Merge pull request #25 from darkwebdesign/ISSUE-7

ISSUE-7: PemFile::validate asks for passphrase on OpenSSL 1.1.0g-fips 2 Nov 2017

.scripts/compile-openssl.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+readonly DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)";
+readonly SCRIPT="$(basename "${BASH_SOURCE[0]}")";
+
+readonly VERSION="${1}";
+readonly VERSION_PREFIX="$(echo "$VERSION" | sed --regexp-extended 's/^([0-9]+\.[0-9]+\.[0-9]+).*$/\1/')";
+
+readonly ROOT_DIRECTORY="$(dirname "$DIR")";
+readonly TEMP_DIRECTORY="$(mktemp --directory)";
+readonly OUTPUT_DIRECTORY="$ROOT_DIRECTORY/build/openssl/$VERSION";
+
+if [[ -z "$VERSION" ]]; then
+    echo "$SCRIPT: no version specified!";
+    exit 1;
+fi;
+
+echo "VERSION: $VERSION";
+echo "TEMP_DIRECTORY: $TEMP_DIRECTORY";
+echo "OUTPUT_DIRECTORY: $OUTPUT_DIRECTORY";
+
+read -p 'Press enter to continue...';
+
+wget --timestamping --directory-prefix "$TEMP_DIRECTORY/" "https://www.openssl.org/source/openssl-$VERSION.tar.gz";
+
+if [[ $? -ne 0 ]]; then
+    wget --timestamping --directory-prefix "$TEMP_DIRECTORY/" "https://www.openssl.org/source/old/$VERSION_PREFIX/openssl-$VERSION.tar.gz";
+
+    if [[ $? -ne 0 ]]; then
+        echo "$SCRIPT: version not found!";
+        exit 1;
+    fi;
+fi;
+
+tar --extract --verbose --gzip --directory "$TEMP_DIRECTORY/" --file "$TEMP_DIRECTORY/openssl-$VERSION.tar.gz";
+
+cd "$TEMP_DIRECTORY/openssl-$VERSION";
+
+mkdir --parents "$OUTPUT_DIRECTORY";
+
+./config --prefix="$OUTPUT_DIRECTORY" --openssldir="$OUTPUT_DIRECTORY";
+
+make;
+make test;
+make install;
+
+rm -rf "$TEMP_DIRECTORY";

.scripts/phpunit-build.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+readonly DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)";
+readonly SCRIPT="$(basename "${BASH_SOURCE[0]}")";
+
+readonly VERSION="${1}";
+
+readonly ROOT_DIRECTORY="$(dirname "$DIR")";
+readonly BUILD_DIRECTORY="$ROOT_DIRECTORY/build/openssl/$VERSION";
+readonly VENDOR_DIRECTORY="$ROOT_DIRECTORY/vendor";
+
+if [[ -z "$VERSION" ]]; then
+    echo "$SCRIPT: no version specified!";
+    exit 1;
+fi;
+
+if [[ ! -d "$BUILD_DIRECTORY" ]]; then
+    echo "$SCRIPT: version build not found!";
+    exit 1;
+fi;
+
+export PATH="$BUILD_DIRECTORY/bin:$PATH";
+export LD_LIBRARY_PATH="$BUILD_DIRECTORY/lib:$LD_LIBRARY_PATH";
+
+cd "$ROOT_DIRECTORY";
+
+"$VENDOR_DIRECTORY/bin/phpunit";

File/KeystoreFile.php

@@ -20,7 +20,6 @@
 
 namespace DarkWebDesign\PublicKeyCryptographyBundle\File;
 
-use Symfony\Component\HttpFoundation\File\File;
 use Symfony\Component\Process\Process;
 
 /**
@@ -39,7 +38,7 @@ protected function validate()
     {
         $in = escapeshellarg($this->getPathname());
 
-        $process = new Process("openssl pkcs12 -in $in -passin pass: -noout");
+        $process = new Process("openssl pkcs12 -in $in -passin pass:anypass -noout");
         $process->run();
 
         $invalidPassword = false !== strpos($process->getErrorOutput(), 'invalid password');
@@ -323,7 +322,6 @@ public function verifyPassPhrase($passPhrase)
      *
      * @return \DarkWebDesign\PublicKeyCryptographyBundle\File\KeystoreFile
      *
-     * @throws \DarkWebDesign\PublicKeyCryptographyBundle\Exception\PrivateKeyPassPhraseEmptyException
      * @throws \Symfony\Component\Process\Exception\ProcessFailedException
      */
     public function changePassPhrase($passPhrase, $newPassPhrase)

