Add coverage

cicnavi · cicnavi · commit baad4e670f0f · 2025-02-07T11:00:31.000+01:00
diff --git a/config/module_oidc.php.dist b/config/module_oidc.php.dist
@@ -435,9 +435,9 @@ $config = [
      * on how this works.
      */
     // The federation (new) private key passphrase (optional).
-    ModuleConfig::OPTION_PKI_FEDERATION_NEW_PRIVATE_KEY_PASSPHRASE => 'new-secret',
-    ModuleConfig::OPTION_PKI_FEDERATION_NEW_PRIVATE_KEY_FILENAME => 'new_oidc_module_federation.key',
-    ModuleConfig::OPTION_PKI_FEDERATION_NEW_CERTIFICATE_FILENAME => 'new_oidc_module_federation.crt',
+//    ModuleConfig::OPTION_PKI_FEDERATION_NEW_PRIVATE_KEY_PASSPHRASE => 'new-secret',
+//    ModuleConfig::OPTION_PKI_FEDERATION_NEW_PRIVATE_KEY_FILENAME => 'new_oidc_module_federation.key',
+//    ModuleConfig::OPTION_PKI_FEDERATION_NEW_CERTIFICATE_FILENAME => 'new_oidc_module_federation.crt',
 
     // Federation token signer, with given default.
     ModuleConfig::OPTION_FEDERATION_TOKEN_SIGNER => \Lcobucci\JWT\Signer\Rsa\Sha256::class,
diff --git a/tests/unit/src/Services/JsonWebKeySetServiceTest.php b/tests/unit/src/Services/JsonWebKeySetServiceTest.php
@@ -30,6 +30,9 @@
 class JsonWebKeySetServiceTest extends TestCase
 {
     private static string $pkGeneratePublic;
+    private static string $pkGeneratePublicNew;
+    private static string $pkGeneratePublicFederation;
+    private static string $pkGeneratePublicFederationNew;
 
     /**
      * @return void
@@ -42,15 +45,42 @@ public static function setUpBeforeClass(): void
             'private_key_bits' => 2048,
             'private_key_type' => OPENSSL_KEYTYPE_RSA,
         ]);
+        $pkGenerateNew = openssl_pkey_new([
+            'private_key_bits' => 2048,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+        ]);
+        $pkGenerateFederation = openssl_pkey_new([
+            'private_key_bits' => 2048,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+        ]);
+        $pkGenerateFederationNew = openssl_pkey_new([
+            'private_key_bits' => 2048,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+        ]);
 
         // get the public key
         $pkGenerateDetails = openssl_pkey_get_details($pkGenerate);
+        $pkGenerateDetailsNew = openssl_pkey_get_details($pkGenerateNew);
+        $pkGenerateDetailsFederation = openssl_pkey_get_details($pkGenerateFederation);
+        $pkGenerateDetailsFederationNew = openssl_pkey_get_details($pkGenerateFederationNew);
         self::$pkGeneratePublic = $pkGenerateDetails['key'];
+        self::$pkGeneratePublicNew = $pkGenerateDetailsNew['key'];
+        self::$pkGeneratePublicFederation = $pkGenerateDetailsFederation['key'];
+        self::$pkGeneratePublicFederationNew = $pkGenerateDetailsFederationNew['key'];
 
         file_put_contents(sys_get_temp_dir() . '/oidc_module.crt', self::$pkGeneratePublic);
+        file_put_contents(sys_get_temp_dir() . '/new_oidc_module.crt', self::$pkGeneratePublicNew);
+        file_put_contents(sys_get_temp_dir() . '/oidc_module_federation.crt', self::$pkGeneratePublicFederation);
+        file_put_contents(
+            sys_get_temp_dir() . '/new_oidc_module_federation.crt',
+            self::$pkGeneratePublicFederationNew,
+        );
 
         Configuration::setPreLoadedConfig(
-            Configuration::loadFromArray([]),
+            Configuration::loadFromArray([
+                ModuleConfig::OPTION_PKI_NEW_CERTIFICATE_FILENAME => 'new_oidc_module.crt',
+                ModuleConfig::OPTION_PKI_FEDERATION_NEW_CERTIFICATE_FILENAME => 'new_oidc_module_federation.crt',
+            ]),
             ModuleConfig::DEFAULT_FILE_NAME,
         );
     }
@@ -62,27 +92,37 @@ public static function tearDownAfterClass(): void
     {
         Configuration::clearInternalState();
         unlink(sys_get_temp_dir() . '/oidc_module.crt');
+        unlink(sys_get_temp_dir() . '/new_oidc_module.crt');
+        unlink(sys_get_temp_dir() . '/oidc_module_federation.crt');
+        unlink(sys_get_temp_dir() . '/new_oidc_module_federation.crt');
     }
 
     /**
      * @return void
      * @throws \SimpleSAML\Error\Exception
      */
-    public function testKeys()
+    public function testProtocolKeys()
     {
         $config = [
             'certdir' => sys_get_temp_dir(),
         ];
         Configuration::loadFromArray($config, '', 'simplesaml');
 
         $kid = FingerprintGenerator::forString(self::$pkGeneratePublic);
-
         $jwk = JWKFactory::createFromKey(self::$pkGeneratePublic, null, [
             'kid' => $kid,
             'use' => 'sig',
             'alg' => 'RS256',
         ]);
-        $JWKSet = new JWKSet([$jwk]);
+
+        $kidNew = FingerprintGenerator::forString(self::$pkGeneratePublicNew);
+        $jwkNew = JWKFactory::createFromKey(self::$pkGeneratePublicNew, null, [
+            'kid' => $kidNew,
+            'use' => 'sig',
+            'alg' => 'RS256',
+        ]);
+
+        $JWKSet = new JWKSet([$jwk, $jwkNew]);
 
         $jsonWebKeySetService = new JsonWebKeySetService(new ModuleConfig());
 
@@ -92,7 +132,7 @@ public function testKeys()
     /**
      * @throws \SimpleSAML\Error\Exception
      */
-    public function testCertificationFileNotFound(): void
+    public function testProtocolCertificateFileNotFound(): void
     {
         $this->expectException(Exception::class);
         $this->expectExceptionMessageMatches('/OIDC protocol public key file does not exists/');
@@ -104,4 +144,32 @@ public function testCertificationFileNotFound(): void
 
         new JsonWebKeySetService(new ModuleConfig());
     }
+
+    public function testFederationKeys(): void
+    {
+        $config = [
+            'certdir' => sys_get_temp_dir(),
+        ];
+        Configuration::loadFromArray($config, '', 'simplesaml');
+
+        $kid = FingerprintGenerator::forString(self::$pkGeneratePublicFederation);
+        $jwk = JWKFactory::createFromKey(self::$pkGeneratePublicFederation, null, [
+            'kid' => $kid,
+            'use' => 'sig',
+            'alg' => 'RS256',
+        ]);
+
+        $kidNew = FingerprintGenerator::forString(self::$pkGeneratePublicFederationNew);
+        $jwkNew = JWKFactory::createFromKey(self::$pkGeneratePublicFederationNew, null, [
+            'kid' => $kidNew,
+            'use' => 'sig',
+            'alg' => 'RS256',
+        ]);
+
+        $JWKSet = new JWKSet([$jwk, $jwkNew]);
+
+        $jsonWebKeySetService = new JsonWebKeySetService(new ModuleConfig());
+
+        $this->assertEquals($JWKSet->all(), $jsonWebKeySetService->federationKeys());
+    }
 }
