Tests/X509: add unit test for CRL creation with PSS keys

This commit is contained in:
terrafrost 2022-09-23 15:02:44 -05:00
parent a1862b1817
commit ea5a4c3c62

View File

@ -8,6 +8,8 @@
namespace phpseclib3\Tests\Unit\File\X509;
use phpseclib3\Math\BigInteger;
use phpseclib3\Crypt\RSA;
use phpseclib3\File\X509;
use phpseclib3\Tests\PhpseclibTestCase;
@ -25,4 +27,37 @@ class CRLTest extends PhpseclibTestCase
$this->assertSame('unspecified', $reason);
}
public function testCreateCRL()
{
// create private key / x.509 cert for signing
$CAPrivKey = RSA::createKey(1024);
$CAPubKey = $CAPrivKey->getPublicKey();
$CASubject = new X509();
$CASubject->setDNProp('id-at-organizationName', 'phpseclib CA cert');
$CASubject->setPublicKey($CAPubKey);
$CAIssuer = new X509();
$CAIssuer->setPrivateKey($CAPrivKey);
$CAIssuer->setDN($CASubject->getDN());
$x509 = new X509();
$x509->makeCA();
$result = $x509->sign($CAIssuer, $CASubject);
$CA = $x509->saveX509($result);
// create CRL
$x509 = new X509();
$crl = $x509->loadCRL($x509->saveCRL($x509->signCRL($CAIssuer, new X509())));
$x509->revoke(new BigInteger('zzz', 256), '+1 year');
$crl = $x509->saveCRL($x509->signCRL($CAIssuer, $x509));
// validate newly created CRL
$x509 = new X509();
$x509->loadCA($CA);
$r = $x509->loadCRL($crl);
$this->assertArrayHasKey('parameters', $r['signatureAlgorithm']);
$this->assertTrue($x509->validateSignature());
}
}