File/PemFile.php

@@ -46,12 +46,12 @@ protected function validate()
             return false;
         }
 
-        $process = new Process("openssl rsa -in $in -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if (!$process->isSuccessful() && !$badPasswordRead) {
+        if (!$process->isSuccessful() && !$badDecrypt) {
             return false;
         }
 
@@ -310,10 +310,10 @@ public function hasPassPhrase()
     {
         $in = escapeshellarg($this->getPathname());
 
-        $process1 = new Process("openssl rsa -in $in -passin pass: -check -noout");
+        $process1 = new Process("openssl rsa -in $in -passin pass:nopass -check -noout");
         $process1->run();
 
-        $process2 = new Process("openssl rsa -in $in -passin pass:nopass -check -noout");
+        $process2 = new Process("openssl rsa -in $in -passin pass:anypass -check -noout");
         $process2->run();
 
         return !$process1->isSuccessful() && !$process2->isSuccessful();
@@ -365,7 +365,7 @@ public function addPassPhrase($passPhrase)
         $process1 = new Process("openssl x509 -in $in");
         $process1->mustRun();
 
-        $process2 = new Process("openssl rsa -in $in -passin pass: -passout pass:$pass -des3");
+        $process2 = new Process("openssl rsa -in $in -passin pass:nopass -passout pass:$pass -des3");
         $process2->mustRun();
 
         @file_put_contents($this->getPathname(), $process1->getOutput() . $process2->getOutput());

File/PrivateKeyFile.php

@@ -48,12 +48,12 @@ protected function validate()
         $in = escapeshellarg($this->getPathname());
         $inForm = escapeshellarg($this->getFormat());
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if (!$process->isSuccessful() && !$badPasswordRead) {
+        if (!$process->isSuccessful() && !$badDecrypt) {
             return false;
         }
 
@@ -183,10 +183,10 @@ public function hasPassPhrase()
         $in = escapeshellarg($this->getPathname());
         $inForm = escapeshellarg($this->getFormat());
 
-        $process1 = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process1 = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -check -noout");
         $process1->run();
 
-        $process2 = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -check -noout");
+        $process2 = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process2->run();
 
         return !$process1->isSuccessful() && !$process2->isSuccessful();
@@ -242,7 +242,7 @@ public function addPassPhrase($passPhrase)
         $inForm = escapeshellarg($this->getFormat());
         $pass = escapeshellarg($passPhrase);
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -outform $inForm -passout pass:$pass -des3");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -outform $inForm -passout pass:$pass -des3");
         $process->mustRun();
 
         @file_put_contents($this->getPathname(), $process->getOutput());

File/PublicKeyFile.php

@@ -50,12 +50,12 @@ protected function validate()
             return false;
         }
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if ($process->isSuccessful() || $badPasswordRead) {
+        if ($process->isSuccessful() || $badDecrypt) {
             return false;
         }
 

Tests/File/KeystoreFileTest.php

@@ -24,14 +24,15 @@
 use DarkWebDesign\PublicKeyCryptographyBundle\File\PrivateKeyFile;
 use DarkWebDesign\PublicKeyCryptographyBundle\File\PublicKeyFile;
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\Process\Exception\ProcessFailedException;
 
 class KeystoreFileTest extends TestCase
 {
     const TEST_PASSPHRASE = 'test';
     const TEST_EMPTYPASSPHRASE = '';
-    const TEST_SUBJECT = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
-    const TEST_ISSUER = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = TEST CA, CN = testbox.mit-xperts.com, emailAddress = info@mit-xperts.com';
+    const TEST_ISSUER_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_ISSUER_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = HBBTV-DEMO-CA, CN = itv.mit-xperts.com, emailAddress = info@mit-xperts.com';
     const TEST_NOT_BEFORE = '2012-09-23 17:21:33';
     const TEST_NOT_AFTER = '2017-09-22 17:21:33';
 
@@ -210,7 +211,10 @@ public function testGetSubject($path, $passPhrase)
 
         $subject = $keystoreFile->getSubject($passPhrase);
 
-        $this->assertSame(static::TEST_SUBJECT, $subject);
+        $this->assertThat($subject, $this->logicalOr(
+            $this->identicalTo(static::TEST_SUBJECT_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_SUBJECT_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -239,7 +243,10 @@ public function testGetIssuer($path, $passPhrase)
 
         $issuer = $keystoreFile->getIssuer($passPhrase);
 
-        $this->assertSame(static::TEST_ISSUER, $issuer);
+        $this->assertThat($issuer, $this->logicalOr(
+            $this->identicalTo(static::TEST_ISSUER_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_ISSUER_V1_0_0_BETA1)
+        ));
     }
 
