ILIAS  trunk Revision v11.0_alpha-2662-g519ff7d528f
TokenTest.php
Go to the documentation of this file.
1 <?php
2 
19 namespace ILIAS\Tests\FileDelivery\Token;
20 
21 use PHPUnit\Framework\Attributes\DataProvider;
22 use PHPUnit\Framework\TestCase;
23 use ILIAS\FileDelivery\Token\DataSigner;
24 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation;
25 use ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey;
26 use ILIAS\FileDelivery\Token\Signer\Salt\Salt;
27 use ILIAS\FileDelivery\Token\Signer\KeyRotatingSigner;
28 use ILIAS\FileDelivery\Token\Signer\NullSigner;
29 use ILIAS\FileDelivery\Token\Signer\Key\Signing\ConcatSigningKeyGenerator;
30 
34 class TokenTest extends TestCase
35 {
36  public function testSomething(): void
37  {
38  $data_signer = new DataSigner(
39  new SecretKeyRotation(
40  new SecretKey('test_key_one')
41  )
42  );
43 
44  $payload_data = [
45  't' => 1,
46  'p' => 'fsv2/63a/6a5/5a2/1cf42b2ad0bc1ee729a5965/1/data',
47  'u' => 6
48  ];
49 
50  $singed_data = $data_signer->sign($payload_data, 'test_salt', new \DateTimeImmutable('2099-01-01 00:00:00'));
51 
52  $this->assertIsString($singed_data);
53  $this->assertSame(
54  'Fck5CsMwEEDRu0xt0GySJWF8EjWjrTbESRNy98jNh8f_wg2ZNrggw3x9uLggtmK-OG-L1KZyZetYG42xczKfwrpUXLfbYIM35PA7jvNU3DFhjIiPRpjapabGlTj2JsJch8rQmJ5lUVUo0B8',
55  $singed_data
56  );
57  $this->assertSame(143, strlen($singed_data));
58 
59  $retrieve = $data_signer->verify($singed_data, 'test_salt');
60  $this->assertSame($payload_data, $retrieve);
61  }
62 
63  public static function providePayloads(): \Iterator
64  {
65  $random = static function (int $chars): string {
66  for ($i = 0, $str = ''; $i < $chars; $i++) {
67  $str .= chr(random_int(33, 125));
68  }
69  return $str;
70  };
71  yield ['lorem ipsum'];
72  yield ['o@3z||w^h\F(G[Z,*qjo/n8$Q_yO({,%9h4]UK&s*E$H=/8L6:#2VDFb5<Is%;=3p=2\'xb{skeOKw^Pt]wwya$6JV_e{7qbZUmcl{V3JRl<w{N=M_512x4DV=>i]=2$X+od8+#KVG+mN"9yHWW+RGb>eDZ\+RW>\%ks2yj%m)29=)cpLT8w4{rBl]Yvx%njk3?)Mrc-|`Dd4I)F?y;f2%-W/ObD?v"TWk(:pHN4?FXTeT7f@{[)N/2XQW@c<ddk6\'b&;R;bcB8@W)[l(7RCvUU1EE4>[CN1w1.U1`+LVUKZaN_v<?CUAjTXe=B-@4c\'$.kB;HjI)\03<ll29`o_0$U@KF8JQH8=pQ^j>i:+R&m\jOOuys3"Ow|out8=[vM\^an:|^NZE-za668{I\'YPwXpIONsa"+fwjn)nj%{b$2{gZoljdq4:MA?I&dz9d;K-9t%A%8,@9rLwF1tuMxx@f{NoH+J[;PVRByLz&Z9,)wNXS"wO|eD%e$0wDW\Ie*fQsSHSuU(S8W9O8RNc+VQVbJAKC+0#gYHBBFtNPDKn#XvyhsOTEi/+lAO5\HA=PvG<g{d$lP;^|A1a^BvaJH:k|U88KH<34ub`S*J92Sw>(tTt{#/*\'%dAcdm$JJ<6MP+J4.ifdi-D_<`)D1Xf(O6rxB>$HCw9IVR/lJ]7eK1q&:.z7mUi4C@W+/d-35\:GdeL4Yu9jEvbL)yd9{49FXx<iV4]_HoF(CLySJm^l3eX|||_"RV*+[\'M\+8O]xlzfTalIE3;<)cS9">?RbuKY^N4Y[o^lr5\'8O55skRBGli:&Kq75WPT(w#Zpj]_UMluSs:"e_(SRX?