Merge pull request #23 from darkwebdesign/ISSUE-7

ISSUE-7: PemFile::validate asks for passphrase on OpenSSL 1.1.0g-fips 2 Nov 2017

Author: raymondschouten

.scripts/compile-openssl.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+readonly DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)";
+readonly SCRIPT="$(basename "${BASH_SOURCE[0]}")";
+
+readonly VERSION="${1}";
+readonly VERSION_PREFIX="$(echo "$VERSION" | sed --regexp-extended 's/^([0-9]+\.[0-9]+\.[0-9]+).*$/\1/')";
+
+readonly ROOT_DIRECTORY="$(dirname "$DIR")";
+readonly TEMP_DIRECTORY="$(mktemp --directory)";
+readonly OUTPUT_DIRECTORY="$ROOT_DIRECTORY/build/openssl/$VERSION";
+
+if [[ -z "$VERSION" ]]; then
+    echo "$SCRIPT: no version specified!";
+    exit 1;
+fi;
+
+echo "VERSION: $VERSION";
+echo "TEMP_DIRECTORY: $TEMP_DIRECTORY";
+echo "OUTPUT_DIRECTORY: $OUTPUT_DIRECTORY";
+
+read -p 'Press enter to continue...';
+
+wget --timestamping --directory-prefix "$TEMP_DIRECTORY/" "https://www.openssl.org/source/openssl-$VERSION.tar.gz";
+
+if [[ $? -ne 0 ]]; then
+    wget --timestamping --directory-prefix "$TEMP_DIRECTORY/" "https://www.openssl.org/source/old/$VERSION_PREFIX/openssl-$VERSION.tar.gz";
+    
+    if [[ $? -ne 0 ]]; then
+        echo "$SCRIPT: version not found!";
+        exit 1;
+    fi;
+fi;
+
+tar --extract --verbose --gzip --directory "$TEMP_DIRECTORY/" --file "$TEMP_DIRECTORY/openssl-$VERSION.tar.gz";
+
+cd "$TEMP_DIRECTORY/openssl-$VERSION";
+
+mkdir --parents "$OUTPUT_DIRECTORY";
+
+./config --prefix="$OUTPUT_DIRECTORY" --openssldir="$OUTPUT_DIRECTORY";
+
+make;
+make test;
+make install;
+
+rm -rf "$TEMP_DIRECTORY";

.scripts/phpunit-build.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+readonly DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)";
+readonly SCRIPT="$(basename "${BASH_SOURCE[0]}")";
+
+readonly VERSION="${1}";
+
+readonly ROOT_DIRECTORY="$(dirname "$DIR")";
+readonly BUILD_DIRECTORY="$ROOT_DIRECTORY/build/openssl/$VERSION";
+readonly VENDOR_DIRECTORY="$ROOT_DIRECTORY/vendor";
+
+if [[ -z "$VERSION" ]]; then
+    echo "$SCRIPT: no version specified!";
+    exit 1;
+fi;
+
+if [[ ! -d "$BUILD_DIRECTORY" ]]; then
+    echo "$SCRIPT: version build not found!";
+    exit 1;
+fi;
+
+export PATH="$BUILD_DIRECTORY/bin:$PATH";
+export LD_LIBRARY_PATH="$BUILD_DIRECTORY/lib:$LD_LIBRARY_PATH";
+
+cd "$ROOT_DIRECTORY";
+
+"$VENDOR_DIRECTORY/bin/phpunit";

.travis.yml

@@ -1,7 +1,6 @@
 language: php
 
 php:
-    - '5.4'
     - '5.5'
     - '5.6'
     - '7.0'

File/KeystoreFile.php

@@ -20,12 +20,6 @@
 
 namespace DarkWebDesign\PublicKeyCryptographyBundle\File;
 
-use DarkWebDesign\PublicKeyCryptographyBundle\Exception\PrivateKeyPassPhraseEmptyException;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\CryptoFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PemFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PrivateKeyFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PublicKeyFile;
-use Symfony\Component\HttpFoundation\File\File;
 use Symfony\Component\Process\Process;
 