     /**

Tests/File/PemFileTest.php

@@ -29,8 +29,10 @@ class PemFileTest extends TestCase
 {
     const TEST_PASSPHRASE = 'test';
     const TEST_EMPTYPASSPHRASE = '';
-    const TEST_SUBJECT = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
-    const TEST_ISSUER = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = TEST CA, CN = testbox.mit-xperts.com, emailAddress = info@mit-xperts.com';
+    const TEST_ISSUER_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_ISSUER_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = HBBTV-DEMO-CA, CN = itv.mit-xperts.com, emailAddress = info@mit-xperts.com';
     const TEST_NOT_BEFORE = '2012-09-23 17:21:33';
     const TEST_NOT_AFTER = '2017-09-22 17:21:33';
 
@@ -271,7 +273,12 @@ public function testGetSubject($path)
 
         $pemFile = new PemFile($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $pemFile->getSubject());
+        $subject = $pemFile->getSubject();
+
+        $this->assertThat($subject, $this->logicalOr(
+            $this->identicalTo(static::TEST_SUBJECT_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_SUBJECT_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -299,7 +306,12 @@ public function testGetIssuer($path)
 
         $pemFile = new PemFile($this->file);
 
-        $this->assertSame(static::TEST_ISSUER, $pemFile->getIssuer());
+        $issuer = $pemFile->getIssuer();
+
+        $this->assertThat($issuer, $this->logicalOr(
+            $this->identicalTo(static::TEST_ISSUER_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_ISSUER_V1_0_0_BETA1)
+        ));
     }
 
     /**

Tests/File/PublicKeyFileTest.php

@@ -25,8 +25,10 @@
 
 class PublicKeyFileTest extends TestCase
 {
-    const TEST_SUBJECT = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
-    const TEST_ISSUER = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = TEST CA, CN = testbox.mit-xperts.com, emailAddress = info@mit-xperts.com';
+    const TEST_ISSUER_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_ISSUER_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = HBBTV-DEMO-CA, CN = itv.mit-xperts.com, emailAddress = info@mit-xperts.com';
     const TEST_NOT_BEFORE = '2012-09-23 17:21:33';
     const TEST_NOT_AFTER = '2017-09-22 17:21:33';
 
@@ -127,7 +129,12 @@ public function testGetSubject($path)
 
         $publicKeyFile = new PublicKeyFile($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $publicKeyFile->getSubject());
+        $subject = $publicKeyFile->getSubject();
+
+        $this->assertThat($subject, $this->logicalOr(
+            $this->identicalTo(static::TEST_SUBJECT_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_SUBJECT_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -141,7 +148,7 @@ public function testGetSubjectProcessFailed()
 
         unlink($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $publicKeyFile->getSubject());
+        $publicKeyFile->getSubject();
     }
 
     /**
@@ -155,7 +162,12 @@ public function testGetIssuer($path)
 
         $publicKeyFile = new PublicKeyFile($this->file);
 
-        $this->assertSame(static::TEST_ISSUER, $publicKeyFile->getIssuer());
+        $issuer = $publicKeyFile->getIssuer();
+
+        $this->assertThat($issuer, $this->logicalOr(
+            $this->identicalTo(static::TEST_ISSUER_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_ISSUER_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -169,7 +181,7 @@ public function testGetIssuerProcessFailed()
 
         unlink($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $publicKeyFile->getIssuer());
+        $publicKeyFile->getIssuer();
     }
 
     /**
@@ -200,7 +212,7 @@ public function testGetNotBeforeProcessFailed()
 
         unlink($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $publicKeyFile->getNotBefore());
+        $publicKeyFile->getNotBefore();
     }
 
     /**
@@ -231,7 +243,7 @@ public function testGetNotAfterProcessFailed()
 
         unlink($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $publicKeyFile->getNotAfter());
+        $publicKeyFile->getNotAfter();
     }
 
     /**

Tests/bootstrap.php

@@ -0,0 +1,10 @@
+<?php
+
+use Symfony\Component\Process\Process;
+
+require_once __DIR__ . '/../vendor/autoload.php';
+
+$process = new Process('openssl version');
+$process->mustRun();
+
+echo $process->getOutput() . PHP_EOL;

phpunit.xml.dist

@@ -3,7 +3,7 @@
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.8/phpunit.xsd"
          backupGlobals="false"
-         bootstrap="vendor/autoload.php"
+         bootstrap="Tests/bootstrap.php"
          colors="true"
 >