%4<m,8H:`fH@hR(i9sIz6spfcp8igK5IXp`Vx1=Lv?Ast"m2nvGs4O^/VoN-Aqn`SflY+QSB+XIcJ1@2rA5[GNnN3{zkb*<MXz/\'\'X\'n=e&F>4nVQ`Fb0"WNvi)ZYbY]/%aDN>wMlT)M\=XGk^[2H?pgf8#BrC"A:bj2=Qfm^#2ZegzFBYV.E,b,xC_;<{P.ps*Vm&ErnTp|)qMOV:GBXH\l?6x?S]hUV.$CESk/ns/Zg5NGrC/$\'f>\'tVY{"Oa(DB@UN#yVh@n6JZ$F*(q)Ty]^.OTmAXSX^f\'j_1q80sB]2q^?<f2<(7=0[_l^i;HrU.$NgqgIy/N?hN-6IgL=:Z(tX\+A\B*{QJTT\'LY{tD:5S)t^Vcn=PC$;5*<^2@/3Ahgw&,`JQ0+a-JnB\+H/Kc|pF<\'(q6d\uz?_?<yyICy6+|jpK{LJ`UT>f*\'BLsv*AvoH|ET07EiO"xFh/{[+>=xT9DnLh0F>j#L(B&iBxaq6mW%TO"[]W]pIM{:Y]tQK4@TO[O>qg{eSr4W:Vkp6#ECM+&O>5uH3##]#?d4mV(?wJt;Jb|TXCD?t<BNV"%p#KB)H=i0y\'z%Rf)0Dp{JE*0zGY<KG)gMDylE;_1PukRAe)qxfSd{uA`8\vqpzfcaM6_gYDwy_w-JQf=z;-UnxvF";Sf;OnCIGm3-/0S$1jPuFb:n_9=pu\'jE3A6Ne)FxN@3An5x/EwiOTYQ-6w;rYA>4_zldc\'"0g=hYUVIQ=U7B@>+`@hN#HNV\'Z6ul2UL-/eld6xGeDV)s@.)B9t2LS+rmM?ZREmV.coe-SUkLV)Wp-sO/SWeeF..zi\Yj3pNqx(j6"#B@St]M@>:k-sb#h(5RRP2%jeVP5KM\a\Q.n#T"Z0qpcsD6/WQ|GbuhK84<C[GCjN+@>VE7WZFM)O1@]bhl;{@q4aQ?\Vv%hv3;CG]J%+N\'J9]_=N8iI?Y:l4I%?0W?,iI5V,Fqq(Zz&4vH1c"|&82YMVhx0?Wk:dFf\mZv%BkX6K9?{+6w:ikAUq7cw1oYin\'{"ayy/sZ`oF[aFa=_mO/EG-Is\'6Ks{Dg#Q\'@XCw&YSUHE1UP9ITeJL`R%]=-;qY%*#]-rcq;+iOPT\V/(iO(6GhjW/dA2fD&dxwVS*I(gQx4V6\'K;I0e\'P5cY<P]=u>Ck9dS"I]iOnX)<?P7\DB;9MkJ|5zld9=hxQAJ5XVfp*F0e.SDl|""'];
73  yield [$random(1024)];
74  yield [$random(2048)];
75  yield [$random(4094)];
76  yield [$random(8192)];
77  yield [$random(16384)];
78  yield [$random(32768)];
79  }
80 
81  #[DataProvider('providePayloads')]
82  public function testLargeAmountOfData(string $data): void
83  {
84  $datasigner = new DataSigner(
85  new SecretKeyRotation(
86  new SecretKey('test_key_one'),
87  )
88  );
89 
90  $singed_data = $datasigner->sign([$data], 'salt');
91  $verified_data = $datasigner->verify($singed_data, 'salt');
92 
93  if ($verified_data === null) {
94  $this->fail('Could not verify data');
95  }
96 
97  $this->assertNotNull($verified_data);
98  $this->assertSame([$data], $verified_data);
99  $this->assertSame($singed_data, urlencode($singed_data));
100  $signed_data_without_suffix = rtrim($singed_data, '=');
101  $this->assertSame($signed_data_without_suffix, urlencode($signed_data_without_suffix));
102  }
103 
104  public function testExpiredTokens(): void
105  {
106  $datasigner = new DataSigner(
107  new SecretKeyRotation(
108  new SecretKey('test_key_one'),
109  )
110  );
111 
112  $singed_data = $datasigner->sign(['a', 'b', 'c'], 'salt', new \DateTimeImmutable('-1 day'));