 /**
@@ -44,7 +38,7 @@ protected function validate()
     {
         $in = escapeshellarg($this->getPathname());
 
-        $process = new Process("openssl pkcs12 -in $in -passin pass: -noout");
+        $process = new Process("openssl pkcs12 -in $in -passin pass:anypass -noout");
         $process->run();
 
         $invalidPassword = false !== strpos($process->getErrorOutput(), 'invalid password');
@@ -75,7 +69,6 @@ protected function validate()
      */
     public static function create($path, $passPhrase, PublicKeyFile $publicKeyFile, PrivateKeyFile $privateKeyFile, $privateKeyPassPhrase = null)
     {
-        $out = escapeshellarg($path);
         $pass = escapeshellarg($passPhrase);
         $publicKeyIn = escapeshellarg($publicKeyFile->getPathname());
         $publicKeyInForm = escapeshellarg($publicKeyFile->getFormat());
@@ -112,7 +105,6 @@ public static function create($path, $passPhrase, PublicKeyFile $publicKeyFile,
     public function getPem($path, $passPhrase)
     {
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
         $pass = escapeshellarg($passPhrase);
 
         // if the keystore pass phrase is an empty string, the outputted private key will not contain a pass phrase
@@ -155,7 +147,6 @@ public function getPem($path, $passPhrase)
     public function getPublicKey($path, $passPhrase)
     {
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
         $pass = escapeshellarg($passPhrase);
 
         $process1 = new Process("openssl pkcs12 -in $in -passin pass:$pass -nokeys");
@@ -187,7 +178,6 @@ public function getPublicKey($path, $passPhrase)
     public function getPrivateKey($path, $passPhrase)
     {
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
         $pass = escapeshellarg($passPhrase);
 
         // if the keystore pass phrase is an empty string, the outputted private key will not contain a pass phrase
@@ -332,7 +322,6 @@ public function verifyPassPhrase($passPhrase)
      *
      * @return \DarkWebDesign\PublicKeyCryptographyBundle\File\KeystoreFile
      *
-     * @throws \DarkWebDesign\PublicKeyCryptographyBundle\Exception\PrivateKeyPassPhraseEmptyException
      * @throws \Symfony\Component\Process\Exception\ProcessFailedException
      */
     public function changePassPhrase($passPhrase, $newPassPhrase)

File/PemFile.php

@@ -21,10 +21,6 @@
 namespace DarkWebDesign\PublicKeyCryptographyBundle\File;
 
 use DarkWebDesign\PublicKeyCryptographyBundle\Exception\PrivateKeyPassPhraseEmptyException;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\CryptoFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\KeystoreFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PrivateKeyFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PublicKeyFile;
 use Symfony\Component\Process\Process;
 
 /**
@@ -50,12 +46,12 @@ protected function validate()
             return false;
         }
 
-        $process = new Process("openssl rsa -in $in -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if (!$process->isSuccessful() && !$badPasswordRead) {
+        if (!$process->isSuccessful() && !$badDecrypt) {
             return false;
         }
 
@@ -126,7 +122,6 @@ public static function create($path, PublicKeyFile $publicKeyFile, PrivateKeyFil
             throw new PrivateKeyPassPhraseEmptyException();
         }
 
-        $out = escapeshellarg($path);
         $publicKeyIn = escapeshellarg($publicKeyFile->getPathname());
         $publicKeyInForm = escapeshellarg($publicKeyFile->getFormat());
         $privateKeyIn = escapeshellarg($privateKeyFile->getPathname());
@@ -165,7 +160,6 @@ public static function create($path, PublicKeyFile $publicKeyFile, PrivateKeyFil
     public function getKeystore($path, $keystorePassPhrase, $privateKeyPassPhrase = null)
     {
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
         $keystorePass = escapeshellarg($keystorePassPhrase);
         $privateKeyPass = escapeshellarg($privateKeyPassPhrase);
 
@@ -190,7 +184,6 @@ public function getKeystore($path, $keystorePassPhrase, $privateKeyPassPhrase =
     public function getPublicKey($path)
     {
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
 
