecoratorBuilderMock->method('fromData')->willReturn($jwsDecoratorMock);
+
+        $this->jwsVerifierDecoratorMock = $this->createMock(JwsVerifierDecorator::class);
+        $this->jwksDecoratorFactoryMock = $this->createMock(JwksDecoratorFactory::class);
+        $this->jwsSerializerManagerDecoratorMock = $this->createMock(JwsSerializerManagerDecorator::class);
+        $this->dateIntervalDecoratorMock = $this->createMock(DateIntervalDecorator::class);
+
+        $this->helpersMock = $this->createMock(Helpers::class);
+        $this->jsonHelperMock = $this->createMock(Helpers\Json::class);
+        $this->helpersMock->method('json')->willReturn($this->jsonHelperMock);
+        $typeHelperMock = $this->createMock(Helpers\Type::class);
+        $this->helpersMock->method('type')->willReturn($typeHelperMock);
+
+        $typeHelperMock->method('ensureNonEmptyString')->willReturnArgument(0);
+        $typeHelperMock->method('ensureInt')->willReturnArgument(0);
+
+        $this->claimFactoryMock = $this->createMock(ClaimFactory::class);
+
+        $this->validPayload = $this->expiredPayload;
+        $this->validPayload['exp'] = time() + 3600;
+    }
+
+
+    protected function sut(
+        ?JwsDecoratorBuilder $jwsDecoratorBuilder = null,
+        ?JwsVerifierDecorator $jwsVerifierDecorator = null,
+        ?JwksDecoratorFactory $jwksDecoratorFactory = null,
+        ?JwsSerializerManagerDecorator $jwsSerializerManagerDecorator = null,
+        ?DateIntervalDecorator $dateIntervalDecorator = null,
+        ?Helpers $helpers = null,
+        ?ClaimFactory $claimFactory = null,
+    ): OpenId4VciProofFactory {
+        $jwsDecoratorBuilder ??= $this->jwsDecoratorBuilderMock;
+        $jwsVerifierDecorator ??= $this->jwsVerifierDecoratorMock;
+        $jwksDecoratorFactory ??= $this->jwksDecoratorFactoryMock;
+        $jwsSerializerManagerDecorator ??= $this->jwsSerializerManagerDecoratorMock;
+        $dateIntervalDecorator ??= $this->dateIntervalDecoratorMock;
+        $helpers ??= $this->helpersMock;
+        $claimFactory ??= $this->claimFactoryMock;
+
+        return new OpenId4VciProofFactory(
+            $jwsDecoratorBuilder,
+            $jwsVerifierDecorator,
+            $jwksDecoratorFactory,
+            $jwsSerializerManagerDecorator,
+            $dateIntervalDecorator,
+            $helpers,
+            $claimFactory,
+        );
+    }
+
+
+    public function testCanCreateInstance(): void
+    {
+        $this->assertInstanceOf(OpenId4VciProofFactory::class, $this->sut());
+    }
+
+
+    public function testCanBuildFromToken(): void
+    {
+        $this->jsonHelperMock->method('decode')->willReturn($this->validPayload);
+        $this->signatureMock->method('getProtectedHeader')->willReturn($this->sampleHeader);
+
+        $this->assertInstanceOf(
+            OpenId4VciProof::class,
+            $this->sut()->fromToken('token'),
+        );
+    }
+}