113  $verified_data = $datasigner->verify($singed_data, 'salt');
114 
115  $this->assertNull($verified_data);
116 
117  $singed_data = $datasigner->sign(['a', 'b', 'c'], 'salt', new \DateTimeImmutable('-1 second'));
118  $verified_data = $datasigner->verify($singed_data, 'salt');
119 
120  $this->assertNull($verified_data);
121 
122  $singed_data = $datasigner->sign(['a', 'b', 'c'], 'salt', new \DateTimeImmutable('+1 second'));
123  $verified_data = $datasigner->verify($singed_data, 'salt');
124 
125  $this->assertNotNull($verified_data);
126  }
127 
128  public function testKeyRotation(): void
129  {
130  $salt = new Salt('test_salt');
131 
132  $key_rotation = new SecretKeyRotation(
133  new SecretKey('test_key_one'),
134  );
135  $rotating_signer = new KeyRotatingSigner(
136  $key_rotation,
137  new NullSigner(),
138  new ConcatSigningKeyGenerator(),
139  $salt
140  );
141 
142  $payload = 'singed_data_one';
143  $signature = $rotating_signer->sign($payload, $salt);
144  $this->assertTrue($rotating_signer->verify($payload, $signature, 0, $salt));
145 
146  $key_rotation = new SecretKeyRotation(
147  new SecretKey('test_key_two'),
148  new SecretKey('test_key_one'),
149  );
150  $rotating_signer = new KeyRotatingSigner(
151  $key_rotation,
152  new NullSigner(),
153  new ConcatSigningKeyGenerator(),
154  $salt
155  );
156  $this->assertTrue($rotating_signer->verify($payload, $signature, 0, $salt));
157 
158  $key_rotation = new SecretKeyRotation(
159  new SecretKey('test_key_three'),
160  new SecretKey('test_key_two'),
161  );
162  $rotating_signer = new KeyRotatingSigner(
163  $key_rotation,
164  new NullSigner(),
165  new ConcatSigningKeyGenerator(),
166  $salt
167  );
168  $this->assertFalse($rotating_signer->verify($payload, $signature, 0, $salt));
169  }
170 }
$payload
if(count($parts) !=3) $payload
Definition: ltitoken.php:67
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ILIAS\Tests\FileDelivery\Token
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: TokenTest.php:19
ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKey
Signatures are secured by the secret_key.
Definition: SecretKey.php:39
ILIAS\FileDelivery\Token\Signer\Salt\Salt
The salt is combined with the secret key to derive a unique key for distinguishing different contexts...
Definition: Salt.php:37
ILIAS\FileDelivery\Token\Signer\Key\Secret\SecretKeyRotation
Key rotation can provide an extra layer of mitigation against an attacker discovering a secret key...
Definition: SecretKeyRotation.php:41