         $process = new Process("openssl x509 -in $in");
         $process->mustRun();
@@ -223,7 +216,6 @@ public function getPrivateKey($path, $passPhrase = null)
         }
 
         $in = escapeshellarg($this->getPathname());
-        $out = escapeshellarg($path);
         $pass = escapeshellarg($passPhrase);
 
         if (null !== $passPhrase) {
@@ -318,10 +310,10 @@ public function hasPassPhrase()
     {
         $in = escapeshellarg($this->getPathname());
 
-        $process1 = new Process("openssl rsa -in $in -passin pass: -check -noout");
+        $process1 = new Process("openssl rsa -in $in -passin pass:nopass -check -noout");
         $process1->run();
 
-        $process2 = new Process("openssl rsa -in $in -passin pass:nopass -check -noout");
+        $process2 = new Process("openssl rsa -in $in -passin pass:anypass -check -noout");
         $process2->run();
 
         return !$process1->isSuccessful() && !$process2->isSuccessful();
@@ -373,7 +365,7 @@ public function addPassPhrase($passPhrase)
         $process1 = new Process("openssl x509 -in $in");
         $process1->mustRun();
 
-        $process2 = new Process("openssl rsa -in $in -passin pass: -passout pass:$pass -des3");
+        $process2 = new Process("openssl rsa -in $in -passin pass:nopass -passout pass:$pass -des3");
         $process2->mustRun();
 
         @file_put_contents($this->getPathname(), $process1->getOutput() . $process2->getOutput());

File/PrivateKeyFile.php

@@ -22,9 +22,6 @@
 
 use DarkWebDesign\PublicKeyCryptographyBundle\Exception\FormatNotValidException;
 use DarkWebDesign\PublicKeyCryptographyBundle\Exception\PrivateKeyPassPhraseEmptyException;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\CryptoFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PemFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PublicKeyFile;
 use Symfony\Component\Process\Process;
 
 /**
@@ -51,12 +48,12 @@ protected function validate()
         $in = escapeshellarg($this->getPathname());
         $inForm = escapeshellarg($this->getFormat());
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if (!$process->isSuccessful() && !$badPasswordRead) {
+        if (!$process->isSuccessful() && !$badDecrypt) {
             return false;
         }
 
@@ -186,10 +183,10 @@ public function hasPassPhrase()
         $in = escapeshellarg($this->getPathname());
         $inForm = escapeshellarg($this->getFormat());
 
-        $process1 = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process1 = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -check -noout");
         $process1->run();
 
-        $process2 = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -check -noout");
+        $process2 = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process2->run();
 
         return !$process1->isSuccessful() && !$process2->isSuccessful();
@@ -245,7 +242,7 @@ public function addPassPhrase($passPhrase)
         $inForm = escapeshellarg($this->getFormat());
         $pass = escapeshellarg($passPhrase);
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -outform $inForm -passout pass:$pass -des3");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:nopass -outform $inForm -passout pass:$pass -des3");
         $process->mustRun();
 
         @file_put_contents($this->getPathname(), $process->getOutput());

File/PublicKeyFile.php

@@ -21,9 +21,6 @@
 namespace DarkWebDesign\PublicKeyCryptographyBundle\File;
 
 use DarkWebDesign\PublicKeyCryptographyBundle\Exception\FormatNotValidException;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\CryptoFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PemFile;
-use DarkWebDesign\PublicKeyCryptographyBundle\File\PrivateKeyFile;
 use Symfony\Component\Process\Process;
 
 /**
@@ -53,12 +50,12 @@ protected function validate()
             return false;
         }
 
-        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass: -check -noout");
+        $process = new Process("openssl rsa -in $in -inform $inForm -passin pass:anypass -check -noout");
         $process->run();
 
-        $badPasswordRead = false !== strpos($process->getErrorOutput(), ':bad password read:');
+        $badDecrypt = false !== strpos($process->getErrorOutput(), ':bad decrypt:');
 
-        if ($process->isSuccessful() || $badPasswordRead) {
+        if ($process->isSuccessful() || $badDecrypt) {
             return false;
         }
 

