-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use system time in OcspService.validateResponderCertificate()
WE2-868 Signed-off-by: Mihkel Kivisild [email protected]
- Loading branch information
Mihkel Kivisild
committed
Aug 26, 2024
1 parent
188d4c3
commit 7d0ef60
Showing
4 changed files
with
25 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,6 +30,7 @@ | |
use ReflectionProperty; | ||
use web_eid\ocsp_php\OcspResponse; | ||
use web_eid\ocsp_php\util\AsnUtil; | ||
use web_eid\web_eid_authtoken_validation_php\exceptions\CertificateExpiredException; | ||
use web_eid\web_eid_authtoken_validation_php\exceptions\UserCertificateOCSPCheckFailedException; | ||
use web_eid\web_eid_authtoken_validation_php\testutil\Certificates; | ||
use web_eid\web_eid_authtoken_validation_php\testutil\Dates; | ||
|
@@ -232,8 +233,10 @@ public function request($url, $request): OcspResponse | |
$validator->validate($this->estEid2018Cert); | ||
} | ||
|
||
public function testWhenOcspResponseCaNotTrustedThenThrows(): void | ||
public function testWhenOcspResponseCACertNotTrustedThenThrows(): void | ||
{ | ||
Dates::setMockedCertificateValidatorDate(new DateTime('2021-09-18 00:16:25')); | ||
|
||
$this->expectException(UserCertificateOCSPCheckFailedException::class); | ||
$this->expectExceptionMessage("User certificate revocation check has failed: Exception: Certificate C=EE, O=AS Sertifitseerimiskeskus, OU=OCSP, CN=TEST of SK OCSP RESPONDER 2020/[email protected] is not trusted"); | ||
|
||
|
@@ -243,6 +246,19 @@ public function testWhenOcspResponseCaNotTrustedThenThrows(): void | |
$validator->validate($this->estEid2018Cert); | ||
} | ||
|
||
public function testWhenOcspResponseCACertExpiredThenThrows(): void | ||
{ | ||
Dates::setMockedCertificateValidatorDate(new DateTime('2024-09-18 00:16:25')); | ||
|
||
$this->expectException(UserCertificateOCSPCheckFailedException::class); | ||
$this->expectExceptionMessage("User certificate revocation check has failed: Exception: AIA OCSP responder certificate has expired"); | ||
|
||
$validator = self::getSubjectCertificateNotRevokedValidatorWithAiaOcspUsingResponse( | ||
pack("c*", ...self::getOcspResponseBytesFromResources("ocsp_response_unknown.der")) | ||
); | ||
$validator->validate($this->estEid2018Cert); | ||
} | ||
|
||
public function testWhenNonceDiffersThenThrows(): void | ||
{ | ||
Dates::setMockedCertificateValidatorDate(new DateTime('2021-09-17 18:25:24.000')); | ||
|