mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
1bad4fe238
This commit switches the default signature algorithm to ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium optional again, and we only pull it in to use it for verifying incomming signatures. If sodium is not installed, we throw on Ed25519 signatures instead. At least it is easy for most people to make their Nextcloud install fully RFC compliant by installing sodium. I also renamed all the Ed25519 function names to be more precis, using Jwks for the JSON Web Keys, and RFC9421 for the http-signature code, where it is needed to distinguish from draft-cavage signatures. Signed-off-by: Micke Nordin <kano@sunet.se>
78 lines
2.4 KiB
PHP
78 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace Test\OCM;
|
|
|
|
use Firebase\JWT\Key;
|
|
use OC\OCM\OCMSignatoryManager;
|
|
use OC\OCM\Rfc9421SignatoryManager;
|
|
use OCP\Security\Signature\Exceptions\IdentityNotFoundException;
|
|
use OCP\Security\Signature\Model\Signatory;
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
use Test\TestCase;
|
|
|
|
class Rfc9421SignatoryManagerTest extends TestCase {
|
|
private OCMSignatoryManager&MockObject $delegate;
|
|
private Rfc9421SignatoryManager $wrapper;
|
|
|
|
#[\Override]
|
|
protected function setUp(): void {
|
|
parent::setUp();
|
|
$this->delegate = $this->createMock(OCMSignatoryManager::class);
|
|
$this->wrapper = new Rfc9421SignatoryManager($this->delegate);
|
|
}
|
|
|
|
public function testGetOptionsForcesRfc9421Format(): void {
|
|
$this->delegate->method('getOptions')->willReturn([
|
|
'algorithm' => 'rsa-sha512',
|
|
'rfc9421.format' => false,
|
|
]);
|
|
|
|
$options = $this->wrapper->getOptions();
|
|
$this->assertTrue($options['rfc9421.format']);
|
|
$this->assertSame('rsa-sha512', $options['algorithm']);
|
|
}
|
|
|
|
public function testGetLocalSignatoryReturnsJwksKey(): void {
|
|
$signatory = $this->createMock(Signatory::class);
|
|
$this->delegate->method('getLocalJwksSignatory')->willReturn($signatory);
|
|
|
|
$this->assertSame($signatory, $this->wrapper->getLocalSignatory());
|
|
}
|
|
|
|
public function testGetLocalSignatoryThrowsWhenJwksKeyUnavailable(): void {
|
|
$this->delegate->method('getLocalJwksSignatory')->willReturn(null);
|
|
|
|
$this->expectException(IdentityNotFoundException::class);
|
|
$this->wrapper->getLocalSignatory();
|
|
}
|
|
|
|
public function testProviderIdDelegated(): void {
|
|
$this->delegate->method('getProviderId')->willReturn('ocm');
|
|
$this->assertSame('ocm', $this->wrapper->getProviderId());
|
|
}
|
|
|
|
public function testRemoteSignatoryDelegated(): void {
|
|
$signatory = $this->createMock(Signatory::class);
|
|
$this->delegate->expects($this->once())
|
|
->method('getRemoteSignatory')
|
|
->with('sender.example.org')
|
|
->willReturn($signatory);
|
|
$this->assertSame($signatory, $this->wrapper->getRemoteSignatory('sender.example.org'));
|
|
}
|
|
|
|
public function testRemoteKeyDelegated(): void {
|
|
$key = $this->createMock(Key::class);
|
|
$this->delegate->expects($this->once())
|
|
->method('getRemoteKey')
|
|
->with('sender.example.org', 'kid-1')
|
|
->willReturn($key);
|
|
$this->assertSame($key, $this->wrapper->getRemoteKey('sender.example.org', 'kid-1'));
|
|
}
|
|
}
|