Tests/File/KeystoreFileTest.php

@@ -24,14 +24,15 @@
 use DarkWebDesign\PublicKeyCryptographyBundle\File\PrivateKeyFile;
 use DarkWebDesign\PublicKeyCryptographyBundle\File\PublicKeyFile;
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\Process\Exception\ProcessFailedException;
 
 class KeystoreFileTest extends TestCase
 {
     const TEST_PASSPHRASE = 'test';
     const TEST_EMPTYPASSPHRASE = '';
-    const TEST_SUBJECT = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
-    const TEST_ISSUER = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = TEST CA, CN = testbox.mit-xperts.com, emailAddress = info@mit-xperts.com';
+    const TEST_ISSUER_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_ISSUER_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = HBBTV-DEMO-CA, CN = itv.mit-xperts.com, emailAddress = info@mit-xperts.com';
     const TEST_NOT_BEFORE = '2012-09-23 17:21:33';
     const TEST_NOT_AFTER = '2017-09-22 17:21:33';
 
@@ -210,7 +211,10 @@ public function testGetSubject($path, $passPhrase)
 
         $subject = $keystoreFile->getSubject($passPhrase);
 
-        $this->assertSame(static::TEST_SUBJECT, $subject);
+        $this->assertThat($subject, $this->logicalOr(
+            $this->identicalTo(static::TEST_SUBJECT_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_SUBJECT_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -239,7 +243,10 @@ public function testGetIssuer($path, $passPhrase)
 
         $issuer = $keystoreFile->getIssuer($passPhrase);
 
-        $this->assertSame(static::TEST_ISSUER, $issuer);
+        $this->assertThat($issuer, $this->logicalOr(
+            $this->identicalTo(static::TEST_ISSUER_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_ISSUER_V1_0_0_BETA1)
+        ));
     }
 
     /**

Tests/File/PemFileTest.php

@@ -29,8 +29,10 @@ class PemFileTest extends TestCase
 {
     const TEST_PASSPHRASE = 'test';
     const TEST_EMPTYPASSPHRASE = '';
-    const TEST_SUBJECT = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
-    const TEST_ISSUER = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=TEST CA/CN=testbox.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_SUBJECT_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = TEST CA, CN = testbox.mit-xperts.com, emailAddress = info@mit-xperts.com';
+    const TEST_ISSUER_V1_0_0_BETA1 = '/C=DE/ST=Bavaria/L=Munich/O=MIT-xperts GmbH/OU=HBBTV-DEMO-CA/CN=itv.mit-xperts.com/emailAddress=info@mit-xperts.com';
+    const TEST_ISSUER_V1_1_0_PRE1 = 'C = DE, ST = Bavaria, L = Munich, O = MIT-xperts GmbH, OU = HBBTV-DEMO-CA, CN = itv.mit-xperts.com, emailAddress = info@mit-xperts.com';
     const TEST_NOT_BEFORE = '2012-09-23 17:21:33';
     const TEST_NOT_AFTER = '2017-09-22 17:21:33';
 
@@ -271,7 +273,12 @@ public function testGetSubject($path)
 
         $pemFile = new PemFile($this->file);
 
-        $this->assertSame(static::TEST_SUBJECT, $pemFile->getSubject());
+        $subject = $pemFile->getSubject();
+
+        $this->assertThat($subject, $this->logicalOr(
+            $this->identicalTo(static::TEST_SUBJECT_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_SUBJECT_V1_0_0_BETA1)
+        ));
     }
 
     /**
@@ -299,7 +306,12 @@ public function testGetIssuer($path)
 
         $pemFile = new PemFile($this->file);
 
-        $this->assertSame(static::TEST_ISSUER, $pemFile->getIssuer());
+        $issuer = $pemFile->getIssuer();
+
+        $this->assertThat($issuer, $this->logicalOr(
+            $this->identicalTo(static::TEST_ISSUER_V1_1_0_PRE1),
+            $this->identicalTo(static::TEST_ISSUER_V1_0_0_BETA1)
+        ));
     }
 
     /**