nfse-php/tests/Integration/Http/SandboxMtlsHeadTest.php at 0bcc3786e39e0f816dd72e8fce87b1e7dad187be · LibreCodeCoop/nfse-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php

// SPDX-FileCopyrightText: 2026 LibreCode coop and contributors
// SPDX-License-Identifier: AGPL-3.0-or-later

declare(strict_types=1);

namespace LibreCodeCoop\NfsePHP\Tests\Integration\Http;

use LibreCodeCoop\NfsePHP\Tests\Support\LoadsLocalEnv;
use LibreCodeCoop\NfsePHP\Tests\TestCase;

/**
 * Optional sandbox connectivity smoke test (mTLS).
 * Skips if env vars are not configured.
 */
class SandboxMtlsHeadTest extends TestCase
{
    use LoadsLocalEnv;

    public function testSandboxHeadWithMtlsWhenEnvIsPresent(): void
    {
        self::loadLocalEnv();

        $url = getenv('NFSE_HEAD_URL') ?: '';
        $pfxPath = getenv('NFSE_MTLS_PFX_PATH') ?: '';
        $pfxPassword = getenv('NFSE_MTLS_PFX_PASSWORD') ?: '';

        if ($url === '' || $pfxPath === '' || $pfxPassword === '') {
            self::markTestSkipped('Set NFSE_HEAD_URL, NFSE_MTLS_PFX_PATH and NFSE_MTLS_PFX_PASSWORD to run sandbox mTLS test.');
        }

        if (!str_starts_with($pfxPath, '/')) {
            $pfxPath = dirname(__DIR__, 3) . '/' . ltrim($pfxPath, '/');
        }

        if (!is_file($pfxPath)) {
            self::markTestSkipped('Configured PFX file does not exist for mTLS test.');
        }

        $cmd = sprintf(
            'curl --silent --show-error --output /dev/null --write-out "%%{http_code}" --head --cert-type P12 --cert %s %s; echo "|exit:$?"',
            escapeshellarg($pfxPath . ':' . $pfxPassword),
            escapeshellarg($url)
        );

        $result = shell_exec($cmd);

        self::assertNotFalse($result, 'curl execution failed');

        $result = trim((string) $result);

        if (!str_contains($result, '|exit:')) {
            self::fail('Unexpected curl result format.');
        }

        [$httpCode, $exitPart] = explode('|exit:', $result, 2);
        $httpCode = trim($httpCode);
        $exitCode = (int) trim($exitPart);

        if ($exitCode !== 0) {
            self::markTestSkipped('mTLS curl failed in local runtime (likely OpenSSL/PFX compatibility).');
        }

        self::assertContains($httpCode, ['200', '401', '403', '404']);
    }
}